Merge branch '296855-fix-broken-dismissal-description' into 'master'

Fix broken dismissal descriptions in Vulnerability details view

See merge request gitlab-org/gitlab!58431

app/graphql/types/base_enum.rb

@@ -22,8 +22,7 @@ module Types
         description(enum_mod.description) if use_description
 
         enum_mod.definition.each do |key, content|
-          desc = content.delete(:description)
-          value(key.to_s.upcase, description: desc, **content)
+          value(key.to_s.upcase, **content)
         end
       end
 

ee/app/helpers/vulnerabilities_helper.rb

@@ -24,12 +24,17 @@ module VulnerabilitiesHelper
       pipeline: vulnerability_pipeline_data(pipeline),
       can_modify_related_issues: current_user.can?(:admin_vulnerability_issue_link, vulnerability),
       issue_tracking_help_path: help_page_path('user/project/settings', anchor: 'sharing-and-permissions'),
-      permissions_help_path: help_page_path('user/permissions', anchor: 'project-members-permissions')
+      permissions_help_path: help_page_path('user/permissions', anchor: 'project-members-permissions'),
+      dismissal_descriptions: dismissal_descriptions
     }
 
     result.merge(vulnerability_data(vulnerability), vulnerability_finding_data(vulnerability))
   end
 
+  def dismissal_descriptions
+    Vulnerabilities::DismissalReasonEnum.definition.transform_values { |v| v[:description] }
+  end
+
   def new_issue_url_for(vulnerability)
     return unless vulnerability.project.issues_enabled?
 

ee/app/serializers/vulnerabilities/feedback_entity.rb

@@ -50,9 +50,6 @@ class Vulnerabilities::FeedbackEntity < Grape::Entity
   expose :project_fingerprint
 
   expose :dismissal_reason
-  expose :dismissal_descriptions do |feedback|
-    Vulnerabilities::DismissalReasonEnum.definition.transform_values { |v| v[:description] }
-  end
 
   alias_method :feedback, :object
 

ee/changelogs/unreleased/296855-fix-broken-dismissal-description.yml

+---
+title: Fix broken dismissal descriptions in vulnerability details view
+merge_request: 58431
+author:
+type: fixed

ee/spec/helpers/vulnerabilities_helper_spec.rb

@@ -162,6 +162,22 @@ RSpec.describe VulnerabilitiesHelper do
         it { is_expected.to be_falsey }
       end
     end
+
+    context 'dismissal descriptions' do
+      let(:expected_descriptions) do
+        {
+          acceptable_risk: "The vulnerability is known, and has not been remediated or mitigated, but is considered to be an acceptable business risk.",
+          false_positive: "An error in reporting in which a test result incorrectly indicates the presence of a vulnerability in a system when the vulnerability is not present.",
+          mitigating_control: "A management, operational, or technical control (that is, safeguard or countermeasure) employed by an organization that provides equivalent or comparable protection for an information system.",
+          used_in_tests: "The finding is not a vulnerability because it is part of a test or is test data.",
+          not_applicable: "The vulnerability is known, and has not been remediated or mitigated, but is considered to be in a part of the application that will not be updated."
+        }
+      end
+
+      it 'incldues dismissal descriptions' do
+        expect(subject[:dismissal_descriptions]).to eq(expected_descriptions)
+      end
+    end
   end
 
   describe '#create_jira_issue_url_for' do
@@ -294,7 +310,6 @@ RSpec.describe VulnerabilitiesHelper do
       it 'returns dismissal feedback information', :aggregate_failures do
         dismissal_feedback = subject[:dismissal_feedback]
         expect(dismissal_feedback[:dismissal_reason]).to eq(feedback.dismissal_reason)
-        expect(dismissal_feedback[:dismissal_descriptions]).to eq(Vulnerabilities::DismissalReasonEnum.definition.transform_values { |v| v[:description] })
         expect(dismissal_feedback[:comment_details][:comment]).to eq(feedback.comment)
       end
     end

ee/spec/serializers/vulnerabilities/feedback_entity_spec.rb

@@ -194,12 +194,4 @@ RSpec.describe Vulnerabilities::FeedbackEntity do
       expect(subject[:dismissal_reason]).to eq(feedback.dismissal_reason)
     end
   end
-
-  context 'when dismissal descriptions are available' do
-    let(:feedback) { build_stubbed(:vulnerability_feedback, :dismissal, project: project) }
-
-    it 'exposes dismissal_descriptions' do
-      expect(subject[:dismissal_descriptions]).to eq(Vulnerabilities::DismissalReasonEnum.definition.transform_values { |v| v[:description] })
-    end
-  end
 end