Don't try to generate url for an finding records

With this fix, we are not trying to generate URL for finding records while building the JIRA issue description of a vulnerability. Changelog: fixed EE: true

Don't try to generate url for an finding records
With this fix, we are not trying to generate URL for finding records while building the JIRA issue description of a vulnerability. Changelog: fixed EE: true
b686da25 · Mehmet Emin INAC · 431bbba6 · b686da25 · b686da25 · b686da25
Commit b686da25 authored Nov 17, 2021 by Mehmet Emin INAC
4 changed files
--- a/ee/app/presenters/vulnerabilities/finding_presenter.rb
+++ b/ee/app/presenters/vulnerabilities/finding_presenter.rb
@@ -15,6 +15,11 @@ module Vulnerabilities
      add_line_numbers(location['start_line'], location['end_line'])
    end
+    delegator_override :links
+    def links
+      @links ||= finding.links.map(&:with_indifferent_access)
+    end
    private
    def add_line_numbers(start_line, end_line)

--- a/ee/app/views/vulnerabilities/jira_issue_description.md.erb
+++ b/ee/app/views/vulnerabilities/jira_issue_description.md.erb
@@ -46,7 +46,7 @@ h3. <%= _("Links") %>:
 <% end %>
 <% end %>
-<% if vulnerability.remediations.present? && vulnerability.remediations.any? %>
+<% if vulnerability.is_a?(Vulnerability) && vulnerability.remediations.present? %>
 ### <%= _("Remediations") %>:
 <%= _("See vulnerability %{vulnerability_link} for any Remediation details.".html_safe) % { vulnerability_link: "[#{vulnerability.id}|#{vulnerability_url(vulnerability)}]" } %>

--- a/ee/spec/helpers/vulnerabilities_helper_spec.rb
+++ b/ee/spec/helpers/vulnerabilities_helper_spec.rb
@@ -195,7 +195,7 @@ RSpec.describe VulnerabilitiesHelper do
  end
  describe '#create_jira_issue_url_for' do
-    subject { helper.vulnerability_details(vulnerability, pipeline) }
+    subject { helper.create_jira_issue_url_for(vulnerability) }
    let(:jira_integration) { double('Integrations::Jira', new_issue_url_with_predefined_fields: 'https://jira.example.com/new') }
@@ -210,51 +210,80 @@ RSpec.describe VulnerabilitiesHelper do
        allow(project).to receive(:configured_to_create_issues_from_vulnerabilities?).and_return(true)
      end
-      let(:expected_jira_issue_description) do
+      context 'when the given object is a vulnerability' do
-        <<-JIRA.strip_heredoc
+        let(:expected_jira_issue_description) do
-          Issue created from vulnerability [#{vulnerability.id}|http://localhost/#{project.full_path}/-/security/vulnerabilities/#{vulnerability.id}]
+          <<-JIRA.strip_heredoc
+            Issue created from vulnerability [#{vulnerability.id}|http://localhost/#{project.full_path}/-/security/vulnerabilities/#{vulnerability.id}]
-          h3. Description:
+            h3. Description:
-          Description of My vulnerability
+            Description of My vulnerability
-          * Severity: high
+            * Severity: high
-          * Confidence: medium
+            * Confidence: medium
-          * Location: [maven/src/main/java/com/gitlab/security_products/tests/App.java:29|http://localhost/#{project.full_path}/-/blob/b83d6e391c22777fca1ed3012fce84f633d7fed0/maven/src/main/java/com/gitlab/security_products/tests/App.java#L29]
+            * Location: [maven/src/main/java/com/gitlab/security_products/tests/App.java:29|http://localhost/#{project.full_path}/-/blob/b83d6e391c22777fca1ed3012fce84f633d7fed0/maven/src/main/java/com/gitlab/security_products/tests/App.java#L29]
-          ### Solution:
+            ### Solution:
-          See vulnerability [#{vulnerability.id}|http://localhost/#{project.full_path}/-/security/vulnerabilities/#{vulnerability.id}] for any Solution details.
+            See vulnerability [#{vulnerability.id}|http://localhost/#{project.full_path}/-/security/vulnerabilities/#{vulnerability.id}] for any Solution details.
-          h3. Links:
+            h3. Links:
-          * [Cipher does not check for integrity first?|https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first]
+            * [Cipher does not check for integrity first?|https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first]
-          h3. Scanner:
+            h3. Scanner:
-          * Name: Find Security Bugs
+            * Name: Find Security Bugs
-        JIRA
+          JIRA
-      end
+        end
-      it 'delegates rendering URL to Integrations::Jira' do
+        it 'delegates rendering URL to Integrations::Jira' do
-        expect(jira_integration).to receive(:new_issue_url_with_predefined_fields).with("Investigate vulnerability: #{vulnerability.title}", expected_jira_issue_description)
+          expect(jira_integration).to receive(:new_issue_url_with_predefined_fields).with("Investigate vulnerability: #{vulnerability.title}", expected_jira_issue_description)
-        subject
+          subject
-      end
+        end
+        context 'when scan property is empty' do
+          before do
+            vulnerability.finding.scan = nil
+          end
+          it 'renders description using dedicated template without raising error' do
+            expect(jira_integration).to receive(:new_issue_url_with_predefined_fields).with("Investigate vulnerability: #{vulnerability.title}", expected_jira_issue_description)
-      it 'generates url to create issue in Jira' do
+            subject
-        expect(subject[:create_jira_issue_url]).to eq('https://jira.example.com/new')
+          end
+        end
      end
-      context 'when scan property is empty' do
+      context 'when the given object is an unpersisted finding' do
-        before do
+        let(:vulnerability) { build(:vulnerabilities_finding, :with_remediation, project: project) }
-          vulnerability.finding.scan = nil
+        let(:expected_jira_issue_description) do
+          <<~TEXT
+            h3. Description:
+            The cipher does not provide data integrity update 1
+            * Severity: high
+            * Confidence: medium
+            h3. Links:
+            * [Cipher does not check for integrity first?|https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first]
+            h3. Scanner:
+            * Name: Find Security Bugs
+          TEXT
        end
-        it 'renders description using dedicated template without raising error' do
+        it 'delegates rendering URL to Integrations::Jira' do
-          expect(jira_integration).to receive(:new_issue_url_with_predefined_fields).with("Investigate vulnerability: #{vulnerability.title}", expected_jira_issue_description)
+          expect(jira_integration).to receive(:new_issue_url_with_predefined_fields).with("Investigate vulnerability: #{vulnerability.name}", expected_jira_issue_description)
          subject
        end
@@ -267,7 +296,7 @@ RSpec.describe VulnerabilitiesHelper do
        allow(project).to receive(:configured_to_create_issues_from_vulnerabilities?).and_return(false)
      end
-      it { expect(subject[:create_jira_issue_url]).to be_nil }
+      it { is_expected.to be_nil }
    end
  end

--- a/ee/spec/presenters/vulnerabilities/finding_presenter_spec.rb
+++ b/ee/spec/presenters/vulnerabilities/finding_presenter_spec.rb
@@ -72,4 +72,18 @@ RSpec.describe Vulnerabilities::FindingPresenter do
      end
    end
  end
+  describe '#links' do
+    let(:link_name) { 'Cipher does not check for integrity first?' }
+    let(:link_url) { 'https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first' }
+    subject(:links) { presenter.links }
+    it 'transforms the links to hash with indifferent access', :aggregate_failures do
+      expect(links.first['name']).to eq(link_name)
+      expect(links.first[:name]).to eq(link_name)
+      expect(links.first['url']).to eq(link_url)
+      expect(links.first[:url]).to eq(link_url)
+    end
+  end
 end