Merge branch 'switch-to-new-fp-for-cs' into 'master'

Use new fingerprint as default fingerprint for Container Scanning findings See merge request gitlab-org/gitlab!43145

Merge branch 'switch-to-new-fp-for-cs' into 'master'
Use new fingerprint as default fingerprint for Container Scanning findings See merge request gitlab-org/gitlab!43145
9eea5285 · James Lopez · 3f2d907d · fa43179b · 9eea5285 · 9eea5285
Commit 9eea5285 authored Sep 28, 2020 by James Lopez
4 changed files
--- a/ee/changelogs/unreleased/switch-to-new-fp-for-cs.yml
+++ b/ee/changelogs/unreleased/switch-to-new-fp-for-cs.yml
+---
+title: Use new fingerprint as default fingerprint for Container Scanning findings
+merge_request: 43145
+author:
+type: other
--- a/ee/lib/gitlab/ci/reports/security/locations/container_scanning.rb
+++ b/ee/lib/gitlab/ci/reports/security/locations/container_scanning.rb
@@ -18,15 +18,10 @@ module Gitlab
              @package_version = package_version
            end

-            # temporary, untill existing data updated in DB
-            def new_fingerprint
-              Digest::SHA1.hexdigest("#{docker_image_name_without_tag}:#{package_name}")
-            end
-
            private

            def fingerprint_data
-              "#{operating_system}:#{package_name}"
+              "#{docker_image_name_without_tag}:#{package_name}"
            end

            def docker_image_name_without_tag

--- a/ee/spec/lib/gitlab/ci/reports/security/locations/container_scanning_spec.rb
+++ b/ee/spec/lib/gitlab/ci/reports/security/locations/container_scanning_spec.rb
@@ -13,48 +13,48 @@ RSpec.describe Gitlab::Ci::Reports::Security::Locations::ContainerScanning do
  end

  let(:mandatory_params) { %i[image operating_system] }
-  let(:expected_fingerprint) { Digest::SHA1.hexdigest('debian:9:glibc') }
+  let(:expected_fingerprint) { Digest::SHA1.hexdigest('registry.gitlab.com/my/project:glibc') }

  it_behaves_like 'vulnerability location'

-  describe '#new_fingerprint' do
+  describe 'fingerprint' do
    sha1_of = -> (input) { Digest::SHA1.hexdigest(input) }

    subject { described_class.new(**params) }

    specify do
      params[:image] = 'alpine:3.7.3'
-      expect(subject.new_fingerprint).to eq(sha1_of.call('alpine:3.7.3:glibc'))
+      expect(subject.fingerprint).to eq(sha1_of.call('alpine:3.7.3:glibc'))
    end

    specify do
      params[:image] = 'alpine:3.7'
-      expect(subject.new_fingerprint).to eq(sha1_of.call('alpine:3.7:glibc'))
+      expect(subject.fingerprint).to eq(sha1_of.call('alpine:3.7:glibc'))
    end

    specify do
      params[:image] = 'alpine:8101518288111119448185914762536722131810'
-      expect(subject.new_fingerprint).to eq(sha1_of.call('alpine:glibc'))
+      expect(subject.fingerprint).to eq(sha1_of.call('alpine:glibc'))
    end

    specify do
      params[:image] = 'alpine:1.0.0-beta'
-      expect(subject.new_fingerprint).to eq(sha1_of.call('alpine:1.0.0-beta:glibc'))
+      expect(subject.fingerprint).to eq(sha1_of.call('alpine:1.0.0-beta:glibc'))
    end

    specify do
      params[:image] = 'registry.gitlab.com/gitlab-org/security-products/analyzers/klar/tmp:af864bd61230d3d694eb01d6205b268b4ad63ac0'
-      expect(subject.new_fingerprint).to eq(sha1_of.call('registry.gitlab.com/gitlab-org/security-products/analyzers/klar/tmp:glibc'))
+      expect(subject.fingerprint).to eq(sha1_of.call('registry.gitlab.com/gitlab-org/security-products/analyzers/klar/tmp:glibc'))
    end

    specify do
      params[:image] = 'registry.gitlab.com/gitlab-org/security-products/tests/container-scanning/master:ec301f43f14a2b477806875e49cfc4d3fa0d22c3'
-      expect(subject.new_fingerprint).to eq(sha1_of.call('registry.gitlab.com/gitlab-org/security-products/tests/container-scanning/master:glibc'))
+      expect(subject.fingerprint).to eq(sha1_of.call('registry.gitlab.com/gitlab-org/security-products/tests/container-scanning/master:glibc'))
    end

    specify do
      params[:image] = 'registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0@sha256:bc09fe2e0721dfaeee79364115aeedf2174cce0947b9ae5fe7c33312ee019a4e'
-      expect(subject.new_fingerprint).to eq(sha1_of.call('registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0@sha256:glibc'))
+      expect(subject.fingerprint).to eq(sha1_of.call('registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0@sha256:glibc'))
    end
  end
 end
--- a/ee/spec/services/security/store_report_service_spec.rb
+++ b/ee/spec/services/security/store_report_service_spec.rb
@@ -62,7 +62,7 @@ RSpec.describe Security::StoreReportService, '#execute' do
      let(:report) { pipeline.security_reports.get_report('container_scanning', artifact) }

      it 'saves with new location' do
-        new_locations = report.findings.map(&:location).map(&:new_fingerprint)
+        new_locations = report.findings.map(&:location).map(&:fingerprint)
        expect(subject).to eq({ status: :success })
        saved_locations = Vulnerabilities::Finding.all.map(&:location_fingerprint)
        expect(new_locations).to match_array(saved_locations)
@@ -73,7 +73,7 @@ RSpec.describe Security::StoreReportService, '#execute' do
        expect(subject).to eq({ status: :success })

        old_fingerprint = report.findings.first.location.fingerprint
-        new_fingerprint = report.findings.first.location.new_fingerprint
+        new_fingerprint = report.findings.first.location.fingerprint
        Vulnerabilities::Finding.first.update_column(:location_fingerprint, old_fingerprint)

        described_class.new(pipeline, report).execute