root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2023-05-17 21:07:21 +00:00
parent 8746f6e79d
commit cf7a32bf29
33 changed files with 164 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.rubocop_todo/layout/first_hash_element_indentation.yml
View File

@ -56,7 +56,6 @@ Layout/FirstHashElementIndentation:
- 'ee/app/services/timebox_report_service.rb'
- 'ee/lib/ee/gitlab/ci/parsers.rb'
- 'ee/lib/ee/gitlab/usage_data.rb'
- 'ee/lib/elastic/latest/application_class_proxy.rb'
- 'ee/lib/elastic/latest/issue_class_proxy.rb'
- 'ee/lib/gitlab/analytics/type_of_work/tasks_by_type.rb'
- 'ee/lib/gitlab/ci/parsers/security/formatters/dependency_list.rb'

1
.rubocop_todo/layout/line_length.yml
View File

@ -1287,7 +1287,6 @@ Layout/LineLength:
- 'ee/lib/ee/gitlab/usage_data.rb'
- 'ee/lib/ee/sidebars/groups/panel.rb'
- 'ee/lib/ee/sidebars/projects/menus/security_compliance_menu.rb'
- 'ee/lib/elastic/latest/application_class_proxy.rb'
- 'ee/lib/elastic/latest/config.rb'
- 'ee/lib/elastic/latest/custom_language_analyzers.rb'
- 'ee/lib/elastic/latest/git_class_proxy.rb'

1
.rubocop_todo/style/guard_clause.yml
View File

@ -406,7 +406,6 @@ Style/GuardClause:
- 'ee/lib/ee/gitlab/gon_helper.rb'
- 'ee/lib/ee/gitlab/omniauth_initializer.rb'
- 'ee/lib/ee/sidebars/projects/panel.rb'
- 'ee/lib/elastic/latest/application_class_proxy.rb'
- 'ee/lib/gitlab/analytics/cycle_analytics/summary/base_time.rb'
- 'ee/lib/gitlab/ci/config/security_orchestration_policies/processor.rb'
- 'ee/lib/gitlab/ci/minutes/cost_factor.rb'

1
.rubocop_todo/style/lambda.yml
View File

@ -27,7 +27,6 @@ Style/Lambda:
- 'ee/lib/ee/api/entities/group_push_rule.rb'
- 'ee/lib/ee/banzai/filter/sanitization_filter.rb'
- 'ee/lib/ee/gitlab/checks/diff_check.rb'
- 'ee/lib/elastic/latest/application_class_proxy.rb'
- 'ee/lib/gem_extensions/elasticsearch/model/adapter/active_record/importing.rb'
- 'ee/spec/elastic_integration/global_search_spec.rb'
- 'ee/spec/lib/gitlab/geo/event_gap_tracking_spec.rb'

1
.rubocop_todo/style/redundant_self.yml
View File

@ -232,7 +232,6 @@ Style/RedundantSelf:
- 'ee/lib/ee/legacy_model.rb'
- 'ee/lib/ee/model.rb'
- 'ee/lib/elastic/instance_proxy_util.rb'
- 'ee/lib/elastic/latest/application_class_proxy.rb'
- 'ee/lib/elastic/latest/commit_config.rb'
- 'ee/lib/elastic/latest/issue_config.rb'
- 'ee/lib/elastic/latest/merge_request_config.rb'

1
.rubocop_todo/style/sole_nested_conditional.yml
View File

@ -33,7 +33,6 @@ Style/SoleNestedConditional:
- 'ee/app/workers/ee/post_receive.rb'
- 'ee/lib/ee/gitlab/auth/o_auth/auth_hash.rb'
- 'ee/lib/ee/gitlab/checks/push_rules/commit_check.rb'
- 'ee/lib/elastic/latest/application_class_proxy.rb'
- 'ee/lib/elastic/latest/issue_class_proxy.rb'
- 'ee/lib/gitlab/code_owners/groups_loader.rb'
- 'lib/api/deploy_keys.rb'

2
app/assets/javascripts/ci/pipeline_schedules/components/pipeline_schedules_empty_state.vue
View File

@ -1,5 +1,5 @@
<script>
import scheduleSvg from '@gitlab/svgs/dist/illustrations/schedule-md.svg';
import scheduleSvg from '@gitlab/svgs/dist/illustrations/schedule-md.svg?raw';
import { GlEmptyState, GlLink, GlSprintf } from '@gitlab/ui';
import { helpPagePath } from '~/helpers/help_page_helper';
import { s__ } from '~/locale';

2
app/assets/javascripts/ensure_data.js
View File

@ -1,4 +1,4 @@
import emptySvg from '@gitlab/svgs/dist/illustrations/security-dashboard-empty-state.svg';
import emptySvg from '@gitlab/svgs/dist/illustrations/security-dashboard-empty-state.svg?raw';
import { GlEmptyState } from '@gitlab/ui';
import * as Sentry from '@sentry/browser';
import { __ } from '~/locale';

2
app/assets/javascripts/environments/components/deploy_board.vue
View File

@ -8,7 +8,7 @@
* - Button Actions.
* [Mockup](https://gitlab.com/gitlab-org/gitlab-foss/uploads/2f655655c0eadf655d0ae7467b53002a/environments__deploy-graphic.png)
*/
import deployBoardSvg from '@gitlab/svgs/dist/illustrations/deploy-boards.svg';
import deployBoardSvg from '@gitlab/svgs/dist/illustrations/deploy-boards.svg?raw';
import {
GlIcon,
GlLoadingIcon,

2
app/assets/javascripts/feature_highlight/feature_highlight_popover.vue
View File

@ -1,5 +1,5 @@
<script>
import clusterPopover from '@gitlab/svgs/dist/illustrations/cluster_popover.svg';
import clusterPopover from '@gitlab/svgs/dist/illustrations/cluster_popover.svg?raw';
import { GlPopover, GlSprintf, GlLink, GlButton } from '@gitlab/ui';
import SafeHtml from '~/vue_shared/directives/safe_html';
import { __ } from '~/locale';

2
app/assets/javascripts/monitoring/components/charts/empty_chart.vue
View File

@ -1,5 +1,5 @@
<script>
import chartEmptyStateIllustration from '@gitlab/svgs/dist/illustrations/chart-empty-state.svg';
import chartEmptyStateIllustration from '@gitlab/svgs/dist/illustrations/chart-empty-state.svg?raw';
import SafeHtml from '~/vue_shared/directives/safe_html';
import { chartHeight } from '../../constants';

4
app/assets/javascripts/pages/groups/new/components/app.vue
View File

@ -1,6 +1,6 @@
<script>
import importGroupIllustration from '@gitlab/svgs/dist/illustrations/group-import.svg';
import newGroupIllustration from '@gitlab/svgs/dist/illustrations/group-new.svg';
import importGroupIllustration from '@gitlab/svgs/dist/illustrations/group-import.svg?raw';
import newGroupIllustration from '@gitlab/svgs/dist/illustrations/group-new.svg?raw';
import { s__ } from '~/locale';
import NewNamespacePage from '~/vue_shared/new_namespace/new_namespace_page.vue';

8
app/assets/javascripts/projects/new/components/app.vue
View File

@ -1,8 +1,8 @@
<script>
import createFromTemplateIllustration from '@gitlab/svgs/dist/illustrations/project-create-from-template-sm.svg';
import blankProjectIllustration from '@gitlab/svgs/dist/illustrations/project-create-new-sm.svg';
import importProjectIllustration from '@gitlab/svgs/dist/illustrations/project-import-sm.svg';
import ciCdProjectIllustration from '@gitlab/svgs/dist/illustrations/project-run-CICD-pipelines-sm.svg';
import createFromTemplateIllustration from '@gitlab/svgs/dist/illustrations/project-create-from-template-sm.svg?raw';
import blankProjectIllustration from '@gitlab/svgs/dist/illustrations/project-create-new-sm.svg?raw';
import importProjectIllustration from '@gitlab/svgs/dist/illustrations/project-import-sm.svg?raw';
import ciCdProjectIllustration from '@gitlab/svgs/dist/illustrations/project-run-CICD-pipelines-sm.svg?raw';
import SafeHtml from '~/vue_shared/directives/safe_html';
import { s__ } from '~/locale';
import NewNamespacePage from '~/vue_shared/new_namespace/new_namespace_page.vue';

6
app/assets/javascripts/security_configuration/components/constants.js
View File

@ -15,9 +15,9 @@ import {
REPORT_TYPE_API_FUZZING,
} from '~/vue_shared/security_reports/constants';
import kontraLogo from 'images/vulnerability/kontra-logo.svg';
import scwLogo from 'images/vulnerability/scw-logo.svg';
import secureflagLogo from 'images/vulnerability/secureflag-logo.svg';
import kontraLogo from 'images/vulnerability/kontra-logo.svg?raw';
import scwLogo from 'images/vulnerability/scw-logo.svg?raw';
import secureflagLogo from 'images/vulnerability/secureflag-logo.svg?raw';
import configureSastMutation from '../graphql/configure_sast.mutation.graphql';
import configureSastIacMutation from '../graphql/configure_iac.mutation.graphql';
import configureSecretDetectionMutation from '../graphql/configure_secret_detection.mutation.graphql';

2
app/assets/javascripts/super_sidebar/components/user_bar.vue
View File

@ -7,7 +7,7 @@ import {
createUserCountsManager,
userCounts,
} from '~/super_sidebar/user_counts_manager';
import logo from '../../../../views/shared/_logo.svg';
import logo from '../../../../views/shared/_logo.svg?raw';
import { JS_TOGGLE_COLLAPSE_CLASS } from '../constants';
import CreateMenu from './create_menu.vue';
import Counter from './counter.vue';

2
app/assets/javascripts/surveys/merge_request_experience/app.vue
View File

@ -1,6 +1,6 @@
<script>
import { GlButton, GlSprintf, GlTooltipDirective } from '@gitlab/ui';
import gitlabLogo from '@gitlab/svgs/dist/illustrations/gitlab_logo.svg';
import gitlabLogo from '@gitlab/svgs/dist/illustrations/gitlab_logo.svg?raw';
import SafeHtml from '~/vue_shared/directives/safe_html';
import { s__, __ } from '~/locale';
import UserCalloutDismisser from '~/vue_shared/components/user_callout_dismisser.vue';

2
app/assets/javascripts/work_items/components/work_item_detail.vue
View File

@ -11,7 +11,7 @@ import {
GlTooltipDirective,
GlEmptyState,
} from '@gitlab/ui';
import noAccessSvg from '@gitlab/svgs/dist/illustrations/analytics/no-access.svg';
import noAccessSvg from '@gitlab/svgs/dist/illustrations/analytics/no-access.svg?raw';
import * as Sentry from '@sentry/browser';
import { s__ } from '~/locale';
import { getParameterByName, updateHistory, setUrlParams } from '~/lib/utils/url_utility';

2
app/controllers/projects/merge_requests_controller.rb
View File

@ -196,10 +196,12 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
end
end
# documented in doc/development/rails_endpoints/index.md
def codequality_mr_diff_reports
reports_response(@merge_request.find_codequality_mr_diff_reports, head_pipeline)
end
# documented in doc/development/rails_endpoints/index.md
def codequality_reports
reports_response(@merge_request.compare_codequality_reports)
end

3
config/routes/merge_requests.rb
View File

@ -17,7 +17,10 @@ resources :merge_requests, concerns: :awardable, except: [:new, :create, :show],
get :accessibility_reports
get :coverage_reports
get :terraform_reports
# documented in doc/development/rails_endpoints/index.md
get :codequality_reports
# documented in doc/development/rails_endpoints/index.md
get :codequality_mr_diff_reports
scope constraints: ->(req) { req.format == :json }, as: :json do

19
config/webpack.config.js
View File

@ -425,19 +425,12 @@ module.exports = {
{
test: /\.svg$/,
exclude: /icons\.svg$/,
oneOf: [
{
resourceQuery: /url/,
loader: 'file-loader',
options: {
name: '[name].[contenthash:8].[ext]',
esModule: false,
},
},
{
loader: 'raw-loader',
},
],
resourceQuery: /url/,
loader: 'file-loader',
options: {
name: '[name].[contenthash:8].[ext]',
esModule: false,
},
},
{
test: /\.(gif|png|mp4)$/,

2
doc/ci/runners/saas/linux_saas_runner.md
View File

@ -17,7 +17,7 @@ For Free, Premium, and Ultimate plan customers, jobs on these instances consume
| | Small | Medium | Large |
|-------------------|---------------------------|---------------------------|--------------------------|
| Specs | 1 vCPU, 3.75 GB RAM | 2 vCPUs, 8 GB RAM | 4 vCPUs, 16 GB RAM |
| Specs | 2 vCPU, 8 GB RAM | 4 vCPUs, 16 GB RAM | 8 vCPUs, 32 GB RAM |
| GitLab CI/CD tags | `saas-linux-small-amd64` | `saas-linux-medium-amd64` | `saas-linux-large-amd64` |
| Subscription | Free, Premium, Ultimate | Free, Premium, Ultimate | Premium, Ultimate |

79
doc/development/rails_endpoints/index.md Normal file
View File

@ -0,0 +1,79 @@
---
stage: Create
group: Source Code
info: "To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments"
type: reference, api
---
# Rails Endpoints
Rails Endpoints are used by different GitLab components, they cannot be
used by other consumers. This documentation is intended for people
working on the GitLab codebase.
These Rails Endpoints:
- May not have extensive documentation or follow the same conventions as our public or private APIs.
- May not adhere to standardized rules or guidelines.
- Are designed to serve specific internal purposes in the codebase.
- Are subject to change at any time.
## Proof of concept period: Feedback Request
We are currently evaluating a new approach for documenting Rails endpoints. Please [check out the Feedback Issue](https://gitlab.com/gitlab-org/gitlab/-/issues/411605) and feel free to share your thoughts, suggestions, or concerns. We appreciate your participation in helping us improve the documentation!
## SAST Scanners
Static Application Security Testing (SAST) checks your source code for known vulnerabilities. When SAST is enabled
on a Project these endpoints are available.
### List existing merge request code quality findings sorted by files
Get a list of existing code quality Findings, if any, sorted by files.
```plaintext
GET /projects/:id/merge_requests/:merge_request_iid/codequality_mr_diff_reports.json
```
Response:
```json
{
"files": {
"index.js": [
{
"line": 1,
"description": "Unexpected 'debugger' statement.",
"severity": "major"
}
]
}
}
```
### List new, resolved and existing merge request code quality findings
Get a list of new, resolved, and existing code quality Findings, if any.
```plaintext
GET /projects/:id/merge_requests/:merge_request_iid/codequality_reports.json
```
```json
{
"status": "failed",
"new_errors": [
{
"description": "Unexpected 'debugger' statement.",
"severity": "major",
"file_path": "index.js",
"line": 1,
"web_url": "https://gitlab.com/jannik_lehmann/code-quality-test/-/blob/ed1c1b3052fe6963beda0e416d5e2ba3378eb715/noise.rb#L12",
"engine_name": "eslint"
}
],
"resolved_errors": [],
"existing_errors": [],
"summary": { "total": 1, "resolved": 0, "errored": 1 }
}
```

8
jest.config.base.js
View File

@ -96,6 +96,10 @@ module.exports = (path, options = {}) => {
const TEST_FIXTURES_RAW_LOADER_PATTERN = `(${TEST_FIXTURES_HOME}|${TEST_FIXTURES_STATIC_HOME}).*\\.html$`;
const moduleNameMapper = {
[TEST_FIXTURES_PATTERN]: `<rootDir>${TEST_FIXTURES_HOME}$1`,
'^test_fixtures_static(/.*)$': `<rootDir>${TEST_FIXTURES_STATIC_HOME}$1`,
'\\.(svg|gif|png|mp4)(\\?\\w+)?$': '<rootDir>/spec/frontend/__mocks__/file_mock.js',
'\\.css$': '<rootDir>/spec/frontend/__mocks__/file_mock.js',
'^~(/.*)\\?(worker|raw)$': '<rootDir>/app/assets/javascripts$1',
'^(.*)\\?(worker|raw)$': '$1',
'^~(/.*)$': '<rootDir>/app/assets/javascripts$1',
@ -109,10 +113,6 @@ module.exports = (path, options = {}) => {
'^any_else_ce(/.*)$': '<rootDir>/app/assets/javascripts$1',
'^helpers(/.*)$': '<rootDir>/spec/frontend/__helpers__$1',
'^vendor(/.*)$': '<rootDir>/vendor/assets/javascripts$1',
[TEST_FIXTURES_PATTERN]: `<rootDir>${TEST_FIXTURES_HOME}$1`,
'^test_fixtures_static(/.*)$': `<rootDir>${TEST_FIXTURES_STATIC_HOME}$1`,
'\\.(jpg|jpeg|png|svg|css)$': '<rootDir>/spec/frontend/__mocks__/file_mock.js',
'\\.svg\\?url$': '<rootDir>/spec/frontend/__mocks__/file_mock.js',
'^public(/.*)$': '<rootDir>/public$1',
'emojis(/.*).json': '<rootDir>/fixtures/emojis$1.json',
'^spec/test_constants$': '<rootDir>/spec/frontend/__helpers__/test_constants',

1
lib/gitlab/ci/parsers/security/common.rb
View File

@ -123,6 +123,7 @@ module Gitlab
uuid: uuid,
report_type: report.type,
name: finding_name(data, identifiers, location),
compare_key: data['cve'] || '',
location: location,
evidence: evidence,
severity: parse_severity_level(data['severity']),

7
lib/gitlab/ci/reports/security/finding.rb
View File

@ -7,6 +7,7 @@ module Gitlab
class Finding
include ::VulnerabilityFindingHelpers
attr_reader :compare_key
attr_reader :confidence
attr_reader :identifiers
attr_reader :flags
@ -32,10 +33,10 @@ module Gitlab
delegate :file_path, :start_line, :end_line, to: :location
alias_method :compare_key, :uuid
alias_method :cve, :compare_key
def initialize(identifiers:, flags: [], links: [], remediations: [], location:, evidence:, metadata_version:, name:, original_data:, report_type:, scanner:, scan:, uuid:, confidence: nil, severity: nil, details: {}, signatures: [], project_id: nil, vulnerability_finding_signatures_enabled: false, found_by_pipeline: nil) # rubocop:disable Metrics/ParameterLists
def initialize(compare_key:, identifiers:, flags: [], links: [], remediations: [], location:, evidence:, metadata_version:, name:, original_data:, report_type:, scanner:, scan:, uuid:, confidence: nil, severity: nil, details: {}, signatures: [], project_id: nil, vulnerability_finding_signatures_enabled: false, found_by_pipeline: nil) # rubocop:disable Metrics/ParameterLists
@compare_key = compare_key
@confidence = confidence
@identifiers = identifiers
@flags = flags
@ -202,7 +203,7 @@ module Gitlab
private
def generate_project_fingerprint
Digest::SHA1.hexdigest(compare_key.to_s)
Digest::SHA1.hexdigest(compare_key)
end
def location_fingerprints

2
lib/tasks/gitlab/db.rake
View File

@ -473,7 +473,7 @@ namespace :gitlab do
Gitlab::Database::SchemaValidation::TrackInconsistency.new(
inconsistency,
Project.find_by_full_path(gitlab_url),
User.support_bot
User.automation_bot
).execute
puts inconsistency.inspect

8
qa/qa/resource/base.rb
View File

@ -182,11 +182,12 @@ module QA
raise NotImplementedError
end
def visit!(skip_resp_code_check: false)
def visit!(skip_finished_loading_check: false, skip_resp_code_check: false)
Runtime::Logger.info("Visiting #{Rainbow(self.class.name).black.bg(:white)} at #{web_url}")
# Just in case an async action is not yet complete
Support::WaitForRequests.wait_for_requests(skip_resp_code_check: skip_resp_code_check)
Support::WaitForRequests.wait_for_requests(skip_finished_loading_check: skip_finished_loading_check,
skip_resp_code_check: skip_resp_code_check)
Support::Retrier.retry_until do
visit(web_url)
@ -194,7 +195,8 @@ module QA
end
# Wait until the new page is ready for us to interact with it
Support::WaitForRequests.wait_for_requests(skip_resp_code_check: skip_resp_code_check)
Support::WaitForRequests.wait_for_requests(skip_finished_loading_check: skip_finished_loading_check,
skip_resp_code_check: skip_resp_code_check)
end
def populate(*attribute_names)

17
qa/spec/resource/base_spec.rb
View File

@ -362,7 +362,8 @@ RSpec.describe QA::Resource::Base do
it 'calls #visit with the underlying #web_url' do
allow(resource).to receive(:current_url).and_return(subject.current_url)
expect(wait_for_requests_class).to receive(:wait_for_requests).with({ skip_resp_code_check: false }).twice
expect(wait_for_requests_class).to receive(:wait_for_requests).with({ skip_finished_loading_check: false,
skip_resp_code_check: false }).twice
resource.web_url = subject.current_url
resource.visit!
@ -372,12 +373,24 @@ RSpec.describe QA::Resource::Base do
it 'calls #visit with the underlying #web_url with skip_resp_code_check specified as true' do
allow(resource).to receive(:current_url).and_return(subject.current_url)
expect(wait_for_requests_class).to receive(:wait_for_requests).with({ skip_resp_code_check: true }).twice
expect(wait_for_requests_class).to receive(:wait_for_requests).with({ skip_finished_loading_check: false,
skip_resp_code_check: true }).twice
resource.web_url = subject.current_url
resource.visit!(skip_resp_code_check: true)
expect(resource).to have_received(:visit).with(subject.current_url)
end
it 'calls #visit with the underlying #web_url with skip_finished_loading_check specified as true' do
allow(resource).to receive(:current_url).and_return(subject.current_url)
expect(wait_for_requests_class).to receive(:wait_for_requests).with({ skip_finished_loading_check: true,
skip_resp_code_check: false }).twice
resource.web_url = subject.current_url
resource.visit!(skip_finished_loading_check: true)
expect(resource).to have_received(:visit).with(subject.current_url)
end
end
end

1
spec/factories/ci/reports/security/findings.rb
View File

@ -2,6 +2,7 @@
FactoryBot.define do
factory :ci_reports_security_finding, class: '::Gitlab::Ci::Reports::Security::Finding' do
compare_key { "#{identifiers.first&.external_type}:#{identifiers.first&.external_id}:#{location.fingerprint}" }
confidence { :medium }
identifiers { Array.new(1) { association(:ci_reports_security_identifier) } }
location factory: :ci_reports_security_locations_sast

6
spec/fixtures/security_reports/master/gl-common-scanning-report.json vendored
View File

@ -90,7 +90,6 @@
"message": "Remediation for this vulnerability should remediate CVE-2140 as well",
"description": "",
"cve": "CVE-2139",
"id": "bb2fbeb1b71ea360ce3f86f001d4e84823c3ffe1a1f7d41ba7466b14cfa953d4",
"severity": "High",
"solution": "Upgrade to latest version.",
"scanner": {
@ -133,7 +132,6 @@
"message": "Remediation for this vulnerability should remediate CVE-2139 as well",
"description": "",
"cve": "CVE-2140",
"id": "bb2fbeb1b71ea360ce3f86f001d4e84823c3ffe1a1f7d41ba7466b14cfa953d5",
"severity": "High",
"solution": "Upgrade to latest version.",
"scanner": {
@ -441,10 +439,10 @@
{
"fixes": [
{
"id": "bb2fbeb1b71ea360ce3f86f001d4e84823c3ffe1a1f7d41ba7466b14cfa953d4"
"cve": "CVE-2139"
},
{
"id": "bb2fbeb1b71ea360ce3f86f001d4e84823c3ffe1a1f7d41ba7466b14cfa953d5"
"cve": "CVE-2140"
}
],
"summary": "this remediates CVE-2139 and CVE-2140",

22
spec/lib/gitlab/ci/parsers/security/common_spec.rb
View File

@ -184,9 +184,8 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common, feature_category: :vulnera
let(:artifact) { build(:ci_job_artifact, :common_security_report_with_blank_names) }
context 'when message is provided' do
let(:finding) { report.findings.first }
it 'sets message from the report as a finding name' do
finding = report.findings.find { |x| x.compare_key == 'CVE-1020' }
expected_name = Gitlab::Json.parse(finding.raw_metadata)['message']
expect(finding.name).to eq(expected_name)
@ -195,9 +194,8 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common, feature_category: :vulnera
context 'when message is not provided' do
context 'and name is provided' do
let(:finding) { report.findings.second }
it 'sets name from the report as a name' do
finding = report.findings.find { |x| x.compare_key == 'CVE-1030' }
expected_name = Gitlab::Json.parse(finding.raw_metadata)['name']
expect(finding.name).to eq(expected_name)
@ -205,12 +203,11 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common, feature_category: :vulnera
end
context 'and name is not provided' do
let(:finding) { report.findings[2] }
context 'when location does not exist' do
let(:location) { nil }
it 'returns only identifier name' do
finding = report.findings.find { |x| x.compare_key == 'CVE-2017-11429' }
expect(finding.name).to eq("CVE-2017-11429")
end
end
@ -218,22 +215,21 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common, feature_category: :vulnera
context 'when location exists' do
context 'when CVE identifier exists' do
it 'combines identifier with location to create name' do
finding = report.findings.find { |x| x.compare_key == 'CVE-2017-11429' }
expect(finding.name).to eq("CVE-2017-11429 in yarn.lock")
end
end
context 'when CWE identifier exists' do
let(:finding) { report.findings[3] }
it 'combines identifier with location to create name' do
finding = report.findings.find { |x| x.compare_key == 'CWE-2017-11429' }
expect(finding.name).to eq("CWE-2017-11429 in yarn.lock")
end
end
context 'when neither CVE nor CWE identifier exist' do
let(:finding) { report.findings[4] }
it 'combines identifier with location to create name' do
finding = report.findings.find { |x| x.compare_key == 'OTHER-2017-11429' }
expect(finding.name).to eq("other-2017-11429 in yarn.lock")
end
end
@ -244,9 +240,8 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common, feature_category: :vulnera
describe 'parsing finding.details' do
context 'when details are provided' do
let(:finding) { report.findings[4] }
it 'sets details from the report' do
finding = report.findings.find { |x| x.compare_key == 'CVE-1020' }
expected_details = Gitlab::Json.parse(finding.raw_metadata)['details']
expect(finding.details).to eq(expected_details)
@ -254,9 +249,8 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common, feature_category: :vulnera
end
context 'when details are not provided' do
let(:finding) { report.findings[5] }
it 'sets empty hash' do
finding = report.findings.find { |x| x.compare_key == 'CVE-1030' }
expect(finding.details).to eq({})
end
end

4
spec/lib/gitlab/ci/reports/security/report_spec.rb
View File

@ -2,7 +2,7 @@
require 'spec_helper'
RSpec.describe Gitlab::Ci::Reports::Security::Report, feature_category: :vulnerability_management do
RSpec.describe Gitlab::Ci::Reports::Security::Report do
let_it_be(:pipeline) { create(:ci_pipeline) }
let(:created_at) { 2.weeks.ago }
@ -89,7 +89,7 @@ RSpec.describe Gitlab::Ci::Reports::Security::Report, feature_category: :vulnera
let(:other_report) do
create(
:ci_reports_security_report,
findings: [create(:ci_reports_security_finding)],
findings: [create(:ci_reports_security_finding, compare_key: 'other_finding')],
scanners: [create(:ci_reports_security_scanner, external_id: 'other_scanner', name: 'Other Scanner')],
identifiers: [create(:ci_reports_security_identifier, external_id: 'other_id', name: 'other_scanner')]
)

58
spec/services/security/merge_reports_service_spec.rb
View File

@ -19,8 +19,7 @@ RSpec.describe Security::MergeReportsService, '#execute', feature_category: :cod
build(:ci_reports_security_finding,
identifiers: [identifier_1_primary, identifier_1_cve],
scanner: scanner_1,
severity: :low,
uuid: '61eb8e3e-3be1-4d6c-ba26-4e0dd4f94610'
severity: :low
)
end
@ -28,8 +27,7 @@ RSpec.describe Security::MergeReportsService, '#execute', feature_category: :cod
build(:ci_reports_security_finding,
identifiers: [identifier_1_primary, identifier_1_cve],
scanner: scanner_1,
severity: :low,
uuid: '61eb8e3e-3be1-4d6c-ba26-4e0dd4f94611'
severity: :low
)
end
@ -38,8 +36,7 @@ RSpec.describe Security::MergeReportsService, '#execute', feature_category: :cod
identifiers: [identifier_2_primary, identifier_2_cve],
location: build(:ci_reports_security_locations_sast, start_line: 32, end_line: 34),
scanner: scanner_2,
severity: :medium,
uuid: '61eb8e3e-3be1-4d6c-ba26-4e0dd4f94612'
severity: :medium
)
end
@ -48,8 +45,7 @@ RSpec.describe Security::MergeReportsService, '#execute', feature_category: :cod
identifiers: [identifier_2_primary, identifier_2_cve],
location: build(:ci_reports_security_locations_sast, start_line: 32, end_line: 34),
scanner: scanner_2,
severity: :medium,
uuid: '61eb8e3e-3be1-4d6c-ba26-4e0dd4f94613'
severity: :medium
)
end
@ -58,8 +54,7 @@ RSpec.describe Security::MergeReportsService, '#execute', feature_category: :cod
identifiers: [identifier_2_primary, identifier_2_cve],
location: build(:ci_reports_security_locations_sast, start_line: 42, end_line: 44),
scanner: scanner_2,
severity: :medium,
uuid: '61eb8e3e-3be1-4d6c-ba26-4e0dd4f94614'
severity: :medium
)
end
@ -67,8 +62,7 @@ RSpec.describe Security::MergeReportsService, '#execute', feature_category: :cod
build(:ci_reports_security_finding,
identifiers: [identifier_cwe],
scanner: scanner_3,
severity: :high,
uuid: '61eb8e3e-3be1-4d6c-ba26-4e0dd4f94615'
severity: :high
)
end
@ -76,8 +70,7 @@ RSpec.describe Security::MergeReportsService, '#execute', feature_category: :cod
build(:ci_reports_security_finding,
identifiers: [identifier_cwe],
scanner: scanner_1,
severity: :critical,
uuid: '61eb8e3e-3be1-4d6c-ba26-4e0dd4f94616'
severity: :critical
)
end
@ -85,8 +78,7 @@ RSpec.describe Security::MergeReportsService, '#execute', feature_category: :cod
build(:ci_reports_security_finding,
identifiers: [identifier_wasc],
scanner: scanner_1,
severity: :medium,
uuid: '61eb8e3e-3be1-4d6c-ba26-4e0dd4f94617'
severity: :medium
)
end
@ -94,8 +86,7 @@ RSpec.describe Security::MergeReportsService, '#execute', feature_category: :cod
build(:ci_reports_security_finding,
identifiers: [identifier_wasc],
scanner: scanner_2,
severity: :critical,
uuid: '61eb8e3e-3be1-4d6c-ba26-4e0dd4f94618'
severity: :critical
)
end
@ -199,8 +190,8 @@ RSpec.describe Security::MergeReportsService, '#execute', feature_category: :cod
finding_cwe_2,
finding_wasc_2,
finding_cwe_1,
finding_id_2_loc_1,
finding_id_2_loc_2,
finding_id_2_loc_1,
finding_wasc_1,
finding_id_1
])
@ -226,32 +217,9 @@ RSpec.describe Security::MergeReportsService, '#execute', feature_category: :cod
let(:identifier_cve) { build(:ci_reports_security_identifier, external_id: 'CVE-2019-123', external_type: 'cve') }
let(:identifier_semgrep) { build(:ci_reports_security_identifier, external_id: 'rules.bandit.B105', external_type: 'semgrep_id') }
let(:finding_id_1) do
build(
:ci_reports_security_finding,
identifiers: [identifier_bandit, identifier_cve],
scanner: bandit_scanner,
report_type: :sast,
uuid: '21ab978a-7052-5428-af0b-c7a4b3fe5020')
end
let(:finding_id_2) do
build(
:ci_reports_security_finding,
identifiers: [identifier_cve],
scanner: semgrep_scanner,
report_type: :sast,
uuid: '21ab978a-7052-5428-af0b-c7a4b3fe5021')
end
let(:finding_id_3) do
build(
:ci_reports_security_finding,
identifiers: [identifier_semgrep],
scanner: semgrep_scanner,
report_type: :sast,
uuid: '21ab978a-7052-5428-af0b-c7a4b3fe5022')
end
let(:finding_id_1) { build(:ci_reports_security_finding, identifiers: [identifier_bandit, identifier_cve], scanner: bandit_scanner, report_type: :sast) }
let(:finding_id_2) { build(:ci_reports_security_finding, identifiers: [identifier_cve], scanner: semgrep_scanner, report_type: :sast) }
let(:finding_id_3) { build(:ci_reports_security_finding, identifiers: [identifier_semgrep], scanner: semgrep_scanner, report_type: :sast) }
let(:bandit_report) do
build(:ci_reports_security_report,