Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
2ea03c29
Commit
2ea03c29
authored
Jan 20, 2021
by
Tetiana Chupryna
Committed by
Shinya Maeda
Jan 20, 2021
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Create auto_fix label
We need to assign a special label to identify bot's MRs
parent
cb1a7626
Changes
6
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
100 additions
and
1 deletion
+100
-1
ee/app/policies/ee/project_policy.rb
ee/app/policies/ee/project_policy.rb
+1
-0
ee/app/services/security/auto_fix_label_service.rb
ee/app/services/security/auto_fix_label_service.rb
+32
-0
ee/app/services/security/auto_fix_service.rb
ee/app/services/security/auto_fix_service.rb
+18
-1
ee/spec/policies/project_policy_spec.rb
ee/spec/policies/project_policy_spec.rb
+1
-0
ee/spec/services/security/auto_fix_label_service_spec.rb
ee/spec/services/security/auto_fix_label_service_spec.rb
+39
-0
ee/spec/services/security/auto_fix_service_spec.rb
ee/spec/services/security/auto_fix_service_spec.rb
+9
-0
No files found.
ee/app/policies/ee/project_policy.rb
View file @
2ea03c29
...
@@ -234,6 +234,7 @@ module EE
...
@@ -234,6 +234,7 @@ module EE
enable
:push_code
enable
:push_code
enable
:create_merge_request_from
enable
:create_merge_request_from
enable
:create_vulnerability_feedback
enable
:create_vulnerability_feedback
enable
:admin_merge_request
end
end
rule
{
issues_disabled
&
merge_requests_disabled
}.
policy
do
rule
{
issues_disabled
&
merge_requests_disabled
}.
policy
do
...
...
ee/app/services/security/auto_fix_label_service.rb
0 → 100644
View file @
2ea03c29
# frozen_string_literal: true
module
Security
class
AutoFixLabelService
<
BaseContainerService
LABEL_PROPERTIES
=
{
title:
'GitLab-auto-fix'
,
color:
'#FF8167'
,
description:
<<~
DESCRIPTION
.
chomp
Merge Requests created automatically by @GitLab-Security-Bot \
as a remediation of a security vulnerability
DESCRIPTION
}.
freeze
def
initialize
(
container
:,
current_user:
nil
,
params:
{})
super
@project
=
container
end
def
execute
label
=
::
Labels
::
FindOrCreateService
.
new
(
current_user
,
project
,
**
LABEL_PROPERTIES
)
.
execute
(
skip_authorization:
true
)
ServiceResponse
.
success
(
payload:
{
label:
label
})
end
private
attr_reader
:project
end
end
ee/app/services/security/auto_fix_service.rb
View file @
2ea03c29
...
@@ -18,7 +18,12 @@ module Security
...
@@ -18,7 +18,12 @@ module Security
next
unless
vulnerability
.
remediations
next
unless
vulnerability
.
remediations
result
=
VulnerabilityFeedback
::
CreateService
.
new
(
project
,
User
.
security_bot
,
service_params
(
vulnerability
)).
execute
result
=
VulnerabilityFeedback
::
CreateService
.
new
(
project
,
User
.
security_bot
,
service_params
(
vulnerability
)).
execute
processed_vuln_ids
.
push
vulnerability
.
id
if
result
[
:status
]
==
:success
if
result
[
:status
]
==
:success
assign_label
(
result
[
:vulnerability_feedback
].
merge_request
)
processed_vuln_ids
.
push
vulnerability
.
id
end
end
end
if
processed_vuln_ids
.
any?
if
processed_vuln_ids
.
any?
...
@@ -36,6 +41,18 @@ module Security
...
@@ -36,6 +41,18 @@ module Security
project
.
security_setting
.
auto_fix_enabled_types
project
.
security_setting
.
auto_fix_enabled_types
end
end
def
assign_label
(
merge_request
)
::
MergeRequests
::
UpdateService
.
new
(
project
,
User
.
security_bot
,
add_label_ids:
[
label
.
id
])
.
execute
(
merge_request
)
end
def
label
return
@label
if
@label
service
=
::
Security
::
AutoFixLabelService
.
new
(
container:
project
,
current_user:
User
.
security_bot
).
execute
@label
=
service
.
payload
[
:label
]
end
def
service_params
(
vulnerability
)
def
service_params
(
vulnerability
)
{
{
feedback_type: :merge_request
,
feedback_type: :merge_request
,
...
...
ee/spec/policies/project_policy_spec.rb
View file @
2ea03c29
...
@@ -557,6 +557,7 @@ RSpec.describe ProjectPolicy do
...
@@ -557,6 +557,7 @@ RSpec.describe ProjectPolicy do
create_merge_request_in
create_merge_request_in
create_vulnerability_feedback
create_vulnerability_feedback
read_project
read_project
admin_merge_request
)
)
end
end
...
...
ee/spec/services/security/auto_fix_label_service_spec.rb
0 → 100644
View file @
2ea03c29
# frozen_string_literal: true
require
'spec_helper'
RSpec
.
describe
Security
::
AutoFixLabelService
do
describe
'#execute'
do
subject
(
:execute
)
{
described_class
.
new
(
container:
project
,
current_user:
bot
).
execute
}
let_it_be
(
:project
)
{
create
(
:project
)
}
let_it_be
(
:bot
)
{
create
(
:user
,
:security_bot
)
}
let
(
:label_attributes
)
{
described_class
::
LABEL_PROPERTIES
}
let
(
:title
)
{
label_attributes
[
:title
]
}
let
(
:color
)
{
label_attributes
[
:color
]
}
let
(
:description
)
{
label_attributes
[
:description
]
}
context
'when label exists'
do
let!
(
:label
)
{
create
(
:label
,
project:
project
,
title:
title
)
}
it
'finds existing label'
do
result
=
execute
expect
(
result
).
to
be_success
expect
(
execute
.
payload
).
to
eq
(
label:
label
)
end
end
context
'when label does not exists'
do
it
'creates a new label'
do
result
=
execute
label
=
result
.
payload
[
:label
]
expect
(
result
).
to
be_success
expect
(
label
.
title
).
to
eq
(
title
)
expect
(
label
.
color
).
to
eq
(
color
)
expect
(
label
.
description
).
to
eq
(
description
)
end
end
end
end
ee/spec/services/security/auto_fix_service_spec.rb
View file @
2ea03c29
...
@@ -57,6 +57,15 @@ RSpec.describe Security::AutoFixService do
...
@@ -57,6 +57,15 @@ RSpec.describe Security::AutoFixService do
expect
(
merge_request
.
description
).
to
include
(
"[
#{
identifier
.
external_id
}
](
#{
identifier
.
url
}
)"
)
expect
(
merge_request
.
description
).
to
include
(
"[
#{
identifier
.
external_id
}
](
#{
identifier
.
url
}
)"
)
end
end
it
'assign auto-fix label'
do
execute_service
label
=
MergeRequest
.
last
.
labels
.
last
title
=
::
Security
::
AutoFixLabelService
::
LABEL_PROPERTIES
[
:title
]
expect
(
label
.
title
).
to
eq
(
title
)
end
context
'when merge request exists'
do
context
'when merge request exists'
do
let
(
:feedback
)
{
create
(
:vulnerability_feedback
,
:merge_request
)
}
let
(
:feedback
)
{
create
(
:vulnerability_feedback
,
:merge_request
)
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment