Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
b24538af
Commit
b24538af
authored
Aug 18, 2020
by
Jonathan Schafer
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add check for identifiers when creating finding
Added tests and test file
parent
8393f464
Changes
5
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
725 additions
and
1 deletion
+725
-1
ee/app/services/security/store_report_service.rb
ee/app/services/security/store_report_service.rb
+1
-1
ee/changelogs/unreleased/235164-sidekiq-storesecurityreportsworker-nomethoderror-undefined-meth.yml
...oresecurityreportsworker-nomethoderror-undefined-meth.yml
+5
-0
ee/spec/factories/ci/job_artifacts.rb
ee/spec/factories/ci/job_artifacts.rb
+10
-0
ee/spec/fixtures/security_reports/master/gl-sast-missing-identifiers.json
.../security_reports/master/gl-sast-missing-identifiers.json
+686
-0
ee/spec/services/security/store_report_service_spec.rb
ee/spec/services/security/store_report_service_spec.rb
+23
-0
No files found.
ee/app/services/security/store_report_service.rb
View file @
b24538af
...
@@ -42,7 +42,7 @@ module Security
...
@@ -42,7 +42,7 @@ module Security
end
end
def
create_vulnerability_finding
(
finding
)
def
create_vulnerability_finding
(
finding
)
return
if
finding
.
scanner
.
blank?
return
if
finding
.
scanner
.
blank?
||
finding
.
primary_identifier
.
blank?
vulnerability_params
=
finding
.
to_hash
.
except
(
:compare_key
,
:identifiers
,
:location
,
:scanner
)
vulnerability_params
=
finding
.
to_hash
.
except
(
:compare_key
,
:identifiers
,
:location
,
:scanner
)
vulnerability_finding
=
create_or_find_vulnerability_finding
(
finding
,
vulnerability_params
)
vulnerability_finding
=
create_or_find_vulnerability_finding
(
finding
,
vulnerability_params
)
...
...
ee/changelogs/unreleased/235164-sidekiq-storesecurityreportsworker-nomethoderror-undefined-meth.yml
0 → 100644
View file @
b24538af
---
title
:
Add identifier check when creating vulnerability findings
merge_request
:
39650
author
:
type
:
fixed
ee/spec/factories/ci/job_artifacts.rb
View file @
b24538af
...
@@ -179,6 +179,16 @@ FactoryBot.define do
...
@@ -179,6 +179,16 @@ FactoryBot.define do
end
end
end
end
trait
:sast_with_missing_identifiers
do
file_type
{
:sast
}
file_format
{
:raw
}
after
(
:build
)
do
|
artifact
,
_
|
artifact
.
file
=
fixture_file_upload
(
Rails
.
root
.
join
(
'ee/spec/fixtures/security_reports/master/gl-sast-missing-identifiers.json'
),
'application/json'
)
end
end
trait
:license_management
do
trait
:license_management
do
to_create
{
|
instance
|
instance
.
save!
(
validate:
false
)
}
to_create
{
|
instance
|
instance
.
save!
(
validate:
false
)
}
...
...
ee/spec/fixtures/security_reports/master/gl-sast-missing-identifiers.json
0 → 100644
View file @
b24538af
This diff is collapsed.
Click to expand it.
ee/spec/services/security/store_report_service_spec.rb
View file @
b24538af
...
@@ -203,6 +203,29 @@ RSpec.describe Security::StoreReportService, '#execute' do
...
@@ -203,6 +203,29 @@ RSpec.describe Security::StoreReportService, '#execute' do
expect
{
subject
}.
not_to
raise_error
expect
{
subject
}.
not_to
raise_error
end
end
end
end
context
'when the finding does not include a primary identifier'
do
let
(
:bad_pipeline
)
{
create
(
:ci_pipeline
,
project:
project
)
}
let
(
:bad_build
)
{
create
(
:ci_build
,
pipeline:
bad_pipeline
)
}
let!
(
:bad_artifact
)
{
create
(
:ee_ci_job_artifact
,
:sast_with_missing_identifiers
,
job:
bad_build
)
}
let
(
:bad_report
)
{
bad_pipeline
.
security_reports
.
get_report
(
report_type
.
to_s
,
bad_artifact
)
}
let
(
:report_type
)
{
:sast
}
before
do
project
.
add_developer
(
user
)
allow
(
bad_pipeline
).
to
receive
(
:user
).
and_return
(
user
)
end
subject
{
described_class
.
new
(
bad_pipeline
,
bad_report
).
execute
}
it
'does not create a new finding'
do
expect
{
subject
}.
not_to
change
{
Vulnerabilities
::
Finding
.
count
}
end
it
'does not raise an error'
do
expect
{
subject
}.
not_to
raise_error
end
end
end
end
context
'with existing data from same pipeline'
do
context
'with existing data from same pipeline'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment