Commit 70918025 authored by Paul Slaughter's avatar Paul Slaughter

Merge branch 'migrate-security-table-row-spec' into 'master'

Migrate 'Security Dashboard Table Row' specs

See merge request gitlab-org/gitlab!24159
parents ed7ead38 f3a4b756
......@@ -3,7 +3,7 @@ import DependenciesTableRow from 'ee/dependencies/components/dependencies_table_
import DependencyVulnerability from 'ee/dependencies/components/dependency_vulnerability.vue';
import { MAX_DISPLAYED_VULNERABILITIES_PER_DEPENDENCY } from 'ee/dependencies/components/constants';
import { makeDependency } from './utils';
import mockDataVulnerabilities from '../../../javascripts/security_dashboard/store/vulnerabilities/data/mock_data_vulnerabilities.json';
import mockDataVulnerabilities from '../../security_dashboard/store/vulnerabilities/data/mock_data_vulnerabilities';
describe('DependenciesTableRow component', () => {
let wrapper;
......
import { shallowMount } from '@vue/test-utils';
import DependencyVulnerability from 'ee/dependencies/components/dependency_vulnerability.vue';
import SeverityBadge from 'ee/vue_shared/security_reports/components/severity_badge.vue';
import mockDataVulnerabilities from '../../../javascripts/security_dashboard/store/vulnerabilities/data/mock_data_vulnerabilities.json';
import mockDataVulnerabilities from '../../security_dashboard/store/vulnerabilities/data/mock_data_vulnerabilities';
describe('DependencyVulnerability component', () => {
let wrapper;
......
import Vue from 'vue';
import component from 'ee/security_dashboard/components/security_dashboard_table_row.vue';
import Vuex from 'vuex';
import SecurityDashboardTableRow from 'ee/security_dashboard/components/security_dashboard_table_row.vue';
import createStore from 'ee/security_dashboard/store';
import { mountComponentWithStore } from 'spec/helpers/vue_mount_component_helper';
import mockDataVulnerabilities from '../store/vulnerabilities/data/mock_data_vulnerabilities.json';
import { mount, shallowMount, createLocalVue } from '@vue/test-utils';
import mockDataVulnerabilities from '../store/vulnerabilities/data/mock_data_vulnerabilities';
import { DASHBOARD_TYPES } from 'ee/security_dashboard/store/constants';
const localVue = createLocalVue();
localVue.use(Vuex);
describe('Security Dashboard Table Row', () => {
let vm;
let props;
let store = createStore();
const Component = Vue.extend(component);
let wrapper;
let store;
describe('when loading', () => {
beforeEach(() => {
props = { isLoading: true };
vm = mountComponentWithStore(Component, { store, props });
const createComponent = (mountFunc, { props = {}, storeParams = {} } = {}) => {
store = createStore(storeParams);
wrapper = mountFunc(SecurityDashboardTableRow, {
localVue,
store,
propsData: {
...props,
},
});
};
afterEach(() => {
vm.$destroy();
wrapper.destroy();
wrapper = null;
});
const findLoader = () => wrapper.find('.js-skeleton-loader');
const findContent = i => wrapper.findAll('.table-mobile-content').at(i);
const findAllIssueCreated = () => wrapper.findAll('.ic-issue-created');
describe('when loading', () => {
beforeEach(() => {
createComponent(shallowMount, { props: { isLoading: true } });
});
it('should display the skeleton loader', () => {
expect(vm.$el.querySelector('.js-skeleton-loader')).not.toBeNull();
expect(findLoader().exists()).toBeTruthy();
});
it('should render a ` ` for severity', () => {
expect(vm.severity).toEqual(' ');
expect(vm.$el.querySelectorAll('.table-mobile-content')[0].textContent).toContain(' ');
expect(wrapper.vm.severity).toEqual(' ');
expect(findContent(0).text()).toEqual('');
});
it('should not render action buttons', () => {
expect(vm.$el.querySelectorAll('.action-buttons button').length).toBe(0);
expect(wrapper.findAll('.action-buttons button').length).toBe(0);
});
});
......@@ -39,43 +55,37 @@ describe('Security Dashboard Table Row', () => {
let vulnerability = mockDataVulnerabilities[0];
beforeEach(() => {
props = { vulnerability };
vm = mountComponentWithStore(Component, { store, props });
});
afterEach(() => {
vm.$destroy();
createComponent(mount, { props: { vulnerability } });
});
it('should not display the skeleton loader', () => {
expect(vm.$el.querySelector('.js-skeleton-loader')).not.toExist();
expect(findLoader().exists()).toBeFalsy();
});
it('should render the severity', () => {
expect(
vm.$el.querySelectorAll('.table-mobile-content')[0].textContent.toLowerCase(),
).toContain(props.vulnerability.severity);
findContent(0)
.text()
.toLowerCase(),
).toContain(wrapper.props().vulnerability.severity);
});
describe('the project name', () => {
it('should render the name', () => {
expect(vm.$el.querySelectorAll('.table-mobile-content')[1].textContent).toContain(
props.vulnerability.name,
);
expect(findContent(1).text()).toContain(wrapper.props().vulnerability.name);
});
it('should render the project namespace', () => {
expect(vm.$el.querySelectorAll('.table-mobile-content')[1].textContent).toContain(
props.vulnerability.location.file,
);
expect(findContent(1).text()).toContain(wrapper.props().vulnerability.location.file);
});
it('should fire the openModal action when clicked', () => {
spyOn(vm.$store, 'dispatch');
jest.spyOn(store, 'dispatch').mockImplementation();
vm.$el.querySelector('.vulnerability-title').click();
const el = wrapper.find('.vulnerability-title');
el.trigger('click');
expect(vm.$store.dispatch).toHaveBeenCalledWith('vulnerabilities/openModal', {
expect(store.dispatch).toHaveBeenCalledWith('vulnerabilities/openModal', {
vulnerability,
});
});
......@@ -83,41 +93,27 @@ describe('Security Dashboard Table Row', () => {
describe('Group Security Dashboard', () => {
beforeEach(() => {
store = createStore({
dashboardType: DASHBOARD_TYPES.GROUP,
createComponent(shallowMount, {
props: { vulnerability },
storeParams: { dashboardType: DASHBOARD_TYPES.GROUP },
});
props = { vulnerability };
vm = mountComponentWithStore(Component, { store, props });
});
afterEach(() => {
vm.$destroy();
});
it('should contain project name as the namespace', () => {
expect(vm.$el.querySelectorAll('.table-mobile-content')[1].textContent).toContain(
props.vulnerability.project.full_name,
);
expect(findContent(1).text()).toContain(wrapper.props().vulnerability.project.full_name);
});
});
describe('Non-group Security Dashboard', () => {
beforeEach(() => {
store = createStore();
// eslint-disable-next-line prefer-destructuring
vulnerability = mockDataVulnerabilities[7];
props = { vulnerability };
vm = mountComponentWithStore(Component, { store, props });
});
afterEach(() => {
vm.$destroy();
createComponent(shallowMount, { props: { vulnerability } });
});
it('should contain container image as the namespace', () => {
expect(vm.$el.querySelectorAll('.table-mobile-content')[1].textContent).toContain(
props.vulnerability.location.image,
);
expect(findContent(1).text()).toContain(wrapper.props().vulnerability.location.image);
});
});
});
......@@ -126,20 +122,15 @@ describe('Security Dashboard Table Row', () => {
const vulnerability = mockDataVulnerabilities[2];
beforeEach(() => {
props = { vulnerability };
vm = mountComponentWithStore(Component, { store, props });
});
afterEach(() => {
vm.$destroy();
createComponent(shallowMount, { props: { vulnerability } });
});
it('should have a `dismissed` class', () => {
expect(vm.$el.classList).toContain('dismissed');
expect(wrapper.classes()).toContain('dismissed');
});
it('should render a `DISMISSED` tag', () => {
expect(vm.$el.textContent).toContain('dismissed');
expect(wrapper.text()).toContain('dismissed');
});
});
......@@ -147,16 +138,11 @@ describe('Security Dashboard Table Row', () => {
const vulnerability = mockDataVulnerabilities[3];
beforeEach(() => {
props = { vulnerability };
vm = mountComponentWithStore(Component, { store, props });
});
afterEach(() => {
vm.$destroy();
createComponent(mount, { props: { vulnerability } });
});
it('should have a `ic-issue-created` class', () => {
expect(vm.$el.querySelectorAll('.ic-issue-created')).toHaveLength(1);
expect(findAllIssueCreated()).toHaveLength(1);
});
});
......@@ -164,16 +150,11 @@ describe('Security Dashboard Table Row', () => {
const vulnerability = mockDataVulnerabilities[6];
beforeEach(() => {
props = { vulnerability };
vm = mountComponentWithStore(Component, { store, props });
});
afterEach(() => {
vm.$destroy();
createComponent(mount, { props: { vulnerability } });
});
it('should not have a `ic-issue-created` class', () => {
expect(vm.$el.querySelectorAll('.ic-issue-created')).toHaveLength(0);
expect(findAllIssueCreated()).toHaveLength(0);
});
});
......@@ -181,16 +162,11 @@ describe('Security Dashboard Table Row', () => {
const vulnerability = mockDataVulnerabilities[0];
beforeEach(() => {
props = { vulnerability };
vm = mountComponentWithStore(Component, { store, props });
});
afterEach(() => {
vm.$destroy();
createComponent(shallowMount, { props: { vulnerability } });
});
it('should not have a `ic-issue-created` class', () => {
expect(vm.$el.querySelectorAll('.ic-issue-created')).toHaveLength(0);
expect(findAllIssueCreated()).toHaveLength(0);
});
});
});
......@@ -12,7 +12,7 @@ import {
REQUEST_VULNERABILITIES,
} from 'ee/security_dashboard/store/modules/vulnerabilities/mutation_types';
import mockDataVulnerabilities from '../store/vulnerabilities/data/mock_data_vulnerabilities.json';
import mockDataVulnerabilities from '../store/vulnerabilities/data/mock_data_vulnerabilities';
const localVue = createLocalVue();
localVue.use(Vuex);
......
export default [
{
id: 1,
report_type: 'sast',
name: 'Insecure variable usage',
severity: 'critical',
confidence: 'high',
scanner: {
external_id: 'find_sec_bugs',
name: 'Find Security Bugs',
},
identifiers: [
{
external_type: 'CVE',
external_id: 'CVE-2018-1234',
name: 'CVE-2018-1234',
url: 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234',
},
{
external_type: 'CVE',
external_id: 'CVE-2018-1234',
name: 'CVE-2018-1234',
url: 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234',
},
],
project_fingerprint: '4e5b6966dd100170b4b1ad599c7058cce91b57b4',
project: {
id: 1,
name: 'project1',
full_path: '/namespace1/project1',
full_name: 'Gitab.org / security-products / binaries',
},
dismissal_feedback: null,
issue_feedback: null,
create_vulnerability_feedback_issue_path: 'https://example.com/vulnerability_feedback',
create_vulnerability_feedback_dismissal_path: 'https://example.com/vulnerability_feedback',
description: 'The cipher does not provide data integrity update 1',
solution:
'GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.',
location: {
file: 'maven/src/main/java/com/gitlab/security_products/tests/App.java',
start_line: 29,
end_line: 29,
class: 'com.gitlab.security_products.tests.App',
method: 'insecureCypher',
hostname: 'https://gitlab.com',
path: '/user6',
},
links: [
{
name: 'Cipher does not check for integrity first?',
url:
'https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first',
},
],
instances: [
{
param: 'X-Content-Type-Options',
method: 'GET',
uri: 'http://bikebilly-spring-auto-devops-review-feature-br-3y2gpb.35.192.176.43.xip.io',
},
{
param: 'X-Content-Type-Options',
method: 'GET',
uri: 'http://bikebilly-spring-auto-devops-review-feature-br-3y2gpb.35.192.176.43.xip.io/',
},
],
},
{
id: 2,
report_type: 'sast',
name: 'Insecure variable usage',
severity: 'critical',
confidence: 'high',
scanner: {
external_id: 'find_sec_bugs',
name: 'Find Security Bugs',
},
identifiers: [
{
external_type: 'CVE',
external_id: 'CVE-2018-1234',
name: 'CVE-2018-1234',
url: 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234',
},
{
external_type: 'CVE',
external_id: 'CVE-2018-1234',
name: 'CVE-2018-1234',
url: 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234',
},
],
project_fingerprint: '4e5b6966dd100170b4b1ad599c7058cce91b57b4',
project: {
id: 1,
name: 'project1',
full_path: '/namespace1/project1',
full_name: 'Gitab.org / quality / staging',
},
dismissal_feedback: null,
issue_feedback: null,
create_vulnerability_feedback_issue_path: 'https://example.com/vulnerability_feedback',
create_vulnerability_feedback_dismissal_path: 'https://example.com/vulnerability_feedback',
description: 'The cipher does not provide data integrity update 1',
solution:
'GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.',
location: {
file: 'maven/src/main/java/com/gitlab/security_products/tests/App.java',
start_line: 29,
end_line: 29,
class: 'com.gitlab.security_products.tests.App',
method: 'insecureCypher',
},
links: [
{
name: 'Cipher does not check for integrity first?',
url:
'https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first',
},
],
},
{
id: 3,
report_type: 'sast',
name: 'Insecure variable usage',
severity: 'medium',
confidence: '',
scanner: {
external_id: 'find_sec_bugs',
name: 'Find Security Bugs',
},
identifiers: [
{
external_type: 'CVE',
external_id: 'CVE-2018-1234',
name: 'CVE-2018-1234',
url: 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234',
},
{
external_type: 'CVE',
external_id: 'CVE-2018-1234',
name: 'CVE-2018-1234',
url: 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234',
},
],
project_fingerprint: '4e5b6966dd100170b4b1ad599c7058cce91b57b4',
project: {
id: 1,
name: 'project1',
full_path: '/namespace1/project1',
full_name: 'Gitab.org / security-products / licence-management',
},
dismissal_feedback: {
id: 1,
project_id: 1,
author: {
id: 6,
name: 'John Doe7',
username: 'user6',
state: 'active',
avatar_url:
'https://www.gravatar.com/avatar/3de3cc5a52553af613b6c457da6c219a?s=80&d=identicon',
web_url: 'http://localhost/user6',
status_tooltip_html: null,
path: '/user6',
},
issue_iid: null,
pipeline: {
id: 2,
path: '/namespace5/project5/pipelines/2',
},
category: 'sast',
feedback_type: 'dismissal',
branch: 'master',
project_fingerprint: '4e5b6966dd100170b4b1ad599c7058cce91b57b4',
destroy_vulnerability_feedback_dismissal_path: 'https://example.com/feedback_dismissal_path',
},
issue_feedback: null,
create_vulnerability_feedback_issue_path: 'https://example.com/vulnerability_feedback',
create_vulnerability_feedback_dismissal_path: 'https://example.com/vulnerability_feedback',
description: 'The cipher does not provide data integrity update 1',
solution:
'GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.',
location: {
file: 'maven/src/main/java/com/gitlab/security_products/tests/App.java',
start_line: 29,
end_line: 29,
class: 'com.gitlab.security_products.tests.App',
method: 'insecureCypher',
},
links: [
{
name: 'Cipher does not check for integrity first?',
url:
'https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first',
},
],
},
{
id: 4,
report_type: 'sast',
name: 'Insecure variable usage',
severity: 'high',
confidence: 'low',
scanner: {
external_id: 'find_sec_bugs',
name: 'Find Security Bugs',
},
identifiers: [
{
external_type: 'CVE',
external_id: 'CVE-2018-1234',
name: 'CVE-2018-1234',
url: 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234',
},
{
external_type: 'CVE',
external_id: 'CVE-2018-1234',
name: 'CVE-2018-1234',
url: 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234',
},
],
project_fingerprint: '4e5b6966dd100170b4b1ad599c7058cce91b57b4',
project: {
id: 1,
name: 'project1',
full_path: '/namespace1/project1',
full_name: 'Gitab.org / security-products / codequality',
},
dismissal_feedback: null,
issue_feedback: {
id: 2,
project_id: 1,
author: {
id: 8,
name: 'John Doe9',
username: 'user8',
state: 'active',
avatar_url:
'https://www.gravatar.com/avatar/51798cfc94af924ac2dffb7083baa6f4?s=80&d=identicon',
web_url: 'http://localhost/user8',
status_tooltip_html: null,
path: '/user8',
},
issue_iid: 1,
pipeline: {
id: 3,
path: '/namespace6/project6/pipelines/3',
},
issue_url: 'http://localhost/namespace1/project1/issues/1',
category: 'sast',
feedback_type: 'issue',
branch: 'master',
project_fingerprint: '4e5b6966dd100170b4b1ad599c7058cce91b57b4',
},
create_vulnerability_feedback_issue_path: 'https://example.com/vulnerability_feedback',
create_vulnerability_feedback_dismissal_path: 'https://example.com/vulnerability_feedback',
description: 'The cipher does not provide data integrity update 1',
solution:
'GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.',
location: {
file: 'maven/src/main/java/com/gitlab/security_products/tests/App.java',
start_line: 29,
end_line: 29,
class: 'com.gitlab.security_products.tests.App',
method: 'insecureCypher',
},
links: [
{
name: 'Cipher does not check for integrity first?',
url:
'https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first',
},
],
},
{
id: 5,
report_type: 'sast',
name:
'Remote command execution due to flaw in the include params attribute of URL and Anchor tags for org.apache.struts/struts2core',
severity: 'low',
confidence: '',
scanner: {
external_id: 'find_sec_bugs',
name: 'Find Security Bugs',
},
identifiers: [
{
external_type: 'CVE',
external_id: 'CVE-2018-1234',
name: 'CVE-2018-1234',
url: 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234',
},
{
external_type: 'CVE',
external_id: 'CVE-2018-1234',
name: 'CVE-2018-1234',
url: 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234',
},
],
project_fingerprint: '4e5b6966dd100170b4b1ad599c7058cce91b57b4',
project: {
id: 1,
name: 'project1',
full_path: '/namespace1/project1',
full_name: 'Gitab.org / security-products / staging',
},
dismissal_feedback: {
id: 1,
project_id: 1,
author: {
id: 6,
name: 'John Doe7',
username: 'user6',
state: 'active',
avatar_url:
'https://www.gravatar.com/avatar/3de3cc5a52553af613b6c457da6c219a?s=80&d=identicon',
web_url: 'http://localhost/user6',
status_tooltip_html: null,
path: '/user6',
},
issue_iid: null,
pipeline: {
id: 2,
path: '/namespace5/project5/pipelines/2',
},
category: 'sast',
feedback_type: 'dismissal',
branch: 'master',
project_fingerprint: '4e5b6966dd100170b4b1ad599c7058cce91b57b4',
destroy_vulnerability_feedback_dismissal_path: 'https://example.com/feedback_dismissal_path',
},
issue_feedback: {
id: 2,
project_id: 1,
author: {
id: 8,
name: 'John Doe9',
username: 'user8',
state: 'active',
avatar_url:
'https://www.gravatar.com/avatar/51798cfc94af924ac2dffb7083baa6f4?s=80&d=identicon',
web_url: 'http://localhost/user8',
status_tooltip_html: null,
path: '/user8',
},
issue_iid: 1,
pipeline: {
id: 3,
path: '/namespace6/project6/pipelines/3',
},
issue_url: 'http://localhost/namespace1/project1/issues/1',
category: 'sast',
feedback_type: 'issue',
branch: 'master',
project_fingerprint: '4e5b6966dd100170b4b1ad599c7058cce91b57b4',
},
create_vulnerability_feedback_issue_path: 'https://example.com/vulnerability_feedback',
create_vulnerability_feedback_dismissal_path: 'https://example.com/vulnerability_feedback',
description: 'The cipher does not provide data integrity update 1',
solution:
'GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.',
location: {
file: 'maven/src/main/java/com/gitlab/security_products/tests/App.java',
start_line: 29,
end_line: 29,
class: 'com.gitlab.security_products.tests.App',
method: 'insecureCypher',
},
links: [
{
name: 'Cipher does not check for integrity first?',
url:
'https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first',
},
],
},
{
id: 6,
report_type: 'sast',
name: 'Doorkeeper Gem does not revoke token for public clients',
severity: 'unknown',
confidence: '',
scanner: {
external_id: 'find_sec_bugs',
name: 'Find Security Bugs',
},
identifiers: [
{
external_type: 'CVE',
external_id: 'CVE-2018-1234',
name: 'CVE-2018-1234',
url: 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234',
},
{
external_type: 'CVE',
external_id: 'CVE-2018-1234',
name: 'CVE-2018-1234',
url: 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234',
},
],
project_fingerprint: '4e5b6966dd100170b4b1ad599c7058cce91b57b4',
project: {
id: 1,
name: 'project1',
full_path: '/namespace1/project1',
full_name: 'Gitab.org / security-products / binaries',
},
dismissal_feedback: null,
issue_feedback: null,
create_vulnerability_feedback_issue_path: 'https://example.com/vulnerability_feedback',
create_vulnerability_feedback_dismissal_path: 'https://example.com/vulnerability_feedback',
description: 'The cipher does not provide data integrity update 1',
solution:
'GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.',
location: {
file: 'maven/src/main/java/com/gitlab/security_products/tests/App.java',
start_line: 29,
end_line: 29,
class: 'com.gitlab.security_products.tests.App',
method: 'insecureCypher',
},
links: [
{
name: 'Cipher does not check for integrity first?',
url:
'https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first',
},
],
},
{
id: 7,
report_type: 'sast',
name: 'Insecure variable usage',
severity: 'high',
confidence: 'low',
scanner: {
external_id: 'find_sec_bugs',
name: 'Find Security Bugs',
},
identifiers: [
{
external_type: 'CVE',
external_id: 'CVE-2018-1234',
name: 'CVE-2018-1234',
url: 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234',
},
{
external_type: 'CVE',
external_id: 'CVE-2018-1234',
name: 'CVE-2018-1234',
url: 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234',
},
],
project_fingerprint: '4e5b6966dd100170b4b1ad599c7058cce91b57b4',
project: {
id: 1,
name: 'project1',
full_path: '/namespace1/project1',
full_name: 'Gitab.org / security-products / codequality',
},
dismissal_feedback: null,
issue_feedback: {
id: 7,
project_id: 1,
author: {
id: 8,
name: 'John Doe9',
username: 'user8',
state: 'active',
avatar_url:
'https://www.gravatar.com/avatar/51798cfc94af924ac2dffb7083baa6f4?s=80&d=identicon',
web_url: 'http://localhost/user8',
status_tooltip_html: null,
path: '/user8',
},
issue_iid: null,
pipeline: {
id: 3,
path: '/namespace6/project6/pipelines/3',
},
issue_url: null,
category: 'sast',
feedback_type: 'issue',
branch: 'master',
project_fingerprint: '4e5b6966dd100170b4b1ad599c7058cce91b57b4',
},
vulnerability_feedback_issue_path: 'https://example.com/vulnerability_feedback',
vulnerability_feedback_dismissal_path: 'https://example.com/vulnerability_feedback',
description: 'The cipher does not provide data integrity update 1',
solution:
'GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.',
location: {
file: 'maven/src/main/java/com/gitlab/security_products/tests/App.java',
start_line: 29,
end_line: 29,
class: 'com.gitlab.security_products.tests.App',
method: 'insecureCypher',
},
links: [
{
name: 'Cipher does not check for integrity first?',
url:
'https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first',
},
],
},
{
id: 8,
report_type: 'container_scanning',
name: 'CVE-2018-1000001 in glibc',
severity: 'high',
confidence: 'unknown',
scanner: {
external_id: 'clair',
name: 'Clair',
},
identifiers: [
{
external_type: 'cve',
external_id: 'CVE-2018-1000001',
name: 'CVE-2018-1000001',
url: 'https://security-tracker.debian.org/tracker/CVE-2018-1000001',
},
],
project_fingerprint: 'af08ab5aa899af9e74318ebc23684c9aa728ab7c',
create_vulnerability_feedback_issue_path: '/gitlab-org/sec-reports/vulnerability_feedback',
create_vulnerability_feedback_merge_request_path:
'/gitlab-org/sec-reports/vulnerability_feedback',
create_vulnerability_feedback_dismissal_path: '/gitlab-org/sec-reports/vulnerability_feedback',
project: {
id: 19,
name: 'sec-reports',
full_path: '/gitlab-org/sec-reports',
full_name: 'Gitlab Org / sec-reports',
},
dismissal_feedback: null,
issue_feedback: null,
merge_request_feedback: null,
description:
'In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.',
links: [
{
url: 'https://security-tracker.debian.org/tracker/CVE-2018-1000001',
},
],
location: {
image:
'registry.gitlab.com/groulot/container-scanning-test/master:5f21de6956aee99ddb68ae49498662d9872f50ff',
operating_system: 'debian:9',
dependency: {
package: {
name: 'glibc',
},
version: '2.24-11+deb9u3',
},
},
remediations: null,
solution: null,
state: 'opened',
blob_path: '',
},
];
[
{
"id": 1,
"report_type": "sast",
"name": "Insecure variable usage",
"severity": "critical",
"confidence": "high",
"scanner": {
"external_id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"identifiers": [
{
"external_type": "CVE",
"external_id": "CVE-2018-1234",
"name": "CVE-2018-1234",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234"
},
{
"external_type": "CVE",
"external_id": "CVE-2018-1234",
"name": "CVE-2018-1234",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234"
}
],
"project_fingerprint": "4e5b6966dd100170b4b1ad599c7058cce91b57b4",
"project": {
"id": 1,
"name": "project1",
"full_path": "/namespace1/project1",
"full_name": "Gitab.org / security-products / binaries"
},
"dismissal_feedback": null,
"issue_feedback": null,
"create_vulnerability_feedback_issue_path": "https://example.com/vulnerability_feedback",
"create_vulnerability_feedback_dismissal_path": "https://example.com/vulnerability_feedback",
"description": "The cipher does not provide data integrity update 1",
"solution": "GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.",
"location": {
"file": "maven/src/main/java/com/gitlab/security_products/tests/App.java",
"start_line": 29,
"end_line": 29,
"class": "com.gitlab.security_products.tests.App",
"method": "insecureCypher"
},
"links": [
{
"name": "Cipher does not check for integrity first?",
"url": "https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first"
}
],
"instances": [
{
"param": "X-Content-Type-Options",
"method": "GET",
"uri": "http://bikebilly-spring-auto-devops-review-feature-br-3y2gpb.35.192.176.43.xip.io"
},
{
"param": "X-Content-Type-Options",
"method": "GET",
"uri": "http://bikebilly-spring-auto-devops-review-feature-br-3y2gpb.35.192.176.43.xip.io/"
}
]
},
{
"id": 2,
"report_type": "sast",
"name": "Insecure variable usage",
"severity": "critical",
"confidence": "high",
"scanner": {
"external_id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"identifiers": [
{
"external_type": "CVE",
"external_id": "CVE-2018-1234",
"name": "CVE-2018-1234",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234"
},
{
"external_type": "CVE",
"external_id": "CVE-2018-1234",
"name": "CVE-2018-1234",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234"
}
],
"project_fingerprint": "4e5b6966dd100170b4b1ad599c7058cce91b57b4",
"project": {
"id": 1,
"name": "project1",
"full_path": "/namespace1/project1",
"full_name": "Gitab.org / quality / staging"
},
"dismissal_feedback": null,
"issue_feedback": null,
"create_vulnerability_feedback_issue_path": "https://example.com/vulnerability_feedback",
"create_vulnerability_feedback_dismissal_path": "https://example.com/vulnerability_feedback",
"description": "The cipher does not provide data integrity update 1",
"solution": "GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.",
"location": {
"file": "maven/src/main/java/com/gitlab/security_products/tests/App.java",
"start_line": 29,
"end_line": 29,
"class": "com.gitlab.security_products.tests.App",
"method": "insecureCypher"
},
"links": [
{
"name": "Cipher does not check for integrity first?",
"url": "https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first"
}
]
},
{
"id": 3,
"report_type": "sast",
"name": "Insecure variable usage",
"severity": "medium",
"confidence": "",
"scanner": {
"external_id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"identifiers": [
{
"external_type": "CVE",
"external_id": "CVE-2018-1234",
"name": "CVE-2018-1234",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234"
},
{
"external_type": "CVE",
"external_id": "CVE-2018-1234",
"name": "CVE-2018-1234",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234"
}
],
"project_fingerprint": "4e5b6966dd100170b4b1ad599c7058cce91b57b4",
"project": {
"id": 1,
"name": "project1",
"full_path": "/namespace1/project1",
"full_name": "Gitab.org / security-products / licence-management"
},
"dismissal_feedback": {
"id": 1,
"project_id": 1,
"author": {
"id": 6,
"name": "John Doe7",
"username": "user6",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/3de3cc5a52553af613b6c457da6c219a?s=80&d=identicon",
"web_url": "http://localhost/user6",
"status_tooltip_html": null,
"path": "/user6"
},
"issue_iid": null,
"pipeline": {
"id": 2,
"path": "/namespace5/project5/pipelines/2"
},
"category": "sast",
"feedback_type": "dismissal",
"branch": "master",
"project_fingerprint": "4e5b6966dd100170b4b1ad599c7058cce91b57b4",
"destroy_vulnerability_feedback_dismissal_path": "https://example.com/feedback_dismissal_path"
},
"issue_feedback": null,
"create_vulnerability_feedback_issue_path": "https://example.com/vulnerability_feedback",
"create_vulnerability_feedback_dismissal_path": "https://example.com/vulnerability_feedback",
"description": "The cipher does not provide data integrity update 1",
"solution": "GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.",
"location": {
"file": "maven/src/main/java/com/gitlab/security_products/tests/App.java",
"start_line": 29,
"end_line": 29,
"class": "com.gitlab.security_products.tests.App",
"method": "insecureCypher"
},
"links": [
{
"name": "Cipher does not check for integrity first?",
"url": "https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first"
}
]
},
{
"id": 4,
"report_type": "sast",
"name": "Insecure variable usage",
"severity": "high",
"confidence": "low",
"scanner": {
"external_id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"identifiers": [
{
"external_type": "CVE",
"external_id": "CVE-2018-1234",
"name": "CVE-2018-1234",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234"
},
{
"external_type": "CVE",
"external_id": "CVE-2018-1234",
"name": "CVE-2018-1234",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234"
}
],
"project_fingerprint": "4e5b6966dd100170b4b1ad599c7058cce91b57b4",
"project": {
"id": 1,
"name": "project1",
"full_path": "/namespace1/project1",
"full_name": "Gitab.org / security-products / codequality"
},
"dismissal_feedback": null,
"issue_feedback": {
"id": 2,
"project_id": 1,
"author": {
"id": 8,
"name": "John Doe9",
"username": "user8",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/51798cfc94af924ac2dffb7083baa6f4?s=80&d=identicon",
"web_url": "http://localhost/user8",
"status_tooltip_html": null,
"path": "/user8"
},
"issue_iid": 1,
"pipeline": {
"id": 3,
"path": "/namespace6/project6/pipelines/3"
},
"issue_url": "http://localhost/namespace1/project1/issues/1",
"category": "sast",
"feedback_type": "issue",
"branch": "master",
"project_fingerprint": "4e5b6966dd100170b4b1ad599c7058cce91b57b4"
},
"create_vulnerability_feedback_issue_path": "https://example.com/vulnerability_feedback",
"create_vulnerability_feedback_dismissal_path": "https://example.com/vulnerability_feedback",
"description": "The cipher does not provide data integrity update 1",
"solution": "GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.",
"location": {
"file": "maven/src/main/java/com/gitlab/security_products/tests/App.java",
"start_line": 29,
"end_line": 29,
"class": "com.gitlab.security_products.tests.App",
"method": "insecureCypher"
},
"links": [
{
"name": "Cipher does not check for integrity first?",
"url": "https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first"
}
]
},
{
"id": 5,
"report_type": "sast",
"name": "Remote command execution due to flaw in the include params attribute of URL and Anchor tags for org.apache.struts/struts2core",
"severity": "low",
"confidence": "",
"scanner": {
"external_id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"identifiers": [
{
"external_type": "CVE",
"external_id": "CVE-2018-1234",
"name": "CVE-2018-1234",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234"
},
{
"external_type": "CVE",
"external_id": "CVE-2018-1234",
"name": "CVE-2018-1234",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234"
}
],
"project_fingerprint": "4e5b6966dd100170b4b1ad599c7058cce91b57b4",
"project": {
"id": 1,
"name": "project1",
"full_path": "/namespace1/project1",
"full_name": "Gitab.org / security-products / staging"
},
"dismissal_feedback": {
"id": 1,
"project_id": 1,
"author": {
"id": 6,
"name": "John Doe7",
"username": "user6",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/3de3cc5a52553af613b6c457da6c219a?s=80&d=identicon",
"web_url": "http://localhost/user6",
"status_tooltip_html": null,
"path": "/user6"
},
"issue_iid": null,
"pipeline": {
"id": 2,
"path": "/namespace5/project5/pipelines/2"
},
"category": "sast",
"feedback_type": "dismissal",
"branch": "master",
"project_fingerprint": "4e5b6966dd100170b4b1ad599c7058cce91b57b4",
"destroy_vulnerability_feedback_dismissal_path": "https://example.com/feedback_dismissal_path"
},
"issue_feedback": {
"id": 2,
"project_id": 1,
"author": {
"id": 8,
"name": "John Doe9",
"username": "user8",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/51798cfc94af924ac2dffb7083baa6f4?s=80&d=identicon",
"web_url": "http://localhost/user8",
"status_tooltip_html": null,
"path": "/user8"
},
"issue_iid": 1,
"pipeline": {
"id": 3,
"path": "/namespace6/project6/pipelines/3"
},
"issue_url": "http://localhost/namespace1/project1/issues/1",
"category": "sast",
"feedback_type": "issue",
"branch": "master",
"project_fingerprint": "4e5b6966dd100170b4b1ad599c7058cce91b57b4"
},
"create_vulnerability_feedback_issue_path": "https://example.com/vulnerability_feedback",
"create_vulnerability_feedback_dismissal_path": "https://example.com/vulnerability_feedback",
"description": "The cipher does not provide data integrity update 1",
"solution": "GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.",
"location": {
"file": "maven/src/main/java/com/gitlab/security_products/tests/App.java",
"start_line": 29,
"end_line": 29,
"class": "com.gitlab.security_products.tests.App",
"method": "insecureCypher"
},
"links": [
{
"name": "Cipher does not check for integrity first?",
"url": "https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first"
}
]
},
{
"id": 6,
"report_type": "sast",
"name": "Doorkeeper Gem does not revoke token for public clients",
"severity": "unknown",
"confidence": "",
"scanner": {
"external_id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"identifiers": [
{
"external_type": "CVE",
"external_id": "CVE-2018-1234",
"name": "CVE-2018-1234",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234"
},
{
"external_type": "CVE",
"external_id": "CVE-2018-1234",
"name": "CVE-2018-1234",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234"
}
],
"project_fingerprint": "4e5b6966dd100170b4b1ad599c7058cce91b57b4",
"project": {
"id": 1,
"name": "project1",
"full_path": "/namespace1/project1",
"full_name": "Gitab.org / security-products / binaries"
},
"dismissal_feedback": null,
"issue_feedback": null,
"create_vulnerability_feedback_issue_path": "https://example.com/vulnerability_feedback",
"create_vulnerability_feedback_dismissal_path": "https://example.com/vulnerability_feedback",
"description": "The cipher does not provide data integrity update 1",
"solution": "GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.",
"location": {
"file": "maven/src/main/java/com/gitlab/security_products/tests/App.java",
"start_line": 29,
"end_line": 29,
"class": "com.gitlab.security_products.tests.App",
"method": "insecureCypher"
},
"links": [
{
"name": "Cipher does not check for integrity first?",
"url": "https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first"
}
]
},
{
"id": 7,
"report_type": "sast",
"name": "Insecure variable usage",
"severity": "high",
"confidence": "low",
"scanner": {
"external_id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"identifiers": [
{
"external_type": "CVE",
"external_id": "CVE-2018-1234",
"name": "CVE-2018-1234",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234"
},
{
"external_type": "CVE",
"external_id": "CVE-2018-1234",
"name": "CVE-2018-1234",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234"
}
],
"project_fingerprint": "4e5b6966dd100170b4b1ad599c7058cce91b57b4",
"project": {
"id": 1,
"name": "project1",
"full_path": "/namespace1/project1",
"full_name": "Gitab.org / security-products / codequality"
},
"dismissal_feedback": null,
"issue_feedback": {
"id": 7,
"project_id": 1,
"author": {
"id": 8,
"name": "John Doe9",
"username": "user8",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/51798cfc94af924ac2dffb7083baa6f4?s=80&d=identicon",
"web_url": "http://localhost/user8",
"status_tooltip_html": null,
"path": "/user8"
},
"issue_iid": null,
"pipeline": {
"id": 3,
"path": "/namespace6/project6/pipelines/3"
},
"issue_url": null,
"category": "sast",
"feedback_type": "issue",
"branch": "master",
"project_fingerprint": "4e5b6966dd100170b4b1ad599c7058cce91b57b4"
},
"vulnerability_feedback_issue_path": "https://example.com/vulnerability_feedback",
"vulnerability_feedback_dismissal_path": "https://example.com/vulnerability_feedback",
"description": "The cipher does not provide data integrity update 1",
"solution": "GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.",
"location": {
"file": "maven/src/main/java/com/gitlab/security_products/tests/App.java",
"start_line": 29,
"end_line": 29,
"class": "com.gitlab.security_products.tests.App",
"method": "insecureCypher"
},
"links": [
{
"name": "Cipher does not check for integrity first?",
"url": "https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first"
}
]
}
]
import { isSameVulnerability } from 'ee/security_dashboard/store/modules/vulnerabilities/utils';
import mockData from '../../../../javascripts/security_dashboard/store/vulnerabilities/data/mock_data_vulnerabilities.json';
import mockData from '../../../security_dashboard/store/vulnerabilities/data/mock_data_vulnerabilities';
describe('Vulnerabilities utils', () => {
const clone = serializable => JSON.parse(JSON.stringify(serializable));
......
......@@ -4,7 +4,7 @@ import component from 'ee/security_dashboard/components/vulnerability_action_but
import createStore from 'ee/security_dashboard/store';
import { mountComponentWithStore } from 'spec/helpers/vue_mount_component_helper';
import { resetStore } from '../helpers';
import mockDataVulnerabilities from '../store/vulnerabilities/data/mock_data_vulnerabilities.json';
import mockDataVulnerabilities from '../store/vulnerabilities/data/mock_data_vulnerabilities';
describe('Security Dashboard Action Buttons', () => {
const Component = Vue.extend(component);
......
......@@ -9,7 +9,7 @@ import * as types from 'ee/security_dashboard/store/modules/vulnerabilities/muta
import * as actions from 'ee/security_dashboard/store/modules/vulnerabilities/actions';
import axios from '~/lib/utils/axios_utils';
import mockDataVulnerabilities from './data/mock_data_vulnerabilities.json';
import mockDataVulnerabilities from './data/mock_data_vulnerabilities';
import mockDataVulnerabilitiesCount from './data/mock_data_vulnerabilities_count.json';
import mockDataVulnerabilitiesHistory from './data/mock_data_vulnerabilities_history.json';
......
export {
default,
} from '../../../../../frontend/security_dashboard/store/vulnerabilities/data/mock_data_vulnerabilities';
[
{
"id": 1,
"report_type": "sast",
"name": "Insecure variable usage",
"severity": "critical",
"confidence": "high",
"scanner": {
"external_id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"identifiers": [
{
"external_type": "CVE",
"external_id": "CVE-2018-1234",
"name": "CVE-2018-1234",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234"
},
{
"external_type": "CVE",
"external_id": "CVE-2018-1234",
"name": "CVE-2018-1234",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234"
}
],
"project_fingerprint": "4e5b6966dd100170b4b1ad599c7058cce91b57b4",
"project": {
"id": 1,
"name": "project1",
"full_path": "/namespace1/project1",
"full_name": "Gitab.org / security-products / binaries"
},
"dismissal_feedback": null,
"issue_feedback": null,
"create_vulnerability_feedback_issue_path": "https://example.com/vulnerability_feedback",
"create_vulnerability_feedback_dismissal_path": "https://example.com/vulnerability_feedback",
"description": "The cipher does not provide data integrity update 1",
"solution": "GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.",
"location": {
"file": "maven/src/main/java/com/gitlab/security_products/tests/App.java",
"start_line": 29,
"end_line": 29,
"class": "com.gitlab.security_products.tests.App",
"method": "insecureCypher",
"hostname": "https://gitlab.com",
"path": "/user6"
},
"links": [
{
"name": "Cipher does not check for integrity first?",
"url": "https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first"
}
],
"instances": [
{
"param": "X-Content-Type-Options",
"method": "GET",
"uri": "http://bikebilly-spring-auto-devops-review-feature-br-3y2gpb.35.192.176.43.xip.io"
},
{
"param": "X-Content-Type-Options",
"method": "GET",
"uri": "http://bikebilly-spring-auto-devops-review-feature-br-3y2gpb.35.192.176.43.xip.io/"
}
]
},
{
"id": 2,
"report_type": "sast",
"name": "Insecure variable usage",
"severity": "critical",
"confidence": "high",
"scanner": {
"external_id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"identifiers": [
{
"external_type": "CVE",
"external_id": "CVE-2018-1234",
"name": "CVE-2018-1234",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234"
},
{
"external_type": "CVE",
"external_id": "CVE-2018-1234",
"name": "CVE-2018-1234",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234"
}
],
"project_fingerprint": "4e5b6966dd100170b4b1ad599c7058cce91b57b4",
"project": {
"id": 1,
"name": "project1",
"full_path": "/namespace1/project1",
"full_name": "Gitab.org / quality / staging"
},
"dismissal_feedback": null,
"issue_feedback": null,
"create_vulnerability_feedback_issue_path": "https://example.com/vulnerability_feedback",
"create_vulnerability_feedback_dismissal_path": "https://example.com/vulnerability_feedback",
"description": "The cipher does not provide data integrity update 1",
"solution": "GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.",
"location": {
"file": "maven/src/main/java/com/gitlab/security_products/tests/App.java",
"start_line": 29,
"end_line": 29,
"class": "com.gitlab.security_products.tests.App",
"method": "insecureCypher"
},
"links": [
{
"name": "Cipher does not check for integrity first?",
"url": "https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first"
}
]
},
{
"id": 3,
"report_type": "sast",
"name": "Insecure variable usage",
"severity": "medium",
"confidence": "",
"scanner": {
"external_id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"identifiers": [
{
"external_type": "CVE",
"external_id": "CVE-2018-1234",
"name": "CVE-2018-1234",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234"
},
{
"external_type": "CVE",
"external_id": "CVE-2018-1234",
"name": "CVE-2018-1234",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234"
}
],
"project_fingerprint": "4e5b6966dd100170b4b1ad599c7058cce91b57b4",
"project": {
"id": 1,
"name": "project1",
"full_path": "/namespace1/project1",
"full_name": "Gitab.org / security-products / licence-management"
},
"dismissal_feedback": {
"id": 1,
"project_id": 1,
"author": {
"id": 6,
"name": "John Doe7",
"username": "user6",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/3de3cc5a52553af613b6c457da6c219a?s=80&d=identicon",
"web_url": "http://localhost/user6",
"status_tooltip_html": null,
"path": "/user6"
},
"issue_iid": null,
"pipeline": {
"id": 2,
"path": "/namespace5/project5/pipelines/2"
},
"category": "sast",
"feedback_type": "dismissal",
"branch": "master",
"project_fingerprint": "4e5b6966dd100170b4b1ad599c7058cce91b57b4",
"destroy_vulnerability_feedback_dismissal_path": "https://example.com/feedback_dismissal_path"
},
"issue_feedback": null,
"create_vulnerability_feedback_issue_path": "https://example.com/vulnerability_feedback",
"create_vulnerability_feedback_dismissal_path": "https://example.com/vulnerability_feedback",
"description": "The cipher does not provide data integrity update 1",
"solution": "GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.",
"location": {
"file": "maven/src/main/java/com/gitlab/security_products/tests/App.java",
"start_line": 29,
"end_line": 29,
"class": "com.gitlab.security_products.tests.App",
"method": "insecureCypher"
},
"links": [
{
"name": "Cipher does not check for integrity first?",
"url": "https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first"
}
]
},
{
"id": 4,
"report_type": "sast",
"name": "Insecure variable usage",
"severity": "high",
"confidence": "low",
"scanner": {
"external_id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"identifiers": [
{
"external_type": "CVE",
"external_id": "CVE-2018-1234",
"name": "CVE-2018-1234",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234"
},
{
"external_type": "CVE",
"external_id": "CVE-2018-1234",
"name": "CVE-2018-1234",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234"
}
],
"project_fingerprint": "4e5b6966dd100170b4b1ad599c7058cce91b57b4",
"project": {
"id": 1,
"name": "project1",
"full_path": "/namespace1/project1",
"full_name": "Gitab.org / security-products / codequality"
},
"dismissal_feedback": null,
"issue_feedback": {
"id": 2,
"project_id": 1,
"author": {
"id": 8,
"name": "John Doe9",
"username": "user8",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/51798cfc94af924ac2dffb7083baa6f4?s=80&d=identicon",
"web_url": "http://localhost/user8",
"status_tooltip_html": null,
"path": "/user8"
},
"issue_iid": 1,
"pipeline": {
"id": 3,
"path": "/namespace6/project6/pipelines/3"
},
"issue_url": "http://localhost/namespace1/project1/issues/1",
"category": "sast",
"feedback_type": "issue",
"branch": "master",
"project_fingerprint": "4e5b6966dd100170b4b1ad599c7058cce91b57b4"
},
"create_vulnerability_feedback_issue_path": "https://example.com/vulnerability_feedback",
"create_vulnerability_feedback_dismissal_path": "https://example.com/vulnerability_feedback",
"description": "The cipher does not provide data integrity update 1",
"solution": "GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.",
"location": {
"file": "maven/src/main/java/com/gitlab/security_products/tests/App.java",
"start_line": 29,
"end_line": 29,
"class": "com.gitlab.security_products.tests.App",
"method": "insecureCypher"
},
"links": [
{
"name": "Cipher does not check for integrity first?",
"url": "https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first"
}
]
},
{
"id": 5,
"report_type": "sast",
"name": "Remote command execution due to flaw in the include params attribute of URL and Anchor tags for org.apache.struts/struts2core",
"severity": "low",
"confidence": "",
"scanner": {
"external_id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"identifiers": [
{
"external_type": "CVE",
"external_id": "CVE-2018-1234",
"name": "CVE-2018-1234",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234"
},
{
"external_type": "CVE",
"external_id": "CVE-2018-1234",
"name": "CVE-2018-1234",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234"
}
],
"project_fingerprint": "4e5b6966dd100170b4b1ad599c7058cce91b57b4",
"project": {
"id": 1,
"name": "project1",
"full_path": "/namespace1/project1",
"full_name": "Gitab.org / security-products / staging"
},
"dismissal_feedback": {
"id": 1,
"project_id": 1,
"author": {
"id": 6,
"name": "John Doe7",
"username": "user6",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/3de3cc5a52553af613b6c457da6c219a?s=80&d=identicon",
"web_url": "http://localhost/user6",
"status_tooltip_html": null,
"path": "/user6"
},
"issue_iid": null,
"pipeline": {
"id": 2,
"path": "/namespace5/project5/pipelines/2"
},
"category": "sast",
"feedback_type": "dismissal",
"branch": "master",
"project_fingerprint": "4e5b6966dd100170b4b1ad599c7058cce91b57b4",
"destroy_vulnerability_feedback_dismissal_path": "https://example.com/feedback_dismissal_path"
},
"issue_feedback": {
"id": 2,
"project_id": 1,
"author": {
"id": 8,
"name": "John Doe9",
"username": "user8",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/51798cfc94af924ac2dffb7083baa6f4?s=80&d=identicon",
"web_url": "http://localhost/user8",
"status_tooltip_html": null,
"path": "/user8"
},
"issue_iid": 1,
"pipeline": {
"id": 3,
"path": "/namespace6/project6/pipelines/3"
},
"issue_url": "http://localhost/namespace1/project1/issues/1",
"category": "sast",
"feedback_type": "issue",
"branch": "master",
"project_fingerprint": "4e5b6966dd100170b4b1ad599c7058cce91b57b4"
},
"create_vulnerability_feedback_issue_path": "https://example.com/vulnerability_feedback",
"create_vulnerability_feedback_dismissal_path": "https://example.com/vulnerability_feedback",
"description": "The cipher does not provide data integrity update 1",
"solution": "GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.",
"location": {
"file": "maven/src/main/java/com/gitlab/security_products/tests/App.java",
"start_line": 29,
"end_line": 29,
"class": "com.gitlab.security_products.tests.App",
"method": "insecureCypher"
},
"links": [
{
"name": "Cipher does not check for integrity first?",
"url": "https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first"
}
]
},
{
"id": 6,
"report_type": "sast",
"name": "Doorkeeper Gem does not revoke token for public clients",
"severity": "unknown",
"confidence": "",
"scanner": {
"external_id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"identifiers": [
{
"external_type": "CVE",
"external_id": "CVE-2018-1234",
"name": "CVE-2018-1234",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234"
},
{
"external_type": "CVE",
"external_id": "CVE-2018-1234",
"name": "CVE-2018-1234",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234"
}
],
"project_fingerprint": "4e5b6966dd100170b4b1ad599c7058cce91b57b4",
"project": {
"id": 1,
"name": "project1",
"full_path": "/namespace1/project1",
"full_name": "Gitab.org / security-products / binaries"
},
"dismissal_feedback": null,
"issue_feedback": null,
"create_vulnerability_feedback_issue_path": "https://example.com/vulnerability_feedback",
"create_vulnerability_feedback_dismissal_path": "https://example.com/vulnerability_feedback",
"description": "The cipher does not provide data integrity update 1",
"solution": "GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.",
"location": {
"file": "maven/src/main/java/com/gitlab/security_products/tests/App.java",
"start_line": 29,
"end_line": 29,
"class": "com.gitlab.security_products.tests.App",
"method": "insecureCypher"
},
"links": [
{
"name": "Cipher does not check for integrity first?",
"url": "https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first"
}
]
},
{
"id": 7,
"report_type": "sast",
"name": "Insecure variable usage",
"severity": "high",
"confidence": "low",
"scanner": {
"external_id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"identifiers": [
{
"external_type": "CVE",
"external_id": "CVE-2018-1234",
"name": "CVE-2018-1234",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234"
},
{
"external_type": "CVE",
"external_id": "CVE-2018-1234",
"name": "CVE-2018-1234",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1234"
}
],
"project_fingerprint": "4e5b6966dd100170b4b1ad599c7058cce91b57b4",
"project": {
"id": 1,
"name": "project1",
"full_path": "/namespace1/project1",
"full_name": "Gitab.org / security-products / codequality"
},
"dismissal_feedback": null,
"issue_feedback": {
"id": 7,
"project_id": 1,
"author": {
"id": 8,
"name": "John Doe9",
"username": "user8",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/51798cfc94af924ac2dffb7083baa6f4?s=80&d=identicon",
"web_url": "http://localhost/user8",
"status_tooltip_html": null,
"path": "/user8"
},
"issue_iid": null,
"pipeline": {
"id": 3,
"path": "/namespace6/project6/pipelines/3"
},
"issue_url": null,
"category": "sast",
"feedback_type": "issue",
"branch": "master",
"project_fingerprint": "4e5b6966dd100170b4b1ad599c7058cce91b57b4"
},
"vulnerability_feedback_issue_path": "https://example.com/vulnerability_feedback",
"vulnerability_feedback_dismissal_path": "https://example.com/vulnerability_feedback",
"description": "The cipher does not provide data integrity update 1",
"solution": "GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.",
"location": {
"file": "maven/src/main/java/com/gitlab/security_products/tests/App.java",
"start_line": 29,
"end_line": 29,
"class": "com.gitlab.security_products.tests.App",
"method": "insecureCypher"
},
"links": [
{
"name": "Cipher does not check for integrity first?",
"url": "https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first"
}
]
},
{
"id": 8,
"report_type": "container_scanning",
"name": "CVE-2018-1000001 in glibc",
"severity": "high",
"confidence": "unknown",
"scanner": {
"external_id": "clair",
"name": "Clair"
},
"identifiers": [
{
"external_type": "cve",
"external_id": "CVE-2018-1000001",
"name": "CVE-2018-1000001",
"url": "https://security-tracker.debian.org/tracker/CVE-2018-1000001"
}
],
"project_fingerprint": "af08ab5aa899af9e74318ebc23684c9aa728ab7c",
"create_vulnerability_feedback_issue_path": "/gitlab-org/sec-reports/vulnerability_feedback",
"create_vulnerability_feedback_merge_request_path": "/gitlab-org/sec-reports/vulnerability_feedback",
"create_vulnerability_feedback_dismissal_path": "/gitlab-org/sec-reports/vulnerability_feedback",
"project": {
"id": 19,
"name": "sec-reports",
"full_path": "/gitlab-org/sec-reports",
"full_name": "Gitlab Org / sec-reports"
},
"dismissal_feedback": null,
"issue_feedback": null,
"merge_request_feedback": null,
"description": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.",
"links": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2018-1000001"
}
],
"location": {
"image": "registry.gitlab.com/groulot/container-scanning-test/master:5f21de6956aee99ddb68ae49498662d9872f50ff",
"operating_system": "debian:9",
"dependency": {
"package": {
"name": "glibc"
},
"version": "2.24-11+deb9u3"
}
},
"remediations": null,
"solution": null,
"state": "opened",
"blob_path": ""
}
]
......@@ -2,7 +2,7 @@ import createState from 'ee/security_dashboard/store/modules/vulnerabilities/sta
import * as types from 'ee/security_dashboard/store/modules/vulnerabilities/mutation_types';
import mutations from 'ee/security_dashboard/store/modules/vulnerabilities/mutations';
import { DAYS } from 'ee/security_dashboard/store/modules/vulnerabilities/constants';
import mockData from './data/mock_data_vulnerabilities.json';
import mockData from './data/mock_data_vulnerabilities';
describe('vulnerabilities module mutations', () => {
let state;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment