Commit 5548ac0a authored by Subashis's avatar Subashis

Add reading of project_id and pipeline_id from security_scans

parent 3f75abbf
......@@ -17,7 +17,7 @@ module EE
# Subscriptions to this pipeline
has_many :downstream_bridges, class_name: '::Ci::Bridge', foreign_key: :upstream_pipeline_id
has_many :security_scans, class_name: 'Security::Scan', through: :builds
has_many :security_scans, class_name: 'Security::Scan', inverse_of: :pipeline
has_many :security_findings, class_name: 'Security::Finding', through: :security_scans, source: :findings
has_one :dast_profiles_pipeline, class_name: 'Dast::ProfilesPipeline', foreign_key: :ci_pipeline_id
......
......@@ -104,6 +104,8 @@ module EE
has_one :security_orchestration_policy_configuration, class_name: 'Security::OrchestrationPolicyConfiguration', foreign_key: :project_id, inverse_of: :project
has_many :security_scans, class_name: 'Security::Scan', inverse_of: :project
elastic_index_dependant_association :issues, on_change: :visibility_level
elastic_index_dependant_association :merge_requests, on_change: :visibility_level
elastic_index_dependant_association :notes, on_change: :visibility_level
......
......@@ -11,8 +11,8 @@ module Security
validates :info, json_schema: { filename: 'security_scan_info', draft: 7 }
belongs_to :build, class_name: 'Ci::Build'
has_one :pipeline, class_name: 'Ci::Pipeline', through: :build
belongs_to :project
belongs_to :pipeline, class_name: 'Ci::Pipeline'
has_many :findings, inverse_of: :scan
......@@ -33,14 +33,14 @@ module Security
# The `category` enum on `vulnerability_feedback` table starts from 0 but the `scan_type` enum
# on `security_scans` from 1. For this reason, we have to decrease the value of `scan_type` by one
# to match with category values on `vulnerability_feedback` table.
joins(build: { project: :vulnerability_feedback })
joins(project: :vulnerability_feedback)
.where('vulnerability_feedback.category = (security_scans.scan_type - 1)')
.merge(Vulnerabilities::Feedback.for_dismissal)
end
scope :latest_successful_by_build, -> { joins(:build).where(ci_builds: { status: 'success', retried: [nil, false] }) }
delegate :project, :name, to: :build
delegate :name, to: :build
before_save :ensure_project_id_pipeline_id
......
......@@ -4,5 +4,7 @@ FactoryBot.define do
factory :security_scan, class: 'Security::Scan' do
scan_type { 'dast' }
build factory: [:ci_build, :success]
pipeline { build.pipeline }
project { build.project }
end
end
......@@ -13,7 +13,7 @@ RSpec.describe Ci::Pipeline do
end
describe 'associations' do
it { is_expected.to have_many(:security_scans).through(:builds).class_name('Security::Scan') }
it { is_expected.to have_many(:security_scans).class_name('Security::Scan') }
it { is_expected.to have_many(:security_findings).through(:security_scans).class_name('Security::Finding').source(:findings) }
it { is_expected.to have_many(:downstream_bridges) }
it { is_expected.to have_many(:vulnerability_findings).through(:vulnerabilities_finding_pipelines).class_name('Vulnerabilities::Finding') }
......
......@@ -62,6 +62,8 @@ RSpec.describe Project do
it { is_expected.to have_many(:incident_management_oncall_rotations).through(:incident_management_oncall_schedules).source(:rotations) }
it { is_expected.to have_many(:incident_management_escalation_policies).class_name('IncidentManagement::EscalationPolicy') }
it { is_expected.to have_many(:security_scans) }
include_examples 'ci_cd_settings delegation'
describe '#merge_pipelines_enabled?' do
......
......@@ -5,7 +5,8 @@ require 'spec_helper'
RSpec.describe Security::Scan do
describe 'associations' do
it { is_expected.to belong_to(:build) }
it { is_expected.to have_one(:pipeline).through(:build).class_name('Ci::Pipeline') }
it { is_expected.to belong_to(:project) }
it { is_expected.to belong_to(:pipeline) }
it { is_expected.to have_many(:findings) }
end
......@@ -36,10 +37,6 @@ RSpec.describe Security::Scan do
end
end
describe '#project' do
it { is_expected.to delegate_method(:project).to(:build) }
end
describe '#name' do
it { is_expected.to delegate_method(:name).to(:build) }
end
......@@ -93,15 +90,17 @@ RSpec.describe Security::Scan do
end
describe '.has_dismissal_feedback' do
let(:scan_1) { create(:security_scan) }
let(:scan_2) { create(:security_scan) }
let(:project_1) { create(:project) }
let(:project_2) { create(:project) }
let(:scan_1) { create(:security_scan, project: project_1) }
let(:scan_2) { create(:security_scan, project: project_2) }
let(:expected_scans) { [scan_1] }
subject { described_class.has_dismissal_feedback }
before do
create(:vulnerability_feedback, :dismissal, project: scan_1.project, category: scan_1.scan_type)
create(:vulnerability_feedback, :issue, project: scan_2.project, category: scan_2.scan_type)
create(:vulnerability_feedback, :dismissal, project: project_1, category: scan_1.scan_type)
create(:vulnerability_feedback, :issue, project: project_2, category: scan_2.scan_type)
end
it { is_expected.to match_array(expected_scans) }
......
......@@ -591,6 +591,7 @@ project:
- error_tracking_errors
- error_tracking_client_keys
- pending_builds
- security_scans
award_emoji:
- awardable
- user
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment