Merge branch 'refactor-vulnerabiltiy-parser' into 'master'

Refactor vulnerability template classes

See merge request gitlab-org/gitlab!44063

ee/lib/gitlab/vulnerabilities/base_vulnerability.rb

@@ -9,19 +9,20 @@ module Gitlab
         @data = data.deep_symbolize_keys
       end
 
-      # Ensure mandatory properties are defined
+      # Passthrough properties
       %i[
-        title
-        description
         severity
         confidence
         solution
         identifiers
         links
-      ].each do |method_name|
-        define_method(method_name) do
-          raise NotImplementedError
-        end
+        remediations
+        target_branch
+      ].each { |method_name| define_method(method_name) { @data[method_name] } }
+
+      # Ensure mandatory properties are defined
+      %i[title description].each do |method_name|
+        define_method(method_name) { raise NotImplementedError }
       end
     end
   end

ee/lib/gitlab/vulnerabilities/container_scanning_vulnerability.rb

@@ -3,20 +3,6 @@
 module Gitlab
   module Vulnerabilities
     class ContainerScanningVulnerability < BaseVulnerability
-      # Passthrough properties
-      %i[
-        confidence
-        severity
-        identifiers
-        links
-        remediations
-        target_branch
-      ].each do |method_name|
-        define_method(method_name) do
-          @data[method_name]
-        end
-      end
-
       def title
         format_data(
           :name =>

ee/lib/gitlab/vulnerabilities/standard_vulnerability.rb

@@ -4,20 +4,6 @@ module Gitlab
   module Vulnerabilities
     class StandardVulnerability < BaseVulnerability
       include RequestAwareEntity
-      # Passthrough properties
-      %i[
-        severity
-        confidence
-        solution
-        identifiers
-        links
-        remediations
-        target_branch
-      ].each do |method_name|
-        define_method(method_name) do
-          @data[method_name]
-        end
-      end
 
       def title
         @data[:title].presence || @data[:name]

ee/spec/lib/gitlab/vulnerabilities/base_vulnerability_spec.rb

@@ -3,25 +3,49 @@
 require 'spec_helper'
 
 RSpec.describe Gitlab::Vulnerabilities::BaseVulnerability do
-  let(:vulnerability) do
-    described_class.new(
-      title:       'title',
+  let(:data) do
+    {
+      title: 'title',
       description: 'desc',
-      severity:    'high',
-      confidence:  'low',
-      solution:    'fix',
-      identifiers: '42',
-      links:       'link'
-    )
+      severity: 'high',
+      confidence: 'low',
+      identifiers: [
+        {
+          type: 'CVE',
+          name: 'CVE-2017-15650',
+          value: 'CVE-2017-15650',
+          url: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15650'
+        }
+      ],
+      links: [{ name: 'Awesome-security blog post', url: 'https;//example.com/blog-post' }],
+      location: { file: 'main.rb', start_line: 14, blob_path: '/bar/foo/main.rb#14' },
+      solution: 'upgrade dependencies'
+    }
   end
 
-  where(:getter) do
-    %w(title description severity confidence solution identifiers links)
-  end
+  let(:vulnerability) { described_class.new(data) }
+
+  where(:getter) { %w[title description] }
 
   with_them do
     it 'raises an error' do
       expect { vulnerability.public_send(getter) }.to raise_error(NotImplementedError)
     end
   end
+
+  describe 'getters' do
+    where(:getter) { %i[severity confidence solution identifiers links remediations target_branch] }
+
+    let(:with_nil) { described_class.new({}) }
+
+    with_them do
+      it 'returns right value' do
+        expect(vulnerability.public_send(getter)).to eq(data[getter])
+      end
+
+      it 'returns nil value' do
+        expect(with_nil.public_send(getter)).to eq(nil)
+      end
+    end
+  end
 end

ee/spec/lib/gitlab/vulnerabilities/container_scanning_vulnerability_spec.rb

@@ -18,20 +18,6 @@ RSpec.describe Gitlab::Vulnerabilities::ContainerScanningVulnerability do
     }.with_indifferent_access
   end
 
-  describe 'getters' do
-    let(:vulnerability) { described_class.new(data) }
-
-    where(:getter) do
-      %i[severity confidence identifiers links target_branch remediations]
-    end
-
-    with_them do
-      it 'returns right value' do
-        expect(vulnerability.public_send(getter)).to eq(data[getter])
-      end
-    end
-  end
-
   describe '#title' do
     subject { described_class.new(data).title }
 

ee/spec/lib/gitlab/vulnerabilities/standard_vulnerability_spec.rb

@@ -6,129 +6,20 @@ RSpec.describe Gitlab::Vulnerabilities::StandardVulnerability do
   let(:title) { 'Predictable pseudorandom number generator' }
   let(:name) { 'Predictable pseudorandom number generator (from name)' }
   let(:description) { 'Description of Predictable pseudorandom number generator' }
-  let(:severity) { 'Low' }
-  let(:confidence) { 'High' }
   let(:solution) { 'Please do something!' }
   let(:file) { 'subdir/src/main/java/com/gitlab/security_products/tests/App.java' }
   let(:line) { 15 }
   let(:blob_path) { "bar/foo/-/blob/sha/#{file}#L#{line}" }
-
   let(:location) do
     { file: file, start_line: line, blob_path: "/#{blob_path}" }
   end
 
-  let(:identifiers) do
-    [{
-      type: 'CVE',
-      name: 'CVE-2017-15650',
-      value: 'CVE-2017-15650',
-      url: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15650'
-    }]
-  end
-
-  let(:links) do
-    [
-      { name: 'Awesome-security blog post', url: 'https;//example.com/blog-post' },
-      { url: 'https://example.com/another-link' }
-    ]
-  end
-
   it 'inherits from Gitlab::Vulnerabilities::BaseVulnerability' do
     vulnerability = described_class.new(foo: 'bar')
 
     expect(vulnerability).to be_kind_of(Gitlab::Vulnerabilities::BaseVulnerability)
   end
 
-  describe '#severity' do
-    context 'when severity is present' do
-      it 'returns severity' do
-        vulnerability = described_class.new(severity: severity)
-
-        expect(vulnerability.severity).to eq severity
-      end
-    end
-
-    context 'when severity is not set' do
-      it 'returns nil' do
-        vulnerability = described_class.new(foo: 'bar')
-
-        expect(vulnerability.severity).to be_nil
-      end
-    end
-  end
-
-  describe '#confidence' do
-    context 'when confidence is present' do
-      it 'returns confidence' do
-        vulnerability = described_class.new(confidence: confidence)
-
-        expect(vulnerability.confidence).to eq confidence
-      end
-    end
-
-    context 'when confidence is not set' do
-      it 'returns nil' do
-        vulnerability = described_class.new(foo: 'bar')
-
-        expect(vulnerability.confidence).to be_nil
-      end
-    end
-  end
-
-  describe '#solution' do
-    context 'when solution is present' do
-      it 'returns solution' do
-        vulnerability = described_class.new(solution: solution)
-
-        expect(vulnerability.solution).to eq solution
-      end
-    end
-
-    context 'when solution is not set' do
-      it 'returns nil' do
-        vulnerability = described_class.new(foo: 'bar')
-
-        expect(vulnerability.solution).to be_nil
-      end
-    end
-  end
-
-  describe '#identifiers' do
-    context 'when identifiers is present' do
-      it 'returns identifiers' do
-        vulnerability = described_class.new(identifiers: identifiers)
-
-        expect(vulnerability.identifiers).to eq identifiers
-      end
-    end
-
-    context 'when identifiers is not set' do
-      it 'returns nil' do
-        vulnerability = described_class.new(foo: 'bar')
-
-        expect(vulnerability.identifiers).to be_nil
-      end
-    end
-  end
-
-  describe '#links' do
-    context 'when links is present' do
-      it 'returns links' do
-        vulnerability = described_class.new(links: links)
-
-        expect(vulnerability.links).to eq links
-      end
-    end
-
-    context 'when links is not set' do
-      it 'returns nil' do
-        vulnerability = described_class.new(foo: 'bar')
-
-        expect(vulnerability.links).to be_nil
-      end
-    end
-  end
-
   describe '#title' do
     context 'when title is present' do
       it 'returns title' do