Commit 4288323b authored by Filipa Lacerda's avatar Filipa Lacerda

Merge branch 'fix_dependency_scanning_no_cve' into 'master'

Fix dependency scanning report with vulnerability without CVE

See merge request gitlab-org/gitlab-ee!5758
parents 35357da0 f0ba534c
......@@ -79,7 +79,7 @@ export const parseDependencyScanningIssues = (issues = [], feedbacks = [], path
...issue,
category: 'dependency_scanning',
// TODO: replace with issue.project_fingerprint
project_fingerprint: sha1(issue.cve),
project_fingerprint: sha1(issue.cve || issue.message),
name: issue.message,
path: issue.file,
urlPath: issue.line ? `${path}/${issue.file}#L${issue.line}` : `${path}/${issue.file}`,
......
......@@ -80,6 +80,15 @@ describe('security reports utils', () => {
expect(parsed.project_fingerprint).toEqual(sha1(dependencyScanningIssues[0].cve));
});
it('uses message to generate sha1 when cve is undefined', () => {
const issuesWithoutCve = dependencyScanningIssues.map(issue => ({
...issue,
cve: undefined,
}));
const parsed = parseDependencyScanningIssues(issuesWithoutCve, [], 'path')[0];
expect(parsed.project_fingerprint).toEqual(sha1(dependencyScanningIssues[0].message));
});
it('includes vulnerability feedbacks', () => {
const parsed = parseDependencyScanningIssues(
dependencyScanningIssues,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment