Try new logic in vulnerability to get the severity override data

b5911b90 · Miki Amos · GitLab · 153e41c8 · b5911b90 · b5911b90
Verified Commit b5911b90 authored 2 weeks ago by Miki Amos Committed by GitLab 2 weeks ago
--- a/ee/app/helpers/vulnerabilities_helper.rb
+++ b/ee/app/helpers/vulnerabilities_helper.rb
@@ -37,7 +37,8 @@ def vulnerability_details(vulnerability, pipeline)
      issue_tracking_help_path: help_page_path('user/project/issues/_index.md'),
      permissions_help_path: help_page_path('user/permissions.md', anchor: 'project-members-permissions'),
      dismissal_descriptions: dismissal_descriptions,
-      representation_information: format_vulnerability_representation_information(vulnerability.representation_information)
+      representation_information: format_vulnerability_representation_information(vulnerability.representation_information),
+      severity_override: severity_override_data(vulnerability)
    }

    result.merge(vulnerability_data(vulnerability), vulnerability_finding_data(vulnerability))
@@ -47,6 +48,21 @@ def dismissal_descriptions
    Vulnerabilities::DismissalReasonEnum.translated_descriptions
  end

+  def severity_override_data(vulnerability)
+    severity_override = vulnerability.severity_overrides.last
+    return unless severity_override
+
+    {
+      id: severity_override.id,
+      original_severity: severity_override.original_severity,
+      new_severity: severity_override.new_severity,
+      author: {
+        name: severity_override.author.name,
+        web_url: user_path(severity_override.author)
+      }
+    }
+  end
+
  def new_issue_url_for(vulnerability)
    return unless vulnerability.project.issues_enabled?


--- a/ee/app/models/ee/vulnerability.rb
+++ b/ee/app/models/ee/vulnerability.rb
@@ -60,7 +60,6 @@ module Vulnerability
      has_many :related_issues, through: :issue_links, source: :issue, disable_joins: true
      has_many :state_transitions, class_name: '::Vulnerabilities::StateTransition', inverse_of: :vulnerability
      has_many :severity_overrides, class_name: '::Vulnerabilities::SeverityOverride', inverse_of: :vulnerability
-
      has_many :notes, as: :noteable
      has_many :user_mentions, class_name: 'VulnerabilityUserMention'


--- a/ee/spec/helpers/vulnerabilities_helper_spec.rb
+++ b/ee/spec/helpers/vulnerabilities_helper_spec.rb
@@ -6,7 +6,7 @@
  let_it_be(:user) { create(:user) }
  let_it_be(:project) { create(:project, :repository, :public) }
  let_it_be(:pipeline) { create(:ci_pipeline, :success, project: project) }
-  let_it_be(:finding) { create(:vulnerabilities_finding, :with_pipeline, :with_cve, project: project, severity: :high) }
+  let_it_be_with_refind(:finding) { create(:vulnerabilities_finding, :with_pipeline, :with_cve, project: project, severity: :high) }
  let_it_be(:advisory) { create(:pm_advisory, cve: finding.cve_value) }
  let_it_be(:cve_enrichment_object) { create(:pm_cve_enrichment, cve: finding.cve_value) }

@@ -123,7 +123,7 @@
      allow(helper).to receive(:can?).and_return(true)
    end

-    subject { helper.vulnerability_details(vulnerability, pipeline) }
+    subject(:vulnerability_details) { helper.vulnerability_details(vulnerability, pipeline) }

    describe '[:can_modify_related_issues]' do
      context 'with security dashboard feature enabled' do
@@ -219,6 +219,37 @@
        end
      end
    end
+
+    describe '[:severity_override]' do
+      subject(:severity_override) { vulnerability_details[:severity_override] }
+
+      context 'when there is no severity override for the vulnerability' do
+        it { is_expected.to be_nil }
+      end
+
+      context 'when there are severity overrides for the vulnerability' do
+        let!(:author) { create(:user) }
+        let!(:old_severity_override) do
+          create(:vulnerability_severity_override, vulnerability: vulnerability, author: author)
+        end
+
+        let!(:most_recent_severity_override) do
+          create(:vulnerability_severity_override, vulnerability: vulnerability, author: author)
+        end
+
+        it 'contains the information from the most recent severity override record' do
+          expect(severity_override).to include(
+            id: most_recent_severity_override.id,
+            new_severity: 'critical',
+            original_severity: 'low',
+            author: {
+              name: author.name,
+              web_url: user_path(author)
+            }
+          )
+        end
+      end
+    end
  end

  describe '#create_jira_issue_url_for' do