Commit 0b4b2ca4 authored by Mehmet Emin INAC's avatar Mehmet Emin INAC

Check Security::Scan resources to identify ran security jobs

Changelog: fixed
EE: true
parent 2b7b3e63
...@@ -15,31 +15,35 @@ module Security ...@@ -15,31 +15,35 @@ module Security
def execute def execute
@selection_information.each_with_object({}) do |(report_type, summary_types), response| @selection_information.each_with_object({}) do |(report_type, summary_types), response|
response[report_type] = summary_counts_for_report_type(report_type, summary_types) response[report_type] = summary_counts_for_report_type(report_type.to_s, summary_types)
end end
end end
private private
def summary_counts_for_report_type(report_type, summary_types) def summary_counts_for_report_type(report_type, summary_types)
return if @pipeline.security_findings.by_report_types(report_type).empty? return unless has_report?(report_type)
summary_types.each_with_object({}) do |summary_type, response| summary_types.each_with_object({}) do |summary_type, response|
case summary_type case summary_type
when :vulnerabilities_count when :vulnerabilities_count
response[:vulnerabilities_count] = vulnerability_counts[report_type.to_s] response[:vulnerabilities_count] = vulnerability_counts[report_type]
when :scanned_resources_count when :scanned_resources_count
response[:scanned_resources_count] = scanned_resources_counts[report_type.to_s] response[:scanned_resources_count] = scanned_resources_counts[report_type]
when :scanned_resources when :scanned_resources
response[:scanned_resources] = scanned_resources[report_type.to_s] response[:scanned_resources] = scanned_resources[report_type]
when :scanned_resources_csv_path when :scanned_resources_csv_path
response[:scanned_resources_csv_path] = csv_path response[:scanned_resources_csv_path] = csv_path
when :scans when :scans
response[:scans] = grouped_scans[report_type.to_s] response[:scans] = grouped_scans[report_type]
end end
end end
end end
def has_report?(report_type)
grouped_scans[report_type].present?
end
def csv_path def csv_path
::Gitlab::Routing.url_helpers.project_security_scanned_resources_path( ::Gitlab::Routing.url_helpers.project_security_scanned_resources_path(
@pipeline.project, @pipeline.project,
......
...@@ -173,30 +173,13 @@ RSpec.describe Security::ReportSummaryService, '#execute' do ...@@ -173,30 +173,13 @@ RSpec.describe Security::ReportSummaryService, '#execute' do
end end
end end
context 'When only the DAST scan ran' do context 'When there is a scan but no findings' do
let_it_be(:pipeline) { create(:ci_pipeline, :success) } let_it_be(:pipeline) { create(:ci_pipeline, :success) }
let_it_be(:build_dast) { create(:ci_build, :success, name: 'dast', pipeline: pipeline) }
let_it_be(:artifact_dast) { create(:ee_ci_job_artifact, :dast_large_scanned_resources_field, job: build_dast) }
let_it_be(:report_dast) { create(:ci_reports_security_report, type: :dast) }
let_it_be(:scan_dast) { create(:security_scan, scan_type: :dast, build: build_dast) }
before do before do
stub_licensed_features(sast: true, dependency_scanning: true, container_scanning: true, dast: true) build_dast = create(:ci_build, :success, name: 'dast', pipeline: pipeline)
dast_content = File.read(artifact_dast.file.path)
Gitlab::Ci::Parsers::Security::Dast.parse!(dast_content, report_dast)
report_dast.merge!(report_dast)
{ artifact_dast => report_dast }.each do |artifact, report| create(:security_scan, scan_type: :dast, build: build_dast)
report.findings.each do |finding|
create(:security_finding,
severity: finding.severity,
confidence: finding.confidence,
project_fingerprint: finding.project_fingerprint,
deduplicated: true,
scan: artifact.job.security_scans.first)
end
end
end end
let(:selection_information) do let(:selection_information) do
...@@ -206,7 +189,7 @@ RSpec.describe Security::ReportSummaryService, '#execute' do ...@@ -206,7 +189,7 @@ RSpec.describe Security::ReportSummaryService, '#execute' do
} }
end end
it 'returns nil for the other scans' do it 'still returns data for the report ran' do
expect(result[:dast]).not_to be_nil expect(result[:dast]).not_to be_nil
expect(result[:sast]).to be_nil expect(result[:sast]).to be_nil
expect(result[:container_scanning]).to be_nil expect(result[:container_scanning]).to be_nil
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment