Commit 64bfac32 authored by Lukas Eipert's avatar Lukas Eipert

Remove outdated Container Scanning code

Since we now retrieve data from the Backend, we can remove the parsing
log from the Frontend. See:
https://gitlab.com/groups/gitlab-org/-/epics/1425
parent 02ccaf48
......@@ -50,11 +50,6 @@ export const setCanCreateFeedbackPermission = ({ commit }, permission) =>
/**
* SAST CONTAINER
*/
export const setSastContainerHeadPath = ({ commit }, path) =>
commit(types.SET_SAST_CONTAINER_HEAD_PATH, path);
export const setSastContainerBasePath = ({ commit }, path) =>
commit(types.SET_SAST_CONTAINER_BASE_PATH, path);
export const setSastContainerDiffEndpoint = ({ commit }, path) =>
commit(types.SET_SAST_CONTAINER_DIFF_ENDPOINT, path);
......@@ -62,12 +57,6 @@ export const setSastContainerDiffEndpoint = ({ commit }, path) =>
export const requestSastContainerReports = ({ commit }) =>
commit(types.REQUEST_SAST_CONTAINER_REPORTS);
export const receiveSastContainerReports = ({ commit }, response) =>
commit(types.RECEIVE_SAST_CONTAINER_REPORTS, response);
export const receiveSastContainerError = ({ commit }, error) =>
commit(types.RECEIVE_SAST_CONTAINER_ERROR, error);
export const receiveSastContainerDiffSuccess = ({ commit }, response) =>
commit(types.RECEIVE_SAST_CONTAINER_DIFF_SUCCESS, response);
......@@ -96,32 +85,6 @@ export const fetchSastContainerDiff = ({ state, dispatch }) => {
});
};
export const fetchSastContainerReports = ({ state, dispatch }) => {
const { base, head } = state.sastContainer.paths;
dispatch('requestSastContainerReports');
return Promise.all([
head ? axios.get(head) : Promise.resolve(),
base ? axios.get(base) : Promise.resolve(),
axios.get(state.vulnerabilityFeedbackPath, {
params: {
category: 'container_scanning',
},
}),
])
.then(values => {
dispatch('receiveSastContainerReports', {
head: values[0] ? values[0].data : null,
base: values[1] ? values[1].data : null,
enrichData: values && values[2] ? values[2].data : [],
});
})
.catch(() => {
dispatch('receiveSastContainerError');
});
};
export const updateContainerScanningIssue = ({ commit }, issue) =>
commit(types.UPDATE_CONTAINER_SCANNING_ISSUE, issue);
......
......@@ -14,12 +14,8 @@ export const SET_CAN_CREATE_ISSUE_PERMISSION = 'SET_CAN_CREATE_ISSUE_PERMISSION'
export const SET_CAN_CREATE_FEEDBACK_PERMISSION = 'SET_CAN_CREATE_FEEDBACK_PERMISSION';
// SAST CONTAINER
export const SET_SAST_CONTAINER_HEAD_PATH = 'SET_SAST_CONTAINER_HEAD_PATH';
export const SET_SAST_CONTAINER_BASE_PATH = 'SET_SAST_CONTAINER_BASE_PATH';
export const SET_SAST_CONTAINER_DIFF_ENDPOINT = 'SET_SAST_CONTAINER_DIFF_ENDPOINT';
export const REQUEST_SAST_CONTAINER_REPORTS = 'REQUEST_SAST_CONTAINER_REPORTS';
export const RECEIVE_SAST_CONTAINER_REPORTS = 'RECEIVE_SAST_CONTAINER_REPORTS';
export const RECEIVE_SAST_CONTAINER_ERROR = 'RECEIVE_SAST_CONTAINER_ERROR';
export const RECEIVE_SAST_CONTAINER_DIFF_SUCCESS = 'RECEIVE_SAST_CONTAINER_DIFF_SUCCESS';
export const RECEIVE_SAST_CONTAINER_DIFF_ERROR = 'RECEIVE_SAST_CONTAINER_DIFF_ERROR';
......
import Vue from 'vue';
import * as types from './mutation_types';
import {
parseDependencyScanningIssues,
parseDastIssues,
getUnapprovedVulnerabilities,
findIssueIndex,
parseDiff,
} from './utils';
import { parseDependencyScanningIssues, parseDastIssues, findIssueIndex, parseDiff } from './utils';
import filterByKey from './utils/filter_by_key';
import getFileLocation from './utils/get_file_location';
import { parseSastContainer } from './utils/container_scanning';
import { visitUrl } from '~/lib/utils/url_utility';
export default {
......@@ -58,14 +51,6 @@ export default {
},
// SAST CONTAINER
[types.SET_SAST_CONTAINER_HEAD_PATH](state, path) {
Vue.set(state.sastContainer.paths, 'head', path);
},
[types.SET_SAST_CONTAINER_BASE_PATH](state, path) {
Vue.set(state.sastContainer.paths, 'base', path);
},
[types.SET_SAST_CONTAINER_DIFF_ENDPOINT](state, path) {
Vue.set(state.sastContainer.paths, 'diffEndpoint', path);
},
......@@ -74,38 +59,6 @@ export default {
Vue.set(state.sastContainer, 'isLoading', true);
},
/**
* For sast container we only render unapproved vulnerabilities.
*/
[types.RECEIVE_SAST_CONTAINER_REPORTS](state, reports) {
if (reports.base && reports.head) {
const headIssues = getUnapprovedVulnerabilities(
parseSastContainer(reports.head.vulnerabilities, reports.enrichData, reports.head.image),
reports.head.unapproved,
);
const baseIssues = getUnapprovedVulnerabilities(
parseSastContainer(reports.base.vulnerabilities, reports.enrichData, reports.base.image),
reports.base.unapproved,
);
const filterKey = 'vulnerability';
const newIssues = filterByKey(headIssues, baseIssues, filterKey);
const resolvedIssues = filterByKey(baseIssues, headIssues, filterKey);
Vue.set(state.sastContainer, 'newIssues', newIssues);
Vue.set(state.sastContainer, 'resolvedIssues', resolvedIssues);
Vue.set(state.sastContainer, 'isLoading', false);
} else if (reports.head && !reports.base) {
const newIssues = getUnapprovedVulnerabilities(
parseSastContainer(reports.head.vulnerabilities, reports.enrichData, reports.head.image),
reports.head.unapproved,
);
Vue.set(state.sastContainer, 'newIssues', newIssues);
Vue.set(state.sastContainer, 'isLoading', false);
}
},
[types.RECEIVE_SAST_CONTAINER_DIFF_SUCCESS](state, { diff, enrichData }) {
const { added, fixed, existing } = parseDiff(diff, enrichData);
const baseReportOutofDate = diff.base_report_out_of_date || false;
......@@ -124,11 +77,6 @@ export default {
Vue.set(state.sastContainer, 'hasError', true);
},
[types.RECEIVE_SAST_CONTAINER_ERROR](state) {
Vue.set(state.sastContainer, 'isLoading', false);
Vue.set(state.sastContainer, 'hasError', true);
},
// DAST
[types.SET_DAST_HEAD_PATH](state, path) {
......
......@@ -260,9 +260,6 @@ export const parseDastIssues = (sites = [], feedback = []) =>
[],
);
export const getUnapprovedVulnerabilities = (issues = [], unapproved = []) =>
issues.filter(item => unapproved.find(el => el === item.vulnerability));
export const groupedTextBuilder = ({
reportType = '',
paths = {},
......
import { SEVERITY_LEVELS } from 'ee/security_dashboard/store/constants';
import sha1 from 'sha1';
import _ from 'underscore';
import { s__, sprintf } from '~/locale';
import { enrichVulnerabilityWithFeedback } from '../utils';
/*
Container scanning mapping utils
This file contains all functions for mapping container scanning vulnerabilities
to match the representation that we are building in the backend:
https://gitlab.com/gitlab-org/gitlab/blob/bbcd07475f0334/ee/lib/gitlab/ci/parsers/security/container_scanning.rb
All these function can hopefully be removed as soon as we retrieve the data from the backend.
*/
export const formatContainerScanningDescription = ({
description,
namespace,
vulnerability,
featurename,
featureversion,
}) => {
if (!_.isEmpty(description)) {
return description;
}
let generated;
if (featurename && featureversion) {
generated = `${featurename}:${featureversion}`;
} else if (featurename) {
generated = featurename;
} else {
generated = namespace;
}
return sprintf(s__('ciReport|%{namespace} is affected by %{vulnerability}.'), {
namespace: generated,
vulnerability,
});
};
export const formatContainerScanningMessage = ({ vulnerability, featurename }) => {
if (featurename) {
return sprintf(s__('ciReport|%{vulnerability} in %{featurename}'), {
vulnerability,
featurename,
});
}
return vulnerability;
};
export const formatContainerScanningSolution = ({ fixedby, featurename, featureversion }) => {
if (!_.isEmpty(fixedby)) {
if (!_.isEmpty(featurename)) {
if (!_.isEmpty(featureversion)) {
return sprintf(s__('ciReport|Upgrade %{name} from %{version} to %{fixed}.'), {
name: featurename,
version: featureversion,
fixed: fixedby,
});
}
return sprintf(s__('ciReport|Upgrade %{name} to %{fixed}.'), {
name: featurename,
fixed: fixedby,
});
}
return sprintf(s__('ciReport|Upgrade to %{fixed}.'), {
fixed: fixedby,
});
}
return null;
};
export const parseContainerScanningSeverity = severity => {
/* eslint-disable-next-line @gitlab/i18n/no-non-i18n-strings */
if (severity === 'Defcon1') {
return SEVERITY_LEVELS.critical;
/* eslint-disable-next-line @gitlab/i18n/no-non-i18n-strings */
} else if (severity === 'Negligible') {
return SEVERITY_LEVELS.low;
}
return severity;
};
/**
* Parses Container Scanning results into a common format to allow to use the same Vue component.
* Container Scanning report is currently the straight output from the underlying tool
* (clair scanner) hence the formatting happening here.
*
* @param {Array} issues
* @param {Array} feedback
* @param {String} image name
* @returns {Array}
*/
export const parseSastContainer = (issues = [], feedback = [], image) =>
issues.map(issue => {
const message = formatContainerScanningMessage(issue);
/*
The following fields are copying the backend data structure, as can be found in:
https://gitlab.com/gitlab-org/gitlab/blob/f8f5724bb47712df0a618ae0a447b69a6ef47c0c/ee/lib/gitlab/ci/parsers/security/container_scanning.rb#L42-72
*/
const parsed = {
category: 'container_scanning',
message,
description: formatContainerScanningDescription(issue),
cve: issue.vulnerability,
severity: parseContainerScanningSeverity(issue.severity),
confidence: SEVERITY_LEVELS.medium,
location: {
image,
operating_system: issue.namespace,
},
/* eslint-disable-next-line @gitlab/i18n/no-non-i18n-strings */
scanner: { id: 'clair', name: 'Clair' },
identifiers: [
{
type: 'CVE',
name: issue.vulnerability,
value: issue.vulnerability,
url: `https://cve.mitre.org/cgi-bin/cvename.cgi?name=${issue.vulnerability}`,
},
],
};
const solution = formatContainerScanningSolution(issue);
if (solution) {
parsed.solution = solution;
}
if (issue.featurename) {
const dependency = {
package: {
name: issue.featurename,
},
};
if (issue.featureversion) {
dependency.version = issue.featureversion;
}
parsed.location.dependency = dependency;
}
if (issue.link) {
parsed.links = [{ url: issue.link }];
}
/*
The following properties are set only created in the frontend.
This is done for legacy reasons and they should be made obsolete,
before switching to the Backend implementation
*/
const frontendOnly = {
project_fingerprint: sha1(issue.vulnerability),
title: message,
vulnerability: issue.vulnerability,
};
return {
...parsed,
...frontendOnly,
...enrichVulnerabilityWithFeedback(frontendOnly, feedback),
};
});
const libTiffCveFingerprint = 'e503c23a7776dd5e2c35ac63c8cce6b6468be9ba';
const libTiffCveFingerprint2 = '29af456d1107381bc2511646e2ae488ddfe9a8ed';
export const sastParsedIssues = [
......@@ -472,143 +471,6 @@ export const parsedDependencyScanningBaseStore = [
},
];
export const parsedSastContainerBaseStore = [
{
category: 'container_scanning',
message: 'CVE-2014-8130',
description: 'debian:8 is affected by CVE-2014-8130.',
cve: 'CVE-2014-8130',
severity: 'Low',
confidence: 'Medium',
location: { image: 'registry.example.com/example/master:1234', operating_system: 'debian:8' },
scanner: { id: 'clair', name: 'Clair' },
identifiers: [
{
name: 'CVE-2014-8130',
type: 'CVE',
url: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8130',
value: 'CVE-2014-8130',
},
],
project_fingerprint: 'e1f22cd89e3c306541d7c804b29255b5cc275d6d',
title: 'CVE-2014-8130',
vulnerability: 'CVE-2014-8130',
},
];
export const dockerReport = {
image: 'registry.example.com/example/master:1234',
unapproved: ['CVE-2017-12944', 'CVE-2017-16232'],
vulnerabilities: [
{
vulnerability: 'CVE-2017-12944',
namespace: 'debian:8',
severity: 'Medium',
},
{
vulnerability: 'CVE-2017-16232',
namespace: 'debian:8',
severity: 'Negligible',
},
{
vulnerability: 'CVE-2014-8130',
namespace: 'debian:8',
severity: 'Negligible',
},
],
};
export const dockerBaseReport = {
image: 'registry.example.com/example/master:1234',
unapproved: ['CVE-2017-12944', 'CVE-2014-8130'],
vulnerabilities: [
{
vulnerability: 'CVE-2017-12944',
namespace: 'debian:8',
severity: 'Medium',
},
{
vulnerability: 'CVE-2017-16232',
namespace: 'debian:8',
severity: 'Negligible',
},
{
vulnerability: 'CVE-2014-8130',
namespace: 'debian:8',
severity: 'Negligible',
},
],
};
export const dockerNewIssues = [
{
category: 'container_scanning',
message: 'CVE-2017-16232',
description: 'debian:8 is affected by CVE-2017-16232.',
cve: 'CVE-2017-16232',
severity: 'Low',
confidence: 'Medium',
location: { image: 'registry.example.com/example/master:1234', operating_system: 'debian:8' },
scanner: { id: 'clair', name: 'Clair' },
identifiers: [
{
type: 'CVE',
name: 'CVE-2017-16232',
value: 'CVE-2017-16232',
url: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16232',
},
],
project_fingerprint: libTiffCveFingerprint,
title: 'CVE-2017-16232',
vulnerability: 'CVE-2017-16232',
},
];
export const dockerOnlyHeadParsed = [
{
category: 'container_scanning',
message: 'CVE-2017-12944',
description: 'debian:8 is affected by CVE-2017-12944.',
cve: 'CVE-2017-12944',
severity: 'Medium',
confidence: 'Medium',
location: { image: 'registry.example.com/example/master:1234', operating_system: 'debian:8' },
scanner: { id: 'clair', name: 'Clair' },
identifiers: [
{
type: 'CVE',
name: 'CVE-2017-12944',
value: 'CVE-2017-12944',
url: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944',
},
],
project_fingerprint: libTiffCveFingerprint2,
title: 'CVE-2017-12944',
vulnerability: 'CVE-2017-12944',
},
{
category: 'container_scanning',
message: 'CVE-2017-16232',
description: 'debian:8 is affected by CVE-2017-16232.',
cve: 'CVE-2017-16232',
severity: 'Low',
confidence: 'Medium',
location: { image: 'registry.example.com/example/master:1234', operating_system: 'debian:8' },
scanner: { id: 'clair', name: 'Clair' },
identifiers: [
{
type: 'CVE',
name: 'CVE-2017-16232',
value: 'CVE-2017-16232',
url: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16232',
},
],
project_fingerprint: libTiffCveFingerprint,
title: 'CVE-2017-16232',
vulnerability: 'CVE-2017-16232',
},
];
export const dockerReportParsed = {
unapproved: [
{
......
......@@ -7,12 +7,7 @@ import {
setPipelineId,
setCanCreateIssuePermission,
setCanCreateFeedbackPermission,
setSastContainerHeadPath,
setSastContainerBasePath,
requestSastContainerReports,
receiveSastContainerReports,
receiveSastContainerError,
fetchSastContainerReports,
setDastHeadPath,
setDastBasePath,
requestDastReports,
......@@ -76,8 +71,6 @@ import {
sastIssuesBase,
dast,
dastBase,
dockerReport,
dockerBaseReport,
sastFeedbacks,
dastFeedbacks,
containerScanningFeedbacks,
......@@ -252,42 +245,6 @@ describe('security reports actions', () => {
});
});
describe('setSastContainerHeadPath', () => {
it('should commit set head blob path', done => {
testAction(
setSastContainerHeadPath,
'path',
mockedState,
[
{
type: types.SET_SAST_CONTAINER_HEAD_PATH,
payload: 'path',
},
],
[],
done,
);
});
});
describe('setSastContainerBasePath', () => {
it('should commit set head blob path', done => {
testAction(
setSastContainerBasePath,
'path',
mockedState,
[
{
type: types.SET_SAST_CONTAINER_BASE_PATH,
payload: 'path',
},
],
[],
done,
);
});
});
describe('requestSastContainerReports', () => {
it('should commit request mutation', done => {
testAction(
......@@ -305,162 +262,6 @@ describe('security reports actions', () => {
});
});
describe('receiveSastContainerReports', () => {
it('should commit sast receive mutation', done => {
testAction(
receiveSastContainerReports,
{},
mockedState,
[
{
type: types.RECEIVE_SAST_CONTAINER_REPORTS,
payload: {},
},
],
[],
done,
);
});
});
describe('receiveSastContainerError', () => {
it('should commit sast error mutation', done => {
const error = new Error('test');
testAction(
receiveSastContainerError,
error,
mockedState,
[
{
type: types.RECEIVE_SAST_CONTAINER_ERROR,
payload: error,
},
],
[],
done,
);
});
});
describe('fetchSastContainerReports', () => {
describe('with head and base', () => {
it('should dispatch `receiveSastContainerReports`', done => {
mock.onGet('foo').reply(200, dockerReport);
mock.onGet('bar').reply(200, dockerBaseReport);
mock
.onGet('vulnerabilities_path', {
params: {
category: 'container_scanning',
},
})
.reply(200, containerScanningFeedbacks);
mockedState.vulnerabilityFeedbackPath = 'vulnerabilities_path';
mockedState.sastContainer.paths.head = 'foo';
mockedState.sastContainer.paths.base = 'bar';
testAction(
fetchSastContainerReports,
null,
mockedState,
[],
[
{
type: 'requestSastContainerReports',
},
{
type: 'receiveSastContainerReports',
payload: {
head: dockerReport,
base: dockerBaseReport,
enrichData: containerScanningFeedbacks,
},
},
],
done,
);
});
it('should dispatch `receiveSastContainerError`', done => {
mock.onGet('foo').reply(500, {});
mockedState.sastContainer.paths.head = 'foo';
mockedState.sastContainer.paths.base = 'bar';
testAction(
fetchSastContainerReports,
null,
mockedState,
[],
[
{
type: 'requestSastContainerReports',
},
{
type: 'receiveSastContainerError',
},
],
done,
);
});
});
describe('with head', () => {
it('should dispatch `receiveSastContainerReports`', done => {
mock.onGet('foo').reply(200, dockerReport);
mock
.onGet('vulnerabilities_path', {
params: {
category: 'container_scanning',
},
})
.reply(200, containerScanningFeedbacks);
mockedState.vulnerabilityFeedbackPath = 'vulnerabilities_path';
mockedState.sastContainer.paths.head = 'foo';
testAction(
fetchSastContainerReports,
null,
mockedState,
[],
[
{
type: 'requestSastContainerReports',
},
{
type: 'receiveSastContainerReports',
payload: { head: dockerReport, base: null, enrichData: containerScanningFeedbacks },
},
],
done,
);
});
it('should dispatch `receiveSastContainerError`', done => {
mock.onGet('foo').reply(500, {});
mockedState.sastContainer.paths.head = 'foo';
testAction(
fetchSastContainerReports,
null,
mockedState,
[],
[
{
type: 'requestSastContainerReports',
},
{
type: 'receiveSastContainerError',
},
],
done,
);
});
});
});
describe('setDastHeadPath', () => {
it('should commit set head blob path', done => {
testAction(
......
......@@ -7,11 +7,7 @@ import {
parsedDependencyScanningIssuesHead,
parsedDependencyScanningBaseStore,
parsedDependencyScanningIssuesStore,
parsedSastContainerBaseStore,
dockerReport,
dockerBaseReport,
dockerNewIssues,
dockerOnlyHeadParsed,
mockFindings,
dast,
dastBase,
parsedDastNewIssues,
......@@ -86,22 +82,6 @@ describe('security reports mutations', () => {
});
});
describe('SET_SAST_CONTAINER_HEAD_PATH', () => {
it('should set sast container head path', () => {
mutations[types.SET_SAST_CONTAINER_HEAD_PATH](stateCopy, 'head_path');
expect(stateCopy.sastContainer.paths.head).toEqual('head_path');
});
});
describe('SET_SAST_CONTAINER_BASE_PATH', () => {
it('should set sast container base path', () => {
mutations[types.SET_SAST_CONTAINER_BASE_PATH](stateCopy, 'base_path');
expect(stateCopy.sastContainer.paths.base).toEqual('base_path');
});
});
describe('REQUEST_SAST_CONTAINER_REPORTS', () => {
it('should set sast container loading flag to true', () => {
mutations[types.REQUEST_SAST_CONTAINER_REPORTS](stateCopy);
......@@ -110,41 +90,6 @@ describe('security reports mutations', () => {
});
});
describe('RECEIVE_SAST_CONTAINER_REPORTS', () => {
describe('with head and base', () => {
it('should set new and resolved issues', () => {
mutations[types.RECEIVE_SAST_CONTAINER_REPORTS](stateCopy, {
head: dockerReport,
base: dockerBaseReport,
});
expect(stateCopy.sastContainer.isLoading).toEqual(false);
expect(stateCopy.sastContainer.newIssues).toEqual(dockerNewIssues);
expect(stateCopy.sastContainer.resolvedIssues).toEqual(parsedSastContainerBaseStore);
});
});
describe('with head', () => {
it('should set new issues', () => {
mutations[types.RECEIVE_SAST_CONTAINER_REPORTS](stateCopy, {
head: dockerReport,
});
expect(stateCopy.sastContainer.isLoading).toEqual(false);
expect(stateCopy.sastContainer.newIssues).toEqual(dockerOnlyHeadParsed);
});
});
});
describe('RECEIVE_SAST_CONTAINER_ERROR', () => {
it('should set sast container loading flag to false and error flag to true', () => {
mutations[types.RECEIVE_SAST_CONTAINER_ERROR](stateCopy);
expect(stateCopy.sastContainer.isLoading).toEqual(false);
expect(stateCopy.sastContainer.hasError).toEqual(true);
});
});
describe('SET_DAST_HEAD_PATH', () => {
it('should set dast head path', () => {
mutations[types.SET_DAST_HEAD_PATH](stateCopy, 'head_path');
......@@ -742,10 +687,10 @@ describe('security reports mutations', () => {
describe('UPDATE_CONTAINER_SCANNING_ISSUE', () => {
it('updates issue in the new issues list', () => {
stateCopy.sastContainer.newIssues = dockerNewIssues;
stateCopy.sastContainer.newIssues = mockFindings;
stateCopy.sastContainer.resolvedIssues = [];
const updatedIssue = {
...dockerNewIssues[0],
...mockFindings[0],
foo: 'bar',
};
......@@ -756,9 +701,9 @@ describe('security reports mutations', () => {
it('updates issue in the resolved issues list', () => {
stateCopy.sastContainer.newIssues = [];
stateCopy.sastContainer.resolvedIssues = dockerNewIssues;
stateCopy.sastContainer.resolvedIssues = mockFindings;
const updatedIssue = {
...dockerNewIssues[0],
...mockFindings[0],
foo: 'bar',
};
......
......@@ -6,7 +6,6 @@ import {
parseDependencyScanningIssues,
getDastSites,
parseDastIssues,
getUnapprovedVulnerabilities,
groupedTextBuilder,
statusIcon,
countIssues,
......@@ -14,14 +13,6 @@ import {
} from 'ee/vue_shared/security_reports/store/utils';
import filterByKey from 'ee/vue_shared/security_reports/store/utils/filter_by_key';
import getFileLocation from 'ee/vue_shared/security_reports/store/utils/get_file_location';
import {
formatContainerScanningDescription,
formatContainerScanningMessage,
formatContainerScanningSolution,
parseContainerScanningSeverity,
parseSastContainer,
} from 'ee/vue_shared/security_reports/store/utils/container_scanning';
import { SEVERITY_LEVELS } from 'ee/security_dashboard/store/constants';
import {
oldSastIssues,
sastIssues,
......@@ -31,8 +22,6 @@ import {
dependencyScanningIssues,
dependencyScanningIssuesMajor2,
dependencyScanningFeedbacks,
dockerReport,
containerScanningFeedbacks,
dast,
multiSitesDast,
dastFeedbacks,
......@@ -228,118 +217,6 @@ describe('security reports utils', () => {
});
});
describe('container scanning utils', () => {
describe('formatContainerScanningSolution', () => {
it('should return false if there is no data', () => {
expect(formatContainerScanningSolution({})).toBe(null);
});
it('should return the correct sentence', () => {
expect(formatContainerScanningSolution({ fixedby: 'v9000' })).toBe('Upgrade to v9000.');
expect(
formatContainerScanningSolution({ fixedby: 'v9000', featurename: 'Dependency' }),
).toBe('Upgrade Dependency to v9000.');
expect(
formatContainerScanningSolution({
fixedby: 'v9000',
featurename: 'Dependency',
featureversion: '1.0-beta',
}),
).toBe('Upgrade Dependency from 1.0-beta to v9000.');
});
});
describe('formatContainerScanningMessage', () => {
it('should return concatenated message if vulnerability and featurename are provided', () => {
expect(
formatContainerScanningMessage({ vulnerability: 'CVE-124', featurename: 'grep' }),
).toBe('CVE-124 in grep');
});
it('should return vulnerability if only that is provided', () => {
expect(formatContainerScanningMessage({ vulnerability: 'Foo' })).toBe('Foo');
});
});
describe('formatContainerScanningDescription', () => {
it('should return description', () => {
expect(formatContainerScanningDescription({ description: 'Foobar' })).toBe('Foobar');
});
it('should build description from available fields', () => {
const featurename = 'Dependency';
const featureversion = '1.0';
const namespace = 'debian:8';
const vulnerability = 'CVE-123';
expect(
formatContainerScanningDescription({
featurename,
featureversion,
namespace,
vulnerability,
}),
).toBe('Dependency:1.0 is affected by CVE-123.');
expect(formatContainerScanningDescription({ featurename, namespace, vulnerability })).toBe(
'Dependency is affected by CVE-123.',
);
expect(formatContainerScanningDescription({ namespace, vulnerability })).toBe(
'debian:8 is affected by CVE-123.',
);
});
});
describe('parseContainerScanningSeverity', () => {
it('should return `Critical` for `Defcon1`', () => {
expect(parseContainerScanningSeverity('Defcon1')).toBe(SEVERITY_LEVELS.critical);
});
it('should return `Low` for `Negligible`', () => {
expect(parseContainerScanningSeverity('Negligible')).toBe('Low');
});
it('should not touch other severities', () => {
expect(parseContainerScanningSeverity('oxofrmbl')).toBe('oxofrmbl');
expect(parseContainerScanningSeverity('Medium')).toBe('Medium');
expect(parseContainerScanningSeverity('High')).toBe('High');
});
});
});
describe('parseSastContainer', () => {
it('parses sast container issues', () => {
const parsed = parseSastContainer(dockerReport.vulnerabilities)[0];
const issue = dockerReport.vulnerabilities[0];
expect(parsed.title).toEqual(issue.vulnerability);
expect(parsed.identifiers).toEqual([
{
type: 'CVE',
name: issue.vulnerability,
value: issue.vulnerability,
url: `https://cve.mitre.org/cgi-bin/cvename.cgi?name=${issue.vulnerability}`,
},
]);
expect(parsed.project_fingerprint).toEqual(sha1(issue.vulnerability));
});
it('includes vulnerability feedbacks', () => {
const parsed = parseSastContainer(
dockerReport.vulnerabilities,
containerScanningFeedbacks,
)[0];
expect(parsed.hasIssue).toEqual(true);
expect(parsed.isDismissed).toEqual(true);
expect(parsed.dismissalFeedback).toEqual(containerScanningFeedbacks[0]);
expect(parsed.issue_feedback).toEqual(containerScanningFeedbacks[1]);
});
});
describe('getDastSites', () => {
it.each([{}, 'site', 1, undefined])('wraps non-array argument %p into an array', arg => {
expect(getDastSites(arg)).toEqual([arg]);
......@@ -412,19 +289,6 @@ describe('security reports utils', () => {
});
});
describe('getUnapprovedVulnerabilities', () => {
it('return unapproved vulnerabilities', () => {
const unapproved = getUnapprovedVulnerabilities(
dockerReport.vulnerabilities,
dockerReport.unapproved,
);
expect(unapproved.length).toEqual(dockerReport.unapproved.length);
expect(unapproved[0].vulnerability).toEqual(dockerReport.unapproved[0]);
expect(unapproved[1].vulnerability).toEqual(dockerReport.unapproved[1]);
});
});
describe('textBuilder', () => {
describe('with only the head', () => {
const paths = { head: 'foo' };
......
......@@ -4,20 +4,9 @@ import * as mockData from '../../../frontend/vue_shared/security_reports/mock_da
// https://gitlab.com/gitlab-org/gitlab/merge_requests/10466#note_156218753
export const {
containerScanningFeedbacks,
dast,
dastBase,
dastFeedbacks,
dependencyScanningFeedbacks,
dockerBaseReport,
dockerReport,
dockerReportParsed,
parsedDast,
sastFeedbacks,
sastIssues,
sastIssuesBase,
sastParsedIssues,
mockFindings,
sastDiffSuccessMock,
dastDiffSuccessMock,
containerScanningDiffSuccessMock,
......
......@@ -22014,9 +22014,6 @@ msgstr ""
msgid "ciReport|%{linkStartTag}Learn more about codequality reports %{linkEndTag}"
msgstr ""
msgid "ciReport|%{namespace} is affected by %{vulnerability}."
msgstr ""
msgid "ciReport|%{remainingPackagesCount} more"
msgstr ""
......@@ -22075,9 +22072,6 @@ msgstr ""
msgid "ciReport|%{reportType}: Loading resulted in an error"
msgstr ""
msgid "ciReport|%{vulnerability} in %{featurename}"
msgstr ""
msgid "ciReport|(errors when loading results)"
msgstr ""
......@@ -22234,15 +22228,6 @@ msgstr ""
msgid "ciReport|There was an error reverting the dismissal. Please try again."
msgstr ""
msgid "ciReport|Upgrade %{name} from %{version} to %{fixed}."
msgstr ""
msgid "ciReport|Upgrade %{name} to %{fixed}."
msgstr ""
msgid "ciReport|Upgrade to %{fixed}."
msgstr ""
msgid "ciReport|Used by %{packagesString}"
msgid_plural "ciReport|Used by %{packagesString}, and %{lastPackage}"
msgstr[0] ""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment