Add deprecated versions and cover api_fuzzing

bc090b98 · Michał Zając · c5b67bc4 · bc090b98 · bc090b98
Commit bc090b98 authored Feb 15, 2022 by Michał Zając
2 changed files
--- a/lib/gitlab/ci/parsers/security/validators/schema_validator.rb
+++ b/lib/gitlab/ci/parsers/security/validators/schema_validator.rb
@@ -6,24 +6,37 @@ module Gitlab
      module Security
        module Validators
          class SchemaValidator
+            # https://docs.gitlab.com/ee/update/deprecations.html#147
            SUPPORTED_VERSIONS = {
              cluster_image_scanning: %w[14.0.4 14.0.5 14.0.6 14.1.0],
              container_scanning: %w[14.0.0 14.0.1 14.0.2 14.0.3 14.0.4 14.0.5 14.0.6 14.1.0],
              coverage_fuzzing: %w[14.0.0 14.0.1 14.0.2 14.0.3 14.0.4 14.0.5 14.0.6 14.1.0],
              dast: %w[14.0.0 14.0.1 14.0.2 14.0.3 14.0.4 14.0.5 14.0.6 14.1.0],
+              api_fuzzing: %w[14.0.0 14.0.1 14.0.2 14.0.3 14.0.4 14.0.5 14.0.6 14.1.0],
              dependency_scanning: %w[14.0.0 14.0.1 14.0.2 14.0.3 14.0.4 14.0.5 14.0.6 14.1.0],
              sast: %w[14.0.0 14.0.1 14.0.2 14.0.3 14.0.4 14.0.5 14.0.6 14.1.0],
              secret_detection: %w[14.0.0 14.0.1 14.0.2 14.0.3 14.0.4 14.0.5 14.0.6 14.1.0]
            }.freeze

+            # https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/tags
+            PREVIOUS_RELEASES = %w[10.0.0 12.0.0 12.1.0 13.0.0
+                                   13.1.0 2.3.0-rc1 2.3.0-rc1 2.3.1-rc1 2.3.2-rc1 2.3.3-rc1
+                                   2.4.0-rc1 3.0.0 3.0.0-rc1 3.1.0-rc1 4.0.0-rc1 5.0.0-rc1
+                                   5.0.1-rc1 6.0.0-rc1 6.0.1-rc1 6.1.0-rc1 7.0.0-rc1 7.0.1-rc1
+                                   8.0.0-rc1 8.0.1-rc1 8.1.0-rc1 9.0.0-rc1].freeze
+
+            # These come from https://app.periscopedata.com/app/gitlab/895813/Secure-Scan-metrics?widget=12248944&udv=1385516
+            KNOWN_VERSIONS_TO_DEPRECATE = %w[0.1 1.0 1.0.0 1.2 1.3 10.0.0 12.1.0 13.1.0 2.0 2.1 2.1.0 2.3 2.3.0 2.4 3.0 3.0.0 3.0.6 3.13.2 V2.7.0].freeze
+
            DEPRECATED_VERSIONS = {
-              cluster_image_scanning: %w[],
-              container_scanning: %w[],
-              coverage_fuzzing: %w[],
-              dast: %w[],
-              dependency_scanning: %w[],
-              sast: %w[],
-              secret_detection: %w[]
+              cluster_image_scanning: PREVIOUS_RELEASES + KNOWN_VERSIONS_TO_DEPRECATE + %w[],
+              container_scanning: PREVIOUS_RELEASES + KNOWN_VERSIONS_TO_DEPRECATE + %w[],
+              coverage_fuzzing: PREVIOUS_RELEASES + KNOWN_VERSIONS_TO_DEPRECATE + %w[],
+              dast: PREVIOUS_RELEASES + KNOWN_VERSIONS_TO_DEPRECATE + %w[],
+              api_fuzzing: PREVIOUS_RELEASES + KNOWN_VERSIONS_TO_DEPRECATE + %w[],
+              dependency_scanning: PREVIOUS_RELEASES + KNOWN_VERSIONS_TO_DEPRECATE + %w[],
+              sast: PREVIOUS_RELEASES + KNOWN_VERSIONS_TO_DEPRECATE + %w[],
+              secret_detection: PREVIOUS_RELEASES + KNOWN_VERSIONS_TO_DEPRECATE + %w[]
            }.freeze

            class Schema

--- a/spec/lib/gitlab/ci/parsers/security/validators/schema_validator_spec.rb
+++ b/spec/lib/gitlab/ci/parsers/security/validators/schema_validator_spec.rb
@@ -36,10 +36,12 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do

    context 'every SUPPORTED_VERSION has a corresponding JSON file' do
      described_class::SUPPORTED_VERSIONS.each_key do |report_type|
-        let(:filename) { "#{report_type.to_s.tr("_", "-")}-report-format.json" }
+        # api_fuzzing is covered by DAST schema
+        next if report_type == :api_fuzzing

        described_class::SUPPORTED_VERSIONS[report_type].each do |version|
          it "#{report_type} #{version} schema file is present" do
+            filename = "#{report_type.to_s.tr("_", "-")}-report-format.json"
            full_path = SCHEMA_PATH.join(version, filename)
            expect(File.file?(full_path)).to be true
          end