Merge branch '284187-check-if-vulnerability-scan-is-present' into 'master'

Render scan information only when it is provided in Vulnerability See merge request gitlab-org/gitlab!47958

Merge branch '284187-check-if-vulnerability-scan-is-present' into 'master'
Render scan information only when it is provided in Vulnerability See merge request gitlab-org/gitlab!47958
c3f7a9ee · Heinrich Lee Yu · a40a68f9 · bcdb6f12 · c3f7a9ee · c3f7a9ee
Commit c3f7a9ee authored Nov 18, 2020 by Heinrich Lee Yu
4 changed files
--- a/ee/app/views/vulnerabilities/issue_description.md.erb
+++ b/ee/app/views/vulnerabilities/issue_description.md.erb
@@ -67,6 +67,7 @@
 <% if vulnerability.scanner.present? %>
 * <%= _("Name") %>: <%= vulnerability.scanner[:name] %>
 <% end %>
+<% if vulnerability.scan.present? %>
 <% if vulnerability.scan[:type].present? %>
 * <%= _("Type") %>: <%= vulnerability.scan[:type] %>
 <% end %>
@@ -80,3 +81,4 @@
 * <%= _("End Time") %>: <%= vulnerability.scan[:end_time] %>
 <% end %>
 <% end %>
+<% end %>
--- a/ee/app/views/vulnerabilities/jira_issue_description.md.erb
+++ b/ee/app/views/vulnerabilities/jira_issue_description.md.erb
@@ -58,6 +58,7 @@ h3. <%= _("Scanner") %>:
 <% if vulnerability.scanner.present? %>
 * <%= _("Name") %>: <%= vulnerability.scanner[:name] %>
 <% end %>
+<% if vulnerability.scan.present? %>
 <% if vulnerability.scan[:type].present? %>
 * <%= _("Type") %>: <%= vulnerability.scan[:type] %>
 <% end %>
@@ -71,3 +72,4 @@ h3. <%= _("Scanner") %>:
 * <%= _("End Time") %>: <%= vulnerability.scan[:end_time] %>
 <% end %>
 <% end %>
+<% end %>
--- a/ee/spec/helpers/vulnerabilities_helper_spec.rb
+++ b/ee/spec/helpers/vulnerabilities_helper_spec.rb
@@ -202,6 +202,17 @@ RSpec.describe VulnerabilitiesHelper do
      it 'generates url to create issue in Jira' do
        expect(subject[:create_jira_issue_url]).to eq('https://jira.example.com/new')
      end
+
+      context 'when scan property is empty' do
+        before do
+          vulnerability.finding.scan = nil
+        end
+
+        it 'renders description using dedicated template without raising error' do
+          expect(ApplicationController).to receive(:render).with(template: 'vulnerabilities/jira_issue_description.md.erb', locals: { vulnerability: an_instance_of(VulnerabilityPresenter) })
+          expect {subject}.not_to raise_error
+        end
+      end
    end

    context 'with jira vulnerabilities integration disabled' do

--- a/ee/spec/services/ee/issues/create_from_vulnerability_data_service_spec.rb
+++ b/ee/spec/services/ee/issues/create_from_vulnerability_data_service_spec.rb
@@ -175,6 +175,80 @@ RSpec.describe Issues::CreateFromVulnerabilityDataService, '#execute' do

        it_behaves_like 'a created issue'
      end
+
+      context 'when scan is NOT present but scanner is' do
+        let(:params) do
+          {
+            blob_path: '/group_path/sub_group_path/project_path/-/blob/commitsha/subdir/src/main/java/com/gitlab/security_products/tests/App.java#L15',
+            category: 'sast',
+            severity: 'Low', confidence: 'High',
+            solution: 'Please do something!',
+            file: 'subdir/src/main/java/com/gitlab/security_products/tests/App.java',
+            line: '15',
+            cve: '818bf5dacb291e15d9e6dc3c5ac32178:PREDICTABLE_RANDOM',
+            title: 'Predictable pseudorandom number generator',
+            description: 'Description of Predictable pseudorandom number generator',
+            tool: 'find_sec_bugs',
+            identifiers: [{
+              type: 'CVE',
+              name: 'CVE-2017-15650',
+              value: 'CVE-2017-15650',
+              url: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15650'
+            }, {
+              type: 'CWE',
+              name: 'CWE-16',
+              value: '16',
+              url: 'https://cwe.mitre.org/data/definitions/16.html'
+            }, {
+              type: 'GAS_RULE_ID',
+              name: 'GAS Rule ID G105',
+              value: 'G105'
+            }],
+            links: [{
+              name: 'Awesome-security blog post',
+              url: 'https;//example.com/blog-post'
+            }, {
+              url: 'https://example.com/another-link'
+            }],
+            scanner: { external_id: 'gemnasium', name: 'Gemnasium' },
+            scan: nil
+          }
+        end
+
+        let(:expected_title) { 'Investigate vulnerability: Predictable pseudorandom number generator' }
+        let(:expected_description) do
+          <<~DESC.chomp
+            ### Description:
+
+            Description of Predictable pseudorandom number generator
+
+            * Severity: Low
+            * Confidence: High
+            * Location: [subdir/src/main/java/com/gitlab/security_products/tests/App.java:15](http://localhost/group_path/sub_group_path/project_path/-/blob/commitsha/subdir/src/main/java/com/gitlab/security_products/tests/App.java#L15)
+
+            ### Solution:
+
+            Please do something!
+
+            ### Identifiers:
+
+            * [CVE-2017-15650](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15650)
+            * [CWE-16](https://cwe.mitre.org/data/definitions/16.html)
+            * GAS Rule ID G105
+
+            ### Links:
+
+            * [Awesome-security blog post](https;//example.com/blog-post)
+            * https://example.com/another-link
+
+            ### Scanner:
+
+            * Name: Gemnasium
+          DESC
+        end
+
+        it_behaves_like 'a created issue'
+      end
    end

    context 'when category is dependency scanning' do