Refactor into vulnerability_details

7cd933ad · Michał Zając · d04c20ea · 7cd933ad · 7cd933ad · 7cd933ad
Commit 7cd933ad authored May 11, 2020 by Michał Zając
3 changed files
--- a/ee/app/helpers/vulnerabilities_helper.rb
+++ b/ee/app/helpers/vulnerabilities_helper.rb
 # frozen_string_literal: true

 module VulnerabilitiesHelper
-  def vulnerability_data(vulnerability, pipeline)
+  def vulnerability_details_json(vulnerability, pipeline)
+    vulnerability_details(vulnerability, pipeline).to_json
+  end
+
+  def vulnerability_details(vulnerability, pipeline)
    return unless vulnerability

-    {
-      vulnerability_json: VulnerabilitySerializer.new.represent(vulnerability).to_json,
-      project_fingerprint: vulnerability.finding.project_fingerprint,
+    result = {
+      timestamp: Time.now.to_i,
      create_issue_url: create_vulnerability_feedback_issue_path(vulnerability.finding.project),
-      notes_url: project_security_vulnerability_notes_path(vulnerability.project, vulnerability),
-      discussions_url: discussions_project_security_vulnerability_path(vulnerability.project, vulnerability),
-      pipeline_json: vulnerability_pipeline_data(pipeline).to_json,
      has_mr: !!vulnerability.finding.merge_request_feedback.try(:merge_request_iid),
-      vulnerability_feedback_help_path: help_page_path('user/application_security/index', anchor: 'interacting-with-the-vulnerabilities'),
-      finding_json: vulnerability_finding_data(vulnerability).to_json,
+      finding_json: vulnerability_finding_data(vulnerability),
      create_mr_url: create_vulnerability_feedback_merge_request_path(vulnerability.finding.project),
-      timestamp: Time.now.to_i
+      discussions_url: discussions_project_security_vulnerability_path(vulnerability.project, vulnerability),
+      notes_url: project_security_vulnerability_notes_path(vulnerability.project, vulnerability),
+      vulnerability_feedback_help_path: help_page_path('user/application_security/index', anchor: 'interacting-with-the-vulnerabilities'),
+      pipeline: vulnerability_pipeline_data(pipeline)
    }
+
+    result.merge(vulnerability_data(vulnerability), vulnerability_finding_data(vulnerability))
  end

  def vulnerability_pipeline_data(pipeline)
@@ -30,9 +34,12 @@ module VulnerabilitiesHelper
    }
  end

+  def vulnerability_data(vulnerability)
+    VulnerabilitySerializer.new.represent(vulnerability)
+  end
+
  def vulnerability_finding_data(vulnerability)
    finding = Vulnerabilities::FindingSerializer.new(current_user: current_user).represent(vulnerability.finding)
-    remediation = finding[:remediations]&.first

    data = finding.slice(
      :description,
@@ -43,11 +50,11 @@ module VulnerabilitiesHelper
      :issue_feedback,
      :merge_request_feedback,
      :project,
+      :project_fingerprint,
      :remediations,
      :evidence,
-      :scanner
-    ).merge(
-      solution: remediation ? remediation['summary'] : finding[:solution]
+      :scanner,
+      :solution
    )

    if data[:location]['file']

--- a/ee/app/views/projects/security/vulnerabilities/show.html.haml
+++ b/ee/app/views/projects/security/vulnerabilities/show.html.haml
@@ -3,8 +3,10 @@
 - breadcrumb_title @vulnerability.id
 - page_title @vulnerability.title
 - page_description @vulnerability.description
- vulnerability_data = vulnerability_data(@vulnerability, @pipeline)
+- finding = @vulnerability.finding
+- location = finding.location
+- vulnerability_init_details = vulnerability_details_json(@vulnerability, @pipeline)

-#js-vulnerability-header{ data: vulnerability_data }
-#js-vulnerability-details{ data: vulnerability_data }
-#js-vulnerability-footer{ data: vulnerability_data }
+#js-vulnerability-header{ data: vulnerability_init_details }
+#js-vulnerability-details{ data: vulnerability_init_details }
+#js-vulnerability-footer{ data: vulnerability_init_details }
--- a/ee/spec/helpers/vulnerabilities_helper_spec.rb
+++ b/ee/spec/helpers/vulnerabilities_helper_spec.rb
@@ -58,35 +58,31 @@ RSpec.describe VulnerabilitiesHelper do

    it 'has expected vulnerability properties' do
      expect(subject).to include(
-        vulnerability_json: kind_of(String),
-        project_fingerprint: vulnerability.finding.project_fingerprint,
+        timestamp: Time.now.to_i,
        create_issue_url: "/#{project.full_path}/-/vulnerability_feedback",
-        notes_url: "/#{project.full_path}/-/security/vulnerabilities/#{vulnerability.id}/notes",
-        discussions_url: "/#{project.full_path}/-/security/vulnerabilities/#{vulnerability.id}/discussions",
        has_mr: anything,
-        vulnerability_feedback_help_path: kind_of(String),
-        finding_json: kind_of(String),
        create_mr_url: "/#{project.full_path}/-/vulnerability_feedback",
-        timestamp: Time.now.to_i
+        discussions_url: "/#{project.full_path}/-/security/vulnerabilities/#{vulnerability.id}/discussions",
+        notes_url: "/#{project.full_path}/-/security/vulnerabilities/#{vulnerability.id}/notes",
+        vulnerability_feedback_help_path: kind_of(String),
+        pipeline: anything
      )
    end
  end

-  describe '#vulnerability_data' do
-    subject { helper.vulnerability_data(vulnerability, pipeline) }
+  describe '#vulnerability_details' do
+    subject { helper.vulnerability_details(vulnerability, pipeline) }

    describe 'when pipeline exists' do
      let(:pipeline) { create(:ci_pipeline) }
-      let(:pipelineData) { Gitlab::Json.parse(subject[:pipeline_json]) }

      include_examples 'vulnerability properties'

      it 'returns expected pipeline data' do
-        expect(pipelineData).to include(
-          'id' => pipeline.id,
-          'created_at' => pipeline.created_at.iso8601,
-          'url' => be_present,
-          'source_branch' => pipeline.ref
+        expect(subject[:pipeline]).to include(
+          id: pipeline.id,
+          created_at: pipeline.created_at.iso8601,
+          url: be_present
        )
      end
    end
@@ -110,11 +106,12 @@ RSpec.describe VulnerabilitiesHelper do
        description: finding.description,
        identifiers: kind_of(Array),
        issue_feedback: anything,
-        merge_request_feedback: anything,
        links: finding.links,
        location: finding.location,
        name: finding.name,
+        merge_request_feedback: anything,
        project: kind_of(Grape::Entity::Exposure::NestingExposure::OutputBuilder),
+        project_fingerprint: finding.project_fingerprint,
        remediations: finding.remediations,
        solution: kind_of(String),
        evidence: kind_of(String),