Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
0d18a578
Commit
0d18a578
authored
3 years ago
by
Daniel Tian
Committed by
Savas Vedova
3 years ago
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix auditor user able to bulk select vulns on vulnerability report
Changelog: fixed MR: EE: true
parent
8be1ab23
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
49 additions
and
21 deletions
+49
-21
ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_list.vue
...onents/shared/vulnerability_report/vulnerability_list.vue
+17
-4
ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_report.vue
...ents/shared/vulnerability_report/vulnerability_report.vue
+2
-7
ee/spec/frontend/security_dashboard/components/shared/vulnerability_report/vulnerability_list_spec.js
...ts/shared/vulnerability_report/vulnerability_list_spec.js
+30
-3
ee/spec/frontend/security_dashboard/components/shared/vulnerability_report/vulnerability_report_spec.js
.../shared/vulnerability_report/vulnerability_report_spec.js
+0
-7
No files found.
ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_list.vue
View file @
0d18a578
...
@@ -19,6 +19,7 @@ import RemediatedBadge from 'ee/vulnerabilities/components/remediated_badge.vue'
...
@@ -19,6 +19,7 @@ import RemediatedBadge from 'ee/vulnerabilities/components/remediated_badge.vue'
import
{
VULNERABILITY_STATES
}
from
'
ee/vulnerabilities/constants
'
;
import
{
VULNERABILITY_STATES
}
from
'
ee/vulnerabilities/constants
'
;
import
{
formatDate
}
from
'
~/lib/utils/datetime_utility
'
;
import
{
formatDate
}
from
'
~/lib/utils/datetime_utility
'
;
import
{
convertToSnakeCase
}
from
'
~/lib/utils/text_utility
'
;
import
{
convertToSnakeCase
}
from
'
~/lib/utils/text_utility
'
;
import
{
FIELDS
}
from
'
ee/security_dashboard/components/shared/vulnerability_report/constants
'
;
import
AutoFixHelpText
from
'
../auto_fix_help_text.vue
'
;
import
AutoFixHelpText
from
'
../auto_fix_help_text.vue
'
;
import
IssuesBadge
from
'
../issues_badge.vue
'
;
import
IssuesBadge
from
'
../issues_badge.vue
'
;
import
SelectionSummary
from
'
../selection_summary.vue
'
;
import
SelectionSummary
from
'
../selection_summary.vue
'
;
...
@@ -49,6 +50,9 @@ export default {
...
@@ -49,6 +50,9 @@ export default {
hasVulnerabilities
:
{
hasVulnerabilities
:
{
default
:
false
,
default
:
false
,
},
},
canAdminVulnerability
:
{
default
:
false
,
},
hasJiraVulnerabilitiesIntegrationEnabled
:
{
hasJiraVulnerabilitiesIntegrationEnabled
:
{
default
:
false
,
default
:
false
,
},
},
...
@@ -81,6 +85,10 @@ export default {
...
@@ -81,6 +85,10 @@ export default {
};
};
},
},
computed
:
{
computed
:
{
displayFields
()
{
// Add the checkbox field if the user can use the bulk select feature.
return
this
.
canAdminVulnerability
?
[
FIELDS
.
CHECKBOX
,
...
this
.
fields
]
:
this
.
fields
;
},
hasAnyScannersOtherThanGitLab
()
{
hasAnyScannersOtherThanGitLab
()
{
return
this
.
vulnerabilities
.
some
(
return
this
.
vulnerabilities
.
some
(
(
v
)
=>
v
.
scanner
?.
vendor
!==
'
GitLab
'
&&
v
.
scanner
?.
vendor
!==
''
,
(
v
)
=>
v
.
scanner
?.
vendor
!==
'
GitLab
'
&&
v
.
scanner
?.
vendor
!==
''
,
...
@@ -176,6 +184,11 @@ export default {
...
@@ -176,6 +184,11 @@ export default {
}
}
},
},
toggleVulnerability
(
vulnerability
)
{
toggleVulnerability
(
vulnerability
)
{
// If the user can't use the bulk select feature (like the auditor user), don't do anything.
if
(
!
this
.
canAdminVulnerability
)
{
return
;
}
if
(
this
.
selectedVulnerabilities
[
vulnerability
.
id
])
{
if
(
this
.
selectedVulnerabilities
[
vulnerability
.
id
])
{
this
.
$delete
(
this
.
selectedVulnerabilities
,
`
${
vulnerability
.
id
}
`
);
this
.
$delete
(
this
.
selectedVulnerabilities
,
`
${
vulnerability
.
id
}
`
);
}
else
{
}
else
{
...
@@ -237,7 +250,7 @@ export default {
...
@@ -237,7 +250,7 @@ export default {
/>
/>
<gl-table
<gl-table
:busy=
"isLoading"
:busy=
"isLoading"
:fields=
"
f
ields"
:fields=
"
displayF
ields"
:items=
"vulnerabilities"
:items=
"vulnerabilities"
:thead-class=
"theadClass"
:thead-class=
"theadClass"
:sort-desc=
"sortDesc"
:sort-desc=
"sortDesc"
...
