Move ruby code from view to helper

Includes additional tests

Move ruby code from view to helper
Includes additional tests
5973f75c · Jonathan Schafer · e55f7211 · 5973f75c · 5973f75c · 5973f75c
Commit 5973f75c authored Apr 02, 2020 by Jonathan Schafer
4 changed files
--- a/ee/app/helpers/vulnerabilities_helper.rb
+++ b/ee/app/helpers/vulnerabilities_helper.rb
@@ -41,4 +41,15 @@ module VulnerabilitiesHelper
      solution: remediation ? remediation['summary'] : occurrence[:solution]
    )
  end
+
+  def vulnerability_file_link(vulnerability)
+    finding = vulnerability.finding
+    location = finding.location
+    branch = finding.pipelines&.last&.sha || vulnerability.project.default_branch
+    link_text = "#{location['file']}:#{location['start_line']}"
+    offset = location['start_line'] ? "#L#{location['start_line']}" : ''
+    link_path = project_blob_path(vulnerability.project, tree_join(branch, location['file'])) + offset
+
+    link_to link_text, link_path, target: '_blank', rel: 'noopener noreferrer'
+  end
 end
--- a/ee/app/views/projects/security/vulnerabilities/show.html.haml
+++ b/ee/app/views/projects/security/vulnerabilities/show.html.haml
@@ -3,6 +3,8 @@
 - breadcrumb_title @vulnerability.id
 - page_title @vulnerability.title
 - page_description @vulnerability.description
+- finding = @vulnerability.finding
+- location = finding.location

 #js-vulnerability-management-app{ data: vulnerability_data(@vulnerability, @pipeline) }

@@ -11,9 +13,8 @@
    %h2.title= @vulnerability.title
    .description
      .md
-        - location = @vulnerability.finding.location
        %h3= "Description"
-        %p= @vulnerability.finding.description
+        %p= finding.description
        %ul
          %li= _("Severity: %{severity}") % { severity: @vulnerability.severity }
          %li= _("Confidence: %{confidence}") % { confidence: @vulnerability.confidence }
@@ -29,31 +30,27 @@
          %h3= _('Location')
          %ul
            %li
-              - link_text = "#{location['file']}:#{location['start_line']}"
-              - offset = location['start_line'] ? "#L#{location['start_line']}" : ''
-              - branch = @vulnerability.finding.pipelines&.last&.sha || @vulnerability.project.default_branch
              = _("File:")
-              %a{ href: project_blob_path(@project, tree_join(branch, location['file'])) + offset,
-                target: '_blank', rel: 'noopener noreferrer' }= link_text
+              = vulnerability_file_link(@vulnerability)
            - if location['class']
-              %li= _("Class: ") + location['class']
+              %li
+                = _("Class:")
+                = location['class']
            - if location['method']
              %li
                = _("Method:")
                %code= location['method']

-        - if @vulnerability.finding.links.any?
+        - if finding.links.any?
          %h3= _("Links")
          %ul
-            - @vulnerability.finding.links.each do |link|
-              %li
-                %a{ :href=>link["url"], target: "_blank", rel: 'noopener noreferrer' }= link["url"]
+            - finding.links.each do |link|
+              %li= link_to link["url"], target: '_blank', rel: 'noopener noreferrer'

-        - if @vulnerability.finding.identifiers.any?
+        - if finding.identifiers.any?
          %h3= _("Identifiers")
          %ul
-            - @vulnerability.finding.identifiers.each do |identifier|
-              %li
-                %a{ :href=>identifier.url, target: "_blank", rel: 'noopener noreferrer' }= identifier.name
+            - finding.identifiers.each do |identifier|
+              %li= link_to identifier.name, identifier.url, target: '_blank', rel: 'noopener noreferrer'

 #js-vulnerability-footer{ data: vulnerability_data(@vulnerability, @pipeline) }
--- a/ee/spec/helpers/vulnerabilities_helper_spec.rb
+++ b/ee/spec/helpers/vulnerabilities_helper_spec.rb
@@ -121,4 +121,39 @@ describe VulnerabilitiesHelper do
      end
    end
  end
+
+  describe '#vulnerability_file_link' do
+    let(:project) { create(:project, :repository, :public) }
+    let(:pipeline) { create(:ci_pipeline, :success, project: project) }
+    let(:finding) { create(:vulnerabilities_occurrence, pipelines: [pipeline], project: project, severity: :high) }
+    let(:vulnerability) { create(:vulnerability, findings: [finding], project: project) }
+
+    subject { helper.vulnerability_file_link(vulnerability) }
+
+    it 'returns a link to the vulnerability file location' do
+      expect(subject).to include(
+        vulnerability.finding.location['file'],
+        "#{vulnerability.finding.location['start_line']}",
+        vulnerability.finding.pipelines&.last&.sha
+      )
+    end
+
+    context 'when vulnerability is not linked to a commit' do
+      it 'uses the default branch' do
+        vulnerability.finding.pipelines = []
+        vulnerability.finding.save
+        expect(subject).to include(
+          vulnerability.project.default_branch
+        )
+      end
+    end
+
+    context 'when vulnerability is not on a specific line' do
+      it 'does not include a reference to the line number' do
+        vulnerability.finding.location['start_line'] = nil
+        vulnerability.finding.save
+        expect(subject).not_to include('#L')
+      end
+    end
+  end
 end
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -3953,7 +3953,7 @@ msgstr ""
 msgid "Class"
 msgstr ""

-msgid "Class: "
+msgid "Class:"
 msgstr ""

 msgid "Classification Label (optional)"