VulnerabilityType requests spec doesn't do anything
Why are we doing this work
While working on Rename GraphQL field `hasSolutions` to `hasReme... (#414895 - closed) and refactoring specs, I noticed with the help of @bwill that the shared test it_behaves_like "a working graphql query"
isn't doing anything:
Query.vulnerability(id)
# order random
query all fields
for a sast vulnerability
behaves like a working graphql query
XXXXXX {"vulnerability"=>nil}
This is because the user is lacking permissions to read the vulnerability. The GraphQL returns a valid response, but doesn't actually tests any of the fields.
If you fix the permission issue with:
let_it_be(:current_user) { create(:user).tap { |user| project.add_developer(user) } }
then you get a different error:
1) Query.vulnerability(id) query all fields for a sast vulnerability behaves like a working graphql query returns a successful response
Failure/Error: expect(graphql_errors).to be_nil
expected: nil
got: [{"message"=>"Cannot return null for non-nullable field Vulnerability.links"}]
Relevant links
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
-
Use the same :current_user
for all scopes -
Fix the fixture so the returned vulnerability has valid links data
Verification steps
Edited by Thiago Figueiró