Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
b024b782
Commit
b024b782
authored
Oct 15, 2019
by
mo khan
Committed by
Lin Jen-Shin
Oct 18, 2019
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Apply reviewer feedback
parent
e7d4f2d3
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
13 additions
and
13 deletions
+13
-13
ee/changelogs/unreleased/32765-vuln-check-approvals-required.yml
...gelogs/unreleased/32765-vuln-check-approvals-required.yml
+1
-1
ee/lib/gitlab/ci/reports/security/reports.rb
ee/lib/gitlab/ci/reports/security/reports.rb
+1
-3
ee/spec/lib/gitlab/ci/reports/security/report_spec.rb
ee/spec/lib/gitlab/ci/reports/security/report_spec.rb
+11
-9
No files found.
ee/changelogs/unreleased/32765-vuln-check-approvals-required.yml
View file @
b024b782
---
title
:
Prevent parser errors from approving the License
-Check rule
title
:
Add default empty values to prevent parser errors from approving the Vulnerability
-Check rule
merge_request
:
18423
author
:
type
:
fixed
ee/lib/gitlab/ci/reports/security/reports.rb
View file @
b024b782
...
...
@@ -19,9 +19,7 @@ module Gitlab
end
def
violates_default_policy?
reports
.
values
.
any?
do
|
report
|
report
.
unsafe_severity?
end
reports
.
values
.
any?
{
|
report
|
!
report
.
safe?
}
end
end
end
...
...
ee/spec/lib/gitlab/ci/reports/security/report_spec.rb
View file @
b024b782
...
...
@@ -125,8 +125,9 @@ describe Gitlab::Ci::Reports::Security::Report do
let
(
:commit_sha
)
{
Digest
::
SHA1
.
hexdigest
(
SecureRandom
.
uuid
)
}
%w[unknown Unknown high High critical Critical]
.
each
do
|
severity
|
context
"when the sast report has a
#{
severity
}
severity vulnerability"
do
context
"when the sast report has an unsafe vulnerability"
do
where
(
severity:
%w[unknown Unknown high High critical Critical]
)
with_them
do
let
(
:occurrence
)
{
build
(
:ci_reports_security_occurrence
,
severity:
severity
)
}
before
do
...
...
@@ -134,12 +135,13 @@ describe Gitlab::Ci::Reports::Security::Report do
end
it
{
expect
(
subject
.
unsafe_severity?
).
to
be
(
true
)
}
it
{
expect
(
subject
.
safe?
).
to
be
(
false
)
}
it
{
expect
(
subject
).
not_to
be_safe
}
end
end
%w[medium Medium low Low]
.
each
do
|
severity
|
context
"when the sast report has a
#{
severity
}
severity vulnerability"
do
context
"when the sast report has a medium to low severity vulnerability"
do
where
(
severity:
%w[medium Medium low Low]
)
with_them
do
let
(
:occurrence
)
{
build
(
:ci_reports_security_occurrence
,
severity:
severity
)
}
before
do
...
...
@@ -147,7 +149,7 @@ describe Gitlab::Ci::Reports::Security::Report do
end
it
{
expect
(
subject
.
unsafe_severity?
).
to
be
(
false
)
}
it
{
expect
(
subject
.
safe?
).
to
be
(
true
)
}
it
{
expect
(
subject
).
to
be_safe
}
end
end
...
...
@@ -159,7 +161,7 @@ describe Gitlab::Ci::Reports::Security::Report do
end
it
{
expect
(
subject
.
unsafe_severity?
).
to
be
(
false
)
}
it
{
expect
(
subject
.
safe?
).
to
be
(
true
)
}
it
{
expect
(
subject
).
to
be_safe
}
end
context
"when the sast report has a vulnerability with a blank severity"
do
...
...
@@ -170,12 +172,12 @@ describe Gitlab::Ci::Reports::Security::Report do
end
it
{
expect
(
subject
.
unsafe_severity?
).
to
be
(
false
)
}
it
{
expect
(
subject
.
safe?
).
to
be
(
true
)
}
it
{
expect
(
subject
).
to
be_safe
}
end
context
"when the sast report has zero vulnerabilities"
do
it
{
expect
(
subject
.
unsafe_severity?
).
to
be
(
false
)
}
it
{
expect
(
subject
.
safe?
).
to
be
(
true
)
}
it
{
expect
(
subject
).
to
be_safe
}
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment