spec/lib/gitlab/background_migration/populate_missing_vulnerability_dismissal_information_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe Gitlab::BackgroundMigration::PopulateMissingVulnerabilityDismissalInformation, schema: 20181228175414 do
  let(:users) { table(:users) }
  let(:namespaces) { table(:namespaces) }
  let(:projects) { table(:projects) }
  let(:vulnerabilities) { table(:vulnerabilities) }
  let(:findings) { table(:vulnerability_occurrences) }
  let(:scanners) { table(:vulnerability_scanners) }
  let(:identifiers) { table(:vulnerability_identifiers) }
  let(:feedback) { table(:vulnerability_feedback) }

  let(:user) { users.create!(name: 'test', email: 'test@example.com', projects_limit: 5) }
  let(:namespace) { namespaces.create!(name: 'gitlab', path: 'gitlab-org') }
  let(:project) { projects.create!(namespace_id: namespace.id, name: 'foo') }
  let(:vulnerability_1) { vulnerabilities.create!(title: 'title', state: 2, severity: 0, confidence: 5, report_type: 2, project_id: project.id, author_id: user.id) }
  let(:vulnerability_2) { vulnerabilities.create!(title: 'title', state: 2, severity: 0, confidence: 5, report_type: 2, project_id: project.id, author_id: user.id) }
  let(:scanner) { scanners.create!(project_id: project.id, external_id: 'foo', name: 'bar') }
  let(:identifier) { identifiers.create!(project_id: project.id, fingerprint: 'foo', external_type: 'bar', external_id: 'zoo', name: 'identifier') }

  before do
    feedback.create!(feedback_type: 0,
                     category: 'sast',
                     project_fingerprint: '418291a26024a1445b23fe64de9380cdcdfd1fa8',
                     project_id: project.id,
                     author_id: user.id,
                     created_at: Time.current)

    findings.create!(name: 'Finding',
                     report_type: 'sast',
                     project_fingerprint: Gitlab::Database::ShaAttribute.new.serialize('418291a26024a1445b23fe64de9380cdcdfd1fa8'),
                     location_fingerprint: 'bar',
                     severity: 1,
                     confidence: 1,
                     metadata_version: 1,
                     raw_metadata: '',
                     uuid: SecureRandom.uuid,
                     project_id: project.id,
                     vulnerability_id: vulnerability_1.id,
                     scanner_id: scanner.id,
                     primary_identifier_id: identifier.id)

    allow(::Gitlab::BackgroundMigration::Logger).to receive_messages(info: true, warn: true, error: true)
  end

  describe '#perform' do
    it 'updates the missing dismissal information of the vulnerability' do
      expect { subject.perform(vulnerability_1.id, vulnerability_2.id) }.to change { vulnerability_1.reload.dismissed_at }.from(nil)
                                                                        .and change { vulnerability_1.reload.dismissed_by_id }.from(nil).to(user.id)
    end

    it 'writes log messages' do
      subject.perform(vulnerability_1.id, vulnerability_2.id)

      expect(::Gitlab::BackgroundMigration::Logger).to have_received(:info).with(migrator: described_class.name,
                                                                                 message: 'Dismissal information has been copied',
                                                                                 count: 2)
      expect(::Gitlab::BackgroundMigration::Logger).to have_received(:warn).with(migrator: described_class.name,
                                                                                 message: 'Could not update vulnerability!',
                                                                                 vulnerability_id: vulnerability_2.id)
    end
  end
end