Commit 0064b594 authored by Subashis's avatar Subashis

Extend GraphQL Ci::PipelineType to include Security Report Findings

- Fix broken spec
- Fix rubocop issues
parent 06adcc42
This diff is collapsed.
This diff is collapsed.
...@@ -2964,7 +2964,7 @@ Information about pagination in a connection. ...@@ -2964,7 +2964,7 @@ Information about pagination in a connection.
| `path` | String | Relative path to the pipeline's page. | | `path` | String | Relative path to the pipeline's page. |
| `project` | Project | Project the pipeline belongs to. | | `project` | Project | Project the pipeline belongs to. |
| `retryable` | Boolean! | Specifies if a pipeline can be retried. | | `retryable` | Boolean! | Specifies if a pipeline can be retried. |
| `securityReportFindings` | PipelineSecurityReportFindingConnection | Vulnerability findings reported on the pipeline | | `securityReportFindings` | PipelineSecurityReportFindingConnection | Vulnerability findings reported on the pipeline. |
| `securityReportSummary` | SecurityReportSummary | Vulnerability and scanned resource counts for each security scanner of the pipeline. | | `securityReportSummary` | SecurityReportSummary | Vulnerability and scanned resource counts for each security scanner of the pipeline. |
| `sha` | String! | SHA of the pipeline's commit. | | `sha` | String! | SHA of the pipeline's commit. |
| `sourceJob` | CiJob | Job where pipeline was triggered from. | | `sourceJob` | CiJob | Job where pipeline was triggered from. |
...@@ -3035,18 +3035,18 @@ Represents vulnerability finding of a security report on the pipeline. ...@@ -3035,18 +3035,18 @@ Represents vulnerability finding of a security report on the pipeline.
| Field | Type | Description | | Field | Type | Description |
| ----- | ---- | ----------- | | ----- | ---- | ----------- |
| `confidence` | String | Type of the security report that found the vulnerability | | `confidence` | String | Type of the security report that found the vulnerability. |
| `description` | String | Description of the vulnerability finding | | `description` | String | Description of the vulnerability finding. |
| `identifiers` | VulnerabilityIdentifier! => Array | Identifiers of the vulnerabilit finding. | | `identifiers` | VulnerabilityIdentifier! => Array | Identifiers of the vulnerabilit finding. |
| `location` | VulnerabilityLocation | Location metadata for the vulnerability. Its fields depend on the type of security scan that found the vulnerability | | `location` | VulnerabilityLocation | Location metadata for the vulnerability. Its fields depend on the type of security scan that found the vulnerability. |
| `name` | String | Name of the vulnerability finding | | `name` | String | Name of the vulnerability finding. |
| `project` | Project | The project on which the vulnerability finding was found | | `project` | Project | The project on which the vulnerability finding was found. |
| `projectFingerprint` | String | Name of the vulnerability finding | | `projectFingerprint` | String | Name of the vulnerability finding. |
| `reportType` | VulnerabilityReportType | Type of the security report that found the vulnerability finding | | `reportType` | VulnerabilityReportType | Type of the security report that found the vulnerability finding. |
| `scanner` | VulnerabilityScanner | Scanner metadata for the vulnerability. | | `scanner` | VulnerabilityScanner | Scanner metadata for the vulnerability. |
| `severity` | VulnerabilitySeverity | Severity of the vulnerability finding | | `severity` | VulnerabilitySeverity | Severity of the vulnerability finding. |
| `solution` | String | URL to the vulnerability's details page | | `solution` | String | URL to the vulnerability's details page. |
| `uuid` | String | Name of the vulnerability finding | | `uuid` | String | Name of the vulnerability finding. |
### Project ### Project
......
...@@ -17,7 +17,7 @@ module EE ...@@ -17,7 +17,7 @@ module EE
field :security_report_findings, field :security_report_findings,
::Types::PipelineSecurityReportFindingType.connection_type, ::Types::PipelineSecurityReportFindingType.connection_type,
null: true, null: true,
description: 'Vulnerability findings reported on the pipeline', description: 'Vulnerability findings reported on the pipeline.',
resolver: ::Resolvers::PipelineSecurityReportFindingsResolver resolver: ::Resolvers::PipelineSecurityReportFindingsResolver
end end
end end
......
...@@ -6,7 +6,7 @@ module Resolvers ...@@ -6,7 +6,7 @@ module Resolvers
alias_method :pipeline, :object alias_method :pipeline, :object
argument :report_type, [GraphQL::STRING_TYPE], argument :report_type, [GraphQL::STRING_TYPE],
required: false, required: false,
description: 'Filter vulnerability findings by report type.' description: 'Filter vulnerability findings by report type.'
...@@ -14,7 +14,7 @@ module Resolvers ...@@ -14,7 +14,7 @@ module Resolvers
required: false, required: false,
description: 'Filter vulnerability findings by severity.' description: 'Filter vulnerability findings by severity.'
argument :scanner, [GraphQL::STRING_TYPE], argument :scanner, [GraphQL::STRING_TYPE],
required: false, required: false,
description: 'Filter vulnerability findings by Scanner.externalId.' description: 'Filter vulnerability findings by Scanner.externalId.'
...@@ -23,6 +23,3 @@ module Resolvers ...@@ -23,6 +23,3 @@ module Resolvers
end end
end end
end end
\ No newline at end of file
...@@ -8,16 +8,16 @@ module Types ...@@ -8,16 +8,16 @@ module Types
description 'Represents vulnerability finding of a security report on the pipeline' description 'Represents vulnerability finding of a security report on the pipeline'
field :report_type, VulnerabilityReportTypeEnum, null: true, field :report_type, VulnerabilityReportTypeEnum, null: true,
description: "Type of the security report that found the vulnerability finding" description: 'Type of the security report that found the vulnerability finding.'
field :name, GraphQL::STRING_TYPE, null: true, field :name, GraphQL::STRING_TYPE, null: true,
description: 'Name of the vulnerability finding' description: 'Name of the vulnerability finding.'
field :severity, VulnerabilitySeverityEnum, null: true, field :severity, VulnerabilitySeverityEnum, null: true,
description: "Severity of the vulnerability finding" description: 'Severity of the vulnerability finding.'
field :confidence, GraphQL::STRING_TYPE, null: true, field :confidence, GraphQL::STRING_TYPE, null: true,
description: "Type of the security report that found the vulnerability " description: 'Type of the security report that found the vulnerability.'
field :scanner, VulnerabilityScannerType, null: true, field :scanner, VulnerabilityScannerType, null: true,
description: 'Scanner metadata for the vulnerability.' description: 'Scanner metadata for the vulnerability.'
...@@ -26,23 +26,23 @@ module Types ...@@ -26,23 +26,23 @@ module Types
description: 'Identifiers of the vulnerabilit finding.' description: 'Identifiers of the vulnerabilit finding.'
field :project_fingerprint, GraphQL::STRING_TYPE, null: true, field :project_fingerprint, GraphQL::STRING_TYPE, null: true,
description: 'Name of the vulnerability finding' description: 'Name of the vulnerability finding.'
field :uuid, GraphQL::STRING_TYPE, null: true, field :uuid, GraphQL::STRING_TYPE, null: true,
description: 'Name of the vulnerability finding' description: 'Name of the vulnerability finding.'
field :project, ::Types::ProjectType, null: true, field :project, ::Types::ProjectType, null: true,
description: 'The project on which the vulnerability finding was found', description: 'The project on which the vulnerability finding was found.',
authorize: :read_project authorize: :read_project
field :description, GraphQL::STRING_TYPE, null: true, field :description, GraphQL::STRING_TYPE, null: true,
description: 'Description of the vulnerability finding' description: 'Description of the vulnerability finding.'
field :location, VulnerabilityLocationType, null: true, field :location, VulnerabilityLocationType, null: true,
description: 'Location metadata for the vulnerability. Its fields depend on the type of security scan that found the vulnerability' description: 'Location metadata for the vulnerability. Its fields depend on the type of security scan that found the vulnerability.'
field :solution, GraphQL::STRING_TYPE, null: true, field :solution, GraphQL::STRING_TYPE, null: true,
description: "URL to the vulnerability's details page" description: "URL to the vulnerability's details page."
def location def location
object.location&.merge(report_type: object.report_type) object.location&.merge(report_type: object.report_type)
......
...@@ -14,11 +14,13 @@ RSpec.describe Resolvers::PipelineSecurityReportFindingsResolver do ...@@ -14,11 +14,13 @@ RSpec.describe Resolvers::PipelineSecurityReportFindingsResolver do
let_it_be(:low_vulnerability_finding) { build(:vulnerabilities_finding, severity: :low, report_type: :dast, project: project) } let_it_be(:low_vulnerability_finding) { build(:vulnerabilities_finding, severity: :low, report_type: :dast, project: project) }
let_it_be(:critical_vulnerability_finding) { build(:vulnerabilities_finding, severity: :critical, report_type: :sast, project: project) } let_it_be(:critical_vulnerability_finding) { build(:vulnerabilities_finding, severity: :critical, report_type: :sast, project: project) }
let_it_be(:high_vulnerability_finding) { build(:vulnerabilities_finding, severity: :high, report_type: :container_scanning, project: project) } let_it_be(:high_vulnerability_finding) { build(:vulnerabilities_finding, severity: :high, report_type: :container_scanning, project: project) }
let(:params) { {} } let(:params) { {} }
before do before do
allow_any_instance_of(Security::PipelineVulnerabilitiesFinder).to receive_message_chain(:execute, :findings).and_return(returned_findings) allow_next_instance_of(Security::PipelineVulnerabilitiesFinder) do |instance|
allow(instance).to receive_message_chain(:execute, :findings).and_return(returned_findings)
end
end end
context 'when given severities' do context 'when given severities' do
...@@ -48,4 +50,4 @@ RSpec.describe Resolvers::PipelineSecurityReportFindingsResolver do ...@@ -48,4 +50,4 @@ RSpec.describe Resolvers::PipelineSecurityReportFindingsResolver do
end end
end end
end end
end end
\ No newline at end of file
...@@ -15,8 +15,7 @@ RSpec.describe GitlabSchema.types['PipelineSecurityReportFinding'] do ...@@ -15,8 +15,7 @@ RSpec.describe GitlabSchema.types['PipelineSecurityReportFinding'] do
project project
description description
location location
solution solution]
]
end end
specify { expect(described_class.graphql_name).to eq('PipelineSecurityReportFinding') } specify { expect(described_class.graphql_name).to eq('PipelineSecurityReportFinding') }
......
...@@ -42,7 +42,7 @@ RSpec.describe 'Query.project(fullPath).pipeline(iid).securityReportFinding' do ...@@ -42,7 +42,7 @@ RSpec.describe 'Query.project(fullPath).pipeline(iid).securityReportFinding' do
visibility visibility
} }
} }
} }
} }
} }
} }
...@@ -63,7 +63,7 @@ RSpec.describe 'Query.project(fullPath).pipeline(iid).securityReportFinding' do ...@@ -63,7 +63,7 @@ RSpec.describe 'Query.project(fullPath).pipeline(iid).securityReportFinding' do
end end
it 'returns all the queried fields' do it 'returns all the queried fields' do
security_report_finding = security_report_findings.first security_report_finding = security_report_findings.first
expect(security_report_finding.dig('project', 'fullPath')).to eq(project.full_path) expect(security_report_finding.dig('project', 'fullPath')).to eq(project.full_path)
expect(security_report_finding.dig('project', 'visibility')).to eq(project.visibility) expect(security_report_finding.dig('project', 'visibility')).to eq(project.visibility)
...@@ -77,4 +77,4 @@ RSpec.describe 'Query.project(fullPath).pipeline(iid).securityReportFinding' do ...@@ -77,4 +77,4 @@ RSpec.describe 'Query.project(fullPath).pipeline(iid).securityReportFinding' do
expect(security_report_finding['solution']).not_to be_nil expect(security_report_finding['solution']).not_to be_nil
expect(security_report_finding['description']).not_to be_nil expect(security_report_finding['description']).not_to be_nil
end end
end end
\ No newline at end of file
...@@ -16,7 +16,7 @@ RSpec.describe Types::Ci::PipelineType do ...@@ -16,7 +16,7 @@ RSpec.describe Types::Ci::PipelineType do
] ]
if Gitlab.ee? if Gitlab.ee?
expected_fields << 'security_report_summary' expected_fields += %w[security_report_summary security_report_findings]
end end
expect(described_class).to have_graphql_fields(*expected_fields) expect(described_class).to have_graphql_fields(*expected_fields)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment