Add file and line numbers to vuln issues

Add file and line numbers to the issues created from the vulnerability modal in the security dashboards.

Add file and line numbers to vuln issues
Add file and line numbers to the issues created from the vulnerability modal in the security dashboards.
72b7ba42 · Gilbert Roulot · 1a629751 · 72b7ba42 · 72b7ba42 · 72b7ba42
Commit 72b7ba42 authored Nov 23, 2018 by Gilbert Roulot
4 changed files
--- a/ee/app/views/vulnerabilities/issue_description.md.erb
+++ b/ee/app/views/vulnerabilities/issue_description.md.erb
@@ -8,6 +8,12 @@
 <% if vulnerability.confidence.present? %>
 * Confidence: <%= vulnerability.confidence %>
 <% end %>
+<% if defined?(vulnerability.file) && vulnerability.file.present?
+     location_text = [vulnerability.file, vulnerability.line].compact.join(':')
+     location_link = [vulnerability.file, vulnerability.line].compact.join('#L')
+%>
+* Location: [<%= location_text %>](<%= location_link %>)
+<% end %>
 <% if vulnerability.solution.present? %>
 ### Solution:

--- a/ee/changelogs/unreleased/8157_add_line_numbers_to_vuln_issues_be.yml
+++ b/ee/changelogs/unreleased/8157_add_line_numbers_to_vuln_issues_be.yml
+---
+title: Add file and line numbers to issues created from SAST vulnerabilities
+merge_request: 8578
+author:
+type: changed
--- a/ee/lib/gitlab/vulnerabilities/standard_vulnerability.rb
+++ b/ee/lib/gitlab/vulnerabilities/standard_vulnerability.rb
@@ -18,6 +18,14 @@ module Gitlab
      def description
        @data[:description].presence || @data[:title]
      end
+      def file
+        @data[:file].presence || @data[:location]&.[](:file)
+      end
+      def line
+        @data[:line].presence || @data[:location]&.[](:start_line)
+      end
    end
  end
 end
--- a/ee/spec/services/ee/issues/create_from_vulnerability_data_service_spec.rb
+++ b/ee/spec/services/ee/issues/create_from_vulnerability_data_service_spec.rb
@@ -32,6 +32,7 @@ describe Issues::CreateFromVulnerabilityDataService, '#execute' do
            severity: 'Low', confidence: 'High',
            solution: 'Please do something!',
            file: 'subdir/src/main/java/com/gitlab/security_products/tests/App.java',
+            line: '15',
            cve: '818bf5dacb291e15d9e6dc3c5ac32178:PREDICTABLE_RANDOM',
            title: 'Predictable pseudorandom number generator',
            description: 'Description of Predictable pseudorandom number generator',
@@ -69,6 +70,7 @@ describe Issues::CreateFromVulnerabilityDataService, '#execute' do
            * Severity: Low
            * Confidence: High
+            * Location: [subdir/src/main/java/com/gitlab/security_products/tests/App.java:15](subdir/src/main/java/com/gitlab/security_products/tests/App.java#L15)
            ### Solution:
@@ -97,6 +99,7 @@ describe Issues::CreateFromVulnerabilityDataService, '#execute' do
            severity: 'Low', confidence: 'High',
            solution: 'Please do something!',
            file: 'subdir/src/main/java/com/gitlab/security_products/tests/App.java',
+            line: '15',
            cve: '818bf5dacb291e15d9e6dc3c5ac32178:PREDICTABLE_RANDOM',
            title: 'Predictable pseudorandom number generator',
            tool: 'find_sec_bugs'
@@ -111,6 +114,7 @@ describe Issues::CreateFromVulnerabilityDataService, '#execute' do
            * Severity: Low
            * Confidence: High
+            * Location: [subdir/src/main/java/com/gitlab/security_products/tests/App.java:15](subdir/src/main/java/com/gitlab/security_products/tests/App.java#L15)
            ### Solution:
@@ -130,6 +134,7 @@ describe Issues::CreateFromVulnerabilityDataService, '#execute' do
            severity: 'Low', confidence: 'High',
            solution: 'Please do something!',
            file: 'subdir/src/main/java/com/gitlab/security_products/tests/App.java',
+            line: '15',
            cve: '818bf5dacb291e15d9e6dc3c5ac32178:PREDICTABLE_RANDOM',
            title: 'Predictable pseudorandom number generator',
            description: 'Description of Predictable pseudorandom number generator',
@@ -166,6 +171,7 @@ describe Issues::CreateFromVulnerabilityDataService, '#execute' do
            * Severity: Low
            * Confidence: High
+            * Location: [subdir/src/main/java/com/gitlab/security_products/tests/App.java:15](subdir/src/main/java/com/gitlab/security_products/tests/App.java#L15)
            ### Solution:
@@ -209,6 +215,7 @@ describe Issues::CreateFromVulnerabilityDataService, '#execute' do
            * Severity: Low
            * Confidence: High
+            * Location: [subdir/src/main/java/com/gitlab/security_products/tests/App.java:41](subdir/src/main/java/com/gitlab/security_products/tests/App.java#L41)
            ### Solution: