Merge branch '8157_add_line_numbers_to_vuln_issues_be' into 'master'

Add file and line numbers to vulnerabilities issues Closes #8157 See merge request gitlab-org/gitlab-ee!8578

Merge branch '8157_add_line_numbers_to_vuln_issues_be' into 'master'
Add file and line numbers to vulnerabilities issues Closes #8157 See merge request gitlab-org/gitlab-ee!8578
1d2f90c0 · Douglas Barbosa Alexandre · 95bf33d5 · 72b7ba42 · 1d2f90c0 · 1d2f90c0
Commit 1d2f90c0 authored Dec 04, 2018 by Douglas Barbosa Alexandre
4 changed files
--- a/ee/app/views/vulnerabilities/issue_description.md.erb
+++ b/ee/app/views/vulnerabilities/issue_description.md.erb
@@ -8,6 +8,12 @@
 <% if vulnerability.confidence.present? %>
 * Confidence: <%= vulnerability.confidence %>
 <% end %>
+<% if defined?(vulnerability.file) && vulnerability.file.present?
+     location_text = [vulnerability.file, vulnerability.line].compact.join(':')
+     location_link = [vulnerability.file, vulnerability.line].compact.join('#L')
+%>
+* Location: [<%= location_text %>](<%= location_link %>)
+<% end %>

 <% if vulnerability.solution.present? %>
 ### Solution:

--- a/ee/changelogs/unreleased/8157_add_line_numbers_to_vuln_issues_be.yml
+++ b/ee/changelogs/unreleased/8157_add_line_numbers_to_vuln_issues_be.yml
+---
+title: Add file and line numbers to issues created from SAST vulnerabilities
+merge_request: 8578
+author:
+type: changed
--- a/ee/lib/gitlab/vulnerabilities/standard_vulnerability.rb
+++ b/ee/lib/gitlab/vulnerabilities/standard_vulnerability.rb
@@ -18,6 +18,14 @@ module Gitlab
      def description
        @data[:description].presence || @data[:title]
      end
+
+      def file
+        @data[:file].presence || @data[:location]&.[](:file)
+      end
+
+      def line
+        @data[:line].presence || @data[:location]&.[](:start_line)
+      end
    end
  end
 end
--- a/ee/spec/services/ee/issues/create_from_vulnerability_data_service_spec.rb
+++ b/ee/spec/services/ee/issues/create_from_vulnerability_data_service_spec.rb
@@ -32,6 +32,7 @@ describe Issues::CreateFromVulnerabilityDataService, '#execute' do
            severity: 'Low', confidence: 'High',
            solution: 'Please do something!',
            file: 'subdir/src/main/java/com/gitlab/security_products/tests/App.java',
+            line: '15',
            cve: '818bf5dacb291e15d9e6dc3c5ac32178:PREDICTABLE_RANDOM',
            title: 'Predictable pseudorandom number generator',
            description: 'Description of Predictable pseudorandom number generator',
@@ -69,6 +70,7 @@ describe Issues::CreateFromVulnerabilityDataService, '#execute' do

            * Severity: Low
            * Confidence: High
+            * Location: [subdir/src/main/java/com/gitlab/security_products/tests/App.java:15](subdir/src/main/java/com/gitlab/security_products/tests/App.java#L15)

            ### Solution:

@@ -97,6 +99,7 @@ describe Issues::CreateFromVulnerabilityDataService, '#execute' do
            severity: 'Low', confidence: 'High',
            solution: 'Please do something!',
            file: 'subdir/src/main/java/com/gitlab/security_products/tests/App.java',
+            line: '15',
            cve: '818bf5dacb291e15d9e6dc3c5ac32178:PREDICTABLE_RANDOM',
            title: 'Predictable pseudorandom number generator',
            tool: 'find_sec_bugs'
@@ -111,6 +114,7 @@ describe Issues::CreateFromVulnerabilityDataService, '#execute' do

            * Severity: Low
            * Confidence: High
+            * Location: [subdir/src/main/java/com/gitlab/security_products/tests/App.java:15](subdir/src/main/java/com/gitlab/security_products/tests/App.java#L15)

            ### Solution:

@@ -130,6 +134,7 @@ describe Issues::CreateFromVulnerabilityDataService, '#execute' do
            severity: 'Low', confidence: 'High',
            solution: 'Please do something!',
            file: 'subdir/src/main/java/com/gitlab/security_products/tests/App.java',
+            line: '15',
            cve: '818bf5dacb291e15d9e6dc3c5ac32178:PREDICTABLE_RANDOM',
            title: 'Predictable pseudorandom number generator',
            description: 'Description of Predictable pseudorandom number generator',
@@ -166,6 +171,7 @@ describe Issues::CreateFromVulnerabilityDataService, '#execute' do

            * Severity: Low
            * Confidence: High
+            * Location: [subdir/src/main/java/com/gitlab/security_products/tests/App.java:15](subdir/src/main/java/com/gitlab/security_products/tests/App.java#L15)

            ### Solution:

@@ -209,6 +215,7 @@ describe Issues::CreateFromVulnerabilityDataService, '#execute' do

            * Severity: Low
            * Confidence: High
+            * Location: [subdir/src/main/java/com/gitlab/security_products/tests/App.java:41](subdir/src/main/java/com/gitlab/security_products/tests/App.java#L41)

            ### Solution: