Simplify vulnerabilities actions specs

They were testing some functionality that is the responsibility of the VulnerabilitiesFinder, not the controllers.

Simplify vulnerabilities actions specs
They were testing some functionality that is the responsibility of the VulnerabilitiesFinder, not the controllers.
0bd1b61c · Avielle Wolfe · Avielle Wolfe · f51afbf1 · 0bd1b61c
Commit 0bd1b61c authored Jun 28, 2019 by Avielle Wolfe Committed by Avielle Wolfe Jul 18, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 86 additions and 141 deletions

ee/spec/support/shared_examples/controllers/concerns/ee/vulnerabilities_actions_shared_examples.rb ...rs/concerns/ee/vulnerabilities_actions_shared_examples.rb +86 -141

No files found.
--- a/ee/spec/support/shared_examples/controllers/concerns/ee/vulnerabilities_actions_shared_examples.rb
+++ b/ee/spec/support/shared_examples/controllers/concerns/ee/vulnerabilities_actions_shared_examples.rb
@@ -5,13 +5,9 @@ require 'spec_helper'
 shared_examples ::EE::VulnerabilitiesActions do
  include ApiHelpers
-  set(:group) { create(:group) }
+  let(:user) { create(:user) }
-  set(:group_other) { create(:group) }
+  let(:project) { create(:project, namespace: group) }
-  set(:user) { create(:user) }
+  let(:pipeline) { create(:ci_pipeline, :success, project: project) }
-  set(:project_dev) { create(:project, :private, :repository, group: group) }
-  set(:project_guest) { create(:project, :private, :repository, group: group) }
-  set(:project_other) { create(:project, :public, :repository, group: group_other) }
-  let(:projects) { [project_dev, project_guest, project_other] }
  before do
    group.add_developer(user)
@@ -23,81 +19,74 @@ shared_examples ::EE::VulnerabilitiesActions do
  describe 'GET index.json' do
    subject { get :index, params: { group_id: group }, format: :json }
-    context 'when no page request' do
+    it 'returns an ordered list of vulnerabilities' do
-      before do
+      critical_vulnerability = create(
-        projects.each do |project|
+        :vulnerabilities_occurrence,
-          create_vulnerabilities(1, project)
+        pipelines: [pipeline],
-        end
+        project: project,
-      end
+        severity: :critical
+      )
+      create(:vulnerabilities_occurrence, pipelines: [pipeline], project: project, severity: :high)
-      it 'returns a list of vulnerabilities' do
+      subject
-        subject
-        expect(response).to have_gitlab_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
-        expect(json_response).to be_an(Array)
+      expect(json_response.length).to eq 2
-        expect(json_response.length).to eq 2
+      expect(json_response.first['id']).to be(critical_vulnerability.id)
-        expect(response).to match_response_schema('vulnerabilities/occurrence_list', dir: 'ee')
+      expect(response).to match_response_schema('vulnerabilities/occurrence_list', dir: 'ee')
-      end
    end
-    context 'when page requested' do
+    context 'when a specific page is requested' do
-      before do
+      it 'returns the list of vulnerabilities that are on the requested page' do
-        projects.each do |project|
+        create_list(:vulnerabilities_occurrence, 35, pipelines: [pipeline], project: project)
-          create_vulnerabilities(11, project)
-        end
-      end
-      it 'returns a list of vulnerabilities for the requested page' do
        get :index, params: { group_id: group, page: 2 }, format: :json
        expect(response).to have_gitlab_http_status(200)
-        expect(json_response).to be_an(Array)
+        expect(json_response.length).to eq 15
-        expect(json_response.length).to eq 2
      end
    end
-    context 'with vulnerability feedback' do
+    context 'when the vulnerabilities have feedback' do
-      it "avoids N+1 queries", :with_request_store do
+      subject { get :index, params: { group_id: group }, format: :json }
-        create_vulnerabilities(2, project_dev, with_feedback: true)
-        control_count = ActiveRecord::QueryRecorder.new { get_index }
-        create_vulnerabilities(2, project_guest, with_feedback: true)
+      it 'avoids N+1 queries', :with_request_store do
+        vulnerability = create(:vulnerabilities_occurrence, pipelines: [pipeline], project: project, report_type: :sast)
+        create(:vulnerability_feedback,
+                :sast,
+                :issue,
+                pipeline: pipeline,
+                issue: create(:issue, project: project),
+                project: project,
+                project_fingerprint: vulnerability.project_fingerprint)
-        expect { get_index }.not_to exceed_all_query_limit(control_count)
+        control_count = ActiveRecord::QueryRecorder.new { subject }
-      end
-      private
+        vulnerability = create(:vulnerabilities_occurrence, pipelines: [pipeline], project: project, report_type: :sast)
+        create(:vulnerability_feedback,
+                :sast,
+                :issue,
+                pipeline: pipeline,
+                issue: create(:issue, project: project),
+                project: project,
+                project_fingerprint: vulnerability.project_fingerprint)
-      def get_index
+        expect { subject }.not_to exceed_all_query_limit(control_count)
-        get :index, params: { group_id: group }, format: :json
      end
    end
    context 'with multiple report types' do
      before do
-        projects.each do |project|
+        create(:vulnerabilities_occurrence, pipelines: [pipeline], project: project, report_type: :sast)
-          create_vulnerabilities(2, project_guest, { report_type: :sast })
+        create(:vulnerabilities_occurrence, pipelines: [pipeline], project: project, report_type: :dast)
-          create_vulnerabilities(1, project_dev, { report_type: :dependency_scanning })
+        create(:vulnerabilities_occurrence, pipelines: [pipeline], project: project, report_type: :dependency_scanning)
-        end
-      end
-      it "returns a list of vulnerabilities for all report types without filter" do
-        subject
-        expect(response).to have_gitlab_http_status(200)
-        expect(json_response).to be_an(Array)
-        expect(json_response.length).to eq 3
-        expect(json_response.map { |v| v['report_type'] }.uniq).to contain_exactly('sast', 'dependency_scanning')
-        expect(response).to match_response_schema('vulnerabilities/occurrence_list', dir: 'ee')
      end
-      it "returns a list of vulnerabilities for sast only if filter is enabled" do
+      it 'returns a list of vulnerabilities for sast only if filter is enabled' do
        get :index, params: { group_id: group, report_type: ['sast'] }, format: :json
        expect(response).to have_gitlab_http_status(200)
-        expect(json_response).to be_an(Array)
+        expect(json_response.length).to eq 1
-        expect(json_response.length).to eq 2
        expect(json_response.map { |v| v['report_type'] }.uniq).to contain_exactly('sast')
        expect(response).to match_response_schema('vulnerabilities/occurrence_list', dir: 'ee')
      end
@@ -105,62 +94,31 @@ shared_examples ::EE::VulnerabilitiesActions do
      it "returns a list of vulnerabilities of all types with multi filter" do
        get :index, params: { group_id: group, report_type: %w[sast dependency_scanning] }, format: :json
-        expect(json_response.length).to eq 3
+        expect(json_response.length).to eq 2
        expect(json_response.map { |v| v['report_type'] }.uniq).to contain_exactly('sast', 'dependency_scanning')
      end
    end
-    def create_vulnerabilities(count, project, options = {})
-      report_type = options[:report_type] || :sast
-      pipeline = create(:ci_pipeline, :success, project: project)
-      vulnerabilities = create_list(:vulnerabilities_occurrence, count, report_type: report_type, pipelines: [pipeline], project: project)
-      return vulnerabilities unless options[:with_feedback]
-      vulnerabilities.each do |occurrence|
-        create(:vulnerability_feedback, report_type, :dismissal,
-               pipeline: pipeline,
-               project: project_dev,
-               project_fingerprint: occurrence.project_fingerprint)
-        create(:vulnerability_feedback, report_type, :issue,
-               pipeline: pipeline,
-               issue: create(:issue, project: project),
-               project: project_dev,
-               project_fingerprint: occurrence.project_fingerprint)
-      end
-    end
  end
  describe 'GET summary.json' do
-    subject { get :summary, params: { group_id: group }, format: :json }
    before do
-      pipeline = create(:ci_pipeline, :success, project: project_dev)
      create_list(:vulnerabilities_occurrence, 3,
-                  pipelines: [pipeline], project: project_dev, report_type: :sast, severity: :high)
+        pipelines: [pipeline], project: project, report_type: :sast, severity: :high)
-      create_list(:vulnerabilities_occurrence, 1,
-                  pipelines: [pipeline], project: project_dev, report_type: :dependency_scanning, severity: :low)
      create_list(:vulnerabilities_occurrence, 2,
-                  pipelines: [pipeline], project: project_guest, report_type: :dependency_scanning, severity: :low)
+        pipelines: [pipeline], project: project, report_type: :dependency_scanning, severity: :low)
      create_list(:vulnerabilities_occurrence, 1,
-                  pipelines: [pipeline], project: project_guest, report_type: :dast, severity: :medium)
+        pipelines: [pipeline], project: project, report_type: :dast, severity: :medium)
      create_list(:vulnerabilities_occurrence, 1,
-                  pipelines: [pipeline], project: project_other, report_type: :dast, severity: :low)
+        pipelines: [pipeline], project: project, report_type: :sast, severity: :medium)
    end
    it 'returns vulnerabilities counts for all report types' do
-      subject
+      get :summary, params: { group_id: group }, format: :json
      expect(response).to have_gitlab_http_status(200)
-      expect(json_response).to be_an(Hash)
      expect(json_response['high']).to eq(3)
-      expect(json_response['low']).to eq(4)
+      expect(json_response['low']).to eq(2)
-      expect(json_response['medium']).to eq(1)
+      expect(json_response['medium']).to eq(2)
      expect(response).to match_response_schema('vulnerabilities/summary', dir: 'ee')
    end
@@ -169,10 +127,9 @@ shared_examples ::EE::VulnerabilitiesActions do
        get :summary, params: { group_id: group, report_type: %w[sast dast], severity: %[high low] }, format: :json
        expect(response).to have_gitlab_http_status(200)
-        expect(json_response).to be_an(Hash)
        expect(json_response['high']).to eq(3)
-        expect(json_response['low']).to eq(1)
+        expect(json_response['low']).to eq(0)
-        expect(json_response['medium']).to eq(1)
+        expect(json_response['medium']).to eq(2)
        expect(response).to match_response_schema('vulnerabilities/summary', dir: 'ee')
      end
    end
@@ -183,51 +140,43 @@ shared_examples ::EE::VulnerabilitiesActions do
    before do
      travel_to(Time.zone.parse('2018-11-10')) do
-        pipeline_1 = create(:ci_pipeline, :success, project: project_dev)
+        create(:vulnerabilities_occurrence,
-        pipeline_2 = create(:ci_pipeline, :success, project: project_dev)
+                pipelines: [pipeline],
+                project: project,
-        create_list(:vulnerabilities_occurrence, 2,
+                report_type: :sast,
-                    pipelines: [pipeline_1], project: project_dev, report_type: :sast, severity: :high)
+                severity: :critical)
-        create_list(:vulnerabilities_occurrence, 1,
-                    pipelines: [pipeline_1], project: project_dev, report_type: :dependency_scanning, severity: :low)
-        create_list(:vulnerabilities_occurrence, 1,
+        create(:vulnerabilities_occurrence,
-                    pipelines: [pipeline_1, pipeline_2], project: project_dev, report_type: :sast, severity: :critical)
+                pipelines: [pipeline],
+                project: project,
-        create_list(:vulnerabilities_occurrence, 1,
+                report_type: :dependency_scanning,
-                    pipelines: [pipeline_1, pipeline_2], project: project_dev, report_type: :dependency_scanning, severity: :low)
+                severity: :low)
      end
      travel_to(Time.zone.parse('2018-11-12')) do
-        pipeline = create(:ci_pipeline, :success, project: project_dev)
+        create(:vulnerabilities_occurrence,
+                pipelines: [pipeline],
-        create_list(:vulnerabilities_occurrence, 2,
+                project: project,
-                    pipelines: [pipeline], project: project_dev, report_type: :dependency_scanning, severity: :low)
+                report_type: :sast,
+                severity: :critical)
-        create_list(:vulnerabilities_occurrence, 1,
-                    pipelines: [pipeline], project: project_dev, report_type: :dast, severity: :medium)
+        create(:vulnerabilities_occurrence,
+                pipelines: [pipeline],
-        create_list(:vulnerabilities_occurrence, 1,
+                project: project,
-                    pipelines: [pipeline], project: project_dev, report_type: :dast, severity: :low)
+                report_type: :dependency_scanning,
+                severity: :low)
-        create_list(:vulnerabilities_occurrence, 1,
-                    pipelines: [pipeline], project: project_dev, report_type: :container_scanning, severity: :high)
      end
    end
    it 'returns vulnerability history within last 90 days' do
-      travel_to(Time.zone.parse('2019-02-10')) do
+      travel_to(Time.zone.parse('2019-02-11')) do
        subject
      end
      expect(response).to have_gitlab_http_status(200)
-      expect(json_response).to be_an(Hash)
+      expect(json_response['total']).to eq({ '2018-11-12' => 2 })
-      expect(json_response['total']).to eq({ '2018-11-10' => 5, '2018-11-12' => 5 })
+      expect(json_response['critical']).to eq({ '2018-11-12' => 1 })
-      expect(json_response['critical']).to eq({ '2018-11-10' => 1 })
+      expect(json_response['low']).to eq({ '2018-11-12' => 1 })
-      expect(json_response['high']).to eq({ '2018-11-10' => 2, '2018-11-12' => 1 })
-      expect(json_response['medium']).to eq({ '2018-11-12' => 1 })
-      expect(json_response['low']).to eq({ '2018-11-10' => 2, '2018-11-12' => 3 })
      expect(response).to match_response_schema('vulnerabilities/history', dir: 'ee')
    end
@@ -237,7 +186,6 @@ shared_examples ::EE::VulnerabilitiesActions do
      end
      expect(response).to have_gitlab_http_status(200)
-      expect(json_response).to be_an(Hash)
      expect(json_response).to eq({
        "undefined" => {},
        "info" => {},
@@ -252,17 +200,14 @@ shared_examples ::EE::VulnerabilitiesActions do
    end
    it 'returns filtered history if filters are enabled' do
-      travel_to(Time.zone.parse('2019-02-10')) do
+      travel_to(Time.zone.parse('2019-02-11')) do
-        get :history, params: { group_id: group, report_type: %w[dependency_scanning sast dast container_scanning] }, format: :json
+        get :history, params: { group_id: group, report_type: %w[sast] }, format: :json
      end
      expect(response).to have_gitlab_http_status(200)
-      expect(json_response).to be_an(Hash)
+      expect(json_response['total']).to eq({ '2018-11-12' => 1 })
-      expect(json_response['total']).to eq({ '2018-11-10' => 5, '2018-11-12' => 5 })
+      expect(json_response['critical']).to eq({ '2018-11-12' => 1 })
-      expect(json_response['critical']).to eq({ '2018-11-10' => 1 })
+      expect(json_response['low']).to eq({})
-      expect(json_response['high']).to eq({ '2018-11-10' => 2, '2018-11-12' => 1 })
-      expect(json_response['medium']).to eq({ '2018-11-12' => 1 })
-      expect(json_response['low']).to eq({ '2018-11-10' => 2, '2018-11-12' => 3 })
      expect(response).to match_response_schema('vulnerabilities/history', dir: 'ee')
    end
  end