Enforce feedback pipeline is in the same project
Why: * By allowing pipelines in other projects to be associated it will expose details about pipelines that may be private to prying eyes. This change addresses the need by: * Add model test case: nonexistent pipeline * Add model test case: pipeline in different project * Add model test case: null pipeline id * Add model test case: valid pipeline id in the same project * Add model test case: only_valid_feedback scope * Add vulnerability_feedback controller test: index with feedback associated with a pipeline in another project in the db * Add vulnerability_feedback controller test: create with nonexistent pipeline * Add vulnerability_feedback controller test: create with pipeline in different project * Add vulnerability_feedback controller test: create with null pipeline id * Add model validation for pipeline to exist when pipeline_id is present * Add model validation for same_project_association on pipeline * Add model scope only_valid_feedback * Update feedback controller index to use only_valid_feedback scope * Loosened schema for vulnerability_feedback controller response as pipeline wasn't required as of yet.
Showing
Please register or sign in to comment