Commit 158f2720 authored by Avielle Wolfe's avatar Avielle Wolfe Committed by Avielle Wolfe

Make VulnerabilitiesFinder agnostic

It can now take another a project or a group and give you the relevant
vulnerabilities.
parent 33f79100
......@@ -44,6 +44,6 @@ class Groups::Security::VulnerabilitiesController < Groups::Security::Applicatio
end
def found_vulnerabilities(collection = :latest)
::Security::VulnerabilitiesFinder.new(group: group, params: filter_params).execute(collection)
::Security::VulnerabilitiesFinder.new(group, params: filter_params).execute(collection)
end
end
......@@ -5,7 +5,7 @@
# Used to filter Vulnerabilities::Occurrences by set of params for Security Dashboard
#
# Arguments:
# group - object to filter vulnerabilities
# vulnerable - object to filter vulnerabilities
# params:
# severity: Array<String>
# confidence: Array<String>
......@@ -15,10 +15,10 @@
module Security
class VulnerabilitiesFinder
attr_accessor :params
attr_reader :group
attr_reader :vulnerable
def initialize(group:, params: {})
@group = group
def initialize(vulnerable, params: {})
@vulnerable = vulnerable
@params = params
end
......@@ -65,11 +65,11 @@ module Security
def init_collection(scope)
if scope == :all
group.all_vulnerabilities
vulnerable.all_vulnerabilities
elsif scope == :with_sha
group.latest_vulnerabilities_with_sha
vulnerable.latest_vulnerabilities_with_sha
else
group.latest_vulnerabilities
vulnerable.latest_vulnerabilities
end
end
end
......
......@@ -15,7 +15,15 @@ describe Security::VulnerabilitiesFinder do
set(:vulnerability3) { create(:vulnerabilities_occurrence, report_type: :sast, severity: :low, pipelines: [pipeline2], project: project2) }
set(:vulnerability4) { create(:vulnerabilities_occurrence, report_type: :dast, severity: :medium, pipelines: [pipeline1], project: project1) }
subject { described_class.new(group: group, params: params).execute }
subject { described_class.new(group, params: params).execute }
it 'is agnostic between projects and groups' do
group_vulnerabilities = described_class.new(group).execute
project_vulnerabilities = described_class.new(project1).execute
expect(group_vulnerabilities.count).to be(4)
expect(project_vulnerabilities.count).to be(2)
end
context 'by report type' do
context 'when sast' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment