Commit fa43179b authored by can eldem's avatar can eldem

Use new fingerprint as default fingerprint for CS findings

Update tests for StoreReportsService
parent 8c07a909
---
title: Use new fingerprint as default fingerprint for Container Scanning findings
merge_request: 43145
author:
type: other
...@@ -18,15 +18,10 @@ module Gitlab ...@@ -18,15 +18,10 @@ module Gitlab
@package_version = package_version @package_version = package_version
end end
# temporary, untill existing data updated in DB
def new_fingerprint
Digest::SHA1.hexdigest("#{docker_image_name_without_tag}:#{package_name}")
end
private private
def fingerprint_data def fingerprint_data
"#{operating_system}:#{package_name}" "#{docker_image_name_without_tag}:#{package_name}"
end end
def docker_image_name_without_tag def docker_image_name_without_tag
......
...@@ -13,48 +13,48 @@ RSpec.describe Gitlab::Ci::Reports::Security::Locations::ContainerScanning do ...@@ -13,48 +13,48 @@ RSpec.describe Gitlab::Ci::Reports::Security::Locations::ContainerScanning do
end end
let(:mandatory_params) { %i[image operating_system] } let(:mandatory_params) { %i[image operating_system] }
let(:expected_fingerprint) { Digest::SHA1.hexdigest('debian:9:glibc') } let(:expected_fingerprint) { Digest::SHA1.hexdigest('registry.gitlab.com/my/project:glibc') }
it_behaves_like 'vulnerability location' it_behaves_like 'vulnerability location'
describe '#new_fingerprint' do describe 'fingerprint' do
sha1_of = -> (input) { Digest::SHA1.hexdigest(input) } sha1_of = -> (input) { Digest::SHA1.hexdigest(input) }
subject { described_class.new(**params) } subject { described_class.new(**params) }
specify do specify do
params[:image] = 'alpine:3.7.3' params[:image] = 'alpine:3.7.3'
expect(subject.new_fingerprint).to eq(sha1_of.call('alpine:3.7.3:glibc')) expect(subject.fingerprint).to eq(sha1_of.call('alpine:3.7.3:glibc'))
end end
specify do specify do
params[:image] = 'alpine:3.7' params[:image] = 'alpine:3.7'
expect(subject.new_fingerprint).to eq(sha1_of.call('alpine:3.7:glibc')) expect(subject.fingerprint).to eq(sha1_of.call('alpine:3.7:glibc'))
end end
specify do specify do
params[:image] = 'alpine:8101518288111119448185914762536722131810' params[:image] = 'alpine:8101518288111119448185914762536722131810'
expect(subject.new_fingerprint).to eq(sha1_of.call('alpine:glibc')) expect(subject.fingerprint).to eq(sha1_of.call('alpine:glibc'))
end end
specify do specify do
params[:image] = 'alpine:1.0.0-beta' params[:image] = 'alpine:1.0.0-beta'
expect(subject.new_fingerprint).to eq(sha1_of.call('alpine:1.0.0-beta:glibc')) expect(subject.fingerprint).to eq(sha1_of.call('alpine:1.0.0-beta:glibc'))
end end
specify do specify do
params[:image] = 'registry.gitlab.com/gitlab-org/security-products/analyzers/klar/tmp:af864bd61230d3d694eb01d6205b268b4ad63ac0' params[:image] = 'registry.gitlab.com/gitlab-org/security-products/analyzers/klar/tmp:af864bd61230d3d694eb01d6205b268b4ad63ac0'
expect(subject.new_fingerprint).to eq(sha1_of.call('registry.gitlab.com/gitlab-org/security-products/analyzers/klar/tmp:glibc')) expect(subject.fingerprint).to eq(sha1_of.call('registry.gitlab.com/gitlab-org/security-products/analyzers/klar/tmp:glibc'))
end end
specify do specify do
params[:image] = 'registry.gitlab.com/gitlab-org/security-products/tests/container-scanning/master:ec301f43f14a2b477806875e49cfc4d3fa0d22c3' params[:image] = 'registry.gitlab.com/gitlab-org/security-products/tests/container-scanning/master:ec301f43f14a2b477806875e49cfc4d3fa0d22c3'
expect(subject.new_fingerprint).to eq(sha1_of.call('registry.gitlab.com/gitlab-org/security-products/tests/container-scanning/master:glibc')) expect(subject.fingerprint).to eq(sha1_of.call('registry.gitlab.com/gitlab-org/security-products/tests/container-scanning/master:glibc'))
end end
specify do specify do
params[:image] = 'registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0@sha256:bc09fe2e0721dfaeee79364115aeedf2174cce0947b9ae5fe7c33312ee019a4e' params[:image] = 'registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0@sha256:bc09fe2e0721dfaeee79364115aeedf2174cce0947b9ae5fe7c33312ee019a4e'
expect(subject.new_fingerprint).to eq(sha1_of.call('registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0@sha256:glibc')) expect(subject.fingerprint).to eq(sha1_of.call('registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0@sha256:glibc'))
end end
end end
end end
...@@ -62,7 +62,7 @@ RSpec.describe Security::StoreReportService, '#execute' do ...@@ -62,7 +62,7 @@ RSpec.describe Security::StoreReportService, '#execute' do
let(:report) { pipeline.security_reports.get_report('container_scanning', artifact) } let(:report) { pipeline.security_reports.get_report('container_scanning', artifact) }
it 'saves with new location' do it 'saves with new location' do
new_locations = report.findings.map(&:location).map(&:new_fingerprint) new_locations = report.findings.map(&:location).map(&:fingerprint)
expect(subject).to eq({ status: :success }) expect(subject).to eq({ status: :success })
saved_locations = Vulnerabilities::Finding.all.map(&:location_fingerprint) saved_locations = Vulnerabilities::Finding.all.map(&:location_fingerprint)
expect(new_locations).to match_array(saved_locations) expect(new_locations).to match_array(saved_locations)
...@@ -73,7 +73,7 @@ RSpec.describe Security::StoreReportService, '#execute' do ...@@ -73,7 +73,7 @@ RSpec.describe Security::StoreReportService, '#execute' do
expect(subject).to eq({ status: :success }) expect(subject).to eq({ status: :success })
old_fingerprint = report.findings.first.location.fingerprint old_fingerprint = report.findings.first.location.fingerprint
new_fingerprint = report.findings.first.location.new_fingerprint new_fingerprint = report.findings.first.location.fingerprint
Vulnerabilities::Finding.first.update_column(:location_fingerprint, old_fingerprint) Vulnerabilities::Finding.first.update_column(:location_fingerprint, old_fingerprint)
described_class.new(pipeline, report).execute described_class.new(pipeline, report).execute
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment