Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
0b4b2ca4
Commit
0b4b2ca4
authored
Jun 11, 2021
by
Mehmet Emin INAC
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Check Security::Scan resources to identify ran security jobs
Changelog: fixed EE: true
parent
2b7b3e63
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
15 additions
and
28 deletions
+15
-28
ee/app/services/security/report_summary_service.rb
ee/app/services/security/report_summary_service.rb
+10
-6
ee/spec/services/security/report_summary_service_spec.rb
ee/spec/services/security/report_summary_service_spec.rb
+5
-22
No files found.
ee/app/services/security/report_summary_service.rb
View file @
0b4b2ca4
...
@@ -15,31 +15,35 @@ module Security
...
@@ -15,31 +15,35 @@ module Security
def
execute
def
execute
@selection_information
.
each_with_object
({})
do
|
(
report_type
,
summary_types
),
response
|
@selection_information
.
each_with_object
({})
do
|
(
report_type
,
summary_types
),
response
|
response
[
report_type
]
=
summary_counts_for_report_type
(
report_type
,
summary_types
)
response
[
report_type
]
=
summary_counts_for_report_type
(
report_type
.
to_s
,
summary_types
)
end
end
end
end
private
private
def
summary_counts_for_report_type
(
report_type
,
summary_types
)
def
summary_counts_for_report_type
(
report_type
,
summary_types
)
return
if
@pipeline
.
security_findings
.
by_report_types
(
report_type
).
empty?
return
unless
has_report?
(
report_type
)
summary_types
.
each_with_object
({})
do
|
summary_type
,
response
|
summary_types
.
each_with_object
({})
do
|
summary_type
,
response
|
case
summary_type
case
summary_type
when
:vulnerabilities_count
when
:vulnerabilities_count
response
[
:vulnerabilities_count
]
=
vulnerability_counts
[
report_type
.
to_s
]
response
[
:vulnerabilities_count
]
=
vulnerability_counts
[
report_type
]
when
:scanned_resources_count
when
:scanned_resources_count
response
[
:scanned_resources_count
]
=
scanned_resources_counts
[
report_type
.
to_s
]
response
[
:scanned_resources_count
]
=
scanned_resources_counts
[
report_type
]
when
:scanned_resources
when
:scanned_resources
response
[
:scanned_resources
]
=
scanned_resources
[
report_type
.
to_s
]
response
[
:scanned_resources
]
=
scanned_resources
[
report_type
]
when
:scanned_resources_csv_path
when
:scanned_resources_csv_path
response
[
:scanned_resources_csv_path
]
=
csv_path
response
[
:scanned_resources_csv_path
]
=
csv_path
when
:scans
when
:scans
response
[
:scans
]
=
grouped_scans
[
report_type
.
to_s
]
response
[
:scans
]
=
grouped_scans
[
report_type
]
end
end
end
end
end
end
def
has_report?
(
report_type
)
grouped_scans
[
report_type
].
present?
end
def
csv_path
def
csv_path
::
Gitlab
::
Routing
.
url_helpers
.
project_security_scanned_resources_path
(
::
Gitlab
::
Routing
.
url_helpers
.
project_security_scanned_resources_path
(
@pipeline
.
project
,
@pipeline
.
project
,
...
...
ee/spec/services/security/report_summary_service_spec.rb
View file @
0b4b2ca4
...
@@ -173,30 +173,13 @@ RSpec.describe Security::ReportSummaryService, '#execute' do
...
@@ -173,30 +173,13 @@ RSpec.describe Security::ReportSummaryService, '#execute' do
end
end
end
end
context
'When
only the DAST scan ran
'
do
context
'When
there is a scan but no findings
'
do
let_it_be
(
:pipeline
)
{
create
(
:ci_pipeline
,
:success
)
}
let_it_be
(
:pipeline
)
{
create
(
:ci_pipeline
,
:success
)
}
let_it_be
(
:build_dast
)
{
create
(
:ci_build
,
:success
,
name:
'dast'
,
pipeline:
pipeline
)
}
let_it_be
(
:artifact_dast
)
{
create
(
:ee_ci_job_artifact
,
:dast_large_scanned_resources_field
,
job:
build_dast
)
}
let_it_be
(
:report_dast
)
{
create
(
:ci_reports_security_report
,
type: :dast
)
}
let_it_be
(
:scan_dast
)
{
create
(
:security_scan
,
scan_type: :dast
,
build:
build_dast
)
}
before
do
before
do
stub_licensed_features
(
sast:
true
,
dependency_scanning:
true
,
container_scanning:
true
,
dast:
true
)
build_dast
=
create
(
:ci_build
,
:success
,
name:
'dast'
,
pipeline:
pipeline
)
dast_content
=
File
.
read
(
artifact_dast
.
file
.
path
)
Gitlab
::
Ci
::
Parsers
::
Security
::
Dast
.
parse!
(
dast_content
,
report_dast
)
report_dast
.
merge!
(
report_dast
)
{
artifact_dast
=>
report_dast
}.
each
do
|
artifact
,
report
|
create
(
:security_scan
,
scan_type: :dast
,
build:
build_dast
)
report
.
findings
.
each
do
|
finding
|
create
(
:security_finding
,
severity:
finding
.
severity
,
confidence:
finding
.
confidence
,
project_fingerprint:
finding
.
project_fingerprint
,
deduplicated:
true
,
scan:
artifact
.
job
.
security_scans
.
first
)
end
end
end
end
let
(
:selection_information
)
do
let
(
:selection_information
)
do
...
@@ -206,7 +189,7 @@ RSpec.describe Security::ReportSummaryService, '#execute' do
...
@@ -206,7 +189,7 @@ RSpec.describe Security::ReportSummaryService, '#execute' do
}
}
end
end
it
'
returns nil for the other scans
'
do
it
'
still returns data for the report ran
'
do
expect
(
result
[
:dast
]).
not_to
be_nil
expect
(
result
[
:dast
]).
not_to
be_nil
expect
(
result
[
:sast
]).
to
be_nil
expect
(
result
[
:sast
]).
to
be_nil
expect
(
result
[
:container_scanning
]).
to
be_nil
expect
(
result
[
:container_scanning
]).
to
be_nil
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment