Merge branch...

Merge branch '293843-expand-filtering-functionality-of-vulnerabilities-graphql-endpoint-to-support-vendor' into 'master'

Vulnerabilities scope to filter by scanner ID

See merge request gitlab-org/gitlab!55909

ee/app/finders/security/vulnerabilities_finder.rb

@@ -31,6 +31,7 @@ module Security
       filter_by_severities
       filter_by_states
       filter_by_scanner_external_id
+      filter_by_scanner_ids
       filter_by_resolution
       filter_by_issues
 
@@ -65,6 +66,12 @@ module Security
       end
     end
 
+    def filter_by_scanner_ids
+      if params[:scanner_ids].present?
+        @vulnerabilities = vulnerabilities.by_scanner_ids(params[:scanner_ids])
+      end
+    end
+
     def filter_by_scanner_external_id
       if params[:scanner].present?
         @vulnerabilities = vulnerabilities.with_scanner_external_ids(params[:scanner])

ee/app/models/ee/vulnerability.rb

@@ -82,9 +82,10 @@ module EE
       scope :with_report_types, -> (report_types) { where(report_type: report_types) }
       scope :with_severities, -> (severities) { where(severity: severities) }
       scope :with_states, -> (states) { where(state: states) }
-      scope :with_scanner_external_ids, -> (scanners) { joins(findings: :scanner).merge(::Vulnerabilities::Scanner.with_external_id(scanners)) }
+      scope :with_scanner_external_ids, -> (scanner_external_ids) { joins(findings: :scanner).merge(::Vulnerabilities::Scanner.with_external_id(scanner_external_ids)) }
       scope :grouped_by_severity, -> { reorder(severity: :desc).group(:severity) }
       scope :by_project_fingerprints, -> (project_fingerprints) { joins(:findings).merge(Vulnerabilities::Finding.by_project_fingerprints(project_fingerprints)) }
+      scope :by_scanner_ids, -> (scanner_ids) { joins(:findings).merge(::Vulnerabilities::Finding.by_scanners(scanner_ids)) }
 
       scope :with_resolution, -> (has_resolution = true) { where(resolved_on_default_branch: has_resolution) }
       scope :with_issues, -> (has_issues = true) do
@@ -117,7 +118,7 @@ module EE
 
       scope :with_limit, -> (maximum) { limit(maximum) }
 
-      delegate :scanner_name, :scanner_external_id, :metadata, :message, :description, :details,
+      delegate :scanner_name, :scanner_external_id, :scanner_id, :metadata, :message, :description, :details,
                to: :finding, prefix: true, allow_nil: true
 
       delegate :default_branch, :name, to: :project, prefix: true, allow_nil: true

ee/app/models/vulnerabilities/finding.rb

@@ -76,6 +76,7 @@ module Vulnerabilities
 
     scope :by_report_types, -> (values) { where(report_type: values) }
     scope :by_projects, -> (values) { where(project_id: values) }
+    scope :by_scanners, -> (values) { where(scanner_id: values) }
     scope :by_severities, -> (values) { where(severity: values) }
     scope :by_confidences, -> (values) { where(confidence: values) }
     scope :by_project_fingerprints, -> (values) { where(project_fingerprint: values) }

ee/changelogs/unreleased/293843-expand-filtering-functionality-of-vulnerabilities-graphql-endpo.yml

+---
+title: Add vulnerability filter for scanner ID
+merge_request: 55909
+author:
+type: changed

ee/spec/finders/security/vulnerabilities_finder_spec.rb

@@ -58,14 +58,22 @@ RSpec.describe Security::VulnerabilitiesFinder do
     end
   end
 
-  context 'when filtered by scanner' do
+  context 'when filtered by scanner external ID' do
     let(:filters) { { scanner: [vulnerability1.finding_scanner_external_id, vulnerability2.finding_scanner_external_id] } }
 
-    it 'only returns vulnerabilities matching the given scanners' do
+    it 'only returns vulnerabilities matching the given scanner IDs' do
       is_expected.to contain_exactly(vulnerability1, vulnerability2)
     end
   end
 
+  context 'when filtered by scanner_id' do
+    let(:filters) { { scanner_ids: [vulnerability1.finding_scanner_id, vulnerability3.finding_scanner_id] } }
+
+    it 'only returns vulnerabilities matching the given scanner IDs' do
+      is_expected.to contain_exactly(vulnerability1, vulnerability3)
+    end
+  end
+
   context 'when filtered by project' do
     let(:group) { create(:group) }
     let(:another_project) { create(:project, namespace: group) }

ee/spec/models/ee/vulnerability_spec.rb

@@ -231,7 +231,7 @@ RSpec.describe Vulnerability do
 
     subject { described_class.with_scanner_external_ids(scanner_external_ids) }
 
-    it 'returns vulnerabilities matching the given scanner external ids' do
+    it 'returns vulnerabilities matching the given scanner external IDs' do
       is_expected.to contain_exactly(vulnerability_1, vulnerability_3)
     end
   end
@@ -535,6 +535,17 @@ RSpec.describe Vulnerability do
     it { is_expected.to match_array(expected_vulnerabilities) }
   end
 
+  describe '.by_scanner_ids' do
+    it 'returns matching vulnerabilities' do
+      vulnerability1 = vulnerability
+      create(:vulnerability, :with_findings)
+
+      result = described_class.by_scanner_ids(vulnerability1.finding_scanner_id)
+
+      expect(result).to match_array([vulnerability1])
+    end
+  end
+
   describe '.reference_prefix' do
     subject { described_class.reference_prefix }
 

ee/spec/models/vulnerabilities/finding_spec.rb

@@ -196,6 +196,20 @@ RSpec.describe Vulnerabilities::Finding do
     end
   end
 
+  describe '.by_scanners' do
+    context 'with found record' do
+      it 'returns found record' do
+        vulnerability1 = create(:vulnerabilities_finding)
+        create(:vulnerabilities_finding)
+        param = vulnerability1.scanner_id
+
+        result = described_class.by_scanners(param)
+
+        expect(result).to contain_exactly(vulnerability1)
+      end
+    end
+  end
+
   describe '.by_severities' do
     let!(:vulnerability_high) { create(:vulnerabilities_finding, severity: :high) }
     let!(:vulnerability_low) { create(:vulnerabilities_finding, severity: :low) }