Add #resolved_on_default_branch to Vulnerability

We need a way to check if any found Vulnerability is still present on the latest pipeline for the default branch.

Add #resolved_on_default_branch to Vulnerability
We need a way to check if any found Vulnerability is still present on the latest pipeline for the default branch.
4ab27275 · Michał Zając · ad24b3a5 · 4ab27275 · 4ab27275 · 4ab27275
Commit 4ab27275 authored Mar 10, 2020 by Michał Zając
3 changed files
--- a/ee/app/models/vulnerability.rb
+++ b/ee/app/models/vulnerability.rb
@@ -70,4 +70,11 @@ class Vulnerability < ApplicationRecord
  def self.parent_class
    ::Project
  end
+
+  def resolved_on_default_branch
+    default_branch = project.default_branch
+    latest_pipeline_for_default_branch = project.pipeline_for(default_branch)
+    latest_pipeline_with_vulnerability = finding.pipelines.order(created_at: :desc).first
+    latest_pipeline_with_vulnerability != latest_pipeline_for_default_branch
+  end
 end
--- a/ee/lib/ee/api/entities/vulnerability.rb
+++ b/ee/lib/ee/api/entities/vulnerability.rb
@@ -16,6 +16,7 @@ module EE
        expose :project, using: ::API::Entities::ProjectIdentity

        expose :finding
+        expose :resolved_on_default_branch

        expose :author_id
        expose :updated_by_id

--- a/ee/spec/models/vulnerability_spec.rb
+++ b/ee/spec/models/vulnerability_spec.rb
@@ -171,4 +171,24 @@ describe Vulnerability do

    it { is_expected.to eq(finding.scanner_name) }
  end
+
+  describe '#resolved_on_default_branch' do
+    let_it_be(:project) { create(:project, :repository, :with_vulnerabilities) }
+    let_it_be(:pipeline_with_vulnerability) { create(:ci_pipeline, project: project, sha: project.commit.id) }
+    let_it_be(:vulnerability) { project.vulnerabilities.first }
+    let_it_be(:finding1) { create(:vulnerabilities_occurrence, vulnerability: vulnerability, pipelines: [pipeline_with_vulnerability]) }
+    let_it_be(:finding2) { create(:vulnerabilities_occurrence, vulnerability: vulnerability, pipelines: [pipeline_with_vulnerability]) }
+
+    subject { vulnerability.resolved_on_default_branch }
+
+    context 'Vulnerability::Occurrence is present on the pipeline for default branch' do
+      it { is_expected.to eq(false) }
+    end
+
+    context 'Vulnerability::Occurrence is not present on the pipeline for default branch' do
+      let_it_be(:pipeline_without_vulnerability) { create(:ci_pipeline, project: project, sha: project.commit.id) }
+
+      it { is_expected.to eq(true) }
+    end
+  end
 end