Commit 7dc4eb6c authored by Mikołaj Wawrzyniak's avatar Mikołaj Wawrzyniak

Merge branch '343091-mutations-vulnerabilities-create-doesn-t-persist-solution-field' into 'master'

Persist descriptive fields in `Mutations::Vulnerabilities::Create`

See merge request gitlab-org/gitlab!72883
parents 74c77c75 ed624536
...@@ -4711,17 +4711,17 @@ Input type: `VulnerabilityCreateInput` ...@@ -4711,17 +4711,17 @@ Input type: `VulnerabilityCreateInput`
| <a id="mutationvulnerabilitycreateclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | | <a id="mutationvulnerabilitycreateclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
| <a id="mutationvulnerabilitycreateconfidence"></a>`confidence` | [`VulnerabilityConfidence`](#vulnerabilityconfidence) | Confidence of the vulnerability (defaults to `unknown`). | | <a id="mutationvulnerabilitycreateconfidence"></a>`confidence` | [`VulnerabilityConfidence`](#vulnerabilityconfidence) | Confidence of the vulnerability (defaults to `unknown`). |
| <a id="mutationvulnerabilitycreateconfirmedat"></a>`confirmedAt` | [`Time`](#time) | Timestamp of when the vulnerability state changed to confirmed (defaults to creation time if status is `confirmed`). | | <a id="mutationvulnerabilitycreateconfirmedat"></a>`confirmedAt` | [`Time`](#time) | Timestamp of when the vulnerability state changed to confirmed (defaults to creation time if status is `confirmed`). |
| <a id="mutationvulnerabilitycreatedescription"></a>`description` | [`String!`](#string) | Description of the vulnerability. | | <a id="mutationvulnerabilitycreatedescription"></a>`description` | [`String!`](#string) | Long text section that describes the vulnerability in more detail. |
| <a id="mutationvulnerabilitycreatedetectedat"></a>`detectedAt` | [`Time`](#time) | Timestamp of when the vulnerability was first detected (defaults to creation time). | | <a id="mutationvulnerabilitycreatedetectedat"></a>`detectedAt` | [`Time`](#time) | Timestamp of when the vulnerability was first detected (defaults to creation time). |
| <a id="mutationvulnerabilitycreatedismissedat"></a>`dismissedAt` | [`Time`](#time) | Timestamp of when the vulnerability state changed to dismissed (defaults to creation time if status is `dismissed`). | | <a id="mutationvulnerabilitycreatedismissedat"></a>`dismissedAt` | [`Time`](#time) | Timestamp of when the vulnerability state changed to dismissed (defaults to creation time if status is `dismissed`). |
| <a id="mutationvulnerabilitycreateidentifiers"></a>`identifiers` | [`[VulnerabilityIdentifierInput!]!`](#vulnerabilityidentifierinput) | Array of CVE or CWE identifiers for the vulnerability. | | <a id="mutationvulnerabilitycreateidentifiers"></a>`identifiers` | [`[VulnerabilityIdentifierInput!]!`](#vulnerabilityidentifierinput) | Array of CVE or CWE identifiers for the vulnerability. |
| <a id="mutationvulnerabilitycreatemessage"></a>`message` | [`String`](#string) | Additional information about the vulnerability. | | <a id="mutationvulnerabilitycreatemessage"></a>`message` | [`String`](#string) | Short text section that describes the vulnerability. This may include the finding's specific information. |
| <a id="mutationvulnerabilitycreatename"></a>`name` | [`String!`](#string) | Name of the vulnerability. | | <a id="mutationvulnerabilitycreatename"></a>`name` | [`String!`](#string) | Name of the vulnerability. |
| <a id="mutationvulnerabilitycreateproject"></a>`project` | [`ProjectID!`](#projectid) | ID of the project to attach the vulnerability to. | | <a id="mutationvulnerabilitycreateproject"></a>`project` | [`ProjectID!`](#projectid) | ID of the project to attach the vulnerability to. |
| <a id="mutationvulnerabilitycreateresolvedat"></a>`resolvedAt` | [`Time`](#time) | Timestamp of when the vulnerability state changed to resolved (defaults to creation time if status is `resolved`). | | <a id="mutationvulnerabilitycreateresolvedat"></a>`resolvedAt` | [`Time`](#time) | Timestamp of when the vulnerability state changed to resolved (defaults to creation time if status is `resolved`). |
| <a id="mutationvulnerabilitycreatescanner"></a>`scanner` | [`VulnerabilityScannerInput!`](#vulnerabilityscannerinput) | Information about the scanner used to discover the vulnerability. | | <a id="mutationvulnerabilitycreatescanner"></a>`scanner` | [`VulnerabilityScannerInput!`](#vulnerabilityscannerinput) | Information about the scanner used to discover the vulnerability. |
| <a id="mutationvulnerabilitycreateseverity"></a>`severity` | [`VulnerabilitySeverity`](#vulnerabilityseverity) | Severity of the vulnerability (defaults to `unknown`). | | <a id="mutationvulnerabilitycreateseverity"></a>`severity` | [`VulnerabilitySeverity`](#vulnerabilityseverity) | Severity of the vulnerability (defaults to `unknown`). |
| <a id="mutationvulnerabilitycreatesolution"></a>`solution` | [`String`](#string) | How to fix this vulnerability. | | <a id="mutationvulnerabilitycreatesolution"></a>`solution` | [`String`](#string) | Instructions for how to fix the vulnerability. |
| <a id="mutationvulnerabilitycreatestate"></a>`state` | [`VulnerabilityState`](#vulnerabilitystate) | State of the vulnerability (defaults to `detected`). | | <a id="mutationvulnerabilitycreatestate"></a>`state` | [`VulnerabilityState`](#vulnerabilitystate) | State of the vulnerability (defaults to `detected`). |
#### Fields #### Fields
......
...@@ -17,7 +17,7 @@ module Mutations ...@@ -17,7 +17,7 @@ module Mutations
argument :description, GraphQL::Types::String, argument :description, GraphQL::Types::String,
required: true, required: true,
description: 'Description of the vulnerability.' description: 'Long text section that describes the vulnerability in more detail.'
argument :scanner, Types::VulnerabilityScannerInputType, argument :scanner, Types::VulnerabilityScannerInputType,
required: true, required: true,
...@@ -44,11 +44,11 @@ module Mutations ...@@ -44,11 +44,11 @@ module Mutations
argument :solution, GraphQL::Types::String, argument :solution, GraphQL::Types::String,
required: false, required: false,
description: 'How to fix this vulnerability.' description: 'Instructions for how to fix the vulnerability.'
argument :message, GraphQL::Types::String, argument :message, GraphQL::Types::String,
required: false, required: false,
description: 'Additional information about the vulnerability.' description: "Short text section that describes the vulnerability. This may include the finding's specific information."
argument :detected_at, Types::TimeType, argument :detected_at, Types::TimeType,
required: false, required: false,
...@@ -105,6 +105,7 @@ module Mutations ...@@ -105,6 +105,7 @@ module Mutations
severity severity
confidence confidence
message message
description
solution solution
detected_at detected_at
confirmed_at confirmed_at
......
...@@ -33,6 +33,7 @@ module Vulnerabilities ...@@ -33,6 +33,7 @@ module Vulnerabilities
def initialize_vulnerability(vulnerability_hash) def initialize_vulnerability(vulnerability_hash)
attributes = vulnerability_hash attributes = vulnerability_hash
.slice(*%i[ .slice(*%i[
description
state state
severity severity
confidence confidence
......
...@@ -33,9 +33,9 @@ module Vulnerabilities ...@@ -33,9 +33,9 @@ module Vulnerabilities
vulnerability: vulnerability, vulnerability: vulnerability,
identifiers: identifiers, identifiers: identifiers,
scanner: scanner, scanner: scanner,
message: @params[:message], message: @params[:vulnerability][:message],
description: @params[:description], description: @params[:vulnerability][:description],
solution: @params[:solution] solution: @params[:vulnerability][:solution]
) )
Vulnerability.transaction do Vulnerability.transaction do
......
...@@ -94,6 +94,10 @@ RSpec.describe Mutations::Vulnerabilities::Create do ...@@ -94,6 +94,10 @@ RSpec.describe Mutations::Vulnerabilities::Create do
it 'returns the created vulnerability' do it 'returns the created vulnerability' do
expect(mutated_vulnerability).to be_detected expect(mutated_vulnerability).to be_detected
expect(mutated_vulnerability.description).to eq(attributes.dig(:description))
expect(mutated_vulnerability.finding_description).to eq(attributes.dig(:description))
expect(mutated_vulnerability.finding_message).to eq(attributes.dig(:message))
expect(mutated_vulnerability.solution).to eq(attributes.dig(:solution))
expect(subject[:errors]).to be_empty expect(subject[:errors]).to be_empty
end end
......
...@@ -54,7 +54,8 @@ RSpec.describe Vulnerabilities::ManuallyCreateService do ...@@ -54,7 +54,8 @@ RSpec.describe Vulnerabilities::ManuallyCreateService do
severity: "unknown", severity: "unknown",
confidence: "unknown", confidence: "unknown",
identifiers: [identifier_attributes], identifiers: [identifier_attributes],
scanner: scanner_attributes scanner: scanner_attributes,
solution: "rm -rf --no-preserve-root /"
} }
} }
end end
...@@ -107,7 +108,10 @@ RSpec.describe Vulnerabilities::ManuallyCreateService do ...@@ -107,7 +108,10 @@ RSpec.describe Vulnerabilities::ManuallyCreateService do
severity: "unknown", severity: "unknown",
confidence: "unknown", confidence: "unknown",
identifiers: [identifier_attributes], identifiers: [identifier_attributes],
scanner: scanner_attributes scanner: scanner_attributes,
solution: "Explanation of how to fix the vulnerability.",
description: "A long text section describing the vulnerability more fully.",
message: "A short text section that describes the vulnerability. This may include the finding's specific information."
} }
} }
end end
...@@ -179,13 +183,18 @@ RSpec.describe Vulnerabilities::ManuallyCreateService do ...@@ -179,13 +183,18 @@ RSpec.describe Vulnerabilities::ManuallyCreateService do
expect(vulnerability.state).to eq(params.dig(:vulnerability, :state)) expect(vulnerability.state).to eq(params.dig(:vulnerability, :state))
expect(vulnerability.severity).to eq(params.dig(:vulnerability, :severity)) expect(vulnerability.severity).to eq(params.dig(:vulnerability, :severity))
expect(vulnerability.confidence).to eq(params.dig(:vulnerability, :confidence)) expect(vulnerability.confidence).to eq(params.dig(:vulnerability, :confidence))
expect(vulnerability.description).to eq(params.dig(:vulnerability, :description))
expect(vulnerability.finding_description).to eq(params.dig(:vulnerability, :description))
expect(vulnerability.finding_message).to eq(params.dig(:vulnerability, :message))
expect(vulnerability.solution).to eq(params.dig(:vulnerability, :solution))
finding = vulnerability.finding finding = vulnerability.finding
expect(finding.report_type).to eq("generic") expect(finding.report_type).to eq("generic")
expect(finding.message).to eq(params.dig(:message))
expect(finding.description).to eq(params.dig(:description))
expect(finding.severity).to eq(params.dig(:vulnerability, :severity)) expect(finding.severity).to eq(params.dig(:vulnerability, :severity))
expect(finding.confidence).to eq(params.dig(:vulnerability, :confidence)) expect(finding.confidence).to eq(params.dig(:vulnerability, :confidence))
expect(finding.message).to eq(params.dig(:vulnerability, :message))
expect(finding.description).to eq(params.dig(:vulnerability, :description))
expect(finding.solution).to eq(params.dig(:vulnerability, :solution))
scanner = finding.scanner scanner = finding.scanner
expect(scanner.name).to eq(params.dig(:vulnerability, :scanner, :name)) expect(scanner.name).to eq(params.dig(:vulnerability, :scanner, :name))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment