Skip to content

G
gitlab-ce
Commit 5beab72d authored by Peter Leitzen's avatar Peter Leitzen
Browse files
Options

Merge branch '263497-update-details-schema-for-finding' into 'master' 

Update details JSON Schema and GraphQL Schema for Vulnerability Finding

See merge request gitlab-org/gitlab!54423
parents f04709fd d64a5b53
Show whitespace changes
Inline Side-by-side
Showing with 1086 additions and 313 deletions
app/validators/json_schemas/vulnerability_finding_details.json
View file @ 5beab72d
......@@ -6,60 +6,67 @@
"^.*$": {
"allOf": [
{ "$ref": "#/definitions/named_field" },
{ "$ref": "#/definitions/type_list" }
{ "$ref": "#/definitions/detail_type" }
]
}
},
"definitions": {
"type_list": {
"detail_type": {
"oneOf": [
{ "$ref": "#/definitions/named_list" },
{ "$ref": "#/definitions/list" },
{ "$ref": "#/definitions/table" },
{ "$ref": "#/definitions/text" },
{ "$ref": "#/definitions/url" },
{ "$ref": "#/definitions/code" },
{ "$ref": "#/definitions/int" },
{ "$ref": "#/definitions/value" },
{ "$ref": "#/definitions/diff" },
{ "$ref": "#/definitions/markdown" },
{ "$ref": "#/definitions/commit" },
{ "$ref": "#/definitions/file_location" },
{ "$ref": "#/definitions/module_location" }
]
},
"lang_text": {
"type": "object",
"required": [ "value", "lang" ],
"properties": {
"lang": { "type": "string" },
"value": { "type": "string" }
}
},
"lang_text_list": {
"type": "array",
"items": { "$ref": "#/definitions/lang_text" }
"text_value": {
"type": "string"
},
"named_field": {
"type": "object",
"required": [ "name" ],
"required": [
"name"
],
"properties": {
"name": { "$ref": "#/definitions/lang_text_list" },
"description": { "$ref": "#/definitions/lang_text_list" }
"name": {
"$ref": "#/definitions/text_value",
"minLength": 1
},
"description": {
"$ref": "#/definitions/text_value"
}
}
},
"named_list": {
"type": "object",
"description": "An object with named and typed fields",
"required": [ "type", "items" ],
"required": [
"type",
"items"
],
"properties": {
"type": { "const": "named-list" },
"type": {
"const": "named-list"
},
"items": {
"type": "object",
"patternProperties": {
"^.*$": {
"allOf": [
{ "$ref": "#/definitions/named_field" },
{ "$ref": "#/definitions/type_list" }
{
"$ref": "#/definitions/named_field"
},
{
"$ref": "#/definitions/detail_type"
}
]
}
}
......@@ -69,28 +76,37 @@
"list": {
"type": "object",
"description": "A list of typed fields",
"required": [ "type", "items" ],
"required": [
"type",
"items"
],
"properties": {
"type": { "const": "list" },
"type": {
"const": "list"
},
"items": {
"type": "array",
"items": { "$ref": "#/definitions/type_list" }
"items": {
"$ref": "#/definitions/detail_type"
}
}
}
},
"table": {
"type": "object",
"description": "A table of typed fields",
"required": [],
"properties": {
"type": { "const": "table" },
"items": {
"type": "object",
"required": [
"type",
"rows"
],
"properties": {
"type": {
"const": "table"
},
"header": {
"type": "array",
"items": {
"$ref": "#/definitions/type_list"
"$ref": "#/definitions/detail_type"
}
},
"rows": {
......@@ -98,9 +114,7 @@
"items": {
"type": "array",
"items": {
"$ref": "#/definitions/type_list"
}
}
"$ref": "#/definitions/detail_type"
}
}
}
......@@ -109,73 +123,171 @@
"text": {
"type": "object",
"description": "Raw text",
"required": [ "type", "value" ],
"required": [
"type",
"value"
],
"properties": {
"type": { "const": "text" },
"value": { "$ref": "#/definitions/lang_text_list" }
"type": {
"const": "text"
},
"value": {
"$ref": "#/definitions/text_value"
}
}
},
"url": {
"type": "object",
"description": "A single URL",
"required": [ "type", "href" ],
"required": [
"type",
"href"
],
"properties": {
"type": { "const": "url" },
"text": { "$ref": "#/definitions/lang_text_list" },
"href": { "type": "string" }
"type": {
"const": "url"
},
"text": {
"$ref": "#/definitions/text_value"
},
"href": {
"type": "string",
"minLength": 1,
"examples": ["http://mysite.com"]
}
}
},
"code": {
"type": "object",
"description": "A codeblock",
"required": [ "type", "value" ],
"required": [
"type",
"value"
],
"properties": {
"type": { "const": "code" },
"value": { "type": "string" },
"lang": { "type": "string" }
"type": {
"const": "code"
},
"value": {
"type": "string"
},
"lang": {
"type": "string",
"description": "A programming language"
}
}
},
"int": {
"value": {
"type": "object",
"description": "An integer",
"required": [ "type", "value" ],
"description": "A field that can store a range of types of value",
"required": ["type", "value"],
"properties": {
"type": { "const": "int" },
"value": { "type": "integer" },
"format": {
"type": "string",
"enum": [ "default", "hex" ]
"type": { "const": "value" },
"value": {
"type": ["number", "string", "boolean"]
}
}
},
"diff": {
"type": "object",
"description": "A diff",
"required": [
"type",
"before",
"after"
],
"properties": {
"type": {
"const": "diff"
},
"before": {
"type": "string"
},
"after": {
"type": "string"
}
}
},
"markdown": {
"type": "object",
"description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html",
"required": [
"type",
"value"
],
"properties": {
"type": {
"const": "markdown"
},
"value": {
"$ref": "#/definitions/text_value",
"examples": ["Here is markdown `inline code` #1 [test](gitlab.com)\n\n![GitLab Logo](https://about.gitlab.com/images/press/logo/preview/gitlab-logo-white-preview.png)"]
}
}
},
"commit": {
"type": "object",
"description": "A specific commit within the project",
"required": [ "type", "value" ],
"description": "A commit/tag/branch within the GitLab project",
"required": [
"type",
"value"
],
"properties": {
"type": { "const": "commit" },
"value": { "type": "string", "description": "The commit SHA" }
"type": {
"const": "commit"
},
"value": {
"type": "string",
"description": "The commit SHA",
"minLength": 1
}
}
},
"file_location": {
"type": "object",
"description": "A location within a file in the project",
"required": [ "type", "file_name", "line_start" ],
"required": [
"type",
"file_name",
"line_start"
],
"properties": {
"type": { "const": "file-location" },
"file_name": { "type": "string" },
"line_start": { "type": "integer" },
"line_end": { "type": "integer" }
"type": {
"const": "file-location"
},
"file_name": {
"type": "string",
"minLength": 1
},
"line_start": {
"type": "integer"
},
"line_end": {
"type": "integer"
}
}
},
"module_location": {
"type": "object",
"description": "A location within a binary module of the form module+relative_offset",
"required": [ "type", "module_name", "offset" ],
"required": [
"type",
"module_name",
"offset"
],
"properties": {
"type": { "const": "module-location" },
"module_name": { "type": "string" },
"offset": { "type": "integer" }
"type": {
"const": "module-location"
},
"module_name": {
"type": "string",
"minLength": 1,
"examples": ["compiled_binary"]
},
"offset": {
"type": "integer",
"examples": [100]
}
}
}
}
......
doc/api/graphql/reference/gitlab_schema.graphql
View file @ 5beab72d
......@@ -28462,7 +28462,7 @@ type VulnerabilityDetailBase {
"""
Description of the field.
"""
description: String!
description: String
"""
Name of the field.
......@@ -28472,7 +28472,7 @@ type VulnerabilityDetailBase {
"""
Name of the field.
"""
name: String!
name: String
}
"""
......@@ -28482,7 +28482,7 @@ type VulnerabilityDetailBoolean {
"""
Description of the field.
"""
description: String!
description: String
"""
Name of the field.
......@@ -28492,7 +28492,7 @@ type VulnerabilityDetailBoolean {
"""
Name of the field.
"""
name: String!
name: String
"""
Value of the field.
......@@ -28507,7 +28507,7 @@ type VulnerabilityDetailCode {
"""
Description of the field.
"""
description: String!
description: String
"""
Name of the field.
......@@ -28522,7 +28522,7 @@ type VulnerabilityDetailCode {
"""
Name of the field.
"""
name: String!
name: String
"""
Source code.
......@@ -28537,7 +28537,7 @@ type VulnerabilityDetailCommit {
"""
Description of the field.
"""
description: String!
description: String
"""
Name of the field.
......@@ -28547,7 +28547,7 @@ type VulnerabilityDetailCommit {
"""
Name of the field.
"""
name: String!
name: String
"""
The commit SHA value.
......@@ -28572,7 +28572,7 @@ type VulnerabilityDetailDiff {
"""
Description of the field.
"""
description: String!
description: String
"""
Name of the field.
......@@ -28582,7 +28582,7 @@ type VulnerabilityDetailDiff {
"""
Name of the field.
"""
name: String!
name: String
}
"""
......@@ -28592,7 +28592,7 @@ type VulnerabilityDetailFileLocation {
"""
Description of the field.
"""
description: String!
description: String
"""
Name of the field.
......@@ -28617,7 +28617,7 @@ type VulnerabilityDetailFileLocation {
"""
Name of the field.
"""
name: String!
name: String
}
"""
......@@ -28627,7 +28627,7 @@ type VulnerabilityDetailInt {
"""
Description of the field.
"""
description: String!
description: String
"""
Name of the field.
......@@ -28637,7 +28637,7 @@ type VulnerabilityDetailInt {
"""
Name of the field.
"""
name: String!
name: String
"""
Value of the field.
......@@ -28652,7 +28652,7 @@ type VulnerabilityDetailList {
"""
Description of the field.
"""
description: String!
description: String
"""
Name of the field.
......@@ -28667,7 +28667,7 @@ type VulnerabilityDetailList {
"""
Name of the field.
"""
name: String!
name: String
}
"""
......@@ -28677,7 +28677,7 @@ type VulnerabilityDetailMarkdown {
"""
Description of the field.
"""
description: String!
description: String
"""
Name of the field.
......@@ -28687,7 +28687,7 @@ type VulnerabilityDetailMarkdown {
"""
Name of the field.
"""
name: String!
name: String
"""
Value of the Markdown field.
......@@ -28702,7 +28702,7 @@ type VulnerabilityDetailModuleLocation {
"""
Description of the field.
"""
description: String!
description: String
"""
Name of the field.
......@@ -28717,7 +28717,7 @@ type VulnerabilityDetailModuleLocation {
"""
Name of the field.
"""
name: String!
name: String
"""
Offset of the module location.
......@@ -28732,7 +28732,7 @@ type VulnerabilityDetailTable {
"""
Description of the field.
"""
description: String!
description: String
"""
Name of the field.
......@@ -28747,7 +28747,7 @@ type VulnerabilityDetailTable {
"""
Name of the field.
"""
name: String!
name: String
"""
Table rows.
......@@ -28762,7 +28762,7 @@ type VulnerabilityDetailText {
"""
Description of the field.
"""
description: String!
description: String
"""
Name of the field.
......@@ -28772,7 +28772,7 @@ type VulnerabilityDetailText {
"""
Name of the field.
"""
name: String!
name: String
"""
Value of the text field.
......@@ -28787,7 +28787,7 @@ type VulnerabilityDetailUrl {
"""
Description of the field.
"""
description: String!
description: String
"""
Name of the field.
......@@ -28802,7 +28802,7 @@ type VulnerabilityDetailUrl {
"""
Name of the field.
"""
name: String!
name: String
"""
Text of the URL.
......
doc/api/graphql/reference/gitlab_schema.json
View file @ 5beab72d
......@@ -81731,13 +81731,9 @@
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
},
"isDeprecated": false,
"deprecationReason": null
......@@ -81763,13 +81759,9 @@
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
},
"isDeprecated": false,
"deprecationReason": null
......@@ -81794,13 +81786,9 @@
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
},
"isDeprecated": false,
"deprecationReason": null
......@@ -81826,13 +81814,9 @@
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
},
"isDeprecated": false,
"deprecationReason": null
......@@ -81875,13 +81859,9 @@
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
},
"isDeprecated": false,
"deprecationReason": null
......@@ -81921,13 +81901,9 @@
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
},
"isDeprecated": false,
"deprecationReason": null
......@@ -81939,13 +81915,9 @@
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
},
"isDeprecated": false,
"deprecationReason": null
......@@ -81970,13 +81942,9 @@
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
},
"isDeprecated": false,
"deprecationReason": null
......@@ -82002,13 +81970,9 @@
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
},
"isDeprecated": false,
"deprecationReason": null
......@@ -82020,13 +81984,9 @@
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
},
"isDeprecated": false,
"deprecationReason": null
......@@ -82051,13 +82011,9 @@
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
},
"isDeprecated": false,
"deprecationReason": null
......@@ -82069,13 +82025,9 @@
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
},
"isDeprecated": false,
"deprecationReason": null
......@@ -82087,13 +82039,9 @@
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
},
"isDeprecated": false,
"deprecationReason": null
......@@ -82119,13 +82067,9 @@
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
},
"isDeprecated": false,
"deprecationReason": null
......@@ -82150,13 +82094,9 @@
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
},
"isDeprecated": false,
"deprecationReason": null
......@@ -82182,13 +82122,9 @@
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
},
"isDeprecated": false,
"deprecationReason": null
......@@ -82236,13 +82172,9 @@
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
},
"isDeprecated": false,
"deprecationReason": null
......@@ -82267,13 +82199,9 @@
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
},
"isDeprecated": false,
"deprecationReason": null
......@@ -82299,13 +82227,9 @@
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
},
"isDeprecated": false,
"deprecationReason": null
......@@ -82348,13 +82272,9 @@
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
},
"isDeprecated": false,
"deprecationReason": null
......@@ -82406,13 +82326,9 @@
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
},
"isDeprecated": false,
"deprecationReason": null
......@@ -82437,13 +82353,9 @@
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
},
"isDeprecated": false,
"deprecationReason": null
......@@ -82469,13 +82381,9 @@
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
},
"isDeprecated": false,
"deprecationReason": null
......@@ -82487,13 +82395,9 @@
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
},
"isDeprecated": false,
"deprecationReason": null
......@@ -82518,13 +82422,9 @@
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
},
"isDeprecated": false,
"deprecationReason": null
......@@ -82550,13 +82450,9 @@
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
},
"isDeprecated": false,
"deprecationReason": null
doc/api/graphql/reference/index.md
View file @ 5beab72d
......@@ -4335,9 +4335,9 @@ Represents the vulnerability details base.
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
### VulnerabilityDetailBoolean
......@@ -4345,9 +4345,9 @@ Represents the vulnerability details boolean value.
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
| `value` | Boolean! | Value of the field. |
### VulnerabilityDetailCode
......@@ -4356,10 +4356,10 @@ Represents the vulnerability details code field.
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `lang` | String | Language of the code. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
| `value` | String! | Source code. |
### VulnerabilityDetailCommit
......@@ -4368,9 +4368,9 @@ Represents the vulnerability details commit field.
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
| `value` | String! | The commit SHA value. |
### VulnerabilityDetailDiff
......@@ -4381,9 +4381,9 @@ Represents the vulnerability details diff field.
| ----- | ---- | ----------- |
| `after` | String! | Value of the field after the change. |
| `before` | String! | Value of the field before the change. |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
### VulnerabilityDetailFileLocation
......@@ -4391,12 +4391,12 @@ Represents the vulnerability details location within a file in the project.
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `fileName` | String! | File name. |
| `lineEnd` | Int! | End line number of the file location. |
| `lineStart` | Int! | Start line number of the file location. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
### VulnerabilityDetailInt
......@@ -4404,9 +4404,9 @@ Represents the vulnerability details integer value.
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
| `value` | Int! | Value of the field. |
### VulnerabilityDetailList
......@@ -4415,10 +4415,10 @@ Represents the vulnerability details list value.
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `items` | VulnerabilityDetail! => Array | List of details. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
### VulnerabilityDetailMarkdown
......@@ -4426,9 +4426,9 @@ Represents the vulnerability details Markdown field.
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
| `value` | String! | Value of the Markdown field. |
### VulnerabilityDetailModuleLocation
......@@ -4437,10 +4437,10 @@ Represents the vulnerability details location within a file in the project.
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `moduleName` | String! | Module name. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
| `offset` | Int! | Offset of the module location. |
### VulnerabilityDetailTable
......@@ -4449,10 +4449,10 @@ Represents the vulnerability details table value.
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `headers` | VulnerabilityDetail! => Array | Table headers. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
| `rows` | VulnerabilityDetail! => Array | Table rows. |
### VulnerabilityDetailText
......@@ -4461,9 +4461,9 @@ Represents the vulnerability details text field.
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
| `value` | String! | Value of the text field. |
### VulnerabilityDetailUrl
......@@ -4472,10 +4472,10 @@ Represents the vulnerability details URL field.
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `href` | String! | Href of the URL. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
| `text` | String | Text of the URL. |
### VulnerabilityDismissPayload
......
ee/app/graphql/types/vulnerability_details/base_type.rb
View file @ 5beab72d
......@@ -10,10 +10,10 @@ module Types
field :field_name, GraphQL::STRING_TYPE, null: true,
description: 'Name of the field.'
field :name, GraphQL::STRING_TYPE, null: false,
field :name, GraphQL::STRING_TYPE, null: true,
description: 'Name of the field.'
field :description, GraphQL::STRING_TYPE, null: false,
field :description, GraphQL::STRING_TYPE, null: true,
description: 'Description of the field.'
end
end
......
ee/changelogs/unreleased/263497-update-details-schema-for-finding.yml 0 → 100644
View file @ 5beab72d
---
title: Update details JSON Schema and GraphQL Schema for Vulnerability Finding
merge_request: 54423
author:
type: fixed
ee/spec/factories/vulnerabilities/findings.rb
View file @ 5beab72d
......@@ -225,6 +225,228 @@ FactoryBot.define do
end
end
trait :with_details do
details do
{
commit: {
name: 'The Commit',
description: 'Commit where the vulnerability was identified',
type: 'commit',
value: '41df7b7eb3be2b5be2c406c2f6d28cd6631eeb19'
},
marked_up: {
name: 'Marked Data',
description: 'GFM-flavored markdown',
type: 'markdown',
value: "Here is markdown `inline code` #1 [test](gitlab.com)\n\n![GitLab Logo](https://about.gitlab.com/images/press/logo/preview/gitlab-logo-white-preview.png)"
},
diff: {
name: 'Modified data',
description: 'How the data was modified',
type: 'diff',
before: "Hello there\nHello world\nhello again",
after: "Hello there\nHello Wooorld\nanew line\nhello again\nhello again"
},
table_data: {
name: 'Registers',
type: 'table',
header: [
{
type: 'text',
value: 'Register'
},
{
type: 'text',
value: 'Value'
},
{
type: 'text',
value: 'Note'
}
],
rows: [
[
{
type: 'text',
value: 'eax'
},
{
type: 'value',
value: 1336
},
{
type: 'text',
value: 'A note for eax'
}
],
[
{
type: 'value',
value: 'ebx'
},
{
type: 'value',
value: 1337
},
{
type: 'value',
value: true
}
],
[
{
type: 'text',
value: 'ecx'
},
{
type: 'value',
value: 1338
},
{
type: 'text',
value: 'A note for ecx'
}
],
[
{
type: 'text',
value: 'edx'
},
{
type: 'value',
value: 1339
},
{
type: 'text',
value: 'A note for edx'
}
]
]
},
urls: {
name: 'URLs',
description: 'The list of URLs in this report',
type: 'list',
items: [
{
type: 'url',
href: 'https://gitlab.com'
},
{
type: 'url',
href: 'https://gitlab.com'
},
{
type: 'url',
href: 'https://gitlab.com'
}
]
},
description: {
name: 'Description',
description: 'The actual description of the description',
type: 'text',
value: 'Text value'
},
code_block: {
name: 'Code Block',
type: 'code',
value: "Here\nis\ncode"
},
named_list: {
name: 'A Named List',
type: 'named-list',
items: {
field1: {
name: 'Field 1',
description: 'The description for field 1',
type: 'text',
value: 'Text'
},
field2: {
name: 'Field 2',
description: 'The description for field 2',
type: 'text',
value: 'Text'
},
nested_ints: {
name: 'Nested Ints',
type: 'list',
items: [
{
type: 'value',
value: 1337
},
{
type: 'value',
value: '0x1337'
}
]
}
}
},
stack_trace: {
name: 'Stack Trace',
type: 'list',
items: [
{
type: 'module-location',
module_name: 'compiled_binary',
offset: 100
},
{
type: 'module-location',
module_name: 'compiled_binary',
offset: 500
},
{
type: 'module-location',
module_name: 'compiled_binary',
offset: 700
},
{
type: 'module-location',
module_name: 'compiled_binary',
offset: 1000
}
]
},
location1: {
name: 'Location 1',
description: 'The first location',
type: 'file-location',
file_name: 'new_file.c',
line_start: 5,
line_end: 6
},
module_location1: {
name: 'Module Location 1',
description: 'The first location',
type: 'module-location',
module_name: 'gitlab.h',
offset: 100
},
code: {
type: 'code',
name: 'Truthy Code',
value: 'function isTrue(value) { value ? true : false }',
lang: 'javascript'
},
url: {
type: 'url',
name: 'GitLab URL',
text: 'URL to GitLab.com',
href: 'https://gitlab.com'
},
text: {
type: 'text',
name: 'Text with more info',
value: 'More info about this vulnerability'
}
}
end
end
trait :identifier do
after(:build) do |finding|
identifier = build(
......
ee/spec/requests/api/graphql/vulnerabilities/details_spec.rb 0 → 100644
View file @ 5beab72d
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe 'Query.vulnerabilities.details' do
include GraphqlHelpers
let_it_be(:project) { create(:project) }
let_it_be(:user) { create(:user, security_dashboard_projects: [project]) }
let_it_be(:fields) do
<<~QUERY
details {
__typename
... on VulnerabilityDetailBoolean {
description
fieldName
name
value
}
... on VulnerabilityDetailCode {
fieldName
lang
name
value
}
... on VulnerabilityDetailCommit {
description
fieldName
name
value
}
... on VulnerabilityDetailDiff {
after
before
description
fieldName
name
}
... on VulnerabilityDetailFileLocation {
description
fieldName
fileName
lineEnd
lineStart
name
}
... on VulnerabilityDetailInt {
description
fieldName
name
value
}
... on VulnerabilityDetailMarkdown {
description
fieldName
name
value
}
... on VulnerabilityDetailModuleLocation {
description
fieldName
moduleName
name
offset
}
... on VulnerabilityDetailText {
description
fieldName
name
value
}
... on VulnerabilityDetailUrl {
description
fieldName
href
name
text
}
... on VulnerabilityDetailTable {
description
fieldName
name
headers {
__typename
... on VulnerabilityDetailBoolean {
description
fieldName
name
value
}
... on VulnerabilityDetailCode {
fieldName
lang
name
value
}
... on VulnerabilityDetailCommit {
description
fieldName
name
value
}
... on VulnerabilityDetailDiff {
after
before
description
fieldName
name
}
... on VulnerabilityDetailFileLocation {
description
fieldName
fileName
lineEnd
lineStart
name
}
... on VulnerabilityDetailInt {
description
fieldName
name
value
}
... on VulnerabilityDetailMarkdown {
description
fieldName
name
value
}
... on VulnerabilityDetailModuleLocation {
description
fieldName
moduleName
name
offset
}
... on VulnerabilityDetailText {
description
fieldName
name
value
}
... on VulnerabilityDetailUrl {
description
fieldName
href
name
text
}
}
rows {
__typename
... on VulnerabilityDetailBoolean {
description
fieldName
name
value
}
... on VulnerabilityDetailCode {
fieldName
lang
name
value
}
... on VulnerabilityDetailCommit {
description
fieldName
name
value
}
... on VulnerabilityDetailDiff {
after
before
description
fieldName
name
}
... on VulnerabilityDetailFileLocation {
description
fieldName
fileName
lineEnd
lineStart
name
}
... on VulnerabilityDetailInt {
description
fieldName
name
value
}
... on VulnerabilityDetailMarkdown {
description
fieldName
name
value
}
... on VulnerabilityDetailModuleLocation {
description
fieldName
moduleName
name
offset
}
... on VulnerabilityDetailText {
description
fieldName
name
value
}
... on VulnerabilityDetailUrl {
description
fieldName
href
name
text
}
}
}
... on VulnerabilityDetailList {
description
fieldName
items {
__typename
... on VulnerabilityDetailBoolean {
description
fieldName
name
value
}
... on VulnerabilityDetailCode {
fieldName
lang
name
value
}
... on VulnerabilityDetailCommit {
description
fieldName
name
value
}
... on VulnerabilityDetailDiff {
after
before
description
fieldName
name
}
... on VulnerabilityDetailFileLocation {
description
fieldName
fileName
lineEnd
lineStart
name
}
... on VulnerabilityDetailInt {
description
fieldName
name
value
}
... on VulnerabilityDetailMarkdown {
description
fieldName
name
value
}
... on VulnerabilityDetailModuleLocation {
description
fieldName
moduleName
name
offset
}
... on VulnerabilityDetailText {
description
fieldName
name
value
}
... on VulnerabilityDetailUrl {
description
fieldName
href
name
text
}
}
name
}
}
QUERY
end
let_it_be(:query) do
graphql_query_for('vulnerabilities', {}, query_graphql_field('nodes', {}, fields))
end
let_it_be(:vulnerability) { create(:vulnerability, project: project, report_type: :container_scanning) }
let_it_be(:finding) do
create(
:vulnerabilities_finding,
:with_details,
vulnerability: vulnerability
)
end
subject { graphql_data.dig('vulnerabilities', 'nodes') }
before do
project.add_developer(user)
stub_licensed_features(security_dashboard: true)
post_graphql(query, current_user: user)
end
let(:expected_details) do
[
{
"__typename" => "VulnerabilityDetailUrl",
"description" => nil,
"fieldName" => "url",
"href" => "https://gitlab.com",
"name" => "GitLab URL",
"text" => "URL to GitLab.com"
},
{
"__typename" => "VulnerabilityDetailCode",
"fieldName" => "code",
"lang" => "javascript",
"name" => "Truthy Code",
"value" => "function isTrue(value) { value ? true : false }"
},
{
"__typename" => "VulnerabilityDetailDiff",
"after" => "Hello there\nHello Wooorld\nanew line\nhello again\nhello again",
"before" => "Hello there\nHello world\nhello again",
"description" => "How the data was modified",
"fieldName" => "diff",
"name" => "Modified data"
},
{
"__typename" => "VulnerabilityDetailText",
"description" => nil,
"fieldName" => "text",
"name" => "Text with more info",
"value" => "More info about this vulnerability"
},
{
"__typename" => "VulnerabilityDetailList",
"description" => "The list of URLs in this report",
"fieldName" => "urls",
"items" => [
{
"__typename" => "VulnerabilityDetailUrl",
"description" => nil,
"fieldName" => nil,
"href" => "https://gitlab.com",
"name" => nil,
"text" => nil
},
{
"__typename" => "VulnerabilityDetailUrl",
"description" => nil,
"fieldName" => nil,
"href" => "https://gitlab.com",
"name" => nil,
"text" => nil
},
{
"__typename" => "VulnerabilityDetailUrl",
"description" => nil,
"fieldName" => nil,
"href" => "https://gitlab.com",
"name" => nil,
"text" => nil
}
],
"name" => "URLs"
},
{
"__typename" => "VulnerabilityDetailCommit",
"description" => "Commit where the vulnerability was identified",
"fieldName" => "commit",
"name" => "The Commit",
"value" => "41df7b7eb3be2b5be2c406c2f6d28cd6631eeb19"
},
{
"__typename" => "VulnerabilityDetailFileLocation",
"description" => "The first location",
"fieldName" => "location1",
"fileName" => "new_file.c",
"lineEnd" => 6,
"lineStart" => 5,
"name" => "Location 1"
},
{
"__typename" => "VulnerabilityDetailMarkdown",
"description" => "GFM-flavored markdown",
"fieldName" => "marked_up",
"name" => "Marked Data",
"value" => "Here is markdown `inline code` #1 [test](gitlab.com)\n\n![GitLab Logo](https://about.gitlab.com/images/press/logo/preview/gitlab-logo-white-preview.png)"
},
{
"__typename" => "VulnerabilityDetailCode",
"fieldName" => "code_block",
"lang" => nil,
"name" => "Code Block",
"value" => "Here\nis\ncode"
},
{
"__typename" => "VulnerabilityDetailList",
"description" => nil,
"fieldName" => "named_list",
"items" => [
{
"__typename" => "VulnerabilityDetailText",
"description" => "The description for field 1",
"fieldName" => "field1",
"name" => "Field 1",
"value" => "Text"
},
{
"__typename" => "VulnerabilityDetailText",
"description" => "The description for field 2",
"fieldName" => "field2",
"name" => "Field 2",
"value" => "Text"
},
{
"__typename" => "VulnerabilityDetailList"
}
],
"name" => "A Named List"
},
{
"__typename" => "VulnerabilityDetailTable",
"description" => nil,
"fieldName" => "table_data",
"name" => "Registers",
"headers" => [],
"rows" => [
{
"__typename" => "VulnerabilityDetailInt",
"description" => nil,
"fieldName" => "{\"type\"=>\"text\", \"value\"=>\"eax\"}",
"name" => nil,
"value" => 1336
},
{
"__typename" => "VulnerabilityDetailInt",
"description" => nil,
"fieldName" => "{\"type\"=>\"value\", \"value\"=>\"ebx\"}",
"name" => nil,
"value" => 1337
},
{
"__typename" => "VulnerabilityDetailInt",
"description" => nil,
"fieldName" => "{\"type\"=>\"text\", \"value\"=>\"ecx\"}",
"name" => nil,
"value" => 1338
},
{
"__typename" => "VulnerabilityDetailInt",
"description" => nil,
"fieldName" => "{\"type\"=>\"text\", \"value\"=>\"edx\"}",
"name" => nil,
"value" => 1339
}
]
},
{
"__typename" => "VulnerabilityDetailText",
"description" => "The actual description of the description",
"fieldName" => "description",
"name" => "Description",
"value" => "Text value"
},
{
"__typename" => "VulnerabilityDetailList",
"description" => nil,
"fieldName" => "stack_trace",
"items" => [
{
"__typename" => "VulnerabilityDetailModuleLocation",
"description" => nil,
"fieldName" => nil,
"moduleName" => "compiled_binary",
"name" => nil,
"offset" => 100
},
{
"__typename" => "VulnerabilityDetailModuleLocation",
"description" => nil,
"fieldName" => nil,
"moduleName" => "compiled_binary",
"name" => nil,
"offset" => 500
},
{
"__typename" => "VulnerabilityDetailModuleLocation",
"description" => nil,
"fieldName" => nil,
"moduleName" => "compiled_binary",
"name" => nil,
"offset" => 700
},
{
"__typename" => "VulnerabilityDetailModuleLocation",
"description" => nil,
"fieldName" => nil,
"moduleName" => "compiled_binary",
"name" => nil,
"offset" => 1000
}
],
"name" => "Stack Trace"
},
{
"__typename" => "VulnerabilityDetailModuleLocation",
"description" => "The first location",
"fieldName" => "module_location1",
"moduleName" => "gitlab.h",
"name" => "Module Location 1",
"offset" => 100
}
]
end
it 'returns a vulnerability details' do
expect(subject.first['details']).to eq(expected_details)
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7