Merge branch...

Merge branch '284740-allow-issuescontroller-to-creating-an-issue-with-vulnerability-feedback' into 'master' Add feedback creation in controller See merge request gitlab-org/gitlab!52141

Merge branch...
Merge branch '284740-allow-issuescontroller-to-creating-an-issue-with-vulnerability-feedback' into 'master' Add feedback creation in controller See merge request gitlab-org/gitlab!52141
fe0100c8 · Imre Farkas · 0e569d16 · e35cb0e5 · fe0100c8 · fe0100c8
Commit fe0100c8 authored Feb 05, 2021 by Imre Farkas
7 changed files
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@@ -130,7 +130,7 @@ class Projects::IssuesController < Projects::ApplicationController
    service = ::Issues::CreateService.new(project, current_user, create_params)
    @issue = service.execute

-    create_vulnerability_issue_link(issue)
+    create_vulnerability_issue_feedback(issue)

    if service.discussions_to_resolve.count(&:resolved?) > 0
      flash[:notice] = if service.discussion_to_resolve_id
@@ -402,7 +402,7 @@ class Projects::IssuesController < Projects::ApplicationController
  end

  # Overridden in EE
-  def create_vulnerability_issue_link(issue); end
+  def create_vulnerability_issue_feedback(issue); end
 end

 Projects::IssuesController.prepend_if_ee('EE::Projects::IssuesController')
--- a/ee/app/controllers/ee/projects/issues_controller.rb
+++ b/ee/app/controllers/ee/projects/issues_controller.rb
@@ -48,17 +48,21 @@ module EE
        end
      end

-      def create_vulnerability_issue_link(issue)
+      def create_vulnerability_issue_feedback(issue)
        return unless issue.persisted? && vulnerability

-        result = VulnerabilityIssueLinks::CreateService.new(
+        result = VulnerabilityFeedback::CreateService.new(
+          issue.project,
          current_user,
-          vulnerability,
-          issue,
-          link_type: Vulnerabilities::IssueLink.link_types[:created]
+          vulnerability_issue_feedback_params(issue, vulnerability)
        ).execute

-        flash[:alert] = render_vulnerability_link_alert if result.status == :error
+        errors = []
+        result[:message].full_messages.each do |error|
+          errors << render_vulnerability_link_alert(error)
+        end
+
+        flash[:alert] = errors.join('<br\>').html_safe
      end

      def vulnerability
@@ -75,6 +79,20 @@ module EE
        }
      end

+      def vulnerability_issue_feedback_params(issue, vulnerability)
+        feedback_params = {
+          issue: issue,
+          feedback_type: 'issue',
+          category: vulnerability.report_type,
+          project_fingerprint: vulnerability.finding.project_fingerprint,
+          vulnerability_data: vulnerability.as_json
+        }
+
+        feedback_params[:vulnerability_data][:vulnerability_id] = vulnerability.id
+
+        feedback_params
+      end
+
      def render_vulnerability_description
        render_to_string(
          template: 'vulnerabilities/issue_description.md.erb',
@@ -82,10 +100,13 @@ module EE
        )
      end

-      def render_vulnerability_link_alert
+      def render_vulnerability_link_alert(error_message)
        render_to_string(
          partial: 'vulnerabilities/unable_to_link_vulnerability.html.haml',
-          locals: { vulnerability_link: vulnerability_path(vulnerability) }
+          locals: {
+            vulnerability_link: vulnerability_path(vulnerability),
+            error_message: error_message
+          }
        )
      end


--- a/ee/app/services/vulnerability_feedback/create_service.rb
+++ b/ee/app/services/vulnerability_feedback/create_service.rb
@@ -15,8 +15,10 @@ module VulnerabilityFeedback
        dismiss_existing_vulnerability
      end

+      errors = vulnerability_feedback.errors.dup
+
      if vulnerability_feedback.persisted? && vulnerability_feedback.valid?
-        success(vulnerability_feedback)
+        success(vulnerability_feedback).merge(message: errors)
      else
        rollback_merge_request(vulnerability_feedback.merge_request) if vulnerability_feedback.merge_request

@@ -57,16 +59,21 @@ module VulnerabilityFeedback
    def create_issue
      # Wrap Feedback and Issue creation in the same transaction
      ActiveRecord::Base.transaction do
-        result = Issues::CreateFromVulnerabilityDataService
-          .new(@project, @current_user, vulnerability_feedback.vulnerability_data)
-          .execute
+        issue = @params[:issue]

-        if result[:status] == :error
-          vulnerability_feedback.errors[:issue] << result[:message]
-          raise ActiveRecord::Rollback
-        end
+        # Create a new issue if one does not exist
+        unless issue
+          result = Issues::CreateFromVulnerabilityDataService
+            .new(@project, @current_user, vulnerability_feedback.vulnerability_data)
+            .execute

-        issue = result[:issue]
+          if result[:status] == :error
+            vulnerability_feedback.errors[:issue] << result[:message]
+            raise ActiveRecord::Rollback
+          end
+
+          issue = result[:issue]
+        end

        issue_link_result = create_vulnerability_issue_link(vulnerability_feedback.vulnerability_data[:vulnerability_id], issue)


--- a/ee/app/views/vulnerabilities/_unable_to_link_vulnerability.html.haml
+++ b/ee/app/views/vulnerabilities/_unable_to_link_vulnerability.html.haml
 %span.gl-alert-title
  = _('Unable to create link to vulnerability')
 .gl-alert-body
+  = error_message
+  %br
  - originating_vulnerability_link = link_to _('originating vulnerability'), vulnerability_link
  = _('Manually link this issue by adding it to the linked issue section of the %{originating_vulnerability}.').html_safe % { originating_vulnerability: originating_vulnerability_link }
--- a/ee/changelogs/unreleased/284740-allow-issuescontroller-to-creating-an-issue-with-vulnerability-.yml
+++ b/ee/changelogs/unreleased/284740-allow-issuescontroller-to-creating-an-issue-with-vulnerability-.yml
+---
+title: Add feedback creation in controller
+merge_request: 52141
+author:
+type: changed
--- a/ee/spec/controllers/projects/issues_controller_spec.rb
+++ b/ee/spec/controllers/projects/issues_controller_spec.rb
@@ -112,6 +112,12 @@ RSpec.describe Projects::IssuesController do
            expect(project.issues.last.vulnerability_links.first.vulnerability).to eq(vulnerability)
          end

+          it 'creates vulnerability feedback' do
+            send_request
+
+            expect(project.issues.last).to eq(Vulnerabilities::Feedback.last.issue)
+          end
+
          it 'overwrites the default fields' do
            send_request


--- a/ee/spec/services/vulnerability_feedback/create_service_spec.rb
+++ b/ee/spec/services/vulnerability_feedback/create_service_spec.rb
@@ -196,7 +196,7 @@ RSpec.describe VulnerabilityFeedback::CreateService, '#execute' do
        expect(result[:status]).to eq(:success)
      end

-      context 'id of vulnerability is provided in vulnerability_data params' do
+      context 'when the id of the vulnerability is provided in vulnerability_data params' do
        before do
          stub_licensed_features(security_dashboard: true)
        end
@@ -313,6 +313,24 @@ RSpec.describe VulnerabilityFeedback::CreateService, '#execute' do
          end
        end
      end
+
+      context 'when a previously created issue is provided' do
+        let(:issue) { create(:issue, project: project) }
+
+        before do
+          feedback_params.merge!({ issue: issue })
+        end
+
+        it 'does not create a new issue' do
+          expect { result }.not_to change { Issue.count }
+        end
+
+        it 'sets the feedback issue to the created issue' do
+          feedback = result[:vulnerability_feedback]
+
+          expect(feedback.issue).to eq(issue)
+        end
+      end
    end

    context 'when feedback_type is merge_request' do