Commit 016f998a authored by Bob Van Landuyt's avatar Bob Van Landuyt

Merge branch 'extract-vulnerable-from-group' into 'master'

Extract vulnerabilities fetch methods from Group

See merge request gitlab-org/gitlab-ee!14472
parents d1b8f640 3e127ae6
# frozen_string_literal: true
module Vulnerable
def latest_vulnerabilities
Vulnerabilities::Occurrence
.for_pipelines(all_pipelines.with_vulnerabilities.latest_successful_ids_per_project)
end
def latest_vulnerabilities_with_sha
Vulnerabilities::Occurrence
.for_pipelines_with_sha(all_pipelines.with_vulnerabilities.latest_successful_ids_per_project)
end
def all_vulnerabilities
Vulnerabilities::Occurrence
.for_pipelines(all_pipelines.with_vulnerabilities.success)
end
end
......@@ -10,6 +10,7 @@ module EE
extend ::Gitlab::Utils::Override
prepended do
include Vulnerable
include TokenAuthenticatable
include InsightsFeature
......@@ -108,21 +109,6 @@ module EE
end
end
def latest_vulnerabilities
Vulnerabilities::Occurrence
.for_pipelines(all_pipelines.with_vulnerabilities.latest_successful_ids_per_project)
end
def latest_vulnerabilities_with_sha
Vulnerabilities::Occurrence
.for_pipelines_with_sha(all_pipelines.with_vulnerabilities.latest_successful_ids_per_project)
end
def all_vulnerabilities
Vulnerabilities::Occurrence
.for_pipelines(all_pipelines.with_vulnerabilities.success)
end
def human_ldap_access
::Gitlab::Access.options_with_owner.key(ldap_access)
end
......
......@@ -3,6 +3,10 @@ require 'spec_helper'
describe Group do
let(:group) { create(:group) }
it_behaves_like Vulnerable do
let(:vulnerable) { group }
end
it { is_expected.to include_module(EE::Group) }
describe 'associations' do
......@@ -291,91 +295,6 @@ describe Group do
end
end
describe 'Vulnerabilities::Occurrence collection methods' do
describe 'vulnerabilities finder methods' do
let(:project) { create(:project, namespace: group) }
let(:external_project) { create(:project) }
let(:failed_pipeline) { create(:ci_pipeline, :failed, project: project) }
let!(:old_vuln) { create_vulnerability(project) }
let!(:new_vuln) { create_vulnerability(project) }
let!(:external_vuln) { create_vulnerability(external_project) }
let!(:failed_vuln) { create_vulnerability(project, failed_pipeline) }
before do
pipeline_ran_against_new_sha = create(:ci_pipeline, :success, project: project, sha: '123')
new_vuln.pipelines << pipeline_ran_against_new_sha
end
def create_vulnerability(project, pipeline = nil)
pipeline ||= create(:ci_pipeline, :success, project: project)
create(:vulnerabilities_occurrence, pipelines: [pipeline], project: project)
end
describe '#latest_vulnerabilities' do
subject { group.latest_vulnerabilities }
it 'returns vulns only for the latest successful pipelines of projects belonging to the group' do
is_expected.to contain_exactly(new_vuln)
end
context 'with vulnerabilities from other branches' do
let!(:branch_pipeline) { create(:ci_pipeline, :success, project: project, ref: 'feature-x') }
let!(:branch_vuln) { create(:vulnerabilities_occurrence, pipelines: [branch_pipeline], project: project) }
# TODO: This should actually fail and we must scope vulns
# per branch as soon as we store them for other branches
# Dependent on https://gitlab.com/gitlab-org/gitlab-ee/issues/9524
it 'includes vulnerabilities from all branches' do
is_expected.to contain_exactly(branch_vuln)
end
end
end
describe '#latest_vulnerabilities_with_sha' do
subject { group.latest_vulnerabilities_with_sha }
it 'returns vulns only for the latest successful pipelines of projects belonging to the group' do
is_expected.to contain_exactly(new_vuln)
end
it { is_expected.to all(respond_to(:sha)) }
context 'with vulnerabilities from other branches' do
let!(:branch_pipeline) { create(:ci_pipeline, :success, project: project, ref: 'feature-x') }
let!(:branch_vuln) { create(:vulnerabilities_occurrence, pipelines: [branch_pipeline], project: project) }
# TODO: This should actually fail and we must scope vulns
# per branch as soon as we store them for other branches
# Dependent on https://gitlab.com/gitlab-org/gitlab-ee/issues/9524
it 'includes vulnerabilities from all branches' do
is_expected.to contain_exactly(branch_vuln)
end
end
end
describe '#all_vulnerabilities' do
subject { group.all_vulnerabilities }
it 'returns vulns for all successful pipelines of projects belonging to the group' do
is_expected.to contain_exactly(old_vuln, new_vuln, new_vuln)
end
context 'with vulnerabilities from other branches' do
let!(:branch_pipeline) { create(:ci_pipeline, :success, project: project, ref: 'feature-x') }
let!(:branch_vuln) { create(:vulnerabilities_occurrence, pipelines: [branch_pipeline], project: project) }
# TODO: This should actually fail and we must scope vulns
# per branch as soon as we store them for other branches
# Dependent on https://gitlab.com/gitlab-org/gitlab-ee/issues/9524
it 'includes vulnerabilities from all branches' do
is_expected.to contain_exactly(old_vuln, new_vuln, new_vuln, branch_vuln)
end
end
end
end
end
describe '#group_project_template_available?' do
subject { group.group_project_template_available? }
......
# frozen_string_literal: true
require 'spec_helper'
shared_examples_for Vulnerable do
let(:project) { create(:project, namespace: vulnerable) }
let(:external_project) { create(:project) }
let(:failed_pipeline) { create(:ci_pipeline, :failed, project: project) }
let!(:old_vuln) { create_vulnerability(project) }
let!(:new_vuln) { create_vulnerability(project) }
let!(:external_vuln) { create_vulnerability(external_project) }
let!(:failed_vuln) { create_vulnerability(project, failed_pipeline) }
before do
pipeline_ran_against_new_sha = create(:ci_pipeline, :success, project: project, sha: '123')
new_vuln.pipelines << pipeline_ran_against_new_sha
end
def create_vulnerability(project, pipeline = nil)
pipeline ||= create(:ci_pipeline, :success, project: project)
create(:vulnerabilities_occurrence, pipelines: [pipeline], project: project)
end
describe '#latest_vulnerabilities' do
subject { vulnerable.latest_vulnerabilities }
it 'returns vulnerabilities for the latest successful pipelines of projects belonging to the vulnerable entity' do
is_expected.to contain_exactly(new_vuln)
end
context 'with vulnerabilities from other branches' do
let!(:branch_pipeline) { create(:ci_pipeline, :success, project: project, ref: 'feature-x') }
let!(:branch_vuln) { create(:vulnerabilities_occurrence, pipelines: [branch_pipeline], project: project) }
# TODO: This should actually fail and we must scope vulns
# per branch as soon as we store them for other branches
# Dependent on https://gitlab.com/gitlab-org/gitlab-ee/issues/9524
it 'includes vulnerabilities from all branches' do
is_expected.to contain_exactly(branch_vuln)
end
end
end
describe '#latest_vulnerabilities_with_sha' do
subject { vulnerable.latest_vulnerabilities_with_sha }
it 'returns vulns only for the latest successful pipelines of projects belonging to the vulnerable' do
is_expected.to contain_exactly(new_vuln)
end
it { is_expected.to all(respond_to(:sha)) }
context 'with vulnerabilities from other branches' do
let!(:branch_pipeline) { create(:ci_pipeline, :success, project: project, ref: 'feature-x') }
let!(:branch_vuln) { create(:vulnerabilities_occurrence, pipelines: [branch_pipeline], project: project) }
# TODO: This should actually fail and we must scope vulns
# per branch as soon as we store them for other branches
# Dependent on https://gitlab.com/gitlab-org/gitlab-ee/issues/9524
it 'includes vulnerabilities from all branches' do
is_expected.to contain_exactly(branch_vuln)
end
end
end
describe '#all_vulnerabilities' do
subject { vulnerable.all_vulnerabilities }
it 'returns vulns for all successful pipelines of projects belonging to the vulnerable' do
is_expected.to contain_exactly(old_vuln, new_vuln, new_vuln)
end
context 'with vulnerabilities from other branches' do
let!(:branch_pipeline) { create(:ci_pipeline, :success, project: project, ref: 'feature-x') }
let!(:branch_vuln) { create(:vulnerabilities_occurrence, pipelines: [branch_pipeline], project: project) }
# TODO: This should actually fail and we must scope vulns
# per branch as soon as we store them for other branches
# Dependent on https://gitlab.com/gitlab-org/gitlab-ee/issues/9524
it 'includes vulnerabilities from all branches' do
is_expected.to contain_exactly(old_vuln, new_vuln, new_vuln, branch_vuln)
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment