Don't parse undefined severity confidence from reports

94700914 · celdem · 51813f5b · 94700914 · 94700914 · 94700914
Commit 94700914 authored Feb 25, 2020 by celdem
4 changed files
--- a/changelogs/unreleased/do-not-parse-undefined-severity-confidence.yml
+++ b/changelogs/unreleased/do-not-parse-undefined-severity-confidence.yml
+---
+title: Do not parse undefined severity and confidence from reports
+merge_request: 25884
+author:
+type: other
--- a/ee/lib/gitlab/ci/parsers/security/common.rb
+++ b/ee/lib/gitlab/ci/parsers/security/common.rb
@@ -93,7 +93,8 @@ module Gitlab
          end

          def parse_level(input)
-            input.blank? ? 'undefined' : input.downcase
+            input = input&.downcase
+            input.blank? || input == 'undefined' ? 'unknown' : input
          end

          def create_location(location_data)

--- a/ee/spec/finders/security/pipeline_vulnerabilities_finder_spec.rb
+++ b/ee/spec/finders/security/pipeline_vulnerabilities_finder_spec.rb
@@ -185,7 +185,7 @@ describe Security::PipelineVulnerabilitiesFinder do
          subject { described_class.new(pipeline: pipeline).execute }

          it 'returns all vulnerability severity levels' do
-            expect(subject.occurrences.map(&:severity).uniq).to match_array(%w[undefined unknown low medium high critical info])
+            expect(subject.occurrences.map(&:severity).uniq).to match_array(%w[unknown low medium high critical info])
          end
        end

@@ -203,7 +203,7 @@ describe Security::PipelineVulnerabilitiesFinder do
          subject { described_class.new(pipeline: pipeline).execute }

          it 'returns all vulnerability confidence levels' do
-            expect(subject.occurrences.map(&:confidence).uniq).to match_array %w[undefined unknown low medium high]
+            expect(subject.occurrences.map(&:confidence).uniq).to match_array %w[unknown low medium high]
          end
        end

@@ -222,8 +222,8 @@ describe Security::PipelineVulnerabilitiesFinder do

          it 'filters by all params' do
            expect(subject.occurrences.count).to eq(cs_count + dast_count + ds_count + sast_count)
-            expect(subject.occurrences.map(&:confidence).uniq).to match_array(%w[undefined unknown low medium high])
-            expect(subject.occurrences.map(&:severity).uniq).to match_array(%w[undefined unknown low medium high critical info])
+            expect(subject.occurrences.map(&:confidence).uniq).to match_array(%w[unknown low medium high])
+            expect(subject.occurrences.map(&:severity).uniq).to match_array(%w[unknown low medium high critical info])
          end
        end


--- a/ee/spec/lib/gitlab/ci/parsers/security/common_spec.rb
+++ b/ee/spec/lib/gitlab/ci/parsers/security/common_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Gitlab::Ci::Parsers::Security::Common do
+  describe '#parse!' do
+    let(:artifact) { create(:ee_ci_job_artifact, :dependency_scanning) }
+    let(:report) { Gitlab::Ci::Reports::Security::Report.new(artifact.file_type, 'sha', 2.weeks.ago) }
+    let(:parser) { described_class.new }
+
+    before do
+      allow(parser).to receive(:create_location).and_return(nil)
+
+      artifact.each_blob do |blob|
+        blob.gsub!("Unknown", "Undefined")
+        parser.parse!(blob, report)
+      end
+    end
+
+    it "converts undefined severity and confidence" do
+      expect(report.occurrences.map(&:severity)).to include("unknown")
+      expect(report.occurrences.map(&:confidence)).to include("unknown")
+      expect(report.occurrences.map(&:severity)).not_to include("undefined")
+      expect(report.occurrences.map(&:confidence)).not_to include("undefined")
+    end
+  end
+end