@@ -249,7 +262,7 @@ export default {
...
@@ -249,7 +262,7 @@ export default {
responsive
responsive
hover
hover
primary-key=
"id"
primary-key=
"id"
:tbody-tr-class=
"
{ 'gl-cursor-pointer':
vulnerabilities.length
}"
:tbody-tr-class=
"
{ 'gl-cursor-pointer':
canAdminVulnerability
}"
head-variant="white"
head-variant="white"
@sort-changed="handleSortChange"
@sort-changed="handleSortChange"
@row-clicked="toggleVulnerability"
@row-clicked="toggleVulnerability"
...
@@ -372,8 +385,8 @@ export default {
...
@@ -372,8 +385,8 @@ export default {
</
template
>
</
template
>
<
template
#empty
>
<
template
#empty
>
<filters-produced-no-results
v-if=
"hasVulnerabilities
&& !isLoading
"
/>
<filters-produced-no-results
v-if=
"hasVulnerabilities
"
class=
"gl-cursor-default
"
/>
<dashboard-has-no-vulnerabilities
v-else
-if=
"!isLoading
"
/>
<dashboard-has-no-vulnerabilities
v-else
class=
"gl-cursor-default
"
/>
</
template
>
</
template
>
</gl-table>
</gl-table>
</div>
</div>
...
...
This diff is collapsed.
Click to expand it.
ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_report.vue
View file @
0d18a578
...
@@ -4,7 +4,6 @@ import VulnerabilityCounts from './vulnerability_counts.vue';
...
@@ -4,7 +4,6 @@ import VulnerabilityCounts from './vulnerability_counts.vue';
import
VulnerabilityListGraphql
from
'
./vulnerability_list_graphql.vue
'
;
import
VulnerabilityListGraphql
from
'
./vulnerability_list_graphql.vue
'
;
import
VulnerabilityFilters
from
'
./vulnerability_filters.vue
'
;
import
VulnerabilityFilters
from
'
./vulnerability_filters.vue
'
;
import
{
import
{
FIELDS
,
FILTERS
,
FILTERS
,
FIELD_PRESETS
,
FIELD_PRESETS
,
FILTER_PRESETS
,
FILTER_PRESETS
,
...
@@ -18,7 +17,7 @@ export default {
...
@@ -18,7 +17,7 @@ export default {
VulnerabilityListGraphql
,
VulnerabilityListGraphql
,
VulnerabilityFilters
,
VulnerabilityFilters
,
},
},
inject
:
[
'
dashboardType
'
,
'
canAdminVulnerability
'
],
inject
:
[
'
dashboardType
'
],
props
:
{
props
:
{
type
:
{
type
:
{
type
:
String
,
type
:
String
,
...
@@ -53,11 +52,7 @@ export default {
...
@@ -53,11 +52,7 @@ export default {
return
[...
FILTER_PRESETS
[
type
],
...(
this
.
showProjectFilter
?
[
FILTERS
.
PROJECT
]
:
[])];
return
[...
FILTER_PRESETS
[
type
],
...(
this
.
showProjectFilter
?
[
FILTERS
.
PROJECT
]
:
[])];
},
},
fieldsToShow
()
{
fieldsToShow
()
{
return
[
return
FIELD_PRESETS
[
this
.
type
];
// Add the checkbox field if the user can use the bulk select feature.
...(
this
.
canAdminVulnerability
?
[
FIELDS
.
CHECKBOX
]
:
[]),
...
FIELD_PRESETS
[
this
.
type
],
];
},
},
},
},
methods
:
{
methods
:
{
...
...
This diff is collapsed.
Click to expand it.
ee/spec/frontend/security_dashboard/components/shared/vulnerability_report/vulnerability_list_spec.js
View file @
0d18a578
...
@@ -14,7 +14,7 @@ import { mountExtended } from 'helpers/vue_test_utils_helper';
...
@@ -14,7 +14,7 @@ import { mountExtended } from 'helpers/vue_test_utils_helper';
import
{
FIELDS
}
from
'
ee/security_dashboard/components/shared/vulnerability_report/constants
'
;
import
{
FIELDS
}
from
'
ee/security_dashboard/components/shared/vulnerability_report/constants
'
;
import
{
generateVulnerabilities
,
vulnerabilities
}
from
'
../../mock_data
'
;
import
{
generateVulnerabilities
,
vulnerabilities
}
from
'
../../mock_data
'
;
const
{
CHECKBOX
,
DETECTED
,
STATUS
,
SEVERITY
,
DESCRIPTION
,
IDENTIFIER
,
TOOL
,
ACTIVITY
}
=
FIELDS
;
const
{
DETECTED
,
STATUS
,
SEVERITY
,
DESCRIPTION
,
IDENTIFIER
,
TOOL
,
ACTIVITY
}
=
FIELDS
;
describe
(
'
Vulnerability list component
'
,
()
=>
{
describe
(
'
Vulnerability list component
'
,
()
=>
{
let
wrapper
;
let
wrapper
;
...
@@ -23,7 +23,7 @@ describe('Vulnerability list component', () => {
...
@@ -23,7 +23,7 @@ describe('Vulnerability list component', () => {
wrapper
=
mountExtended
(
VulnerabilityList
,
{
wrapper
=
mountExtended
(
VulnerabilityList
,
{
propsData
:
{
propsData
:
{
vulnerabilities
:
[],
vulnerabilities
:
[],
fields
:
[
CHECKBOX
,
DETECTED
,
STATUS
,
SEVERITY
,
DESCRIPTION
,
IDENTIFIER
,
TOOL
,
ACTIVITY
],
fields
:
[
DETECTED
,
STATUS
,
SEVERITY
,
DESCRIPTION
,
IDENTIFIER
,
TOOL
,
ACTIVITY
],
...
props
,
...
props
,
},
},
stubs
:
{
stubs
:
{
...
@@ -205,6 +205,30 @@ describe('Vulnerability list component', () => {
...
@@ -205,6 +205,30 @@ describe('Vulnerability list component', () => {
);
);
});
});
describe
(
'
when user has no permission to admin vulnerabilities
'
,
()
=>
{
beforeEach
(()
=>
{
createWrapper
({
props
:
{
vulnerabilities
},
provide
:
{
canAdminVulnerability
:
false
},
});
});
it
(
'
should not show the checkboxes
'
,
()
=>
{
expect
(
findDataCell
(
'
vulnerability-checkbox-all
'
).
exists
()).
toBe
(
false
);
expect
(
findDataCell
(
'
vulnerability-checkbox
'
).
exists
()).
toBe
(
false
);
});
it
(
'
should not select a clicked vulnerability
'
,
async
()
=>
{
findRow
(
1
).
trigger
(
'
click
'
);
await
wrapper
.
vm
.
$nextTick
();
expect
(
findSelectionSummary
().
props
()).
toMatchObject
({
visible
:
false
,
selectedVulnerabilities
:
[],
});
});
});
describe
(
'
when displayed on instance or group level dashboard
'
,
()
=>
{
describe
(
'
when displayed on instance or group level dashboard
'
,
()
=>
{
let
newVulnerabilities
;
let
newVulnerabilities
;
...
@@ -580,7 +604,10 @@ describe('Vulnerability list component', () => {
...
@@ -580,7 +604,10 @@ describe('Vulnerability list component', () => {
describe
(
'
fields prop
'
,
()
=>
{
describe
(
'
fields prop
'
,
()
=>
{
it
(
'
shows the expected columns in the table
'
,
()
=>
{
it
(
'
shows the expected columns in the table
'
,
()
=>
{
const
fields
=
[
STATUS
,
SEVERITY
];
const
fields
=
[
STATUS
,
SEVERITY
];
createWrapper
({
props
:
{
fields
,
vulnerabilities
}
});
createWrapper
({
props
:
{
fields
,
vulnerabilities
},
provide
:
{
canAdminVulnerability
:
false
},
});
// Check that there are only 2 columns.
// Check that there are only 2 columns.
expect
(
findRow
().
element
.
cells
).
toHaveLength
(
2
);
expect
(
findRow
().
element
.
cells
).
toHaveLength
(
2
);
...
...
This diff is collapsed.
Click to expand it.
ee/spec/frontend/security_dashboard/components/shared/vulnerability_report/vulnerability_report_spec.js
View file @
0d18a578
...
@@ -8,7 +8,6 @@ import projectVulnerabilitiesQuery from 'ee/security_dashboard/graphql/queries/p
...
@@ -8,7 +8,6 @@ import projectVulnerabilitiesQuery from 'ee/security_dashboard/graphql/queries/p
import
{
DASHBOARD_TYPES
}
from
'
ee/security_dashboard/store/constants
'
;
import
{
DASHBOARD_TYPES
}
from
'
ee/security_dashboard/store/constants
'
;
import
{
import
{
FIELD_PRESETS
,
FIELD_PRESETS
,
FIELDS
,
FILTER_PRESETS
,
FILTER_PRESETS
,
REPORT_TAB
,
REPORT_TAB
,
REPORT_TYPE_PRESETS
,
REPORT_TYPE_PRESETS
,
...
@@ -107,12 +106,6 @@ describe('Vulnerability report component', () => {
...
@@ -107,12 +106,6 @@ describe('Vulnerability report component', () => {
expect
(
findVulnerabilityListGraphql
().
props
(
'
fields
'
)).
toEqual
(
expectedFields
);
expect
(
findVulnerabilityListGraphql
().
props
(
'
fields
'
)).
toEqual
(
expectedFields
);
});
});
it
(
'
gets passed the checkbox field if the user can admin vulnerability
'
,
()
=>
{
createWrapper
({
canAdminVulnerability
:
true
});
expect
(
findVulnerabilityListGraphql
().
props
(
'
fields
'
)).
toContainEqual
(
FIELDS
.
CHECKBOX
);
});
it
.
each
([
true
,
false
])(
it
.
each
([
true
,
false
])(
'
gets passed the expected value for the should show project namespace prop
'
,
'
gets passed the expected value for the should show project namespace prop
'
,
(
showProjectFilter
)
=>
{
(
showProjectFilter
)
=>
{
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment