Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
23c8ed48
Commit
23c8ed48
authored
Mar 16, 2021
by
Cameron Swords
Committed by
Stan Hu
Mar 16, 2021
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Expose generic vulnerability finding details
parent
7676c7eb
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
37 additions
and
4 deletions
+37
-4
doc/api/vulnerability_findings.md
doc/api/vulnerability_findings.md
+12
-0
ee/app/helpers/vulnerabilities_helper.rb
ee/app/helpers/vulnerabilities_helper.rb
+1
-1
ee/app/serializers/vulnerabilities/finding_entity.rb
ee/app/serializers/vulnerabilities/finding_entity.rb
+1
-0
ee/changelogs/unreleased/expose-vulnerability-generic-details.yml
...elogs/unreleased/expose-vulnerability-generic-details.yml
+6
-0
ee/spec/factories/vulnerabilities/findings.rb
ee/spec/factories/vulnerabilities/findings.rb
+11
-0
ee/spec/helpers/vulnerabilities_helper_spec.rb
ee/spec/helpers/vulnerabilities_helper_spec.rb
+5
-3
ee/spec/serializers/vulnerabilities/finding_entity_spec.rb
ee/spec/serializers/vulnerabilities/finding_entity_spec.rb
+1
-0
No files found.
doc/api/vulnerability_findings.md
View file @
23c8ed48
...
@@ -131,6 +131,18 @@ Example response:
...
@@ -131,6 +131,18 @@ Example response:
"version"
:
"1.5.0"
"version"
:
"1.5.0"
}
}
},
},
"details"
:
{
"custom_field"
:
{
"name"
:
"URLs"
,
"type"
:
"list"
,
"items"
:
[
{
"type"
:
"url"
,
"href"
:
"http://site.com/page/1"
}
]
}
},
"solution"
:
"Upgrade to fixed version.
\r\n
"
,
"solution"
:
"Upgrade to fixed version.
\r\n
"
,
"blob_path"
:
"/tests/yarn-remediation-test/blob/cc6c4a0778460455ae5d16ca7025ca9ca1ca75ac/yarn.lock"
"blob_path"
:
"/tests/yarn-remediation-test/blob/cc6c4a0778460455ae5d16ca7025ca9ca1ca75ac/yarn.lock"
}
}
...
...
ee/app/helpers/vulnerabilities_helper.rb
View file @
23c8ed48
# frozen_string_literal: true
# frozen_string_literal: true
module
VulnerabilitiesHelper
module
VulnerabilitiesHelper
FINDING_FIELDS
=
%i[metadata identifiers name issue_feedback merge_request_feedback project project_fingerprint scanner uuid]
.
freeze
FINDING_FIELDS
=
%i[metadata identifiers name issue_feedback merge_request_feedback project project_fingerprint scanner uuid
details
]
.
freeze
def
vulnerability_details_json
(
vulnerability
,
pipeline
)
def
vulnerability_details_json
(
vulnerability
,
pipeline
)
vulnerability_details
(
vulnerability
,
pipeline
).
to_json
vulnerability_details
(
vulnerability
,
pipeline
).
to_json
...
...
ee/app/serializers/vulnerabilities/finding_entity.rb
View file @
23c8ed48
...
@@ -41,6 +41,7 @@ class Vulnerabilities::FindingEntity < Grape::Entity
...
@@ -41,6 +41,7 @@ class Vulnerabilities::FindingEntity < Grape::Entity
expose
(
:assets
)
{
|
model
,
_
|
model
.
assets
}
expose
(
:assets
)
{
|
model
,
_
|
model
.
assets
}
end
end
expose
:details
expose
:state
expose
:state
expose
:scan
expose
:scan
...
...
ee/changelogs/unreleased/expose-vulnerability-generic-details.yml
0 → 100644
View file @
23c8ed48
---
title
:
Return generic vulnerability details in the response of the vulnerability_finding
endpoint
merge_request
:
56448
author
:
type
:
changed
ee/spec/factories/vulnerabilities/findings.rb
View file @
23c8ed48
...
@@ -59,6 +59,17 @@ FactoryBot.define do
...
@@ -59,6 +59,17 @@ FactoryBot.define do
confidence
{
:medium
}
confidence
{
:medium
}
scanner
factory: :vulnerabilities_scanner
scanner
factory: :vulnerabilities_scanner
metadata_version
{
'sast:1.0'
}
metadata_version
{
'sast:1.0'
}
details
do
{
url:
{
name:
'URL'
,
type:
'url'
,
href:
'http://site.com'
}
}
end
raw_metadata
do
raw_metadata
do
{
{
description:
'The cipher does not provide data integrity update 1'
,
description:
'The cipher does not provide data integrity update 1'
,
...
...
ee/spec/helpers/vulnerabilities_helper_spec.rb
View file @
23c8ed48
...
@@ -39,10 +39,11 @@ RSpec.describe VulnerabilitiesHelper do
...
@@ -39,10 +39,11 @@ RSpec.describe VulnerabilitiesHelper do
:project
,
:project
,
:remediations
,
:remediations
,
:solution
,
:solution
,
:uuid
)
:uuid
,
:details
)
end
end
let
(
:desired_serializer_fields
)
{
%i[metadata identifiers name issue_feedback merge_request_feedback project project_fingerprint scanner uuid]
}
let
(
:desired_serializer_fields
)
{
%i[metadata identifiers name issue_feedback merge_request_feedback project project_fingerprint scanner uuid
details
]
}
before
do
before
do
vulnerability_serializer_stub
=
instance_double
(
"VulnerabilitySerializer"
)
vulnerability_serializer_stub
=
instance_double
(
"VulnerabilitySerializer"
)
...
@@ -268,7 +269,8 @@ RSpec.describe VulnerabilitiesHelper do
...
@@ -268,7 +269,8 @@ RSpec.describe VulnerabilitiesHelper do
evidence_source:
anything
,
evidence_source:
anything
,
assets:
kind_of
(
Array
),
assets:
kind_of
(
Array
),
supporting_messages:
kind_of
(
Array
),
supporting_messages:
kind_of
(
Array
),
uuid:
kind_of
(
String
)
uuid:
kind_of
(
String
),
details:
kind_of
(
Hash
)
)
)
expect
(
subject
[
:location
][
'blob_path'
]).
to
match
(
kind_of
(
String
))
expect
(
subject
[
:location
][
'blob_path'
]).
to
match
(
kind_of
(
String
))
...
...
ee/spec/serializers/vulnerabilities/finding_entity_spec.rb
View file @
23c8ed48
...
@@ -60,6 +60,7 @@ RSpec.describe Vulnerabilities::FindingEntity do
...
@@ -60,6 +60,7 @@ RSpec.describe Vulnerabilities::FindingEntity do
expect
(
subject
).
to
include
(
:scan
)
expect
(
subject
).
to
include
(
:scan
)
expect
(
subject
).
to
include
(
:assets
,
:evidence_source
,
:supporting_messages
)
expect
(
subject
).
to
include
(
:assets
,
:evidence_source
,
:supporting_messages
)
expect
(
subject
).
to
include
(
:uuid
)
expect
(
subject
).
to
include
(
:uuid
)
expect
(
subject
).
to
include
(
:details
)
end
end
context
'when not allowed to admin vulnerability feedback'
do
context
'when not allowed to admin vulnerability feedback'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment