Merge branch 'minac_fix_cvss_representation_in_exports' into 'master'

Fix CVSS values in vulnerability export See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/163784 Merged-by: Brian Williams <bwilliams@gitlab.com> Approved-by: Brian Williams <bwilliams@gitlab.com> Co-authored-by: Mehmet Emin INAC <minac@gitlab.com>

Merge branch 'minac_fix_cvss_representation_in_exports' into 'master'
95fb969f · Brian Williams · GitLab · 5d13f66e · bee3e9a3 · 95fb969f
--- a/ee/app/models/ee/vulnerability.rb
+++ b/ee/app/models/ee/vulnerability.rb
@@ -192,6 +192,10 @@ def with_vulnerability_links

      delegate :dismissal_reason, to: :vulnerability_read, prefix: true, allow_nil: true

+      def cvss_vectors_with_vendor
+        cvss.map { |cvss| "#{cvss['vendor']}=#{cvss['vector']}" }
+      end
+
      def full_path
        "#{project.full_path}/#{id}"
      end

--- a/ee/app/services/vulnerability_exports/exporters/csv_service.rb
+++ b/ee/app/services/vulnerability_exports/exporters/csv_service.rb
@@ -9,7 +9,7 @@ class CsvService
      # to be removed with https://gitlab.com/gitlab-org/gitlab/-/issues/412114
      NIL_FORMATTER = ->(_) { nil }

-      CVSS_FORMATTER = ->(v) { v&.cvss&.map { |e| e.values.join('=') }&.to_csv(col_sep: CSV_DELIMITER, row_sep: '') }
+      CVSS_FORMATTER = ->(v) { v&.cvss_vectors_with_vendor&.to_csv(col_sep: CSV_DELIMITER, row_sep: '') }

      attr_reader :vulnerabilities


--- a/ee/spec/models/ee/vulnerability_spec.rb
+++ b/ee/spec/models/ee/vulnerability_spec.rb
@@ -562,6 +562,16 @@
    end
  end

+  describe '#cvss_vectors_with_vendor' do
+    subject { vulnerability.cvss_vectors_with_vendor }
+
+    before do
+      vulnerability.cvss = [{ vector: 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N', vendor: 'GitLab' }]
+    end
+
+    it { is_expected.to match_array(['GitLab=CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N']) }
+  end
+
  describe '#full_path' do
    let(:project) { build(:project) }
    let(:vulnerability) { build(:vulnerability, id: 1, project: project) }

--- a/ee/spec/services/vulnerability_exports/exporters/csv_service_spec.rb
+++ b/ee/spec/services/vulnerability_exports/exporters/csv_service_spec.rb
@@ -47,7 +47,7 @@
      end

      context 'when a project belongs to a group' do
-        let_it_be(:vulnerability) { create(:vulnerability, :with_findings, project: project) }
+        let_it_be_with_refind(:vulnerability) { create(:vulnerability, :with_findings, project: project) }
        let_it_be(:note) { create(:note, project: project, noteable: vulnerability, note: "a\nb") }

        it 'includes proper values for each column type', :aggregate_failures do