Commit e8bd79d5 authored by Mehmet Emin INAC's avatar Mehmet Emin INAC

Attach remediations to Repor::Security::Finding entities

parent 3d8eb2da
...@@ -57,6 +57,7 @@ module Gitlab ...@@ -57,6 +57,7 @@ module Gitlab
identifiers = create_identifiers(report, data['identifiers']) identifiers = create_identifiers(report, data['identifiers'])
links = create_links(report, data['links']) links = create_links(report, data['links'])
location = create_location(data['location'] || {}) location = create_location(data['location'] || {})
remediations = create_remediations(data['remediations'])
report.add_finding( report.add_finding(
::Gitlab::Ci::Reports::Security::Finding.new( ::Gitlab::Ci::Reports::Security::Finding.new(
...@@ -71,6 +72,7 @@ module Gitlab ...@@ -71,6 +72,7 @@ module Gitlab
scan: report&.scan, scan: report&.scan,
identifiers: identifiers, identifiers: identifiers,
links: links, links: links,
remediations: remediations,
raw_metadata: data.to_json, raw_metadata: data.to_json,
metadata_version: version)) metadata_version: version))
end end
...@@ -126,6 +128,12 @@ module Gitlab ...@@ -126,6 +128,12 @@ module Gitlab
url: link['url']) url: link['url'])
end end
def create_remediations(remediations_data)
remediations_data.to_a.compact.map do |remediation_data|
::Gitlab::Ci::Reports::Security::Remediation.new(remediation_data['summary'], remediation_data['diff'])
end
end
def parse_severity_level(input) def parse_severity_level(input)
return input if ::Vulnerabilities::Finding::SEVERITY_LEVELS.key?(input) return input if ::Vulnerabilities::Finding::SEVERITY_LEVELS.key?(input)
......
...@@ -22,10 +22,11 @@ module Gitlab ...@@ -22,10 +22,11 @@ module Gitlab
attr_reader :scan attr_reader :scan
attr_reader :severity attr_reader :severity
attr_reader :uuid attr_reader :uuid
attr_reader :remediations
delegate :file_path, :start_line, :end_line, to: :location delegate :file_path, :start_line, :end_line, to: :location
def initialize(compare_key:, identifiers:, links: [], location:, metadata_version:, name:, raw_metadata:, report_type:, scanner:, scan:, uuid:, confidence: nil, severity: nil) # rubocop:disable Metrics/ParameterLists def initialize(compare_key:, identifiers:, links: [], remediations: [], location:, metadata_version:, name:, raw_metadata:, report_type:, scanner:, scan:, uuid:, confidence: nil, severity: nil) # rubocop:disable Metrics/ParameterLists
@compare_key = compare_key @compare_key = compare_key
@confidence = confidence @confidence = confidence
@identifiers = identifiers @identifiers = identifiers
...@@ -39,6 +40,7 @@ module Gitlab ...@@ -39,6 +40,7 @@ module Gitlab
@scan = scan @scan = scan
@severity = severity @severity = severity
@uuid = uuid @uuid = uuid
@remediations = remediations
@project_fingerprint = generate_project_fingerprint @project_fingerprint = generate_project_fingerprint
end end
......
...@@ -66,16 +66,22 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do ...@@ -66,16 +66,22 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do
end end
context 'parsing remediations' do context 'parsing remediations' do
let(:expected_remediation) { create(:ci_reports_security_remediation, diff: '') }
it 'finds remediation with same cve' do it 'finds remediation with same cve' do
vulnerability = report.findings.find { |x| x.compare_key == "CVE-1020" } vulnerability = report.findings.find { |x| x.compare_key == "CVE-1020" }
remediation = { 'fixes' => [{ 'cve' => 'CVE-1020' }], 'summary' => '', 'diff' => '' } remediation = { 'fixes' => [{ 'cve' => 'CVE-1020' }], 'summary' => '', 'diff' => '' }
expect(Gitlab::Json.parse(vulnerability.raw_metadata).dig('remediations').first).to include remediation expect(Gitlab::Json.parse(vulnerability.raw_metadata).dig('remediations').first).to include remediation
expect(vulnerability.remediations.first.checksum).to eq(expected_remediation.checksum)
end end
it 'finds remediation with same id' do it 'finds remediation with same id' do
vulnerability = report.findings.find { |x| x.compare_key == "CVE-1030" } vulnerability = report.findings.find { |x| x.compare_key == "CVE-1030" }
remediation = { 'fixes' => [{ 'cve' => 'CVE', 'id' => 'bb2fbeb1b71ea360ce3f86f001d4e84823c3ffe1a1f7d41ba7466b14cfa953d3' }], 'summary' => '', 'diff' => '' } remediation = { 'fixes' => [{ 'cve' => 'CVE', 'id' => 'bb2fbeb1b71ea360ce3f86f001d4e84823c3ffe1a1f7d41ba7466b14cfa953d3' }], 'summary' => '', 'diff' => '' }
expect(Gitlab::Json.parse(vulnerability.raw_metadata).dig('remediations').first).to include remediation expect(Gitlab::Json.parse(vulnerability.raw_metadata).dig('remediations').first).to include remediation
expect(vulnerability.remediations.first.checksum).to eq(expected_remediation.checksum)
end end
it 'does not find remediation with different id' do it 'does not find remediation with different id' do
......
...@@ -13,6 +13,7 @@ RSpec.describe Gitlab::Ci::Reports::Security::Finding do ...@@ -13,6 +13,7 @@ RSpec.describe Gitlab::Ci::Reports::Security::Finding do
let(:link) { create(:ci_reports_security_link) } let(:link) { create(:ci_reports_security_link) }
let(:scanner) { create(:ci_reports_security_scanner) } let(:scanner) { create(:ci_reports_security_scanner) }
let(:location) { create(:ci_reports_security_locations_sast) } let(:location) { create(:ci_reports_security_locations_sast) }
let(:remediation) { create(:ci_reports_security_remediation) }
let(:params) do let(:params) do
{ {
...@@ -20,6 +21,7 @@ RSpec.describe Gitlab::Ci::Reports::Security::Finding do ...@@ -20,6 +21,7 @@ RSpec.describe Gitlab::Ci::Reports::Security::Finding do
confidence: :medium, confidence: :medium,
identifiers: [primary_identifier, other_identifier], identifiers: [primary_identifier, other_identifier],
links: [link], links: [link],
remediations: [remediation],
location: location, location: location,
metadata_version: 'sast:1.0', metadata_version: 'sast:1.0',
name: 'Cipher with no integrity', name: 'Cipher with no integrity',
...@@ -42,6 +44,7 @@ RSpec.describe Gitlab::Ci::Reports::Security::Finding do ...@@ -42,6 +44,7 @@ RSpec.describe Gitlab::Ci::Reports::Security::Finding do
project_fingerprint: '9a73f32d58d87d94e3dc61c4c1a94803f6014258', project_fingerprint: '9a73f32d58d87d94e3dc61c4c1a94803f6014258',
identifiers: [primary_identifier, other_identifier], identifiers: [primary_identifier, other_identifier],
links: [link], links: [link],
remediations: [remediation],
location: location, location: location,
metadata_version: 'sast:1.0', metadata_version: 'sast:1.0',
name: 'Cipher with no integrity', name: 'Cipher with no integrity',
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment