# frozen_string_literal: true require 'spec_helper' describe Gitlab::Vulnerabilities::ContainerScanningVulnerability do let(:data) do { featurename: 'foo', featureversion: '1.2.3', vulnerability: 'CVE-2018-777', namespace: 'debian:9', link: 'https://security-tracker.debian.org/tracker/CVE-2018-777', severity: 'high', fixedby: '1.4', confidence: 'low', identifiers: '42', links: 'link' }.with_indifferent_access end describe 'getters' do let(:vulnerability) { described_class.new(data) } where(:getter) do %i[severity confidence identifiers links] end with_them do it 'returns right value' do expect(vulnerability.public_send(getter)).to eq(data[getter]) end end end describe '#title' do subject { described_class.new(data).title } context 'when there is a name' do before do data[:name] = 'Foo is affected by CVE-2018-777' end it 'returns the provided name' do is_expected.to eq('Foo is affected by CVE-2018-777') end end context 'when there is no featurename' do before do data[:featurename] = '' end it 'formats title using the vulnerability only' do is_expected.to eq('CVE-2018-777') end end context 'when there is a featurename' do it 'formats title using the featurename' do is_expected.to eq('CVE-2018-777 in foo') end end end describe '#description' do subject { described_class.new(data).description } context 'when there is a description' do before do data[:description] = 'SSE2-optimized memmove implementation problem.' end it 'returns the provided description' do is_expected.to eq('SSE2-optimized memmove implementation problem.') end end context 'when there is no featurename' do before do data[:featurename] = '' end it 'formats description using the namespace' do is_expected.to eq('**debian:9** is affected by CVE-2018-777') end end context 'when there is no featureversion' do before do data[:featureversion] = '' end it 'formats description using the featurename only' do is_expected.to eq('**foo** is affected by CVE-2018-777') end end context 'when featurename and featureversion are present' do it 'formats description using the featurename and featureversion' do is_expected.to eq('**foo** `1.2.3` is affected by CVE-2018-777') end end end describe '#solution' do subject { described_class.new(data).solution } context 'when there is a solution' do before do data[:solution] = 'Do something about it!' end it 'returns the provided solution' do is_expected.to eq('Do something about it!') end end context 'when there is no fixedby' do before do data[:fixedby] = '' end it 'returns nil' do is_expected.to be_nil end end context 'when there is no featurename' do before do data[:featurename] = '' end it 'formats solution using the fixedby only' do is_expected.to eq('Upgrade to `1.4`') end end context 'when there is no featureversion' do before do data[:featureversion] = '' end it 'formats solution using the featurename only' do is_expected.to eq('Upgrade **foo** to `1.4`') end end context 'when featurename and featureversion are present' do it 'formats solution using the featurename and featureversion' do is_expected.to eq('Upgrade **foo** from `1.2.3` to `1.4`') end end end end