Commit 909fc0e4 authored by Olivier Gonzalez's avatar Olivier Gonzalez Committed by Lin Jen-Shin

Format feedback issue content for CS vulns

Align with the content displayed in the UI
Support upcoming CS vulnerability objects coming from the group
dashboard.
parent 7261c0f8
---
title: Adapt feedback for Container Scanning vulnerabilities
merge_request: 9655
author:
type: added
......@@ -3,10 +3,6 @@
module Gitlab
module Vulnerabilities
class ContainerScanningVulnerability < BaseVulnerability
def title
"#{@data[:vulnerability]} in #{@data[:namespace]}"
end
# Passthrough properties
%i[
confidence
......@@ -19,18 +15,50 @@ module Gitlab
end
end
def title
format_data(
:name =>
'%{name}',
%i[vulnerability featurename] =>
'%{vulnerability} in %{featurename}',
:vulnerability =>
'%{vulnerability}'
)
end
def description
@data[:description].presence ||
"**#{@data[:namespace]}** is affected by #{@data[:vulnerability]}"
format_data(
:description =>
'%{description}',
%i[featurename featureversion] =>
'**%{featurename}** `%{featureversion}` is affected by %{vulnerability}',
:featurename =>
'**%{featurename}** is affected by %{vulnerability}',
:namespace =>
'**%{namespace}** is affected by %{vulnerability}'
)
end
def solution
if @data[:fixedby].present? &&
@data[:featurename].present? &&
@data[:featureversion].present?
format_data(
:solution =>
'%{solution}',
%i[fixedby featurename featureversion] =>
'Upgrade **%{featurename}** from `%{featureversion}` to `%{fixedby}`',
%i[fixedby featurename] =>
'Upgrade **%{featurename}** to `%{fixedby}`',
:fixedby => 'Upgrade to `%{fixedby}`'
)
end
"Upgrade **#{@data[:featurename]}** from `#{@data[:featureversion]}` to `#{@data[:fixedby]}`"
private
def format_data(definitions)
format = definitions.find do |keys, _|
data.values_at(*Array.wrap(keys)).all?(&:present?)
end
sprintf(format.last, data) if format
end
end
end
......
......@@ -3,62 +3,149 @@
require 'spec_helper'
describe Gitlab::Vulnerabilities::ContainerScanningVulnerability do
let(:vulnerability) { described_class.new(data) }
let(:data) do
{
vulnerability: 'vulnerability',
namespace: 'namespace',
description: 'desc',
severity: 'high',
confidence: 'low',
featurename: 'foo',
featureversion: '1.2.3',
vulnerability: 'CVE-2018-777',
namespace: 'debian:9',
link: 'https://security-tracker.debian.org/tracker/CVE-2018-777',
severity: 'high',
fixedby: '1.4',
confidence: 'low',
identifiers: '42',
links: 'link'
links: 'link'
}
end
where(:getter) do
%i(description severity confidence solution identifiers links)
end
describe 'getters' do
let(:vulnerability) { described_class.new(data) }
where(:getter) do
%i[severity confidence identifiers links]
end
with_them do
it 'returns right value' do
expect(vulnerability.public_send(getter)).to eq(data[getter])
with_them do
it 'returns right value' do
expect(vulnerability.public_send(getter)).to eq(data[getter])
end
end
end
describe '#title' do
it 'composes properly' do
expect(vulnerability.title).to eq('vulnerability in namespace')
subject { described_class.new(data).title }
context 'when there is a name' do
before do
data[:name] = 'Foo is affected by CVE-2018-777'
end
it 'returns the provided name' do
is_expected.to eq('Foo is affected by CVE-2018-777')
end
end
context 'when there is no featurename' do
before do
data[:featurename] = ''
end
it 'formats title using the vulnerability only' do
is_expected.to eq('CVE-2018-777')
end
end
context 'when there is a featurename' do
it 'formats title using the featurename' do
is_expected.to eq('CVE-2018-777 in foo')
end
end
end
describe '#description' do
context 'without description param' do
let(:vulnerability) { described_class.new(data.without(:description)) }
subject { described_class.new(data).description }
context 'when there is a description' do
before do
data[:description] = 'SSE2-optimized memmove implementation problem.'
end
subject { vulnerability.description }
it 'returns the provided description' do
is_expected.to eq('SSE2-optimized memmove implementation problem.')
end
end
context 'when there is no featurename' do
before do
data[:featurename] = ''
end
it 'returns composed description' do
is_expected.to eq('**namespace** is affected by vulnerability')
it 'formats description using the namespace' do
is_expected.to eq('**debian:9** is affected by CVE-2018-777')
end
end
describe '#solution' do
context 'without needed params' do
it 'returns empty solution' do
expect(vulnerability.solution).to be_nil
end
context 'when there is no featureversion' do
before do
data[:featureversion] = ''
end
context 'with all params' do
let(:vulnerability) { described_class.new(fixedby: 'eleven', featurename: 'tardis', featureversion: 'ten') }
it 'formats description using the featurename only' do
is_expected.to eq('**foo** is affected by CVE-2018-777')
end
end
subject { vulnerability.solution }
context 'when featurename and featureversion are present' do
it 'formats description using the featurename and featureversion' do
is_expected.to eq('**foo** `1.2.3` is affected by CVE-2018-777')
end
end
end
describe '#solution' do
subject { described_class.new(data).solution }
context 'when there is a solution' do
before do
data[:solution] = 'Do something about it!'
end
it 'returns the provided solution' do
is_expected.to eq('Do something about it!')
end
end
context 'when there is no fixedby' do
before do
data[:fixedby] = ''
end
it 'returns nil' do
is_expected.to be_nil
end
end
context 'when there is no featurename' do
before do
data[:featurename] = ''
end
it 'formats solution using the fixedby only' do
is_expected.to eq('Upgrade to `1.4`')
end
end
context 'when there is no featureversion' do
before do
data[:featureversion] = ''
end
it 'formats solution using the featurename only' do
is_expected.to eq('Upgrade **foo** to `1.4`')
end
end
it 'composes properly' do
is_expected.to eq('Upgrade **tardis** from `ten` to `eleven`')
end
context 'when featurename and featureversion are present' do
it 'formats solution using the featurename and featureversion' do
is_expected.to eq('Upgrade **foo** from `1.2.3` to `1.4`')
end
end
end
......
......@@ -274,7 +274,7 @@ describe Issues::CreateFromVulnerabilityDataService, '#execute' do
}]
}
end
let(:expected_title) { 'Investigate vulnerability: CVE-2017-15650 in alpine:v3.4' }
let(:expected_title) { 'Investigate vulnerability: CVE-2017-15650 in musl' }
let(:expected_description) do
<<~DESC.chomp
### Description:
......@@ -317,12 +317,12 @@ describe Issues::CreateFromVulnerabilityDataService, '#execute' do
}]
}
end
let(:expected_title) { 'Investigate vulnerability: CVE-2017-15650 in alpine:v3.4' }
let(:expected_title) { 'Investigate vulnerability: CVE-2017-15650 in musl' }
let(:expected_description) do
<<~DESC.chomp
### Description:
**alpine:v3.4** is affected by CVE-2017-15650
**musl** `1.1.14-r15` is affected by CVE-2017-15650
* Severity: Low
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment