Commit ea67a91f authored by Michał Zając's avatar Michał Zając Committed by Mayra Cabrera

Remove attributes_for from UpdateCsVulnerabilityConfidenceColumn

With https://gitlab.com/gitlab-org/gitlab/-/merge_requests/52182 we
banned `attributes_for` in migration specs. This refactors one of the
offending migrations.
parent 86a5baf4
...@@ -4,12 +4,14 @@ require 'spec_helper' ...@@ -4,12 +4,14 @@ require 'spec_helper'
require_migration! require_migration!
RSpec.describe UpdateCsVulnerabilityConfidenceColumn do RSpec.describe UpdateCsVulnerabilityConfidenceColumn do
include MigrationHelpers::VulnerabilitiesFindingsHelper
let(:vulnerabilities) { table(:vulnerability_occurrences) } let(:vulnerabilities) { table(:vulnerability_occurrences) }
let(:identifiers) { table(:vulnerability_identifiers) } let(:identifiers) { table(:vulnerability_identifiers) }
let(:scanners) { table(:vulnerability_scanners) } let(:scanners) { table(:vulnerability_scanners) }
let(:projects) { table(:projects) } let(:projects) { table(:projects) }
let(:vul1) { attributes_for(:vulnerabilities_finding, id: 1, report_type: 2, confidence: 5) } # rubocop: disable RSpec/FactoriesInMigrationSpecs let(:finding1_attributes) { attributes_for_vulnerabilities_finding }
let(:vul2) { attributes_for(:vulnerabilities_finding, id: 2, report_type: 2, confidence: 5) } # rubocop: disable RSpec/FactoriesInMigrationSpecs let(:finding2_attributes) { attributes_for_vulnerabilities_finding }
before do before do
stub_const("#{described_class}::BATCH_SIZE", 2) stub_const("#{described_class}::BATCH_SIZE", 2)
...@@ -34,33 +36,33 @@ RSpec.describe UpdateCsVulnerabilityConfidenceColumn do ...@@ -34,33 +36,33 @@ RSpec.describe UpdateCsVulnerabilityConfidenceColumn do
scanners.create!(id: 6, project_id: 123, external_id: 'clair', name: 'Security Scanner') scanners.create!(id: 6, project_id: 123, external_id: 'clair', name: 'Security Scanner')
vulnerabilities.create!(id: vul1[:id], vulnerabilities.create!(id: 1,
severity: 2, severity: 2,
confidence: 5, confidence: 5,
report_type: 2, report_type: 2,
project_id: 123, project_id: 123,
scanner_id: 6, scanner_id: 6,
primary_identifier_id: 1, primary_identifier_id: 1,
project_fingerprint: vul1[:project_fingerprint], project_fingerprint: finding1_attributes[:project_fingerprint],
location_fingerprint: vul1[:location_fingerprint], location_fingerprint: finding1_attributes[:location_fingerprint],
uuid: vul1[:uuid], uuid: finding1_attributes[:uuid],
name: vul1[:name], name: finding1_attributes[:name],
metadata_version: '1.3', metadata_version: finding1_attributes[:metadata_version],
raw_metadata: vul1[:raw_metadata]) raw_metadata: finding1_attributes[:raw_metadata])
vulnerabilities.create!(id: vul2[:id], vulnerabilities.create!(id: 2,
severity: 2, severity: 2,
confidence: 5, confidence: 5,
report_type: 2, report_type: 2,
project_id: 123, project_id: 123,
scanner_id: 6, scanner_id: 6,
primary_identifier_id: 2, primary_identifier_id: 2,
project_fingerprint: vul2[:project_fingerprint], project_fingerprint: finding2_attributes[:project_fingerprint],
location_fingerprint: vul2[:location_fingerprint], location_fingerprint: finding2_attributes[:location_fingerprint],
uuid: vul2[:uuid], uuid: finding2_attributes[:uuid],
name: vul2[:name], name: finding2_attributes[:name],
metadata_version: '1.3', metadata_version: finding2_attributes[:metadata_version],
raw_metadata: vul2[:raw_metadata]) raw_metadata: finding2_attributes[:raw_metadata])
expect(vulnerabilities.where(report_type: 2, confidence: 2).count). to eq(0) expect(vulnerabilities.where(report_type: 2, confidence: 2).count). to eq(0)
expect(vulnerabilities.exists?(report_type: 2, confidence: 5)).to be_truthy expect(vulnerabilities.exists?(report_type: 2, confidence: 5)).to be_truthy
......
# frozen_string_literal: true
module MigrationHelpers
module VulnerabilitiesFindingsHelper
def attributes_for_vulnerabilities_finding
uuid = SecureRandom.uuid
{
project_fingerprint: SecureRandom.hex(20),
location_fingerprint: Digest::SHA1.hexdigest(SecureRandom.hex(10)),
uuid: uuid,
name: "Vulnerability Finding #{uuid}",
metadata_version: '1.3',
raw_metadata: raw_metadata
}
end
def raw_metadata
{
"description" => "The cipher does not provide data integrity update 1",
"message" => "The cipher does not provide data integrity",
"cve" => "818bf5dacb291e15d9e6dc3c5ac32178:CIPHER",
"solution" => "GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.",
"location" => {
"file" => "maven/src/main/java/com/gitlab/security_products/tests/App.java",
"start_line" => 29,
"end_line" => 29,
"class" => "com.gitlab.security_products.tests.App",
"method" => "insecureCypher"
},
"links" => [
{
"name" => "Cipher does not check for integrity first?",
"url" => "https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first"
}
],
"assets" => [
{
"type" => "postman",
"name" => "Test Postman Collection",
"url" => "http://localhost/test.collection"
}
],
"evidence" => {
"summary" => "Credit card detected",
"request" => {
"method" => "GET",
"url" => "http://goat:8080/WebGoat/logout",
"body" => nil,
"headers" => [
{
"name" => "Accept",
"value" => "*/*"
}
]
},
"response" => {
"reason_phrase" => "OK",
"status_code" => 200,
"body" => nil,
"headers" => [
{
"name" => "Content-Length",
"value" => "0"
}
]
},
"source" => {
"id" => "assert:Response Body Analysis",
"name" => "Response Body Analysis",
"url" => "htpp://hostname/documentation"
},
"supporting_messages" => [
{
"name" => "Origional",
"request" => {
"method" => "GET",
"url" => "http://goat:8080/WebGoat/logout",
"body" => "",
"headers" => [
{
"name" => "Accept",
"value" => "*/*"
}
]
}
},
{
"name" => "Recorded",
"request" => {
"method" => "GET",
"url" => "http://goat:8080/WebGoat/logout",
"body" => "",
"headers" => [
{
"name" => "Accept",
"value" => "*/*"
}
]
},
"response" => {
"reason_phrase" => "OK",
"status_code" => 200,
"body" => "",
"headers" => [
{
"name" => "Content-Length",
"value" => "0"
}
]
}
}
]
}
}
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment