Commit 4333f6f2 authored by Nick Thomas's avatar Nick Thomas

Merge branch '10078-add-filtering-to-service' into 'master'

Filter DependencyList by package_manager

See merge request gitlab-org/gitlab-ee!14562
parents b4f8e281 4d719fc2
...@@ -4,11 +4,13 @@ module Security ...@@ -4,11 +4,13 @@ module Security
class DependencyListService class DependencyListService
SORT_BY_VALUES = %w(name packager).freeze SORT_BY_VALUES = %w(name packager).freeze
SORT_VALUES = %w(asc desc).freeze SORT_VALUES = %w(asc desc).freeze
FILTER_PACKAGE_MANAGERS_VALUES = %w(bundler yarn npm maven composer pip).freeze
# @param pipeline [Ci::Pipeline] # @param pipeline [Ci::Pipeline]
# @param [Hash] params to sort dependencies # @param [Hash] params to sort and filter dependencies
# @option params ['asc', 'desc'] :sort ('asc') Order # @option params ['asc', 'desc'] :sort ('asc') Order
# @option params ['name', 'packager'] :sort_by ('name') Field to sort # @option params ['name', 'packager'] :sort_by ('name') Field to sort
# @option params ['bundler', 'yarn', 'npm', 'maven', 'composer', 'pip'] :package_manager ('bundler') Field to filter
def initialize(pipeline:, params: {}) def initialize(pipeline:, params: {})
@pipeline = pipeline @pipeline = pipeline
@params = params @params = params
...@@ -17,6 +19,7 @@ module Security ...@@ -17,6 +19,7 @@ module Security
# @return [Array<Hash>] collection of found dependencies # @return [Array<Hash>] collection of found dependencies
def execute def execute
collection = init_collection collection = init_collection
collection = filter(collection)
collection = sort(collection) collection = sort(collection)
collection collection
end end
...@@ -29,6 +32,14 @@ module Security ...@@ -29,6 +32,14 @@ module Security
pipeline.dependency_list_report.dependencies pipeline.dependency_list_report.dependencies
end end
def filter(collection)
return collection unless params[:package_manager]
collection.select do |dependency|
params[:package_manager].include?(dependency[:package_manager])
end
end
def sort(collection) def sort(collection)
if params[:sort_by] == 'packager' if params[:sort_by] == 'packager'
collection.sort_by! { |a| a[:packager] } collection.sort_by! { |a| a[:packager] }
......
---
title: Add filtering by package manager for dependencies
merge_request: 14562
author:
type: added
...@@ -14,6 +14,7 @@ module Gitlab ...@@ -14,6 +14,7 @@ module Gitlab
{ {
name: dependency['package']['name'], name: dependency['package']['name'],
packager: packager(package_manager), packager: packager(package_manager),
package_manager: package_manager,
location: { location: {
blob_path: blob_path(file_path), blob_path: blob_path(file_path),
path: file_path path: file_path
......
...@@ -26,6 +26,7 @@ describe Gitlab::Ci::Parsers::Security::Formatters::DependencyList do ...@@ -26,6 +26,7 @@ describe Gitlab::Ci::Parsers::Security::Formatters::DependencyList do
expect(data[:name]).to eq('mini_portile2') expect(data[:name]).to eq('mini_portile2')
expect(data[:packager]).to eq('Ruby (Bundler)') expect(data[:packager]).to eq('Ruby (Bundler)')
expect(data[:package_manager]).to eq('bundler')
expect(data[:location][:blob_path]).to eq(blob_path) expect(data[:location][:blob_path]).to eq(blob_path)
expect(data[:location][:path]).to eq('rails/Gemfile.lock') expect(data[:location][:path]).to eq('rails/Gemfile.lock')
expect(data[:version]).to eq('2.2.0') expect(data[:version]).to eq('2.2.0')
......
...@@ -27,6 +27,15 @@ describe Security::DependencyListService do ...@@ -27,6 +27,15 @@ describe Security::DependencyListService do
end end
context 'with params' do context 'with params' do
context 'filtered by package_managers' do
let(:params) { { package_manager: 'bundler' } }
it 'returns filtered items' do
expect(subject.size).to eq(2)
expect(subject.first[:packager]).to eq('Ruby (Bundler)')
end
end
context 'sorted desc by packagers' do context 'sorted desc by packagers' do
let(:params) do let(:params) do
{ {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment