Merge branch 'gsd-confidence-filter' into 'master'

Adds a confidence filter to the GSD See merge request gitlab-org/gitlab-ee!12805

Merge branch 'gsd-confidence-filter' into 'master'
Adds a confidence filter to the GSD See merge request gitlab-org/gitlab-ee!12805
3dcc4663 · Sean McGivern · 327306e1 · b2624086 · 3dcc4663 · 3dcc4663
Commit 3dcc4663 authored May 27, 2019 by Sean McGivern
11 changed files
--- a/doc/user/application_security/security_dashboard/index.md
+++ b/doc/user/application_security/security_dashboard/index.md
@@ -54,6 +54,7 @@ First, navigate to the Security Dashboard found under your group's
 Once you're on the dashboard, at the top you should see a series of filters for:

 - Severity
+- Confidence
 - Report type
 - Project


--- a/ee/app/assets/javascripts/security_dashboard/store/modules/filters/constants.js
+++ b/ee/app/assets/javascripts/security_dashboard/store/modules/filters/constants.js
@@ -33,6 +33,10 @@ export const BASE_FILTERS = {
    name: s__('ciReport|All severities'),
    id: 'all',
  },
+  confidence: {
+    name: s__('ciReport|All confidence levels'),
+    id: 'all',
+  },
  report_type: {
    name: s__('ciReport|All report types'),
    id: 'all',

--- a/ee/app/assets/javascripts/security_dashboard/store/modules/filters/state.js
+++ b/ee/app/assets/javascripts/security_dashboard/store/modules/filters/state.js
-import { SEVERITY_LEVELS, REPORT_TYPES, BASE_FILTERS } from './constants';
+import { SEVERITY_LEVELS, CONFIDENCE_LEVELS, REPORT_TYPES, BASE_FILTERS } from './constants';

 const optionsObjectToArray = obj => Object.entries(obj).map(([id, name]) => ({ id, name }));

@@ -10,6 +10,12 @@ export default () => ({
      options: [BASE_FILTERS.severity, ...optionsObjectToArray(SEVERITY_LEVELS)],
      selection: new Set(['all']),
    },
+    {
+      name: 'Confidence',
+      id: 'confidence',
+      options: [BASE_FILTERS.confidence, ...optionsObjectToArray(CONFIDENCE_LEVELS)],
+      selection: new Set(['all']),
+    },
    {
      name: 'Report type',
      id: 'report_type',

--- a/ee/app/controllers/groups/security/vulnerabilities_controller.rb
+++ b/ee/app/controllers/groups/security/vulnerabilities_controller.rb
@@ -39,7 +39,7 @@ class Groups::Security::VulnerabilitiesController < Groups::Security::Applicatio
  private

  def filter_params
-    params.permit(report_type: [], project_id: [], severity: [])
+    params.permit(report_type: [], confidence: [], project_id: [], severity: [])
      .merge(hide_dismissed: Gitlab::Utils.to_boolean(params[:hide_dismissed]))
  end


--- a/ee/app/finders/security/vulnerabilities_finder.rb
+++ b/ee/app/finders/security/vulnerabilities_finder.rb
@@ -8,6 +8,7 @@
 #   group - object to filter vulnerabilities
 #   params:
 #     severity: Array<String>
+#     confidence: Array<String>
 #     project: Array<String>
 #     report_type: Array<String>

@@ -26,6 +27,7 @@ module Security
      collection = by_report_type(collection)
      collection = by_project(collection)
      collection = by_severity(collection)
+      collection = by_confidence(collection)
      collection
    end

@@ -53,6 +55,14 @@ module Security
          *params[:severity]).compact)
    end

+    def by_confidence(items)
+      return items unless params[:confidence].present?
+
+      items.by_confidences(
+        Vulnerabilities::Occurrence::CONFIDENCE_LEVELS.values_at(
+          *params[:confidence]).compact)
+    end
+
    def init_collection(scope)
      if scope == :all
        group.all_vulnerabilities

--- a/ee/app/models/vulnerabilities/occurrence.rb
+++ b/ee/app/models/vulnerabilities/occurrence.rb
@@ -79,6 +79,7 @@ module Vulnerabilities
    scope :by_report_types, -> (values) { where(report_type: values) }
    scope :by_projects, -> (values) { where(project_id: values) }
    scope :by_severities, -> (values) { where(severity: values) }
+    scope :by_confidences, -> (values) { where(confidence: values) }

    scope :all_preloaded, -> do
      preload(:scanner, :identifiers, project: [:namespace, :project_feature])

--- a/ee/changelogs/unreleased/gsd-confidence-filter.yml
+++ b/ee/changelogs/unreleased/gsd-confidence-filter.yml
+---
+title: Adds a confidence filter to the Group Security Dashboard
+merge_request: 12805
+author:
+type: added
--- a/ee/spec/finders/security/vulnerabilities_finder_spec.rb
+++ b/ee/spec/finders/security/vulnerabilities_finder_spec.rb
@@ -10,8 +10,8 @@ describe Security::VulnerabilitiesFinder do
    set(:pipeline1) { create(:ci_pipeline, :success, project: project1) }
    set(:pipeline2) { create(:ci_pipeline, :success, project: project2) }

-    set(:vulnerability1) { create(:vulnerabilities_occurrence, report_type: :sast, severity: :high, pipelines: [pipeline1], project: project1) }
-    set(:vulnerability2) { create(:vulnerabilities_occurrence, report_type: :dependency_scanning, severity: :medium, pipelines: [pipeline2], project: project2) }
+    set(:vulnerability1) { create(:vulnerabilities_occurrence, report_type: :sast, severity: :high, confidence: :high, pipelines: [pipeline1], project: project1) }
+    set(:vulnerability2) { create(:vulnerabilities_occurrence, report_type: :dependency_scanning, severity: :medium, confidence: :low, pipelines: [pipeline2], project: project2) }
    set(:vulnerability3) { create(:vulnerabilities_occurrence, report_type: :sast, severity: :low, pipelines: [pipeline2], project: project2) }
    set(:vulnerability4) { create(:vulnerabilities_occurrence, report_type: :dast, severity: :medium, pipelines: [pipeline1], project: project1) }

@@ -53,6 +53,24 @@ describe Security::VulnerabilitiesFinder do
      end
    end

+    context 'by confidence' do
+      context 'when high' do
+        let(:params) { { confidence: %w[high] } }
+
+        it 'includes only high confidence vulnerabilities' do
+          is_expected.to contain_exactly(vulnerability1)
+        end
+      end
+
+      context 'when low' do
+        let(:params) { { confidence: %w[low] } }
+
+        it 'includes only low confidence vulnerabilities' do
+          is_expected.to contain_exactly(vulnerability2)
+        end
+      end
+    end
+
    context 'by project' do
      let(:params) { { project_id: [project2.id] } }


--- a/ee/spec/javascripts/security_dashboard/components/filters_spec.js
+++ b/ee/spec/javascripts/security_dashboard/components/filters_spec.js
@@ -18,7 +18,7 @@ describe('Filter component', () => {
    });

    it('should display all filters', () => {
-      expect(vm.$el.querySelectorAll('.js-filter').length).toEqual(3);
+      expect(vm.$el.querySelectorAll('.js-filter').length).toEqual(4);
    });
  });
 });
--- a/ee/spec/models/vulnerabilities/occurrence_spec.rb
+++ b/ee/spec/models/vulnerabilities/occurrence_spec.rb
@@ -218,7 +218,7 @@ describe Vulnerabilities::Occurrence do
    subject { described_class.by_severities(param) }

    context 'with one param' do
-      let(:param) { 4 }
+      let(:param) { described_class.severities[:low] }

      it 'returns found record' do
        is_expected.to contain_exactly(vulnerability_low)
@@ -226,7 +226,30 @@ describe Vulnerabilities::Occurrence do
    end

    context 'without found record' do
-      let(:param) { 7 }
+      let(:param) { described_class.severities[:unknown] }
+
+      it 'returns empty collection' do
+        is_expected.to be_empty
+      end
+    end
+  end
+
+  describe '.by_confidences' do
+    let!(:vulnerability_high) { create(:vulnerabilities_occurrence, confidence: :high) }
+    let!(:vulnerability_low) { create(:vulnerabilities_occurrence, confidence: :low) }
+
+    subject { described_class.by_confidences(param) }
+
+    context 'with matching param' do
+      let(:param) { described_class.confidences[:low] }
+
+      it 'returns found record' do
+        is_expected.to contain_exactly(vulnerability_low)
+      end
+    end
+
+    context 'with non-matching param' do
+      let(:param) { described_class.confidences[:unknown] }

      it 'returns empty collection' do
        is_expected.to be_empty

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -14946,6 +14946,9 @@ msgstr ""
 msgid "ciReport|(is loading, errors when loading results)"
 msgstr ""

+msgid "ciReport|All confidence levels"
+msgstr ""
+
 msgid "ciReport|All projects"
 msgstr ""