Commit a930de78 authored by Can Eldem's avatar Can Eldem Committed by James Lopez

Sort vulnerabilities for pipeline dashboard

Consider enum values rather than string
Added further test
parent 51c5859c
---
title: Pipeline vulnerability dashboard sort vulnerabilities by severity then confidence
merge_request: 18863
author:
type: fixed
......@@ -41,7 +41,7 @@ module Security
occurrences.concat(filtered_occurrences)
end
occurrences.sort_by { |x| [x.severity, x.confidence] }
occurrences.sort_by { |x| [-x.severity_value, -x.confidence_value] }
end
private
......
......@@ -221,6 +221,14 @@ module Vulnerabilities
report_type.hash ^ location.hash ^ first_fingerprint.hash
end
def severity_value
self.class.severities[self.severity]
end
def confidence_value
self.class.confidences[self.confidence]
end
protected
def first_fingerprint
......
......@@ -54,15 +54,24 @@ describe Security::PipelineVulnerabilitiesFinder do
context 'by order' do
let(:params) { { report_type: %w[sast] } }
let!(:occurrence1) { build(:vulnerabilities_occurrence, confidence: Vulnerabilities::Occurrence::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Occurrence::SEVERITY_LEVELS[:high]) }
let!(:occurrence2) { build(:vulnerabilities_occurrence, confidence: Vulnerabilities::Occurrence::CONFIDENCE_LEVELS[:medium], severity: Vulnerabilities::Occurrence::SEVERITY_LEVELS[:critical]) }
let!(:occurrence3) { build(:vulnerabilities_occurrence, confidence: Vulnerabilities::Occurrence::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Occurrence::SEVERITY_LEVELS[:critical]) }
let!(:res) { [occurrence3, occurrence2, occurrence1] }
let!(:high_high) { build(:vulnerabilities_occurrence, confidence: :high, severity: :high) }
let!(:critical_medium) { build(:vulnerabilities_occurrence, confidence: :medium, severity: :critical) }
let!(:critical_high) { build(:vulnerabilities_occurrence, confidence: :high, severity: :critical) }
let!(:unknown_high) { build(:vulnerabilities_occurrence, confidence: :high, severity: :unknown) }
let!(:unknown_medium) { build(:vulnerabilities_occurrence, confidence: :medium, severity: :unknown) }
let!(:unknown_low) { build(:vulnerabilities_occurrence, confidence: :low, severity: :unknown) }
it 'orders by severity and confidence' do
allow_any_instance_of(described_class).to receive(:filter).and_return(res)
expect(subject).to eq([occurrence3, occurrence2, occurrence1])
allow_any_instance_of(described_class).to receive(:filter).and_return([
unknown_low,
unknown_medium,
critical_high,
unknown_high,
critical_medium,
high_high
])
expect(subject).to eq([critical_high, critical_medium, high_high, unknown_high, unknown_medium, unknown_low])
end
end
......
......@@ -127,7 +127,7 @@ shared_examples 'getting list of vulnerability findings' do
# occurrences are implicitly sorted by Security::MergeReportsService,
# occurrences order differs from what is present in fixture file
expect(json_response.first['name']).to eq 'Consider possible security implications associated with Popen module.'
expect(json_response.first['name']).to eq 'ECB mode is insecure'
end
it 'returns vulnerabilities with dependency_scanning report_type' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment