Added DAST path to display on vulnerabilities list

Previously the path/URL wasn't displayed for DAST items

Added DAST path to display on vulnerabilities list
Previously the path/URL wasn't displayed for DAST items
d43a1ed5 · nmccorrison · 4d105437 · d43a1ed5 · d43a1ed5 · d43a1ed5
Commit d43a1ed5 authored Dec 09, 2020 by nmccorrison
4 changed files
--- a/ee/app/assets/javascripts/security_dashboard/components/vulnerability_list.vue
+++ b/ee/app/assets/javascripts/security_dashboard/components/vulnerability_list.vue
@@ -213,7 +213,7 @@ export default {
  },
  methods: {
    createLocationString(location) {
-      const { image, file, startLine } = location;
+      const { image, file, startLine, path } = location;

      if (image) {
        return image;
@@ -223,6 +223,10 @@ export default {
        return `${file} ${sprintf(__('(line: %{startLine})'), { startLine })}`;
      }

+      if (path) {
+        return path;
+      }
+
      return file;
    },
    deselectVulnerability(vulnerabilityId) {
@@ -253,7 +257,7 @@ export default {
      return identifiers?.length > 1;
    },
    shouldShowVulnerabilityPath(item) {
-      return Boolean(item.location.image || item.location.file);
+      return Boolean(item.location.image || item.location.file || item.location.path);
    },
    toggleAllVulnerabilities() {
      if (this.hasSelectedAllVulnerabilities) {

--- a/ee/app/assets/javascripts/security_dashboard/graphql/vulnerability.fragment.graphql
+++ b/ee/app/assets/javascripts/security_dashboard/graphql/vulnerability.fragment.graphql
@@ -37,6 +37,10 @@ fragment Vulnerability on Vulnerability {
      file
      startLine
    }
+    ... on VulnerabilityLocationDast {
+      hostname
+      path
+    }
  }
  project {
    nameWithNamespace

--- a/ee/spec/frontend/security_dashboard/components/mock_data.js
+++ b/ee/spec/frontend/security_dashboard/components/mock_data.js
@@ -97,6 +97,19 @@ export const generateVulnerabilities = () => [
    },
    scanner: {},
  },
+  {
+    id: 'id_5',
+    title: 'Vulnerability 5',
+    severity: 'high',
+    state: 'DETECTED',
+    location: {
+      path: '/v1/trees'
+    },
+    project: {
+      nameWithNamespace: 'Administrator / Security reports',
+    },
+    scanner: {},
+  },
 ];

 export const vulnerabilities = generateVulnerabilities();
--- a/ee/spec/frontend/security_dashboard/components/vulnerability_list_spec.js
+++ b/ee/spec/frontend/security_dashboard/components/vulnerability_list_spec.js
@@ -234,6 +234,16 @@ describe('Vulnerability list component', () => {
      expect(cellText).toEqual(project.nameWithNamespace);
      expect(cellText).not.toContain('(line: ');
    });
+
+    it('should display the vulnerability locations for path', () => {
+      const { id, project, location } = newVulnerabilities[5];
+      const cell = findDataCell(`location-${id}`);
+      expect(cell.text()).toContain(project.nameWithNamespace);
+      expect(findLocationTextWrapper(cell).props()).toEqual({
+        text: location.path,
+        position: 'middle',
+      });
+    });
  });

  describe('when displayed on a project level dashboard', () => {