Commit 0064b594 authored by Subashis's avatar Subashis

Extend GraphQL Ci::PipelineType to include Security Report Findings

- Fix broken spec
- Fix rubocop issues
parent 06adcc42
This source diff could not be displayed because it is too large. You can view the blob instead.
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -2964,7 +2964,7 @@ Information about pagination in a connection.
| `path` | String | Relative path to the pipeline's page. |
| `project` | Project | Project the pipeline belongs to. |
| `retryable` | Boolean! | Specifies if a pipeline can be retried. |
| `securityReportFindings` | PipelineSecurityReportFindingConnection | Vulnerability findings reported on the pipeline |
| `securityReportFindings` | PipelineSecurityReportFindingConnection | Vulnerability findings reported on the pipeline. |
| `securityReportSummary` | SecurityReportSummary | Vulnerability and scanned resource counts for each security scanner of the pipeline. |
| `sha` | String! | SHA of the pipeline's commit. |
| `sourceJob` | CiJob | Job where pipeline was triggered from. |
......@@ -3035,18 +3035,18 @@ Represents vulnerability finding of a security report on the pipeline.
| Field | Type | Description |
| ----- | ---- | ----------- |
| `confidence` | String | Type of the security report that found the vulnerability |
| `description` | String | Description of the vulnerability finding |
| `confidence` | String | Type of the security report that found the vulnerability. |
| `description` | String | Description of the vulnerability finding. |
| `identifiers` | VulnerabilityIdentifier! => Array | Identifiers of the vulnerabilit finding. |
| `location` | VulnerabilityLocation | Location metadata for the vulnerability. Its fields depend on the type of security scan that found the vulnerability |
| `name` | String | Name of the vulnerability finding |
| `project` | Project | The project on which the vulnerability finding was found |
| `projectFingerprint` | String | Name of the vulnerability finding |
| `reportType` | VulnerabilityReportType | Type of the security report that found the vulnerability finding |
| `location` | VulnerabilityLocation | Location metadata for the vulnerability. Its fields depend on the type of security scan that found the vulnerability. |
| `name` | String | Name of the vulnerability finding. |
| `project` | Project | The project on which the vulnerability finding was found. |
| `projectFingerprint` | String | Name of the vulnerability finding. |
| `reportType` | VulnerabilityReportType | Type of the security report that found the vulnerability finding. |
| `scanner` | VulnerabilityScanner | Scanner metadata for the vulnerability. |
| `severity` | VulnerabilitySeverity | Severity of the vulnerability finding |
| `solution` | String | URL to the vulnerability's details page |
| `uuid` | String | Name of the vulnerability finding |
| `severity` | VulnerabilitySeverity | Severity of the vulnerability finding. |
| `solution` | String | URL to the vulnerability's details page. |
| `uuid` | String | Name of the vulnerability finding. |
### Project
......
......@@ -17,7 +17,7 @@ module EE
field :security_report_findings,
::Types::PipelineSecurityReportFindingType.connection_type,
null: true,
description: 'Vulnerability findings reported on the pipeline',
description: 'Vulnerability findings reported on the pipeline.',
resolver: ::Resolvers::PipelineSecurityReportFindingsResolver
end
end
......
......@@ -6,7 +6,7 @@ module Resolvers
alias_method :pipeline, :object
argument :report_type, [GraphQL::STRING_TYPE],
argument :report_type, [GraphQL::STRING_TYPE],
required: false,
description: 'Filter vulnerability findings by report type.'
......@@ -14,7 +14,7 @@ module Resolvers
required: false,
description: 'Filter vulnerability findings by severity.'
argument :scanner, [GraphQL::STRING_TYPE],
argument :scanner, [GraphQL::STRING_TYPE],
required: false,
description: 'Filter vulnerability findings by Scanner.externalId.'
......@@ -23,6 +23,3 @@ module Resolvers
end
end
end
\ No newline at end of file
......@@ -8,16 +8,16 @@ module Types
description 'Represents vulnerability finding of a security report on the pipeline'
field :report_type, VulnerabilityReportTypeEnum, null: true,
description: "Type of the security report that found the vulnerability finding"
description: 'Type of the security report that found the vulnerability finding.'
field :name, GraphQL::STRING_TYPE, null: true,
description: 'Name of the vulnerability finding'
description: 'Name of the vulnerability finding.'
field :severity, VulnerabilitySeverityEnum, null: true,
description: "Severity of the vulnerability finding"
description: 'Severity of the vulnerability finding.'
field :confidence, GraphQL::STRING_TYPE, null: true,
description: "Type of the security report that found the vulnerability "
description: 'Type of the security report that found the vulnerability.'
field :scanner, VulnerabilityScannerType, null: true,
description: 'Scanner metadata for the vulnerability.'
......@@ -26,23 +26,23 @@ module Types
description: 'Identifiers of the vulnerabilit finding.'
field :project_fingerprint, GraphQL::STRING_TYPE, null: true,
description: 'Name of the vulnerability finding'
description: 'Name of the vulnerability finding.'
field :uuid, GraphQL::STRING_TYPE, null: true,
description: 'Name of the vulnerability finding'
description: 'Name of the vulnerability finding.'
field :project, ::Types::ProjectType, null: true,
description: 'The project on which the vulnerability finding was found',
authorize: :read_project
description: 'The project on which the vulnerability finding was found.',
authorize: :read_project
field :description, GraphQL::STRING_TYPE, null: true,
description: 'Description of the vulnerability finding'
description: 'Description of the vulnerability finding.'
field :location, VulnerabilityLocationType, null: true,
description: 'Location metadata for the vulnerability. Its fields depend on the type of security scan that found the vulnerability'
description: 'Location metadata for the vulnerability. Its fields depend on the type of security scan that found the vulnerability.'
field :solution, GraphQL::STRING_TYPE, null: true,
description: "URL to the vulnerability's details page"
description: "URL to the vulnerability's details page."
def location
object.location&.merge(report_type: object.report_type)
......
......@@ -14,11 +14,13 @@ RSpec.describe Resolvers::PipelineSecurityReportFindingsResolver do
let_it_be(:low_vulnerability_finding) { build(:vulnerabilities_finding, severity: :low, report_type: :dast, project: project) }
let_it_be(:critical_vulnerability_finding) { build(:vulnerabilities_finding, severity: :critical, report_type: :sast, project: project) }
let_it_be(:high_vulnerability_finding) { build(:vulnerabilities_finding, severity: :high, report_type: :container_scanning, project: project) }
let(:params) { {} }
before do
allow_any_instance_of(Security::PipelineVulnerabilitiesFinder).to receive_message_chain(:execute, :findings).and_return(returned_findings)
before do
allow_next_instance_of(Security::PipelineVulnerabilitiesFinder) do |instance|
allow(instance).to receive_message_chain(:execute, :findings).and_return(returned_findings)
end
end
context 'when given severities' do
......@@ -48,4 +50,4 @@ RSpec.describe Resolvers::PipelineSecurityReportFindingsResolver do
end
end
end
end
\ No newline at end of file
end
......@@ -15,8 +15,7 @@ RSpec.describe GitlabSchema.types['PipelineSecurityReportFinding'] do
project
description
location
solution
]
solution]
end
specify { expect(described_class.graphql_name).to eq('PipelineSecurityReportFinding') }
......
......@@ -42,7 +42,7 @@ RSpec.describe 'Query.project(fullPath).pipeline(iid).securityReportFinding' do
visibility
}
}
}
}
}
}
}
......@@ -63,7 +63,7 @@ RSpec.describe 'Query.project(fullPath).pipeline(iid).securityReportFinding' do
end
it 'returns all the queried fields' do
security_report_finding = security_report_findings.first
security_report_finding = security_report_findings.first
expect(security_report_finding.dig('project', 'fullPath')).to eq(project.full_path)
expect(security_report_finding.dig('project', 'visibility')).to eq(project.visibility)
......@@ -77,4 +77,4 @@ RSpec.describe 'Query.project(fullPath).pipeline(iid).securityReportFinding' do
expect(security_report_finding['solution']).not_to be_nil
expect(security_report_finding['description']).not_to be_nil
end
end
\ No newline at end of file
end
......@@ -16,7 +16,7 @@ RSpec.describe Types::Ci::PipelineType do
]
if Gitlab.ee?
expected_fields << 'security_report_summary'
expected_fields += %w[security_report_summary security_report_findings]
end
expect(described_class).to have_graphql_fields(*expected_fields)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment