Merge branch '262112_copy_dismissal_information_to_vulnerabilities_on_creation' into 'master'

Copy dismissal information to vulnerabilities See merge request gitlab-org/gitlab!45688

Merge branch '262112_copy_dismissal_information_to_vulnerabilities_on_creation' into 'master'
Copy dismissal information to vulnerabilities See merge request gitlab-org/gitlab!45688
e2ebd314 · Mark Chao · 31fa73f4 · 8b580b43 · e2ebd314 · e2ebd314
Commit e2ebd314 authored Oct 22, 2020 by Mark Chao
4 changed files
--- a/ee/app/services/vulnerabilities/create_service.rb
+++ b/ee/app/services/vulnerabilities/create_service.rb
@@ -3,6 +3,7 @@
 module Vulnerabilities
  class CreateService
    include Gitlab::Allowable
+    include Gitlab::Utils::StrongMemoize

    def initialize(project, author, finding_id:)
      @project = project
@@ -16,9 +17,6 @@ module Vulnerabilities
      vulnerability = Vulnerability.new

      Vulnerabilities::Finding.transaction(requires_new: true) do
-        # we're using `lock` instead of `with_lock` to avoid extra call to `find` under the hood
-        finding = @project.vulnerability_findings.lock_for_confirmation!(@finding_id)
-
        save_vulnerability(vulnerability, finding)
        Statistics::UpdateService.update_for(vulnerability)
        HistoricalStatistics::UpdateService.update_for(@project)
@@ -42,9 +40,21 @@ module Vulnerabilities
        severity_overridden: false,
        confidence: finding.confidence,
        confidence_overridden: false,
-        report_type: finding.report_type
+        report_type: finding.report_type,
+        dismissed_at: existing_dismissal_feedback&.created_at,
+        dismissed_by_id: existing_dismissal_feedback&.author_id
      )
+
      vulnerability.save && vulnerability.findings << finding
    end
+
+    def existing_dismissal_feedback
+      strong_memoize(:existing_dismissal_feedback) { finding.dismissal_feedback }
+    end
+
+    def finding
+      # we're using `lock` instead of `with_lock` to avoid extra call to `find` under the hood
+      @finding ||= @project.vulnerability_findings.lock_for_confirmation!(@finding_id)
+    end
  end
 end
--- a/ee/changelogs/unreleased/262112_copy_dismissal_information_to_vulnerabilities_on_creation.yml
+++ b/ee/changelogs/unreleased/262112_copy_dismissal_information_to_vulnerabilities_on_creation.yml
+---
+title: Copy dismissal information to vulnerability while creating the record
+merge_request: 45688
+author:
+type: fixed
--- a/ee/spec/factories/vulnerabilities/findings.rb
+++ b/ee/spec/factories/vulnerabilities/findings.rb
@@ -91,8 +91,15 @@ FactoryBot.define do
    end

    trait :dismissed do
+      with_dismissal_feedback
+
      after(:create) do |finding|
        create(:vulnerability, :dismissed, project: finding.project, findings: [finding])
+      end
+    end
+
+    trait :with_dismissal_feedback do
+      after(:create) do |finding|
        create(:vulnerability_feedback,
               :dismissal,
               project: finding.project,

--- a/ee/spec/services/vulnerabilities/create_service_spec.rb
+++ b/ee/spec/services/vulnerabilities/create_service_spec.rb
@@ -39,12 +39,15 @@ RSpec.describe Vulnerabilities::CreateService do
    end

    context 'and finding is dismissed' do
-      let(:finding) { create(:vulnerabilities_occurrence, :dismissed, project: project) }
+      let(:finding) { create(:vulnerabilities_occurrence, :with_dismissal_feedback, project: project) }
+      let(:vulnerability) { project.vulnerabilities.last }

-      it 'creates a vulnerability in a dismissed state' do
+      it 'creates a vulnerability in a dismissed state and sets dismissal information' do
        expect { subject }.to change { project.vulnerabilities.count }.by(1)

-        expect(project.vulnerabilities.last.state).to eq('dismissed')
+        expect(vulnerability.state).to eq('dismissed')
+        expect(vulnerability.dismissed_at).to eq(finding.dismissal_feedback.created_at)
+        expect(vulnerability.dismissed_by_id).to eq(finding.dismissal_feedback.author_id)
      end
    end