Skip to content

G
gitlab-ce
Commit 0bd1b61c authored by Avielle Wolfe's avatar Avielle Wolfe Committed by Avielle Wolfe
Browse files
Options

Simplify vulnerabilities actions specs 

They were testing some functionality that is the responsibility of the
VulnerabilitiesFinder, not the controllers.
parent f51afbf1
Show whitespace changes
Inline Side-by-side
Showing with 86 additions and 141 deletions
ee/spec/support/shared_examples/controllers/concerns/ee/vulnerabilities_actions_shared_examples.rb
View file @ 0bd1b61c
......@@ -5,13 +5,9 @@ require 'spec_helper'
shared_examples ::EE::VulnerabilitiesActions do
include ApiHelpers
set(:group) { create(:group) }
set(:group_other) { create(:group) }
set(:user) { create(:user) }
set(:project_dev) { create(:project, :private, :repository, group: group) }
set(:project_guest) { create(:project, :private, :repository, group: group) }
set(:project_other) { create(:project, :public, :repository, group: group_other) }
let(:projects) { [project_dev, project_guest, project_other] }
let(:user) { create(:user) }
let(:project) { create(:project, namespace: group) }
let(:pipeline) { create(:ci_pipeline, :success, project: project) }
before do
group.add_developer(user)
......@@ -23,81 +19,74 @@ shared_examples ::EE::VulnerabilitiesActions do
describe 'GET index.json' do
subject { get :index, params: { group_id: group }, format: :json }
context 'when no page request' do
before do
projects.each do |project|
create_vulnerabilities(1, project)
end
end
it 'returns an ordered list of vulnerabilities' do
critical_vulnerability = create(
:vulnerabilities_occurrence,
pipelines: [pipeline],
project: project,
severity: :critical
)
create(:vulnerabilities_occurrence, pipelines: [pipeline], project: project, severity: :high)
it 'returns a list of vulnerabilities' do
subject
expect(response).to have_gitlab_http_status(200)
expect(json_response).to be_an(Array)
expect(json_response.length).to eq 2
expect(json_response.first['id']).to be(critical_vulnerability.id)
expect(response).to match_response_schema('vulnerabilities/occurrence_list', dir: 'ee')
end
end
context 'when page requested' do
before do
projects.each do |project|
create_vulnerabilities(11, project)
end
end
context 'when a specific page is requested' do
it 'returns the list of vulnerabilities that are on the requested page' do
create_list(:vulnerabilities_occurrence, 35, pipelines: [pipeline], project: project)
it 'returns a list of vulnerabilities for the requested page' do
get :index, params: { group_id: group, page: 2 }, format: :json
expect(response).to have_gitlab_http_status(200)
expect(json_response).to be_an(Array)
expect(json_response.length).to eq 2
expect(json_response.length).to eq 15
end
end
context 'with vulnerability feedback' do
it "avoids N+1 queries", :with_request_store do
create_vulnerabilities(2, project_dev, with_feedback: true)
control_count = ActiveRecord::QueryRecorder.new { get_index }
context 'when the vulnerabilities have feedback' do
subject { get :index, params: { group_id: group }, format: :json }
create_vulnerabilities(2, project_guest, with_feedback: true)
it 'avoids N+1 queries', :with_request_store do
vulnerability = create(:vulnerabilities_occurrence, pipelines: [pipeline], project: project, report_type: :sast)
create(:vulnerability_feedback,
:sast,
:issue,
pipeline: pipeline,
issue: create(:issue, project: project),
project: project,
project_fingerprint: vulnerability.project_fingerprint)
expect { get_index }.not_to exceed_all_query_limit(control_count)
end
control_count = ActiveRecord::QueryRecorder.new { subject }
private
vulnerability = create(:vulnerabilities_occurrence, pipelines: [pipeline], project: project, report_type: :sast)
create(:vulnerability_feedback,
:sast,
:issue,
pipeline: pipeline,
issue: create(:issue, project: project),
project: project,
project_fingerprint: vulnerability.project_fingerprint)
def get_index
get :index, params: { group_id: group }, format: :json
expect { subject }.not_to exceed_all_query_limit(control_count)
end
end
context 'with multiple report types' do
before do
projects.each do |project|
create_vulnerabilities(2, project_guest, { report_type: :sast })
create_vulnerabilities(1, project_dev, { report_type: :dependency_scanning })
end
end
it "returns a list of vulnerabilities for all report types without filter" do
subject
expect(response).to have_gitlab_http_status(200)
expect(json_response).to be_an(Array)
expect(json_response.length).to eq 3
expect(json_response.map { |v| v['report_type'] }.uniq).to contain_exactly('sast', 'dependency_scanning')
expect(response).to match_response_schema('vulnerabilities/occurrence_list', dir: 'ee')
create(:vulnerabilities_occurrence, pipelines: [pipeline], project: project, report_type: :sast)
create(:vulnerabilities_occurrence, pipelines: [pipeline], project: project, report_type: :dast)
create(:vulnerabilities_occurrence, pipelines: [pipeline], project: project, report_type: :dependency_scanning)
end
it "returns a list of vulnerabilities for sast only if filter is enabled" do
it 'returns a list of vulnerabilities for sast only if filter is enabled' do
get :index, params: { group_id: group, report_type: ['sast'] }, format: :json
expect(response).to have_gitlab_http_status(200)
expect(json_response).to be_an(Array)
expect(json_response.length).to eq 2
expect(json_response.length).to eq 1
expect(json_response.map { |v| v['report_type'] }.uniq).to contain_exactly('sast')
expect(response).to match_response_schema('vulnerabilities/occurrence_list', dir: 'ee')
end
......@@ -105,62 +94,31 @@ shared_examples ::EE::VulnerabilitiesActions do
it "returns a list of vulnerabilities of all types with multi filter" do
get :index, params: { group_id: group, report_type: %w[sast dependency_scanning] }, format: :json
expect(json_response.length).to eq 3
expect(json_response.length).to eq 2
expect(json_response.map { |v| v['report_type'] }.uniq).to contain_exactly('sast', 'dependency_scanning')
end
end
def create_vulnerabilities(count, project, options = {})
report_type = options[:report_type] || :sast
pipeline = create(:ci_pipeline, :success, project: project)
vulnerabilities = create_list(:vulnerabilities_occurrence, count, report_type: report_type, pipelines: [pipeline], project: project)
return vulnerabilities unless options[:with_feedback]
vulnerabilities.each do |occurrence|
create(:vulnerability_feedback, report_type, :dismissal,
pipeline: pipeline,
project: project_dev,
project_fingerprint: occurrence.project_fingerprint)
create(:vulnerability_feedback, report_type, :issue,
pipeline: pipeline,
issue: create(:issue, project: project),
project: project_dev,
project_fingerprint: occurrence.project_fingerprint)
end
end
end
describe 'GET summary.json' do
subject { get :summary, params: { group_id: group }, format: :json }
before do
pipeline = create(:ci_pipeline, :success, project: project_dev)
create_list(:vulnerabilities_occurrence, 3,
pipelines: [pipeline], project: project_dev, report_type: :sast, severity: :high)
create_list(:vulnerabilities_occurrence, 1,
pipelines: [pipeline], project: project_dev, report_type: :dependency_scanning, severity: :low)
pipelines: [pipeline], project: project, report_type: :sast, severity: :high)
create_list(:vulnerabilities_occurrence, 2,
pipelines: [pipeline], project: project_guest, report_type: :dependency_scanning, severity: :low)
pipelines: [pipeline], project: project, report_type: :dependency_scanning, severity: :low)
create_list(:vulnerabilities_occurrence, 1,
pipelines: [pipeline], project: project_guest, report_type: :dast, severity: :medium)
pipelines: [pipeline], project: project, report_type: :dast, severity: :medium)
create_list(:vulnerabilities_occurrence, 1,
pipelines: [pipeline], project: project_other, report_type: :dast, severity: :low)
pipelines: [pipeline], project: project, report_type: :sast, severity: :medium)
end
it 'returns vulnerabilities counts for all report types' do
subject
get :summary, params: { group_id: group }, format: :json
expect(response).to have_gitlab_http_status(200)
expect(json_response).to be_an(Hash)
expect(json_response['high']).to eq(3)
expect(json_response['low']).to eq(4)
expect(json_response['medium']).to eq(1)
expect(json_response['low']).to eq(2)
expect(json_response['medium']).to eq(2)
expect(response).to match_response_schema('vulnerabilities/summary', dir: 'ee')
end
......@@ -169,10 +127,9 @@ shared_examples ::EE::VulnerabilitiesActions do
get :summary, params: { group_id: group, report_type: %w[sast dast], severity: %[high low] }, format: :json
expect(response).to have_gitlab_http_status(200)
expect(json_response).to be_an(Hash)
expect(json_response['high']).to eq(3)
expect(json_response['low']).to eq(1)
expect(json_response['medium']).to eq(1)
expect(json_response['low']).to eq(0)
expect(json_response['medium']).to eq(2)
expect(response).to match_response_schema('vulnerabilities/summary', dir: 'ee')
end
end
......@@ -183,51 +140,43 @@ shared_examples ::EE::VulnerabilitiesActions do
before do
travel_to(Time.zone.parse('2018-11-10')) do
pipeline_1 = create(:ci_pipeline, :success, project: project_dev)
pipeline_2 = create(:ci_pipeline, :success, project: project_dev)
create(:vulnerabilities_occurrence,
pipelines: [pipeline],
project: project,
report_type: :sast,
severity: :critical)
create_list(:vulnerabilities_occurrence, 2,
pipelines: [pipeline_1], project: project_dev, report_type: :sast, severity: :high)
create_list(:vulnerabilities_occurrence, 1,
pipelines: [pipeline_1], project: project_dev, report_type: :dependency_scanning, severity: :low)
create_list(:vulnerabilities_occurrence, 1,
pipelines: [pipeline_1, pipeline_2], project: project_dev, report_type: :sast, severity: :critical)
create_list(:vulnerabilities_occurrence, 1,
pipelines: [pipeline_1, pipeline_2], project: project_dev, report_type: :dependency_scanning, severity: :low)
create(:vulnerabilities_occurrence,
pipelines: [pipeline],
project: project,
report_type: :dependency_scanning,
severity: :low)
end
travel_to(Time.zone.parse('2018-11-12')) do
pipeline = create(:ci_pipeline, :success, project: project_dev)
create(:vulnerabilities_occurrence,
pipelines: [pipeline],
project: project,
report_type: :sast,
severity: :critical)
create_list(:vulnerabilities_occurrence, 2,
pipelines: [pipeline], project: project_dev, report_type: :dependency_scanning, severity: :low)
create_list(:vulnerabilities_occurrence, 1,
pipelines: [pipeline], project: project_dev, report_type: :dast, severity: :medium)
create_list(:vulnerabilities_occurrence, 1,
pipelines: [pipeline], project: project_dev, report_type: :dast, severity: :low)
create_list(:vulnerabilities_occurrence, 1,
pipelines: [pipeline], project: project_dev, report_type: :container_scanning, severity: :high)
create(:vulnerabilities_occurrence,
pipelines: [pipeline],
project: project,
report_type: :dependency_scanning,
severity: :low)
end
end
it 'returns vulnerability history within last 90 days' do
travel_to(Time.zone.parse('2019-02-10')) do
travel_to(Time.zone.parse('2019-02-11')) do
subject
end
expect(response).to have_gitlab_http_status(200)
expect(json_response).to be_an(Hash)
expect(json_response['total']).to eq({ '2018-11-10' => 5, '2018-11-12' => 5 })
expect(json_response['critical']).to eq({ '2018-11-10' => 1 })
expect(json_response['high']).to eq({ '2018-11-10' => 2, '2018-11-12' => 1 })
expect(json_response['medium']).to eq({ '2018-11-12' => 1 })
expect(json_response['low']).to eq({ '2018-11-10' => 2, '2018-11-12' => 3 })
expect(json_response['total']).to eq({ '2018-11-12' => 2 })
expect(json_response['critical']).to eq({ '2018-11-12' => 1 })
expect(json_response['low']).to eq({ '2018-11-12' => 1 })
expect(response).to match_response_schema('vulnerabilities/history', dir: 'ee')
end
......@@ -237,7 +186,6 @@ shared_examples ::EE::VulnerabilitiesActions do
end
expect(response).to have_gitlab_http_status(200)
expect(json_response).to be_an(Hash)
expect(json_response).to eq({
"undefined" => {},
"info" => {},
......@@ -252,17 +200,14 @@ shared_examples ::EE::VulnerabilitiesActions do
end
it 'returns filtered history if filters are enabled' do
travel_to(Time.zone.parse('2019-02-10')) do
get :history, params: { group_id: group, report_type: %w[dependency_scanning sast dast container_scanning] }, format: :json
travel_to(Time.zone.parse('2019-02-11')) do
get :history, params: { group_id: group, report_type: %w[sast] }, format: :json
end
expect(response).to have_gitlab_http_status(200)
expect(json_response).to be_an(Hash)
expect(json_response['total']).to eq({ '2018-11-10' => 5, '2018-11-12' => 5 })
expect(json_response['critical']).to eq({ '2018-11-10' => 1 })
expect(json_response['high']).to eq({ '2018-11-10' => 2, '2018-11-12' => 1 })
expect(json_response['medium']).to eq({ '2018-11-12' => 1 })
expect(json_response['low']).to eq({ '2018-11-10' => 2, '2018-11-12' => 3 })
expect(json_response['total']).to eq({ '2018-11-12' => 1 })
expect(json_response['critical']).to eq({ '2018-11-12' => 1 })
expect(json_response['low']).to eq({})
expect(response).to match_response_schema('vulnerabilities/history', dir: 'ee')
end
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7