Merge branch '327480_fix_jira_issue_template' into 'master'

Fix `create_jira_issue_url` for unpersisted vulnerabilities(a.k.a. findings) See merge request gitlab-org/gitlab!74724

Merge branch '327480_fix_jira_issue_template' into 'master'
Fix `create_jira_issue_url` for unpersisted vulnerabilities(a.k.a. findings) See merge request gitlab-org/gitlab!74724
25a12464 · Dmitry Gruzd · 38de7301 · b686da25 · 25a12464 · 25a12464
Commit 25a12464 authored Nov 23, 2021 by Dmitry Gruzd
4 changed files
--- a/ee/app/presenters/vulnerabilities/finding_presenter.rb
+++ b/ee/app/presenters/vulnerabilities/finding_presenter.rb
@@ -15,6 +15,11 @@ module Vulnerabilities
      add_line_numbers(location['start_line'], location['end_line'])
    end

+    delegator_override :links
+    def links
+      @links ||= finding.links.map(&:with_indifferent_access)
+    end
+
    private

    def add_line_numbers(start_line, end_line)

--- a/ee/app/views/vulnerabilities/jira_issue_description.md.erb
+++ b/ee/app/views/vulnerabilities/jira_issue_description.md.erb
@@ -46,7 +46,7 @@ h3. <%= _("Links") %>:
 <% end %>
 <% end %>

-<% if vulnerability.remediations.present? && vulnerability.remediations.any? %>
+<% if vulnerability.is_a?(Vulnerability) && vulnerability.remediations.present? %>
 ### <%= _("Remediations") %>:

 <%= _("See vulnerability %{vulnerability_link} for any Remediation details.".html_safe) % { vulnerability_link: "[#{vulnerability.id}|#{vulnerability_url(vulnerability)}]" } %>

--- a/ee/spec/helpers/vulnerabilities_helper_spec.rb
+++ b/ee/spec/helpers/vulnerabilities_helper_spec.rb
@@ -195,7 +195,7 @@ RSpec.describe VulnerabilitiesHelper do
  end

  describe '#create_jira_issue_url_for' do
-    subject { helper.vulnerability_details(vulnerability, pipeline) }
+    subject { helper.create_jira_issue_url_for(vulnerability) }

    let(:jira_integration) { double('Integrations::Jira', new_issue_url_with_predefined_fields: 'https://jira.example.com/new') }

@@ -210,51 +210,80 @@ RSpec.describe VulnerabilitiesHelper do
        allow(project).to receive(:configured_to_create_issues_from_vulnerabilities?).and_return(true)
      end

-      let(:expected_jira_issue_description) do
-        <<-JIRA.strip_heredoc
-          Issue created from vulnerability [#{vulnerability.id}|http://localhost/#{project.full_path}/-/security/vulnerabilities/#{vulnerability.id}]
+      context 'when the given object is a vulnerability' do
+        let(:expected_jira_issue_description) do
+          <<-JIRA.strip_heredoc
+            Issue created from vulnerability [#{vulnerability.id}|http://localhost/#{project.full_path}/-/security/vulnerabilities/#{vulnerability.id}]

-          h3. Description:
+            h3. Description:

-          Description of My vulnerability
+            Description of My vulnerability

-          * Severity: high
-          * Confidence: medium
-          * Location: [maven/src/main/java/com/gitlab/security_products/tests/App.java:29|http://localhost/#{project.full_path}/-/blob/b83d6e391c22777fca1ed3012fce84f633d7fed0/maven/src/main/java/com/gitlab/security_products/tests/App.java#L29]
+            * Severity: high
+            * Confidence: medium
+            * Location: [maven/src/main/java/com/gitlab/security_products/tests/App.java:29|http://localhost/#{project.full_path}/-/blob/b83d6e391c22777fca1ed3012fce84f633d7fed0/maven/src/main/java/com/gitlab/security_products/tests/App.java#L29]

-          ### Solution:
+            ### Solution:

-          See vulnerability [#{vulnerability.id}|http://localhost/#{project.full_path}/-/security/vulnerabilities/#{vulnerability.id}] for any Solution details.
+            See vulnerability [#{vulnerability.id}|http://localhost/#{project.full_path}/-/security/vulnerabilities/#{vulnerability.id}] for any Solution details.


-          h3. Links:
+            h3. Links:

-          * [Cipher does not check for integrity first?|https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first]
+            * [Cipher does not check for integrity first?|https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first]


-          h3. Scanner:
+            h3. Scanner:

-          * Name: Find Security Bugs
-        JIRA
-      end
+            * Name: Find Security Bugs
+          JIRA
+        end

-      it 'delegates rendering URL to Integrations::Jira' do
-        expect(jira_integration).to receive(:new_issue_url_with_predefined_fields).with("Investigate vulnerability: #{vulnerability.title}", expected_jira_issue_description)
+        it 'delegates rendering URL to Integrations::Jira' do
+          expect(jira_integration).to receive(:new_issue_url_with_predefined_fields).with("Investigate vulnerability: #{vulnerability.title}", expected_jira_issue_description)

-        subject
-      end
+          subject
+        end
+
+        context 'when scan property is empty' do
+          before do
+            vulnerability.finding.scan = nil
+          end
+
+          it 'renders description using dedicated template without raising error' do
+            expect(jira_integration).to receive(:new_issue_url_with_predefined_fields).with("Investigate vulnerability: #{vulnerability.title}", expected_jira_issue_description)

-      it 'generates url to create issue in Jira' do
-        expect(subject[:create_jira_issue_url]).to eq('https://jira.example.com/new')
+            subject
+          end
+        end
      end

-      context 'when scan property is empty' do
-        before do
-          vulnerability.finding.scan = nil
+      context 'when the given object is an unpersisted finding' do
+        let(:vulnerability) { build(:vulnerabilities_finding, :with_remediation, project: project) }
+        let(:expected_jira_issue_description) do
+          <<~TEXT
+            h3. Description:
+
+            The cipher does not provide data integrity update 1
+
+            * Severity: high
+            * Confidence: medium
+
+
+
+            h3. Links:
+
+            * [Cipher does not check for integrity first?|https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first]
+
+
+            h3. Scanner:
+
+            * Name: Find Security Bugs
+          TEXT
        end

-        it 'renders description using dedicated template without raising error' do
-          expect(jira_integration).to receive(:new_issue_url_with_predefined_fields).with("Investigate vulnerability: #{vulnerability.title}", expected_jira_issue_description)
+        it 'delegates rendering URL to Integrations::Jira' do
+          expect(jira_integration).to receive(:new_issue_url_with_predefined_fields).with("Investigate vulnerability: #{vulnerability.name}", expected_jira_issue_description)

          subject
        end
@@ -267,7 +296,7 @@ RSpec.describe VulnerabilitiesHelper do
        allow(project).to receive(:configured_to_create_issues_from_vulnerabilities?).and_return(false)
      end

-      it { expect(subject[:create_jira_issue_url]).to be_nil }
+      it { is_expected.to be_nil }
    end
  end


--- a/ee/spec/presenters/vulnerabilities/finding_presenter_spec.rb
+++ b/ee/spec/presenters/vulnerabilities/finding_presenter_spec.rb
@@ -72,4 +72,18 @@ RSpec.describe Vulnerabilities::FindingPresenter do
      end
    end
  end
+
+  describe '#links' do
+    let(:link_name) { 'Cipher does not check for integrity first?' }
+    let(:link_url) { 'https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first' }
+
+    subject(:links) { presenter.links }
+
+    it 'transforms the links to hash with indifferent access', :aggregate_failures do
+      expect(links.first['name']).to eq(link_name)
+      expect(links.first[:name]).to eq(link_name)
+      expect(links.first['url']).to eq(link_url)
+      expect(links.first[:url]).to eq(link_url)
+    end
+  end
 end