Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
38ab2ece
Commit
38ab2ece
authored
Aug 16, 2021
by
Mehmet Emin INAC
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix Security::FindingsFinder to return only the latest findings
Changelog: fixed EE: true
parent
192e2526
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
50 additions
and
1 deletion
+50
-1
ee/app/finders/security/findings_finder.rb
ee/app/finders/security/findings_finder.rb
+1
-0
ee/app/models/security/finding.rb
ee/app/models/security/finding.rb
+1
-0
ee/spec/factories/security_scans.rb
ee/spec/factories/security_scans.rb
+1
-1
ee/spec/finders/security/findings_finder_spec.rb
ee/spec/finders/security/findings_finder_spec.rb
+35
-0
ee/spec/models/security/finding_spec.rb
ee/spec/models/security/finding_spec.rb
+12
-0
No files found.
ee/app/finders/security/findings_finder.rb
View file @
38ab2ece
...
...
@@ -132,6 +132,7 @@ module Security
.
with_scanner
.
deduplicated
.
ordered
.
latest
.
page
(
page
)
.
per
(
per_page
)
.
then
(
&
method
(
:by_confidence_levels
))
...
...
ee/app/models/security/finding.rb
View file @
38ab2ece
...
...
@@ -34,6 +34,7 @@ module Security
.
where
(
'security_scans.id = security_findings.scan_id'
)
.
where
(
'vulnerability_feedback.project_fingerprint = security_findings.project_fingerprint'
))
end
scope
:latest
,
->
{
joins
(
:scan
).
merge
(
Security
::
Scan
.
latest_successful_by_build
)
}
scope
:ordered
,
->
{
order
(
severity: :desc
,
confidence: :desc
,
id: :asc
)
}
scope
:with_pipeline_entities
,
->
{
includes
(
build:
[
:job_artifacts
,
:pipeline
])
}
scope
:with_scan
,
->
{
includes
(
:scan
)
}
...
...
ee/spec/factories/security_scans.rb
View file @
38ab2ece
...
...
@@ -3,6 +3,6 @@
FactoryBot
.
define
do
factory
:security_scan
,
class:
'Security::Scan'
do
scan_type
{
'dast'
}
build
factory:
:ci_build
build
factory:
[
:ci_build
,
:success
]
end
end
ee/spec/finders/security/findings_finder_spec.rb
View file @
38ab2ece
...
...
@@ -304,6 +304,41 @@ RSpec.describe Security::FindingsFinder do
it
{
is_expected
.
to
match_array
(
expected_fingerprints
)
}
end
context
'when there is a retried build'
do
let
(
:retried_build
)
{
create
(
:ci_build
,
:success
,
:retried
,
name:
'dependency_scanning'
,
pipeline:
pipeline
)
}
let
(
:artifact
)
{
create
(
:ee_ci_job_artifact
,
:dependency_scanning
,
job:
retried_build
)
}
let
(
:report
)
{
create
(
:ci_reports_security_report
,
pipeline:
pipeline
,
type: :dependency_scanning
)
}
let
(
:report_types
)
{
:dependency_scanning
}
let
(
:expected_fingerprints
)
do
%w[
3204893d5894c74aaee86ce5bc28427f9f14e512
157f362acf654c60e224400f59a088e1c01b369f
4ae096451135db224b9e16818baaca8096896522
]
end
before
do
retried_content
=
File
.
read
(
artifact
.
file
.
path
)
Gitlab
::
Ci
::
Parsers
::
Security
::
DependencyScanning
.
parse!
(
retried_content
,
report
)
report
.
merge!
(
report
)
scan
=
create
(
:security_scan
,
scan_type:
retried_build
.
name
,
build:
retried_build
)
report
.
findings
.
each_with_index
do
|
finding
,
index
|
create
(
:security_finding
,
severity:
finding
.
severity
,
confidence:
finding
.
confidence
,
project_fingerprint:
finding
.
project_fingerprint
,
uuid:
finding
.
uuid
,
deduplicated:
true
,
position:
index
,
scan:
scan
)
end
end
it
{
is_expected
.
to
match_array
(
expected_fingerprints
)
}
end
context
'when a build has more than one security report artifacts'
do
let
(
:report_types
)
{
:secret_detection
}
let
(
:secret_detection_report
)
{
create
(
:ci_reports_security_report
,
pipeline:
pipeline
,
type: :secret_detection
)
}
...
...
ee/spec/models/security/finding_spec.rb
View file @
38ab2ece
...
...
@@ -143,4 +143,16 @@ RSpec.describe Security::Finding do
})
}
end
describe
'.latest'
do
subject
{
described_class
.
latest
}
let
(
:expected_findings
)
{
[
finding_2
]
}
before
do
finding_1
.
build
.
update!
(
retried:
true
)
end
it
{
is_expected
.
to
eq
(
expected_findings
)
}
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment