Merge branch '327480_fix_jira_issue_template' into 'master'

Fix `create_jira_issue_url` for unpersisted vulnerabilities(a.k.a. findings) See merge request gitlab-org/gitlab!74724

Merge branch '327480_fix_jira_issue_template' into 'master'
Fix `create_jira_issue_url` for unpersisted vulnerabilities(a.k.a. findings) See merge request gitlab-org/gitlab!74724
25a12464 · Dmitry Gruzd · 38de7301 · b686da25 · 25a12464 · 25a12464
Commit 25a12464 authored Nov 23, 2021 by Dmitry Gruzd
4 changed files
--- a/ee/app/presenters/vulnerabilities/finding_presenter.rb
+++ b/ee/app/presenters/vulnerabilities/finding_presenter.rb
@@ -15,6 +15,11 @@ module Vulnerabilities
      add_line_numbers(location['start_line'], location['end_line'])
    end
+    delegator_override :links
+    def links
+      @links ||= finding.links.map(&:with_indifferent_access)
+    end
    private
    def add_line_numbers(start_line, end_line)

--- a/ee/app/views/vulnerabilities/jira_issue_description.md.erb
+++ b/ee/app/views/vulnerabilities/jira_issue_description.md.erb
@@ -46,7 +46,7 @@ h3. <%= _("Links") %>:
 <% end %>
 <% end %>
-<% if vulnerability.remediations.present? && vulnerability.remediations.any? %>
+<% if vulnerability.is_a?(Vulnerability) && vulnerability.remediations.present? %>
 ### <%= _("Remediations") %>:
 <%= _("See vulnerability %{vulnerability_link} for any Remediation details.".html_safe) % { vulnerability_link: "[#{vulnerability.id}|#{vulnerability_url(vulnerability)}]" } %>

--- a/ee/spec/helpers/vulnerabilities_helper_spec.rb
+++ b/ee/spec/helpers/vulnerabilities_helper_spec.rb
@@ -195,7 +195,7 @@ RSpec.describe VulnerabilitiesHelper do
  end
  describe '#create_jira_issue_url_for' do
-    subject { helper.vulnerability_details(vulnerability, pipeline) }
+    subject { helper.create_jira_issue_url_for(vulnerability) }
    let(:jira_integration) { double('Integrations::Jira', new_issue_url_with_predefined_fields: 'https://jira.example.com/new') }
@@ -210,6 +210,7 @@ RSpec.describe VulnerabilitiesHelper do
        allow(project).to receive(:configured_to_create_issues_from_vulnerabilities?).and_return(true)
      end
+      context 'when the given object is a vulnerability' do
        let(:expected_jira_issue_description) do
          <<-JIRA.strip_heredoc
            Issue created from vulnerability [#{vulnerability.id}|http://localhost/#{project.full_path}/-/security/vulnerabilities/#{vulnerability.id}]
@@ -244,10 +245,6 @@ RSpec.describe VulnerabilitiesHelper do
          subject
        end
-      it 'generates url to create issue in Jira' do
-        expect(subject[:create_jira_issue_url]).to eq('https://jira.example.com/new')
-      end
        context 'when scan property is empty' do
          before do
            vulnerability.finding.scan = nil
@@ -261,13 +258,45 @@ RSpec.describe VulnerabilitiesHelper do
        end
      end
+      context 'when the given object is an unpersisted finding' do
+        let(:vulnerability) { build(:vulnerabilities_finding, :with_remediation, project: project) }
+        let(:expected_jira_issue_description) do
+          <<~TEXT
+            h3. Description:
+            The cipher does not provide data integrity update 1
+            * Severity: high
+            * Confidence: medium
+            h3. Links:
+            * [Cipher does not check for integrity first?|https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first]
+            h3. Scanner:
+            * Name: Find Security Bugs
+          TEXT
+        end
+        it 'delegates rendering URL to Integrations::Jira' do
+          expect(jira_integration).to receive(:new_issue_url_with_predefined_fields).with("Investigate vulnerability: #{vulnerability.name}", expected_jira_issue_description)
+          subject
+        end
+      end
+    end
    context 'with jira vulnerabilities integration disabled' do
      before do
        allow(project).to receive(:jira_vulnerabilities_integration_enabled?).and_return(false)
        allow(project).to receive(:configured_to_create_issues_from_vulnerabilities?).and_return(false)
      end
-      it { expect(subject[:create_jira_issue_url]).to be_nil }
+      it { is_expected.to be_nil }
    end
  end

--- a/ee/spec/presenters/vulnerabilities/finding_presenter_spec.rb
+++ b/ee/spec/presenters/vulnerabilities/finding_presenter_spec.rb
@@ -72,4 +72,18 @@ RSpec.describe Vulnerabilities::FindingPresenter do
      end
    end
  end
+  describe '#links' do
+    let(:link_name) { 'Cipher does not check for integrity first?' }
+    let(:link_url) { 'https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first' }
+    subject(:links) { presenter.links }
+    it 'transforms the links to hash with indifferent access', :aggregate_failures do
+      expect(links.first['name']).to eq(link_name)
+      expect(links.first[:name]).to eq(link_name)
+      expect(links.first['url']).to eq(link_url)
+      expect(links.first[:url]).to eq(link_url)
+    end
+  end
 end