Commit 14ee3a2c authored by Lukas Eipert's avatar Lukas Eipert

Add support for new SAST report version

This adds support for the new report syntax to SAST. We add support by
wrapping the old simple array in a hash within a `vulnerabilities` key.
parent 03a28e36
export const LOADING = 'LOADING'; export const LOADING = 'LOADING';
export const ERROR = 'ERROR'; export const ERROR = 'ERROR';
export const SUCCESS = 'SUCCESS'; export const SUCCESS = 'SUCCESS';
export const DEPRECATED_SAST_REPORT_VERSION = '1.2';
...@@ -2,6 +2,9 @@ import sha1 from 'sha1'; ...@@ -2,6 +2,9 @@ import sha1 from 'sha1';
import _ from 'underscore'; import _ from 'underscore';
import { stripHtml } from '~/lib/utils/text_utility'; import { stripHtml } from '~/lib/utils/text_utility';
import { n__, s__, sprintf } from '~/locale'; import { n__, s__, sprintf } from '~/locale';
import {
DEPRECATED_SAST_REPORT_VERSION,
} from 'ee/vue_shared/security_reports/store/constants';
/** /**
* Returns the index of an issue in given list * Returns the index of an issue in given list
...@@ -62,7 +65,7 @@ function fileUrl(location, pathPrefix) { ...@@ -62,7 +65,7 @@ function fileUrl(location, pathPrefix) {
* @param {Object} issue * @param {Object} issue
* @returns {Object} * @returns {Object}
*/ */
function adaptDeprecatedFormat(issue) { function adaptDeprecatedIssueFormat(issue) {
// Skip issue with new format (old format does not have a location property) // Skip issue with new format (old format does not have a location property)
if (issue.location) { if (issue.location) {
return issue; return issue;
...@@ -90,18 +93,37 @@ function adaptDeprecatedFormat(issue) { ...@@ -90,18 +93,37 @@ function adaptDeprecatedFormat(issue) {
return adapted; return adapted;
} }
/**
*
* Wraps old report formats (plain array of vulnerabilities).
*
* @param {Array|Object} report
* @param {String} deprecatedReportVersion
* @returns {Object}
*/
function adaptDeprecatedReportFormat(report, deprecatedReportVersion) {
if (Array.isArray(report)) {
return {
version: deprecatedReportVersion,
vulnerabilities: report,
};
}
return report;
}
/** /**
* Parses SAST results into a common format to allow to use the same Vue component. * Parses SAST results into a common format to allow to use the same Vue component.
* *
* @param {Array} issues * @param {Array|Object} report
* @param {Array} feedback * @param {Array} feedback
* @param {String} path * @param {String} path
* @returns {Array} * @returns {Array}
*/ */
export const parseSastIssues = (issues = [], feedback = [], path = '') => export const parseSastIssues = (report = [], feedback = [], path = '') =>
issues.map(issue => { adaptDeprecatedReportFormat(report, DEPRECATED_SAST_REPORT_VERSION).vulnerabilities.map(issue => {
const parsed = { const parsed = {
...adaptDeprecatedFormat(issue), ...adaptDeprecatedIssueFormat(issue),
category: 'sast', category: 'sast',
project_fingerprint: sha1(issue.cve), project_fingerprint: sha1(issue.cve),
title: issue.message, title: issue.message,
......
...@@ -113,6 +113,11 @@ export const sastIssues = [ ...@@ -113,6 +113,11 @@ export const sastIssues = [
}, },
]; ];
export const sastIssuesMajor2 = {
version: '2.0',
vulnerabilities: sastIssues,
};
export const oldSastIssues = [ export const oldSastIssues = [
{ {
tool: 'bundler_audit', tool: 'bundler_audit',
......
...@@ -13,6 +13,7 @@ import { ...@@ -13,6 +13,7 @@ import {
import { import {
oldSastIssues, oldSastIssues,
sastIssues, sastIssues,
sastIssuesMajor2,
sastFeedbacks, sastFeedbacks,
dependencyScanningIssues, dependencyScanningIssues,
dependencyScanningFeedbacks, dependencyScanningFeedbacks,
...@@ -75,6 +76,18 @@ describe('security reports utils', () => { ...@@ -75,6 +76,18 @@ describe('security reports utils', () => {
expect(parsed.project_fingerprint).toEqual(sha1(sastIssues[0].cve)); expect(parsed.project_fingerprint).toEqual(sha1(sastIssues[0].cve));
}); });
it('should parse the received issues with new JSON format (2.0)', () => {
const raw = sastIssues[0];
const parsed = parseSastIssues(sastIssuesMajor2, [], 'path')[0];
expect(parsed.title).toEqual(raw.message);
expect(parsed.path).toEqual(raw.location.file);
expect(parsed.location.start_line).toEqual(raw.location.start_line);
expect(parsed.location.end_line).toEqual(raw.location.end_line);
expect(parsed.urlPath).toEqual('path/Gemfile.lock#L5-10');
expect(parsed.project_fingerprint).toEqual(sha1(raw.cve));
});
it('generate correct path to file when there is no line', () => { it('generate correct path to file when there is no line', () => {
const parsed = parseSastIssues(sastIssues, [], 'path')[1]; const parsed = parseSastIssues(sastIssues, [], 'path')[1];
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment