Skip to content

G
gitlab-ce
Commit 5beab72d authored by Peter Leitzen's avatar Peter Leitzen
Browse files
Options

Merge branch '263497-update-details-schema-for-finding' into 'master' 

Update details JSON Schema and GraphQL Schema for Vulnerability Finding

See merge request gitlab-org/gitlab!54423
parents f04709fd d64a5b53
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 1086 additions and 313 deletions
app/validators/json_schemas/vulnerability_finding_details.json
View file @ 5beab72d
......@@ -6,60 +6,67 @@
"^.*$": {
"allOf": [
{ "$ref": "#/definitions/named_field" },
{ "$ref": "#/definitions/type_list" }
{ "$ref": "#/definitions/detail_type" }
]
}
},
"definitions": {
"type_list": {
"detail_type": {
"oneOf": [
{ "$ref": "#/definitions/named_list" },
{ "$ref": "#/definitions/list" },
{ "$ref": "#/definitions/table" },
{ "$ref": "#/definitions/text" },
{ "$ref": "#/definitions/url" },
{ "$ref": "#/definitions/code" },
{ "$ref": "#/definitions/int" },
{ "$ref": "#/definitions/value" },
{ "$ref": "#/definitions/diff" },
{ "$ref": "#/definitions/markdown" },
{ "$ref": "#/definitions/commit" },
{ "$ref": "#/definitions/file_location" },
{ "$ref": "#/definitions/module_location" }
]
},
"lang_text": {
"type": "object",
"required": [ "value", "lang" ],
"properties": {
"lang": { "type": "string" },
"value": { "type": "string" }
}
},
"lang_text_list": {
"type": "array",
"items": { "$ref": "#/definitions/lang_text" }
"text_value": {
"type": "string"
},
"named_field": {
"type": "object",
"required": [ "name" ],
"required": [
"name"
],
"properties": {
"name": { "$ref": "#/definitions/lang_text_list" },
"description": { "$ref": "#/definitions/lang_text_list" }
"name": {
"$ref": "#/definitions/text_value",
"minLength": 1
},
"description": {
"$ref": "#/definitions/text_value"
}
}
},
"named_list": {
"type": "object",
"description": "An object with named and typed fields",
"required": [ "type", "items" ],
"required": [
"type",
"items"
],
"properties": {
"type": { "const": "named-list" },
"type": {
"const": "named-list"
},
"items": {
"type": "object",
"patternProperties": {
"^.*$": {
"allOf": [
{ "$ref": "#/definitions/named_field" },
{ "$ref": "#/definitions/type_list" }
{
"$ref": "#/definitions/named_field"
},
{
"$ref": "#/definitions/detail_type"
}
]
}
}
......@@ -69,38 +76,45 @@
"list": {
"type": "object",
"description": "A list of typed fields",
"required": [ "type", "items" ],
"required": [
"type",
"items"
],
"properties": {
"type": { "const": "list" },
"type": {
"const": "list"
},
"items": {
"type": "array",
"items": { "$ref": "#/definitions/type_list" }
"items": {
"$ref": "#/definitions/detail_type"
}
}
}
},
"table": {
"type": "object",
"description": "A table of typed fields",
"required": [],
"required": [
"type",
"rows"
],
"properties": {
"type": { "const": "table" },
"items": {
"type": "object",
"properties": {
"header": {
"type": "array",
"items": {
"$ref": "#/definitions/type_list"
}
},
"rows": {
"type": "array",
"items": {
"type": "array",
"items": {
"$ref": "#/definitions/type_list"
}
}
"type": {
"const": "table"
},
"header": {
"type": "array",
"items": {
"$ref": "#/definitions/detail_type"
}
},
"rows": {
"type": "array",
"items": {
"type": "array",
"items": {
"$ref": "#/definitions/detail_type"
}
}
}
......@@ -109,73 +123,171 @@
"text": {
"type": "object",
"description": "Raw text",
"required": [ "type", "value" ],
"required": [
"type",
"value"
],
"properties": {
"type": { "const": "text" },
"value": { "$ref": "#/definitions/lang_text_list" }
"type": {
"const": "text"
},
"value": {
"$ref": "#/definitions/text_value"
}
}
},
"url": {
"type": "object",
"description": "A single URL",
"required": [ "type", "href" ],
"required": [
"type",
"href"
],
"properties": {
"type": { "const": "url" },
"text": { "$ref": "#/definitions/lang_text_list" },
"href": { "type": "string" }
"type": {
"const": "url"
},
"text": {
"$ref": "#/definitions/text_value"
},
"href": {
"type": "string",
"minLength": 1,
"examples": ["http://mysite.com"]
}
}
},
"code": {
"type": "object",
"description": "A codeblock",
"required": [ "type", "value" ],
"required": [
"type",
"value"
],
"properties": {
"type": { "const": "code" },
"value": { "type": "string" },
"lang": { "type": "string" }
"type": {
"const": "code"
},
"value": {
"type": "string"
},
"lang": {
"type": "string",
"description": "A programming language"
}
}
},
"int": {
"value": {
"type": "object",
"description": "An integer",
"required": [ "type", "value" ],
"description": "A field that can store a range of types of value",
"required": ["type", "value"],
"properties": {
"type": { "const": "int" },
"value": { "type": "integer" },
"format": {
"type": "string",
"enum": [ "default", "hex" ]
"type": { "const": "value" },
"value": {
"type": ["number", "string", "boolean"]
}
}
},
"diff": {
"type": "object",
"description": "A diff",
"required": [
"type",
"before",
"after"
],
"properties": {
"type": {
"const": "diff"
},
"before": {
"type": "string"
},
"after": {
"type": "string"
}
}
},
"markdown": {
"type": "object",
"description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html",
"required": [
"type",
"value"
],
"properties": {
"type": {
"const": "markdown"
},
"value": {
"$ref": "#/definitions/text_value",
"examples": ["Here is markdown `inline code` #1 [test](gitlab.com)\n\n![GitLab Logo](https://about.gitlab.com/images/press/logo/preview/gitlab-logo-white-preview.png)"]
}
}
},
"commit": {
"type": "object",
"description": "A specific commit within the project",
"required": [ "type", "value" ],
"description": "A commit/tag/branch within the GitLab project",
"required": [
"type",
"value"
],
"properties": {
"type": { "const": "commit" },
"value": { "type": "string", "description": "The commit SHA" }
"type": {
"const": "commit"
},
"value": {
"type": "string",
"description": "The commit SHA",
"minLength": 1
}
}
},
"file_location": {
"type": "object",
"description": "A location within a file in the project",
"required": [ "type", "file_name", "line_start" ],
"required": [
"type",
"file_name",
"line_start"
],
"properties": {
"type": { "const": "file-location" },
"file_name": { "type": "string" },
"line_start": { "type": "integer" },
"line_end": { "type": "integer" }
"type": {
"const": "file-location"
},
"file_name": {
"type": "string",
"minLength": 1
},
"line_start": {
"type": "integer"
},
"line_end": {
"type": "integer"
}
}
},
"module_location": {
"type": "object",
"description": "A location within a binary module of the form module+relative_offset",
"required": [ "type", "module_name", "offset" ],
"required": [
"type",
"module_name",
"offset"
],
"properties": {
"type": { "const": "module-location" },
"module_name": { "type": "string" },
"offset": { "type": "integer" }
"type": {
"const": "module-location"
},
"module_name": {
"type": "string",
"minLength": 1,
"examples": ["compiled_binary"]
},
"offset": {
"type": "integer",
"examples": [100]
}
}
}
}
......
doc/api/graphql/reference/gitlab_schema.graphql
View file @ 5beab72d
......@@ -28462,7 +28462,7 @@ type VulnerabilityDetailBase {
"""
Description of the field.
"""
description: String!
description: String
"""
Name of the field.
......@@ -28472,7 +28472,7 @@ type VulnerabilityDetailBase {
"""
Name of the field.
"""
name: String!
name: String
}
"""
......@@ -28482,7 +28482,7 @@ type VulnerabilityDetailBoolean {
"""
Description of the field.
"""
description: String!
description: String
"""
Name of the field.
......@@ -28492,7 +28492,7 @@ type VulnerabilityDetailBoolean {
"""
Name of the field.
"""
name: String!
name: String
"""
Value of the field.
......@@ -28507,7 +28507,7 @@ type VulnerabilityDetailCode {
"""
Description of the field.
"""
description: String!
description: String
"""
Name of the field.
......@@ -28522,7 +28522,7 @@ type VulnerabilityDetailCode {
"""
Name of the field.
"""
name: String!
name: String
"""
Source code.
......@@ -28537,7 +28537,7 @@ type VulnerabilityDetailCommit {
"""
Description of the field.
"""
description: String!
description: String
"""
Name of the field.
......@@ -28547,7 +28547,7 @@ type VulnerabilityDetailCommit {
"""
Name of the field.
"""
name: String!
name: String
"""
The commit SHA value.
......@@ -28572,7 +28572,7 @@ type VulnerabilityDetailDiff {
"""
Description of the field.
"""
description: String!
description: String
"""
Name of the field.
......@@ -28582,7 +28582,7 @@ type VulnerabilityDetailDiff {
"""
Name of the field.
"""
name: String!
name: String
}
"""
......@@ -28592,7 +28592,7 @@ type VulnerabilityDetailFileLocation {
"""
Description of the field.
"""
description: String!
description: String
"""
Name of the field.
......@@ -28617,7 +28617,7 @@ type VulnerabilityDetailFileLocation {
"""
Name of the field.
"""
name: String!
name: String
}
"""
......@@ -28627,7 +28627,7 @@ type VulnerabilityDetailInt {
"""
Description of the field.
"""
description: String!
description: String
"""
Name of the field.
......@@ -28637,7 +28637,7 @@ type VulnerabilityDetailInt {
"""
Name of the field.
"""
name: String!
name: String
"""
Value of the field.
......@@ -28652,7 +28652,7 @@ type VulnerabilityDetailList {
"""
Description of the field.
"""
description: String!
description: String
"""
Name of the field.
......@@ -28667,7 +28667,7 @@ type VulnerabilityDetailList {
"""
Name of the field.
"""
name: String!
name: String
}
"""
......@@ -28677,7 +28677,7 @@ type VulnerabilityDetailMarkdown {
"""
Description of the field.
"""
description: String!
description: String
"""
Name of the field.
......@@ -28687,7 +28687,7 @@ type VulnerabilityDetailMarkdown {
"""
Name of the field.
"""
name: String!
name: String
"""
Value of the Markdown field.
......@@ -28702,7 +28702,7 @@ type VulnerabilityDetailModuleLocation {
"""
Description of the field.
"""
description: String!
description: String
"""
Name of the field.
......@@ -28717,7 +28717,7 @@ type VulnerabilityDetailModuleLocation {
"""
Name of the field.
"""
name: String!
name: String
"""
Offset of the module location.
......@@ -28732,7 +28732,7 @@ type VulnerabilityDetailTable {
"""
Description of the field.
"""
description: String!
description: String
"""
Name of the field.
......@@ -28747,7 +28747,7 @@ type VulnerabilityDetailTable {
"""
Name of the field.
"""
name: String!
name: String
"""
Table rows.
......@@ -28762,7 +28762,7 @@ type VulnerabilityDetailText {
"""
Description of the field.
"""
description: String!
description: String
"""
Name of the field.
......@@ -28772,7 +28772,7 @@ type VulnerabilityDetailText {
"""
Name of the field.
"""
name: String!
name: String
"""
Value of the text field.
......@@ -28787,7 +28787,7 @@ type VulnerabilityDetailUrl {
"""
Description of the field.
"""
description: String!
description: String
"""
Name of the field.
......@@ -28802,7 +28802,7 @@ type VulnerabilityDetailUrl {
"""
Name of the field.
"""
name: String!
name: String
"""
Text of the URL.
......
doc/api/graphql/reference/index.md
View file @ 5beab72d
......@@ -4335,9 +4335,9 @@ Represents the vulnerability details base.
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
### VulnerabilityDetailBoolean
......@@ -4345,9 +4345,9 @@ Represents the vulnerability details boolean value.
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
| `value` | Boolean! | Value of the field. |
### VulnerabilityDetailCode
......@@ -4356,10 +4356,10 @@ Represents the vulnerability details code field.
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `lang` | String | Language of the code. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
| `value` | String! | Source code. |
### VulnerabilityDetailCommit
......@@ -4368,9 +4368,9 @@ Represents the vulnerability details commit field.
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
| `value` | String! | The commit SHA value. |
### VulnerabilityDetailDiff
......@@ -4381,9 +4381,9 @@ Represents the vulnerability details diff field.
| ----- | ---- | ----------- |
| `after` | String! | Value of the field after the change. |
| `before` | String! | Value of the field before the change. |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
### VulnerabilityDetailFileLocation
......@@ -4391,12 +4391,12 @@ Represents the vulnerability details location within a file in the project.
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `fileName` | String! | File name. |
| `lineEnd` | Int! | End line number of the file location. |
| `lineStart` | Int! | Start line number of the file location. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
### VulnerabilityDetailInt
......@@ -4404,9 +4404,9 @@ Represents the vulnerability details integer value.
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
| `value` | Int! | Value of the field. |
### VulnerabilityDetailList
......@@ -4415,10 +4415,10 @@ Represents the vulnerability details list value.
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `items` | VulnerabilityDetail! => Array | List of details. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
### VulnerabilityDetailMarkdown
......@@ -4426,9 +4426,9 @@ Represents the vulnerability details Markdown field.
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
| `value` | String! | Value of the Markdown field. |
### VulnerabilityDetailModuleLocation
......@@ -4437,10 +4437,10 @@ Represents the vulnerability details location within a file in the project.
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `moduleName` | String! | Module name. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
| `offset` | Int! | Offset of the module location. |
### VulnerabilityDetailTable
......@@ -4449,10 +4449,10 @@ Represents the vulnerability details table value.
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `headers` | VulnerabilityDetail! => Array | Table headers. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
| `rows` | VulnerabilityDetail! => Array | Table rows. |
### VulnerabilityDetailText
......@@ -4461,9 +4461,9 @@ Represents the vulnerability details text field.
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
| `value` | String! | Value of the text field. |
### VulnerabilityDetailUrl
......@@ -4472,10 +4472,10 @@ Represents the vulnerability details URL field.
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `href` | String! | Href of the URL. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
| `text` | String | Text of the URL. |
### VulnerabilityDismissPayload
......
ee/app/graphql/types/vulnerability_details/base_type.rb
View file @ 5beab72d
......@@ -10,10 +10,10 @@ module Types
field :field_name, GraphQL::STRING_TYPE, null: true,
description: 'Name of the field.'
field :name, GraphQL::STRING_TYPE, null: false,
field :name, GraphQL::STRING_TYPE, null: true,
description: 'Name of the field.'
field :description, GraphQL::STRING_TYPE, null: false,
field :description, GraphQL::STRING_TYPE, null: true,
description: 'Description of the field.'
end
end
......
ee/changelogs/unreleased/263497-update-details-schema-for-finding.yml 0 → 100644
View file @ 5beab72d
---
title: Update details JSON Schema and GraphQL Schema for Vulnerability Finding
merge_request: 54423
author:
type: fixed
ee/spec/factories/vulnerabilities/findings.rb
View file @ 5beab72d
......@@ -225,6 +225,228 @@ FactoryBot.define do
end
end
trait :with_details do
details do
{
commit: {
name: 'The Commit',
description: 'Commit where the vulnerability was identified',
type: 'commit',
value: '41df7b7eb3be2b5be2c406c2f6d28cd6631eeb19'
},
marked_up: {
name: 'Marked Data',
description: 'GFM-flavored markdown',
type: 'markdown',
value: "Here is markdown `inline code` #1 [test](gitlab.com)\n\n![GitLab Logo](https://about.gitlab.com/images/press/logo/preview/gitlab-logo-white-preview.png)"
},
diff: {
name: 'Modified data',
description: 'How the data was modified',
type: 'diff',
before: "Hello there\nHello world\nhello again",
after: "Hello there\nHello Wooorld\nanew line\nhello again\nhello again"
},
table_data: {
name: 'Registers',
type: 'table',
header: [
{
type: 'text',
value: 'Register'
},
{
type: 'text',
value: 'Value'
},
{
type: 'text',
value: 'Note'
}
],
rows: [
[
{
type: 'text',
value: 'eax'
},
{
type: 'value',
value: 1336
},
{
type: 'text',
value: 'A note for eax'
}
],
[
{
type: 'value',
value: 'ebx'
},
{
type: 'value',
value: 1337
},
{
type: 'value',
value: true
}
],
[
{
type: 'text',
value: 'ecx'
},
{
type: 'value',
value: 1338
},
{
type: 'text',
value: 'A note for ecx'
}
],
[
{
type: 'text',
value: 'edx'
},
{
type: 'value',
value: 1339
},
{
type: 'text',
value: 'A note for edx'
}
]
]
},
urls: {
name: 'URLs',
description: 'The list of URLs in this report',
type: 'list',
items: [
{
type: 'url',
href: 'https://gitlab.com'
},
{
type: 'url',
href: 'https://gitlab.com'
},
{
type: 'url',
href: 'https://gitlab.com'
}
]
},
description: {
name: 'Description',
description: 'The actual description of the description',
type: 'text',
value: 'Text value'
},
code_block: {
name: 'Code Block',
type: 'code',
value: "Here\nis\ncode"
},
named_list: {
name: 'A Named List',
type: 'named-list',
items: {
field1: {
name: 'Field 1',
description: 'The description for field 1',
type: 'text',
value: 'Text'
},
field2: {
name: 'Field 2',
description: 'The description for field 2',
type: 'text',
value: 'Text'
},
nested_ints: {
name: 'Nested Ints',
type: 'list',
items: [
{
type: 'value',
value: 1337
},
{
type: 'value',
value: '0x1337'
}
]
}
}
},
stack_trace: {
name: 'Stack Trace',
type: 'list',
items: [
{
type: 'module-location',
module_name: 'compiled_binary',
offset: 100
},
{
type: 'module-location',
module_name: 'compiled_binary',
offset: 500
},
{
type: 'module-location',
module_name: 'compiled_binary',
offset: 700
},
{
type: 'module-location',
module_name: 'compiled_binary',
offset: 1000
}
]
},
location1: {
name: 'Location 1',
description: 'The first location',
type: 'file-location',
file_name: 'new_file.c',
line_start: 5,
line_end: 6
},
module_location1: {
name: 'Module Location 1',
description: 'The first location',
type: 'module-location',
module_name: 'gitlab.h',
offset: 100
},
code: {
type: 'code',
name: 'Truthy Code',
value: 'function isTrue(value) { value ? true : false }',
lang: 'javascript'
},
url: {
type: 'url',
name: 'GitLab URL',
text: 'URL to GitLab.com',
href: 'https://gitlab.com'
},
text: {
type: 'text',
name: 'Text with more info',
value: 'More info about this vulnerability'
}
}
end
end
trait :identifier do
after(:build) do |finding|
identifier = build(
......
ee/spec/requests/api/graphql/vulnerabilities/details_spec.rb 0 → 100644
View file @ 5beab72d
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7