Commit 6bc898ad authored by Ash McKenzie's avatar Ash McKenzie

Merge branch...

Merge branch '36446-add-seed-data-for-vulnerability-and-vulnerabilities-issuelink-models' into 'master'

Seed Vulnerability and Vulnerabilities::IssueLink in development

Closes #36446

See merge request gitlab-org/gitlab!24291
parents c0e5e97d 29c4ecd0
......@@ -5,6 +5,8 @@ class Gitlab::Seeder::Vulnerabilities
def initialize(project)
@project = project
FactoryBot.definition_file_paths << Rails.root.join('ee', 'spec', 'factories')
FactoryBot.reload # rubocop:disable Cop/ActiveRecordAssociationReload
end
def seed!
......@@ -12,7 +14,8 @@ class Gitlab::Seeder::Vulnerabilities
10.times do |rank|
primary_identifier = create_identifier(rank)
occurrence = create_occurrence(rank, primary_identifier)
vulnerability = create_vulnerability
occurrence = create_occurrence(vulnerability, rank, primary_identifier)
# Create occurrence_pipeline join model
occurrence.pipelines << pipeline
# Create occurrence_identifier join models
......@@ -24,7 +27,7 @@ class Gitlab::Seeder::Vulnerabilities
when 0
create_feedback(occurrence, 'dismissal')
when 1
create_feedback(occurrence, 'issue')
create_feedback(occurrence, 'issue', vulnerability: vulnerability)
else
# no feedback
end
......@@ -34,52 +37,94 @@ class Gitlab::Seeder::Vulnerabilities
private
def create_occurrence(rank, primary_identifier)
project.vulnerability_findings.create!(
uuid: random_uuid,
name: 'Cipher with no integrity',
report_type: :sast,
def create_vulnerability
state_symbol = ::Vulnerability.states.keys.sample.to_sym
vulnerability = build_vulnerability(state_symbol)
case state_symbol
when :resolved
vulnerability.resolved_by = author
when :dismissed
vulnerability.closed_by = author
end
vulnerability.tap(&:save!)
end
def build_vulnerability(state_symbol)
FactoryBot.build(
:vulnerability,
state_symbol,
project: project,
author: author,
title: 'Cypher with no integrity',
severity: random_severity_level,
confidence: random_confidence_level,
report_type: random_report_type
)
end
def create_occurrence(vulnerability, rank, primary_identifier)
scanner = FactoryBot.create(:vulnerabilities_scanner, project: vulnerability.project)
FactoryBot.create(
:vulnerabilities_occurrence,
project: project,
vulnerability: vulnerability,
scanner: scanner,
severity: random_severity_level,
confidence: random_confidence_level,
primary_identifier: primary_identifier,
project_fingerprint: random_fingerprint,
location_fingerprint: random_fingerprint,
primary_identifier: primary_identifier,
raw_metadata: metadata(rank).to_json,
metadata_version: 'sast:1.0',
scanner: scanner)
raw_metadata: metadata(rank).to_json
)
end
def create_identifier(rank)
project.vulnerability_identifiers.create!(
FactoryBot.create(
:vulnerabilities_identifier,
external_type: "SECURITY_ID",
external_id: "SECURITY_#{rank}",
fingerprint: random_fingerprint,
name: "SECURITY_IDENTIFIER #{rank}",
url: "https://security.example.com/#{rank}"
url: "https://security.example.com/#{rank}",
project: project
)
end
def create_feedback(occurrence, type)
issue = create_issue("Dismiss #{occurrence.name}") if type == 'issue'
project.vulnerability_feedback.create!(
def create_feedback(occurrence, type, vulnerability: nil)
if type == 'issue'
issue = create_issue("Dismiss #{occurrence.name}")
create_vulnerability_issue_link(vulnerability, issue)
end
FactoryBot.create(
:vulnerability_feedback,
feedback_type: type,
category: 'sast',
project: project,
author: author,
issue: issue,
pipeline: pipeline,
project_fingerprint: occurrence.project_fingerprint,
vulnerability_data: { category: 'sast' })
project_fingerprint: occurrence.project_fingerprint
)
end
def scanner
@scanner ||= project.vulnerability_scanners.create!(
def create_issue(title)
FactoryBot.create(
:issue,
project: project,
external_id: 'security-scanner',
name: 'Security Scanner')
author: author,
title: title
)
end
def create_issue(title)
project.issues.create!(author: author, title: title)
def create_vulnerability_issue_link(vulnerability, issue)
FactoryBot.create(
:vulnerabilities_issue_link,
:created,
vulnerability: vulnerability,
issue: issue
)
end
def random_confidence_level
......@@ -90,6 +135,10 @@ class Gitlab::Seeder::Vulnerabilities
::Vulnerabilities::Occurrence::SEVERITY_LEVELS.keys.sample
end
def random_report_type
::Vulnerabilities::Occurrence::REPORT_TYPES.keys.sample
end
def metadata(line)
{
description: "The cipher does not provide data integrity update 1",
......@@ -110,10 +159,6 @@ class Gitlab::Seeder::Vulnerabilities
}
end
def random_uuid
SecureRandom.hex(18)
end
def random_fingerprint
SecureRandom.hex(20)
end
......
......@@ -2,7 +2,7 @@
FactoryBot.define do
sequence :vulnerability_occurrence_uuid do |n|
Digest::SHA1.hexdigest("uuid-#{n}")[0..35]
SecureRandom.uuid
end
factory :vulnerabilities_occurrence, class: 'Vulnerabilities::Occurrence', aliases: [:vulnerabilities_finding] do
......
# frozen_string_literal: true
FactoryBot.define do
sequence(:vulnerability_scanner_external_id) do |n|
"find_sec_bugs_#{n}"
end
factory :vulnerabilities_scanner, class: 'Vulnerabilities::Scanner' do
external_id { 'find_sec_bugs' }
sequence(:external_id) { generate(:vulnerability_scanner_external_id) }
name { 'Find Security Bugs' }
project
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment