Create issue from vulnerability has link to commit

This fixes a bug where the issue always linked to the master branch instead of the commit where the vulnerabilty was found

Create issue from vulnerability has link to commit
This fixes a bug where the issue always linked to the master branch instead of the commit where the vulnerabilty was found
bd7723e2 · Jonathan Schafer · 7b51f088 · bd7723e2 · bd7723e2 · bd7723e2
Commit bd7723e2 authored Jul 06, 2020 by Jonathan Schafer
5 changed files
--- a/ee/app/controllers/projects/vulnerability_feedback_controller.rb
+++ b/ee/app/controllers/projects/vulnerability_feedback_controller.rb
@@ -152,6 +152,7 @@ class Projects::VulnerabilityFeedbackController < Projects::ApplicationControlle
        end_line
        class
        method
+        blob_path
      ],
      identifiers: %i[
        type

--- a/ee/changelogs/unreleased/199246-link_created_issue_to_commit.yml
+++ b/ee/changelogs/unreleased/199246-link_created_issue_to_commit.yml
+---
+title: Create issue from vulnerability has link to branch
+merge_request:
+author:
+type: fixed
--- a/ee/lib/gitlab/vulnerabilities/standard_vulnerability.rb
+++ b/ee/lib/gitlab/vulnerabilities/standard_vulnerability.rb
@@ -42,9 +42,10 @@ module Gitlab
      end

      def blob_path
-        return unless @data[:blob_path]
+        path = @data[:blob_path] || @data.dig(:location, :blob_path)
+        return unless path

-        @data[:blob_path].gsub(/^\//, '')
+        path.gsub(/^\//, '')
      end

      def location_link

--- a/ee/spec/controllers/projects/vulnerability_feedback_controller_spec.rb
+++ b/ee/spec/controllers/projects/vulnerability_feedback_controller_spec.rb
@@ -125,7 +125,8 @@ RSpec.describe Projects::VulnerabilityFeedbackController do
          blob_path: '/group_path/project_path/-/blob/commitsha/subdir/src/main/App.java#L15',
          location: {
            file: 'subdir/src/main/java/com/gitlab/security_products/tests/App.java',
-            start_line: '41'
+            start_line: '41',
+            blob_path: '/group_path/project_path/-/blob/commitsha/subdir/src/main/App.java#L15'
          },
          identifiers: [{
            type: 'CVE',

--- a/ee/spec/lib/gitlab/vulnerabilities/standard_vulnerability_spec.rb
+++ b/ee/spec/lib/gitlab/vulnerabilities/standard_vulnerability_spec.rb
@@ -11,9 +11,10 @@ RSpec.describe Gitlab::Vulnerabilities::StandardVulnerability do
  let(:solution) { 'Please do something!' }
  let(:file) { 'subdir/src/main/java/com/gitlab/security_products/tests/App.java' }
  let(:line) { 15 }
+  let(:blob_path) { "bar/foo/-/blob/sha/#{file}#L#{line}" }

  let(:location) do
-    { file: file, start_line: line }
+    { file: file, start_line: line, blob_path: "/#{blob_path}" }
  end

  let(:identifiers) do
@@ -275,4 +276,32 @@ RSpec.describe Gitlab::Vulnerabilities::StandardVulnerability do
      end
    end
  end
+
+  describe '#blob_path' do
+    context 'when blob_path is in top level data' do
+      let(:blob_path) { "foo/bar/-/blob/sha/#{file}#L#{line}" }
+
+      it 'returns blob_path from top level' do
+        vulnerability = described_class.new(blob_path: "/#{blob_path}", location: location)
+
+        expect(vulnerability.blob_path).to eq blob_path
+      end
+    end
+
+    context 'when blob_path is not in top level data but is in location data' do
+      it 'returns blob_path from location data' do
+        vulnerability = described_class.new(location: location)
+
+        expect(vulnerability.blob_path).to eq blob_path
+      end
+    end
+
+    context 'when blob_path is not present' do
+      it 'returns nil' do
+        vulnerability = described_class.new(blob_path: nil)
+
+        expect(vulnerability.blob_path).to be_nil
+      end
+    end
+  end
 end