Commit 9c880db3 authored by Lucas Charles's avatar Lucas Charles

chore: Update gl-sast-report.json fixtures to latest report format

Previous reports were very outdated and unrealistic, featuring mixed
finding reports.

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/326511
parent 0f5d90d2
......@@ -112,13 +112,13 @@ RSpec.describe Security::FindingsFinder do
subject { finder_result.total_pages }
context 'when the per_page is not provided' do
it { is_expected.to be(2) }
it { is_expected.to be(1) }
end
context 'when the per_page is provided' do
let(:per_page) { 100 }
let(:per_page) { 3 }
it { is_expected.to be(1) }
it { is_expected.to be(3) }
end
end
......@@ -126,13 +126,13 @@ RSpec.describe Security::FindingsFinder do
subject { finder_result.total_count }
context 'when the scope is not provided' do
it { is_expected.to be(35) }
it { is_expected.to be(8) }
end
context 'when the scope is provided as `all`' do
let(:scope) { 'all' }
it { is_expected.to be(36) }
it { is_expected.to be(8) }
end
end
......@@ -140,6 +140,9 @@ RSpec.describe Security::FindingsFinder do
subject { finder_result.next_page }
context 'when the page is not provided' do
# Limit per_page to force pagination on smaller dataset
let(:per_page) { 2 }
it { is_expected.to be(2) }
end
......@@ -159,6 +162,8 @@ RSpec.describe Security::FindingsFinder do
context 'when the page is provided' do
let(:page) { 2 }
# Limit per_page to force pagination on smaller dataset
let(:per_page) { 2 }
it { is_expected.to be(1) }
end
......@@ -172,24 +177,12 @@ RSpec.describe Security::FindingsFinder do
%w[
4ae096451135db224b9e16818baaca8096896522
0bfcfbb70b15a7cecef9a1ea39df15ecfd88949f
117590fc6b3841014366f335f494d1aa36ce7b46
8fac98c156431a8bdb7a69a935cc564c314ab776
95566733fc91301623055363a77124410592af7e
0314c9673160662292cfab1af6dc5c880fb73717
4e44f4045e2a27d147d08895acf8df502f440f96
b5f82291ed084fe134af5a9b90a8078ab802a6cc
98366a28fa80b23a1dafe2b36e239a04909495c4
157f362acf654c60e224400f59a088e1c01b369f
b9c0d1cdc7cb9c180ebb6981abbddc2df0172509
cefacf9f36c487d04f33c59f22e6c402bff5300a
d533c3a12403b6c6033a50b53f9c73f894a40fc6
92c7bdc63a9908bddbc5b66c95e93e99a1927879
dd482eab94e695ae85c1a883c4dbe4c74a7e6b2c
be6f6e4fb5bdfd8819e70d930b32798b38a361e0
f603dd8517800823df02a8f1e5621b56c00710d8
21b17b6ced16fe507dd5b71bca24f0515d04fb7e
f1dde46676cd2a8e48f0837e5dae77087419b09c
fec8863c5c1b4ed58eddf7722a9f1598af3aca70
e325e114daf41074d41d1ebe1869158c4f7594dc
baf3e36cda35331daed7a3e80155533d552844fa
3204893d5894c74aaee86ce5bc28427f9f14e512
98366a28fa80b23a1dafe2b36e239a04909495c4
9a644ee1b89ac29d6175dc1170914f47b0531635
]
end
......@@ -198,23 +191,12 @@ RSpec.describe Security::FindingsFinder do
context 'when the page is provided' do
let(:page) { 2 }
# Limit per_page to force pagination on smaller dataset
let(:per_page) { 2 }
let(:expected_fingerprints) do
%w[
51026f8933c463b316c5bc33adb462e4a6f6cff2
45cb4c0323b0b4a1adcb66fa1d0684d53e15cc27
48f71ab14afcf0f497fb238dc4289294b93873b0
18fe6882cdac0f3eac7784a33c9daf20109010ce
2cae57e97785a8aef9ae4ed947093d6a908bcc52
857969b55ba97d5e1c06ab920b470b009c2f3274
e3b452f63d8979e6f3e4839c6ec14b62917758e4
63dfc168b8c01a446088c9b8cf68a7d4a2a0013b
7b0792ce8db4e2cb74083490e6a87176accea102
30ab265fb9e816976b740beb0557ca79e8653bb6
81a3b7c4885e64f9013ac904bf118a05bcb7732d
ecd3b645971fc2682f5cb23d938037c6f072207f
55c41a63d2c9c3ea243b9f9cd3254d68fbee2b6b
3204893d5894c74aaee86ce5bc28427f9f14e512
157f362acf654c60e224400f59a088e1c01b369f
0bfcfbb70b15a7cecef9a1ea39df15ecfd88949f
baf3e36cda35331daed7a3e80155533d552844fa
]
end
......@@ -222,44 +204,10 @@ RSpec.describe Security::FindingsFinder do
end
context 'when the per_page is provided' do
let(:per_page) { 40 }
let(:per_page) { 1 }
let(:expected_fingerprints) do
%w[
3204893d5894c74aaee86ce5bc28427f9f14e512
157f362acf654c60e224400f59a088e1c01b369f
4ae096451135db224b9e16818baaca8096896522
d533c3a12403b6c6033a50b53f9c73f894a40fc6
b9c0d1cdc7cb9c180ebb6981abbddc2df0172509
98366a28fa80b23a1dafe2b36e239a04909495c4
b5f82291ed084fe134af5a9b90a8078ab802a6cc
4e44f4045e2a27d147d08895acf8df502f440f96
8fac98c156431a8bdb7a69a935cc564c314ab776
95566733fc91301623055363a77124410592af7e
0314c9673160662292cfab1af6dc5c880fb73717
117590fc6b3841014366f335f494d1aa36ce7b46
0bfcfbb70b15a7cecef9a1ea39df15ecfd88949f
92c7bdc63a9908bddbc5b66c95e93e99a1927879
cefacf9f36c487d04f33c59f22e6c402bff5300a
dd482eab94e695ae85c1a883c4dbe4c74a7e6b2c
48f71ab14afcf0f497fb238dc4289294b93873b0
45cb4c0323b0b4a1adcb66fa1d0684d53e15cc27
e3b452f63d8979e6f3e4839c6ec14b62917758e4
857969b55ba97d5e1c06ab920b470b009c2f3274
63dfc168b8c01a446088c9b8cf68a7d4a2a0013b
7b0792ce8db4e2cb74083490e6a87176accea102
2cae57e97785a8aef9ae4ed947093d6a908bcc52
18fe6882cdac0f3eac7784a33c9daf20109010ce
e325e114daf41074d41d1ebe1869158c4f7594dc
51026f8933c463b316c5bc33adb462e4a6f6cff2
fec8863c5c1b4ed58eddf7722a9f1598af3aca70
f1dde46676cd2a8e48f0837e5dae77087419b09c
21b17b6ced16fe507dd5b71bca24f0515d04fb7e
be6f6e4fb5bdfd8819e70d930b32798b38a361e0
f603dd8517800823df02a8f1e5621b56c00710d8
30ab265fb9e816976b740beb0557ca79e8653bb6
81a3b7c4885e64f9013ac904bf118a05bcb7732d
55c41a63d2c9c3ea243b9f9cd3254d68fbee2b6b
ecd3b645971fc2682f5cb23d938037c6f072207f
]
end
......@@ -270,18 +218,10 @@ RSpec.describe Security::FindingsFinder do
let(:severity_levels) { [:medium] }
let(:expected_fingerprints) do
%w[
b5f82291ed084fe134af5a9b90a8078ab802a6cc
4e44f4045e2a27d147d08895acf8df502f440f96
8fac98c156431a8bdb7a69a935cc564c314ab776
95566733fc91301623055363a77124410592af7e
0314c9673160662292cfab1af6dc5c880fb73717
117590fc6b3841014366f335f494d1aa36ce7b46
0bfcfbb70b15a7cecef9a1ea39df15ecfd88949f
d533c3a12403b6c6033a50b53f9c73f894a40fc6
9a644ee1b89ac29d6175dc1170914f47b0531635
b9c0d1cdc7cb9c180ebb6981abbddc2df0172509
98366a28fa80b23a1dafe2b36e239a04909495c4
92c7bdc63a9908bddbc5b66c95e93e99a1927879
cefacf9f36c487d04f33c59f22e6c402bff5300a
baf3e36cda35331daed7a3e80155533d552844fa
]
end
......@@ -292,10 +232,7 @@ RSpec.describe Security::FindingsFinder do
let(:confidence_levels) { [:low] }
let(:expected_fingerprints) do
%w[
30ab265fb9e816976b740beb0557ca79e8653bb6
81a3b7c4885e64f9013ac904bf118a05bcb7732d
55c41a63d2c9c3ea243b9f9cd3254d68fbee2b6b
ecd3b645971fc2682f5cb23d938037c6f072207f
98366a28fa80b23a1dafe2b36e239a04909495c4
]
end
......@@ -321,25 +258,13 @@ RSpec.describe Security::FindingsFinder do
let(:expected_fingerprints) do
%w[
4ae096451135db224b9e16818baaca8096896522
157f362acf654c60e224400f59a088e1c01b369f
baf3e36cda35331daed7a3e80155533d552844fa
0bfcfbb70b15a7cecef9a1ea39df15ecfd88949f
117590fc6b3841014366f335f494d1aa36ce7b46
8fac98c156431a8bdb7a69a935cc564c314ab776
95566733fc91301623055363a77124410592af7e
0314c9673160662292cfab1af6dc5c880fb73717
4e44f4045e2a27d147d08895acf8df502f440f96
b5f82291ed084fe134af5a9b90a8078ab802a6cc
98366a28fa80b23a1dafe2b36e239a04909495c4
b9c0d1cdc7cb9c180ebb6981abbddc2df0172509
cefacf9f36c487d04f33c59f22e6c402bff5300a
d533c3a12403b6c6033a50b53f9c73f894a40fc6
92c7bdc63a9908bddbc5b66c95e93e99a1927879
dd482eab94e695ae85c1a883c4dbe4c74a7e6b2c
be6f6e4fb5bdfd8819e70d930b32798b38a361e0
f603dd8517800823df02a8f1e5621b56c00710d8
db759283b7fb13eae48a3f60db4c7506cdab8f26
21b17b6ced16fe507dd5b71bca24f0515d04fb7e
f1dde46676cd2a8e48f0837e5dae77087419b09c
fec8863c5c1b4ed58eddf7722a9f1598af3aca70
3204893d5894c74aaee86ce5bc28427f9f14e512
9a644ee1b89ac29d6175dc1170914f47b0531635
]
end
......
......@@ -262,7 +262,7 @@ RSpec.describe Security::PipelineVulnerabilitiesFinder do
subject { described_class.new(pipeline: pipeline).execute }
it 'returns all vulnerabilities with all scanners available' do
expect(subject.findings.map(&:scanner).map(&:external_id).uniq).to match_array %w[bandit bundler_audit find_sec_bugs flawfinder gemnasium klar zaproxy]
expect(subject.findings.map(&:scanner).map(&:external_id).uniq).to match_array %w[bundler_audit find_sec_bugs gemnasium klar zaproxy]
end
end
......@@ -277,11 +277,11 @@ RSpec.describe Security::PipelineVulnerabilitiesFinder do
context 'by all filters' do
context 'with found entity' do
let(:params) { { report_type: %w[sast dast container_scanning dependency_scanning], scanner: %w[bandit bundler_audit find_sec_bugs flawfinder gemnasium klar zaproxy], scope: 'all' } }
let(:params) { { report_type: %w[sast dast container_scanning dependency_scanning], scanner: %w[bundler_audit find_sec_bugs gemnasium klar zaproxy], scope: 'all' } }
it 'filters by all params' do
expect(subject.findings.count).to eq(cs_count + dast_count + ds_count + sast_count)
expect(subject.findings.map(&:scanner).map(&:external_id).uniq).to match_array %w[bandit bundler_audit find_sec_bugs flawfinder gemnasium klar zaproxy]
expect(subject.findings.map(&:scanner).map(&:external_id).uniq).to match_array %w[bundler_audit find_sec_bugs gemnasium klar zaproxy]
expect(subject.findings.map(&:confidence).uniq).to match_array(%w[unknown low medium high])
expect(subject.findings.map(&:severity).uniq).to match_array(%w[unknown low medium high critical info])
end
......@@ -326,7 +326,7 @@ RSpec.describe Security::PipelineVulnerabilitiesFinder do
let(:confirmed_fingerprint) do
Digest::SHA1.hexdigest(
'python/hardcoded/hardcoded-tmp.py:52865813c884a507be1f152d654245af34aba8a391626d01f1ab6d3f52ec8779:B108')
'groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:29:CIPHER_INTEGRITY')
end
let(:resolved_fingerprint) do
......
......@@ -11,9 +11,9 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Sast do
let(:created_at) { 2.weeks.ago }
context "when parsing valid reports" do
where(:report_format, :scanner_length) do
:sast | 4
:sast_deprecated | 3
where(:report_format, :report_version, :scanner_length, :finding_length, :identifier_length, :file_path, :line) do
:sast | '14.0.0' | 1 | 5 | 6 | 'groovy/src/main/java/com/gitlab/security_products/tests/App.groovy' | 47
:sast_deprecated | '1.2' | 3 | 33 | 17 | 'python/hardcoded/hardcoded-tmp.py' | 1
end
with_them do
......@@ -25,8 +25,8 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Sast do
end
it "parses all identifiers and findings" do
expect(report.findings.length).to eq(33)
expect(report.identifiers.length).to eq(17)
expect(report.findings.length).to eq(finding_length)
expect(report.identifiers.length).to eq(identifier_length)
expect(report.scanners.length).to eq(scanner_length)
end
......@@ -35,16 +35,14 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Sast do
expect(location).to be_a(::Gitlab::Ci::Reports::Security::Locations::Sast)
expect(location).to have_attributes(
file_path: 'python/hardcoded/hardcoded-tmp.py',
start_line: 1,
end_line: 1,
class_name: nil,
method_name: nil
file_path: file_path,
end_line: line,
start_line: line
)
end
it "generates expected metadata_version" do
expect(report.findings.first.metadata_version).to eq('1.2')
expect(report.findings.first.metadata_version).to eq(report_version)
end
end
end
......
......@@ -226,7 +226,7 @@ RSpec.describe Ci::Build do
it 'parses blobs and add the results to the report' do
subject
expect(security_reports.get_report('sast', artifact).findings.size).to eq(33)
expect(security_reports.get_report('sast', artifact).findings.size).to eq(5)
end
it 'adds the created date to the report' do
......@@ -245,7 +245,7 @@ RSpec.describe Ci::Build do
it 'parses blobs and adds the results to the reports' do
subject
expect(security_reports.get_report('sast', sast_artifact).findings.size).to eq(33)
expect(security_reports.get_report('sast', sast_artifact).findings.size).to eq(5)
expect(security_reports.get_report('dependency_scanning', ds_artifact).findings.size).to eq(4)
expect(security_reports.get_report('container_scanning', cs_artifact).findings.size).to eq(8)
expect(security_reports.get_report('dast', dast_artifact).findings.size).to eq(20)
......
......@@ -137,7 +137,7 @@ RSpec.describe Ci::Pipeline do
expect(subject.reports.keys).to contain_exactly('sast', 'dependency_scanning', 'container_scanning')
# for each of report categories, we have merged 2 reports with the same data (fixture)
expect(subject.get_report('sast', sast1_artifact).findings.size).to eq(33)
expect(subject.get_report('sast', sast1_artifact).findings.size).to eq(5)
expect(subject.get_report('dependency_scanning', ds1_artifact).findings.size).to eq(4)
expect(subject.get_report('container_scanning', cs1_artifact).findings.size).to eq(8)
end
......@@ -146,7 +146,7 @@ RSpec.describe Ci::Pipeline do
let(:build_sast_1) { create(:ci_build, :retried, name: 'sast_1', pipeline: pipeline, project: project) }
it 'does not take retried builds into account' do
expect(subject.get_report('sast', sast1_artifact).findings.size).to eq(33)
expect(subject.get_report('sast', sast1_artifact).findings.size).to eq(5)
expect(subject.get_report('dependency_scanning', ds1_artifact).findings.size).to eq(4)
expect(subject.get_report('container_scanning', cs1_artifact).findings.size).to eq(8)
end
......
......@@ -227,7 +227,7 @@ RSpec.describe Ci::JobArtifact do
subject(:findings_count) { security_report.findings.length }
it { is_expected.to be(33) }
it { is_expected.to be(5) }
context 'for different types' do
where(:file_type, :security_report?) do
......
......@@ -64,7 +64,7 @@ RSpec.describe 'Query.project(fullPath).pipeline(iid).securityReportFindings' do
end
it 'returns all the vulnerability findings' do
expect(security_report_findings.length).to eq(53)
expect(security_report_findings.length).to eq(25)
end
it 'returns all the queried fields', :aggregate_failures do
......
......@@ -78,7 +78,7 @@ RSpec.describe 'Query.project(fullPath).pipeline(iid).securityReportSummary' do
it 'shows the vulnerabilitiesCount and scannedResourcesCount' do
expect(security_report_summary.dig('dast', 'vulnerabilitiesCount')).to eq(20)
expect(security_report_summary.dig('dast', 'scannedResourcesCount')).to eq(26)
expect(security_report_summary.dig('sast', 'vulnerabilitiesCount')).to eq(33)
expect(security_report_summary.dig('sast', 'vulnerabilitiesCount')).to eq(5)
end
it 'shows the first 20 scanned resources' do
......
......@@ -197,7 +197,7 @@ RSpec.describe Ci::CompareSecurityReportsService do
it 'reports new vulnerabilities' do
expect(subject[:status]).to eq(:parsed)
expect(subject[:data]['added'].count).to eq(33)
expect(subject[:data]['added'].count).to eq(5)
expect(subject[:data]['fixed'].count).to eq(0)
end
end
......@@ -218,13 +218,13 @@ RSpec.describe Ci::CompareSecurityReportsService do
it 'reports new vulnerability' do
expect(subject[:data]['added'].count).to eq(1)
expect(subject[:data]['added'].first['identifiers']).to include(a_hash_including('name' => 'CWE-120'))
expect(subject[:data]['added'].first['identifiers']).to include(a_hash_including('name' => 'CWE-327'))
end
it 'reports fixed sast vulnerabilities' do
expect(subject[:data]['fixed'].count).to eq(4)
expect(subject[:data]['fixed'].count).to eq(1)
compare_keys = collect_ids(subject[:data]['fixed'])
expected_keys = %w(char fopen strcpy char)
expected_keys = %w(CIPHER_INTEGRITY)
expect(compare_keys - expected_keys).to eq([])
end
end
......
......@@ -129,7 +129,7 @@ RSpec.describe Security::ReportSummaryService, '#execute' do
it 'returns the vulnerability count' do
expect(result).to match(a_hash_including(
dast: a_hash_including(vulnerabilities_count: 20),
sast: a_hash_including(vulnerabilities_count: 33),
sast: a_hash_including(vulnerabilities_count: 5),
container_scanning: a_hash_including(vulnerabilities_count: 8),
dependency_scanning: a_hash_including(vulnerabilities_count: 4)
))
......
......@@ -31,7 +31,7 @@ RSpec.describe Security::StoreReportService, '#execute' do
using RSpec::Parameterized::TableSyntax
where(:case_name, :trait, :scanners, :identifiers, :findings, :finding_identifiers, :finding_pipelines, :remediations, :fingerprints) do
'with SAST report' | :sast | 3 | 17 | 33 | 39 | 33 | 0 | 2
'with SAST report' | :sast | 1 | 6 | 5 | 7 | 5 | 0 | 2
'with exceeding identifiers' | :with_exceeding_identifiers | 1 | 20 | 1 | 20 | 1 | 0 | 0
'with Dependency Scanning report' | :dependency_scanning_remediation | 1 | 3 | 2 | 3 | 2 | 1 | 0
'with Container Scanning report' | :container_scanning | 1 | 8 | 8 | 8 | 8 | 0 | 0
......@@ -113,9 +113,13 @@ RSpec.describe Security::StoreReportService, '#execute' do
end
context 'with existing data from previous pipeline' do
let(:scanner) { build(:vulnerabilities_scanner, project: project, external_id: 'bandit', name: 'Bandit') }
let(:identifier) { build(:vulnerabilities_identifier, project: project, fingerprint: 'e6dd15eda2137be0034977a85b300a94a4f243a3') }
let(:different_identifier) { build(:vulnerabilities_identifier, project: project, fingerprint: 'fa47ee81f079e5c38ea6edb700b44eaeb62f67ee') }
let(:finding_identifier_fingerprint) do
build(:ci_reports_security_identifier, external_id: "CIPHER_INTEGRITY").fingerprint
end
let(:scanner) { build(:vulnerabilities_scanner, project: project, external_id: 'find_sec_bugs', name: 'Find Security Bugs') }
let(:identifier) { build(:vulnerabilities_identifier, project: project, fingerprint: finding_identifier_fingerprint) }
let(:different_identifier) { build(:vulnerabilities_identifier, project: project) }
let!(:new_artifact) { create(:ee_ci_job_artifact, :sast, job: new_build) }
let(:new_build) { create(:ci_build, pipeline: new_pipeline) }
let(:new_pipeline) { create(:ci_pipeline, project: project) }
......@@ -129,6 +133,15 @@ RSpec.describe Security::StoreReportService, '#execute' do
let(:trait) { :sast }
let(:finding_location_fingerprint) do
build(
:ci_reports_security_locations_sast,
file_path: "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
start_line: "29",
end_line: "29"
).fingerprint
end
let!(:finding) do
create(:vulnerabilities_finding,
pipelines: [pipeline],
......@@ -136,8 +149,8 @@ RSpec.describe Security::StoreReportService, '#execute' do
primary_identifier: identifier,
scanner: scanner,
project: project,
uuid: "80571acf-8660-4bc8-811a-1d8dec9ab6f4",
location_fingerprint: 'd869ba3f0b3347eb2749135a437dc07c8ae0f420')
uuid: "e5388f40-18f5-566d-95c6-d64c6f46a00a",
location_fingerprint: finding_location_fingerprint)
end
let!(:vulnerability) { create(:vulnerability, findings: [finding], project: project) }
......@@ -180,30 +193,30 @@ RSpec.describe Security::StoreReportService, '#execute' do
expect(finding.reload.uuid).to eq(desired_uuid)
end
it 'inserts only new scanners and reuse existing ones' do
expect { subject }.to change { Vulnerabilities::Scanner.count }.by(2)
it 'reuses existing scanner' do
expect { subject }.not_to change { Vulnerabilities::Scanner.count }
end
it 'inserts only new identifiers and reuse existing ones' do
expect { subject }.to change { Vulnerabilities::Identifier.count }.by(16)
expect { subject }.to change { Vulnerabilities::Identifier.count }.by(5)
end
it 'inserts only new findings and reuse existing ones' do
expect { subject }.to change { Vulnerabilities::Finding.count }.by(32)
expect { subject }.to change { Vulnerabilities::Finding.count }.by(4)
end
it 'inserts all finding pipelines (join model) for this new pipeline' do
expect { subject }.to change { Vulnerabilities::FindingPipeline.where(pipeline: new_pipeline).count }.by(33)
expect { subject }.to change { Vulnerabilities::FindingPipeline.where(pipeline: new_pipeline).count }.by(5)
end
it 'inserts new vulnerabilities with data from findings from this new pipeline' do
expect { subject }.to change { Vulnerability.count }.by(32)
expect { subject }.to change { Vulnerability.count }.by(4)
end
it 'updates existing findings with new data' do
subject
expect(finding.reload).to have_attributes(severity: 'medium', name: 'Probable insecure usage of temp file/directory.')
expect(finding.reload).to have_attributes(severity: 'medium', name: 'Cipher with no integrity')
end
it 'updates fingerprints to match new values' do
......@@ -234,7 +247,7 @@ RSpec.describe Security::StoreReportService, '#execute' do
it 'updates existing vulnerability with new data' do
subject
expect(vulnerability.reload).to have_attributes(severity: 'medium', title: 'Probable insecure usage of temp file/directory.', title_html: 'Probable insecure usage of temp file/directory.')
expect(vulnerability.reload).to have_attributes(severity: 'medium', title: 'Cipher with no integrity', title_html: 'Cipher with no integrity')
end
context 'when the existing vulnerability is resolved with the latest report' do
......
......@@ -26,14 +26,27 @@ RSpec.describe Security::StoreScanService do
describe '#execute' do
let_it_be(:unique_finding_uuid) { artifact.security_report.findings[0].uuid }
let_it_be(:duplicate_finding_uuid) { artifact.security_report.findings[5].uuid }
let_it_be(:duplicate_finding_uuid) { artifact.security_report.findings[4].uuid }
let(:finding_location_fingerprint) do
build(
:ci_reports_security_locations_sast,
file_path: "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
start_line: "41",
end_line: "41"
).fingerprint
end
let(:finding_identifier_fingerprint) do
build(:ci_reports_security_identifier, external_id: "PREDICTABLE_RANDOM").fingerprint
end
let(:deduplicate) { false }
let(:service_object) { described_class.new(artifact, known_keys, deduplicate) }
let(:finding_key) do
build(:ci_reports_security_finding_key,
location_fingerprint: 'd869ba3f0b3347eb2749135a437dc07c8ae0f420',
identifier_fingerprint: 'e6dd15eda2137be0034977a85b300a94a4f243a3')
location_fingerprint: finding_location_fingerprint,
identifier_fingerprint: finding_identifier_fingerprint)
end
subject(:store_scan) { service_object.execute }
......
......@@ -64,7 +64,7 @@ RSpec.describe Security::VulnerabilityCountingService, '#execute' do
end
it {
is_expected.to match(a_hash_including("sast" => 33,
is_expected.to match(a_hash_including("sast" => 5,
"dast" => 20,
"container_scanning" => 8,
"dependency_scanning" => 4))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment