Extend GraphQL Ci::PipelineType to include Security Report Findings

- Fix broken spec
- Fix rubocop issues

doc/api/graphql/reference/index.md

@@ -2964,7 +2964,7 @@ Information about pagination in a connection.
 | `path` | String | Relative path to the pipeline's page. |
 | `project` | Project | Project the pipeline belongs to. |
 | `retryable` | Boolean! | Specifies if a pipeline can be retried. |
-| `securityReportFindings` | PipelineSecurityReportFindingConnection | Vulnerability findings reported on the pipeline |
+| `securityReportFindings` | PipelineSecurityReportFindingConnection | Vulnerability findings reported on the pipeline. |
 | `securityReportSummary` | SecurityReportSummary | Vulnerability and scanned resource counts for each security scanner of the pipeline. |
 | `sha` | String! | SHA of the pipeline's commit. |
 | `sourceJob` | CiJob | Job where pipeline was triggered from. |
@@ -3035,18 +3035,18 @@ Represents vulnerability finding of a security report on the pipeline.
 | Field | Type | Description |
 | ----- | ---- | ----------- |
-| `confidence` | String | Type of the security report that found the vulnerability  |
-| `description` | String | Description of the vulnerability finding |
+| `confidence` | String | Type of the security report that found the vulnerability. |
+| `description` | String | Description of the vulnerability finding. |
 | `identifiers` | VulnerabilityIdentifier! => Array | Identifiers of the vulnerabilit finding. |
-| `location` | VulnerabilityLocation | Location metadata for the vulnerability. Its fields depend on the type of security scan that found the vulnerability |
-| `name` | String | Name of the vulnerability finding |
-| `project` | Project | The project on which the vulnerability finding was found |
-| `projectFingerprint` | String | Name of the vulnerability finding |
-| `reportType` | VulnerabilityReportType | Type of the security report that found the vulnerability finding |
+| `location` | VulnerabilityLocation | Location metadata for the vulnerability. Its fields depend on the type of security scan that found the vulnerability. |
+| `name` | String | Name of the vulnerability finding. |
+| `project` | Project | The project on which the vulnerability finding was found. |
+| `projectFingerprint` | String | Name of the vulnerability finding. |
+| `reportType` | VulnerabilityReportType | Type of the security report that found the vulnerability finding. |
 | `scanner` | VulnerabilityScanner | Scanner metadata for the vulnerability. |
-| `severity` | VulnerabilitySeverity | Severity of the vulnerability finding |
-| `solution` | String | URL to the vulnerability's details page |
-| `uuid` | String | Name of the vulnerability finding |
+| `severity` | VulnerabilitySeverity | Severity of the vulnerability finding. |
+| `solution` | String | URL to the vulnerability's details page. |
+| `uuid` | String | Name of the vulnerability finding. |
 ### Project

ee/app/graphql/ee/types/ci/pipeline_type.rb

@@ -17,7 +17,7 @@ module PipelineType
           field :security_report_findings,
             ::Types::PipelineSecurityReportFindingType.connection_type,
             null: true,
-            description: 'Vulnerability findings reported on the pipeline',
+            description: 'Vulnerability findings reported on the pipeline.',
             resolver: ::Resolvers::PipelineSecurityReportFindingsResolver
         end
       end

ee/app/graphql/resolvers/pipeline_security_report_findings_resolver.rb

@@ -6,7 +6,7 @@ class PipelineSecurityReportFindingsResolver < BaseResolver
     alias_method :pipeline, :object
-    argument :report_type, [GraphQL::STRING_TYPE], 
+    argument :report_type, [GraphQL::STRING_TYPE],
              required: false,
              description: 'Filter vulnerability findings by report type.'
@@ -14,7 +14,7 @@ class PipelineSecurityReportFindingsResolver < BaseResolver
              required: false,
              description: 'Filter vulnerability findings by severity.'
-    argument :scanner, [GraphQL::STRING_TYPE], 
+    argument :scanner, [GraphQL::STRING_TYPE],
              required: false,
              description: 'Filter vulnerability findings by Scanner.externalId.'
@@ -23,6 +23,3 @@ def resolve(**args)
     end
   end
 end
-
- 
-  
\ No newline at end of file

ee/app/graphql/types/pipeline_security_report_finding_type.rb

@@ -8,16 +8,16 @@ class PipelineSecurityReportFindingType < BaseObject
     description 'Represents vulnerability finding of a security report on the pipeline'
     field :report_type, VulnerabilityReportTypeEnum, null: true,
-          description: "Type of the security report that found the vulnerability finding"  
+          description: 'Type of the security report that found the vulnerability finding.'
     field :name, GraphQL::STRING_TYPE, null: true,
-          description: 'Name of the vulnerability finding'
+          description: 'Name of the vulnerability finding.'
     field :severity, VulnerabilitySeverityEnum, null: true,
-          description: "Severity of the vulnerability finding" 
+          description: 'Severity of the vulnerability finding.'
     field :confidence, GraphQL::STRING_TYPE, null: true,
-          description: "Type of the security report that found the vulnerability "      
+          description: 'Type of the security report that found the vulnerability.'
     field :scanner, VulnerabilityScannerType, null: true,
           description: 'Scanner metadata for the vulnerability.'
@@ -26,23 +26,23 @@ class PipelineSecurityReportFindingType < BaseObject
           description: 'Identifiers of the vulnerabilit finding.'
     field :project_fingerprint, GraphQL::STRING_TYPE, null: true,
-          description: 'Name of the vulnerability finding'
-    
+          description: 'Name of the vulnerability finding.'
+
     field :uuid, GraphQL::STRING_TYPE, null: true,
-          description: 'Name of the vulnerability finding'
+          description: 'Name of the vulnerability finding.'
     field :project, ::Types::ProjectType, null: true,
-          description: 'The project on which the vulnerability finding was found',
-          authorize: :read_project          
+          description: 'The project on which the vulnerability finding was found.',
+          authorize: :read_project
     field :description, GraphQL::STRING_TYPE, null: true,
-          description: 'Description of the vulnerability finding'
-  
+          description: 'Description of the vulnerability finding.'
+
     field :location, VulnerabilityLocationType, null: true,
-          description: 'Location metadata for the vulnerability. Its fields depend on the type of security scan that found the vulnerability'
+          description: 'Location metadata for the vulnerability. Its fields depend on the type of security scan that found the vulnerability.'
     field :solution, GraphQL::STRING_TYPE, null: true,
-          description: "URL to the vulnerability's details page"
+          description: "URL to the vulnerability's details page."
     def location
       object.location&.merge(report_type: object.report_type)

ee/spec/graphql/resolvers/pipeline_security_report_findings_resolver_spec.rb

@@ -14,11 +14,13 @@
     let_it_be(:low_vulnerability_finding) { build(:vulnerabilities_finding, severity: :low, report_type: :dast, project: project) }
     let_it_be(:critical_vulnerability_finding) { build(:vulnerabilities_finding, severity: :critical, report_type: :sast, project: project) }
     let_it_be(:high_vulnerability_finding) { build(:vulnerabilities_finding, severity: :high, report_type: :container_scanning, project: project) }
- 
+
     let(:params) { {} }
-    before do 
-      allow_any_instance_of(Security::PipelineVulnerabilitiesFinder).to receive_message_chain(:execute, :findings).and_return(returned_findings)
+    before do
+      allow_next_instance_of(Security::PipelineVulnerabilitiesFinder) do |instance|
+        allow(instance).to receive_message_chain(:execute, :findings).and_return(returned_findings)
+      end
     end
     context 'when given severities' do
@@ -48,4 +50,4 @@
       end
     end
   end
-end
\ No newline at end of file
+end

ee/spec/graphql/types/pipeline_security_report_finding_type_spec.rb

@@ -15,8 +15,7 @@
        project
        description
        location
-       solution
-    ]
+       solution]
   end
   specify { expect(described_class.graphql_name).to eq('PipelineSecurityReportFinding') }

ee/spec/requests/api/graphql/project/pipeline/security_report_finding_spec.rb

@@ -42,7 +42,7 @@
                   visibility
                 }
               }
-            }    
+            }
           }
         }
       }
@@ -63,7 +63,7 @@
   end
   it 'returns all the queried fields' do
-    security_report_finding = security_report_findings.first 
+    security_report_finding = security_report_findings.first
     expect(security_report_finding.dig('project', 'fullPath')).to eq(project.full_path)
     expect(security_report_finding.dig('project', 'visibility')).to eq(project.visibility)
@@ -77,4 +77,4 @@
     expect(security_report_finding['solution']).not_to be_nil
     expect(security_report_finding['description']).not_to be_nil
   end
-end
\ No newline at end of file
+end

spec/graphql/types/ci/pipeline_type_spec.rb

@@ -16,7 +16,7 @@
     ]
     if Gitlab.ee?
-      expected_fields << 'security_report_summary'
+      expected_fields += %w[security_report_summary security_report_findings]
     end
     expect(described_class).to have_graphql_fields(*expected_fields)