Resolve "Limit Group Security Dashboard to selected types of vulnerabilities"

2eb7953e · Tetiana Chupryna · Kamil Trzciński · e0dba282 · 2eb7953e · 2eb7953e
Commit 2eb7953e authored Mar 06, 2019 by Tetiana Chupryna Committed by Kamil Trzciński Mar 06, 2019
3 changed files
--- a/ee/app/controllers/groups/security/vulnerabilities_controller.rb
+++ b/ee/app/controllers/groups/security/vulnerabilities_controller.rb
@@ -3,6 +3,11 @@
 class Groups::Security::VulnerabilitiesController < Groups::Security::ApplicationController
  HISTORY_RANGE = 3.months

+  # NOTE: we need this scope because DAST vulnerabilities
+  # shouldn't appear in the Group Dashboard in the same as we're starting
+  # to save them in the database
+  DEFAULT_REPORT_SCOPE = [:sast, :dependency_scanning, :container_scanning].freeze
+
  def index
    vulnerabilities = found_vulnerabilities.ordered.page(params[:page])

@@ -39,8 +44,10 @@ class Groups::Security::VulnerabilitiesController < Groups::Security::Applicatio
  private

  def filter_params
-    params.permit(report_type: [], project_id: [], severity: [])
-      .merge(hide_dismissed: Gitlab::Utils.to_boolean(params[:hide_dismissed]))
+    filter_params = params.permit(report_type: [], project_id: [], severity: [])
+                          .merge(hide_dismissed: Gitlab::Utils.to_boolean(params[:hide_dismissed]))
+    filter_params[:report_type] ||= DEFAULT_REPORT_SCOPE
+    filter_params
  end

  def found_vulnerabilities(collection = :latest)

--- a/ee/changelogs/unreleased/9393-limit-report-types-for-group-sec.yml
+++ b/ee/changelogs/unreleased/9393-limit-report-types-for-group-sec.yml
+---
+title: Limit Group Security Dashboard to selected types of report
+merge_request: 9626
+author:
+type: bug
--- a/ee/spec/controllers/groups/security/vulnerabilities_controller_spec.rb
+++ b/ee/spec/controllers/groups/security/vulnerabilities_controller_spec.rb
@@ -108,6 +108,7 @@ describe Groups::Security::VulnerabilitiesController do
        context 'with multiple report types' do
          before do
            projects.each do |project|
+              create_vulnerabilities(1, project_guest, { report_type: :dast })
              create_vulnerabilities(2, project_guest, { report_type: :sast })
              create_vulnerabilities(1, project_dev, { report_type: :dependency_scanning })
            end
@@ -218,14 +219,14 @@ describe Groups::Security::VulnerabilitiesController do
          group.add_developer(user)
        end

-        it 'returns vulnerabilities counts' do
+        it 'returns vulnerabilities counts for :sast and :dependency_scanning' do
          subject

          expect(response).to have_gitlab_http_status(200)
          expect(json_response).to be_an(Hash)
          expect(json_response['high']).to eq(3)
-          expect(json_response['low']).to eq(4)
-          expect(json_response['medium']).to eq(1)
+          expect(json_response['low']).to eq(3)
+          expect(json_response['medium']).to eq(0)
          expect(response).to match_response_schema('vulnerabilities/summary', dir: 'ee')
        end

@@ -292,6 +293,9 @@ describe Groups::Security::VulnerabilitiesController do

          create_list(:vulnerabilities_occurrence, 1,
            pipelines: [pipeline], project: project_dev, report_type: :dast, severity: :low)
+
+          create_list(:vulnerabilities_occurrence, 1,
+            pipelines: [pipeline], project: project_dev, report_type: :container_scanning, severity: :high)
        end
      end

@@ -319,11 +323,11 @@ describe Groups::Security::VulnerabilitiesController do

          expect(response).to have_gitlab_http_status(200)
          expect(json_response).to be_an(Hash)
-          expect(json_response['total']).to eq({ '2018-11-10' => 5, '2018-11-12' => 4 })
+          expect(json_response['total']).to eq({ '2018-11-10' => 5, '2018-11-12' => 3 })
          expect(json_response['critical']).to eq({ '2018-11-10' => 1 })
-          expect(json_response['high']).to eq({ '2018-11-10' => 2 })
-          expect(json_response['medium']).to eq({ '2018-11-12' => 1 })
-          expect(json_response['low']).to eq({ '2018-11-10' => 2, '2018-11-12' => 3 })
+          expect(json_response['high']).to eq({ '2018-11-10' => 2, '2018-11-12' => 1 })
+          expect(json_response['medium']).to eq({})
+          expect(json_response['low']).to eq({ '2018-11-10' => 2, '2018-11-12' => 2 })
          expect(response).to match_response_schema('vulnerabilities/history', dir: 'ee')
        end

@@ -349,16 +353,16 @@ describe Groups::Security::VulnerabilitiesController do

        it 'returns filtered history if filters are enabled' do
          travel_to(Time.zone.parse('2019-02-10')) do
-            get :history, params: { group_id: group, report_type: %w[dependency_scanning sast] }, format: :json
+            get :history, params: { group_id: group, report_type: %w[dependency_scanning sast dast container_scanning] }, format: :json
          end

          expect(response).to have_gitlab_http_status(200)
          expect(json_response).to be_an(Hash)
-          expect(json_response['total']).to eq({ '2018-11-10' => 5, '2018-11-12' => 2 })
+          expect(json_response['total']).to eq({ '2018-11-10' => 5, '2018-11-12' => 5 })
          expect(json_response['critical']).to eq({ '2018-11-10' => 1 })
-          expect(json_response['high']).to eq({ '2018-11-10' => 2 })
-          expect(json_response['medium']).to eq({})
-          expect(json_response['low']).to eq({ '2018-11-10' => 2, '2018-11-12' => 2 })
+          expect(json_response['high']).to eq({ '2018-11-10' => 2, '2018-11-12' => 1 })
+          expect(json_response['medium']).to eq({ '2018-11-12' => 1 })
+          expect(json_response['low']).to eq({ '2018-11-10' => 2, '2018-11-12' => 3 })
          expect(response).to match_response_schema('vulnerabilities/history', dir: 'ee')
        end
      end