Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
5548ac0a
Commit
5548ac0a
authored
Aug 02, 2021
by
Subashis
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add reading of project_id and pipeline_id from security_scans
parent
3f75abbf
Changes
8
Show whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
21 additions
and
15 deletions
+21
-15
ee/app/models/ee/ci/pipeline.rb
ee/app/models/ee/ci/pipeline.rb
+1
-1
ee/app/models/ee/project.rb
ee/app/models/ee/project.rb
+2
-0
ee/app/models/security/scan.rb
ee/app/models/security/scan.rb
+4
-4
ee/spec/factories/security_scans.rb
ee/spec/factories/security_scans.rb
+2
-0
ee/spec/models/ci/pipeline_spec.rb
ee/spec/models/ci/pipeline_spec.rb
+1
-1
ee/spec/models/project_spec.rb
ee/spec/models/project_spec.rb
+2
-0
ee/spec/models/security/scan_spec.rb
ee/spec/models/security/scan_spec.rb
+8
-9
spec/lib/gitlab/import_export/all_models.yml
spec/lib/gitlab/import_export/all_models.yml
+1
-0
No files found.
ee/app/models/ee/ci/pipeline.rb
View file @
5548ac0a
...
@@ -17,7 +17,7 @@ module EE
...
@@ -17,7 +17,7 @@ module EE
# Subscriptions to this pipeline
# Subscriptions to this pipeline
has_many
:downstream_bridges
,
class_name:
'::Ci::Bridge'
,
foreign_key: :upstream_pipeline_id
has_many
:downstream_bridges
,
class_name:
'::Ci::Bridge'
,
foreign_key: :upstream_pipeline_id
has_many
:security_scans
,
class_name:
'Security::Scan'
,
through: :builds
has_many
:security_scans
,
class_name:
'Security::Scan'
,
inverse_of: :pipeline
has_many
:security_findings
,
class_name:
'Security::Finding'
,
through: :security_scans
,
source: :findings
has_many
:security_findings
,
class_name:
'Security::Finding'
,
through: :security_scans
,
source: :findings
has_one
:dast_profiles_pipeline
,
class_name:
'Dast::ProfilesPipeline'
,
foreign_key: :ci_pipeline_id
has_one
:dast_profiles_pipeline
,
class_name:
'Dast::ProfilesPipeline'
,
foreign_key: :ci_pipeline_id
...
...
ee/app/models/ee/project.rb
View file @
5548ac0a
...
@@ -104,6 +104,8 @@ module EE
...
@@ -104,6 +104,8 @@ module EE
has_one
:security_orchestration_policy_configuration
,
class_name:
'Security::OrchestrationPolicyConfiguration'
,
foreign_key: :project_id
,
inverse_of: :project
has_one
:security_orchestration_policy_configuration
,
class_name:
'Security::OrchestrationPolicyConfiguration'
,
foreign_key: :project_id
,
inverse_of: :project
has_many
:security_scans
,
class_name:
'Security::Scan'
,
inverse_of: :project
elastic_index_dependant_association
:issues
,
on_change: :visibility_level
elastic_index_dependant_association
:issues
,
on_change: :visibility_level
elastic_index_dependant_association
:merge_requests
,
on_change: :visibility_level
elastic_index_dependant_association
:merge_requests
,
on_change: :visibility_level
elastic_index_dependant_association
:notes
,
on_change: :visibility_level
elastic_index_dependant_association
:notes
,
on_change: :visibility_level
...
...
ee/app/models/security/scan.rb
View file @
5548ac0a
...
@@ -11,8 +11,8 @@ module Security
...
@@ -11,8 +11,8 @@ module Security
validates
:info
,
json_schema:
{
filename:
'security_scan_info'
,
draft:
7
}
validates
:info
,
json_schema:
{
filename:
'security_scan_info'
,
draft:
7
}
belongs_to
:build
,
class_name:
'Ci::Build'
belongs_to
:build
,
class_name:
'Ci::Build'
belongs_to
:project
has_one
:pipeline
,
class_name:
'Ci::Pipeline'
,
through: :build
belongs_to
:pipeline
,
class_name:
'Ci::Pipeline'
has_many
:findings
,
inverse_of: :scan
has_many
:findings
,
inverse_of: :scan
...
@@ -33,14 +33,14 @@ module Security
...
@@ -33,14 +33,14 @@ module Security
# The `category` enum on `vulnerability_feedback` table starts from 0 but the `scan_type` enum
# The `category` enum on `vulnerability_feedback` table starts from 0 but the `scan_type` enum
# on `security_scans` from 1. For this reason, we have to decrease the value of `scan_type` by one
# on `security_scans` from 1. For this reason, we have to decrease the value of `scan_type` by one
# to match with category values on `vulnerability_feedback` table.
# to match with category values on `vulnerability_feedback` table.
joins
(
build:
{
project: :vulnerability_feedback
}
)
joins
(
project: :vulnerability_feedback
)
.
where
(
'vulnerability_feedback.category = (security_scans.scan_type - 1)'
)
.
where
(
'vulnerability_feedback.category = (security_scans.scan_type - 1)'
)
.
merge
(
Vulnerabilities
::
Feedback
.
for_dismissal
)
.
merge
(
Vulnerabilities
::
Feedback
.
for_dismissal
)
end
end
scope
:latest_successful_by_build
,
->
{
joins
(
:build
).
where
(
ci_builds:
{
status:
'success'
,
retried:
[
nil
,
false
]
})
}
scope
:latest_successful_by_build
,
->
{
joins
(
:build
).
where
(
ci_builds:
{
status:
'success'
,
retried:
[
nil
,
false
]
})
}
delegate
:
project
,
:
name
,
to: :build
delegate
:name
,
to: :build
before_save
:ensure_project_id_pipeline_id
before_save
:ensure_project_id_pipeline_id
...
...
ee/spec/factories/security_scans.rb
View file @
5548ac0a
...
@@ -4,5 +4,7 @@ FactoryBot.define do
...
@@ -4,5 +4,7 @@ FactoryBot.define do
factory
:security_scan
,
class:
'Security::Scan'
do
factory
:security_scan
,
class:
'Security::Scan'
do
scan_type
{
'dast'
}
scan_type
{
'dast'
}
build
factory:
[
:ci_build
,
:success
]
build
factory:
[
:ci_build
,
:success
]
pipeline
{
build
.
pipeline
}
project
{
build
.
project
}
end
end
end
end
ee/spec/models/ci/pipeline_spec.rb
View file @
5548ac0a
...
@@ -13,7 +13,7 @@ RSpec.describe Ci::Pipeline do
...
@@ -13,7 +13,7 @@ RSpec.describe Ci::Pipeline do
end
end
describe
'associations'
do
describe
'associations'
do
it
{
is_expected
.
to
have_many
(
:security_scans
).
through
(
:builds
).
class_name
(
'Security::Scan'
)
}
it
{
is_expected
.
to
have_many
(
:security_scans
).
class_name
(
'Security::Scan'
)
}
it
{
is_expected
.
to
have_many
(
:security_findings
).
through
(
:security_scans
).
class_name
(
'Security::Finding'
).
source
(
:findings
)
}
it
{
is_expected
.
to
have_many
(
:security_findings
).
through
(
:security_scans
).
class_name
(
'Security::Finding'
).
source
(
:findings
)
}
it
{
is_expected
.
to
have_many
(
:downstream_bridges
)
}
it
{
is_expected
.
to
have_many
(
:downstream_bridges
)
}
it
{
is_expected
.
to
have_many
(
:vulnerability_findings
).
through
(
:vulnerabilities_finding_pipelines
).
class_name
(
'Vulnerabilities::Finding'
)
}
it
{
is_expected
.
to
have_many
(
:vulnerability_findings
).
through
(
:vulnerabilities_finding_pipelines
).
class_name
(
'Vulnerabilities::Finding'
)
}
...
...
ee/spec/models/project_spec.rb
View file @
5548ac0a
...
@@ -62,6 +62,8 @@ RSpec.describe Project do
...
@@ -62,6 +62,8 @@ RSpec.describe Project do
it
{
is_expected
.
to
have_many
(
:incident_management_oncall_rotations
).
through
(
:incident_management_oncall_schedules
).
source
(
:rotations
)
}
it
{
is_expected
.
to
have_many
(
:incident_management_oncall_rotations
).
through
(
:incident_management_oncall_schedules
).
source
(
:rotations
)
}
it
{
is_expected
.
to
have_many
(
:incident_management_escalation_policies
).
class_name
(
'IncidentManagement::EscalationPolicy'
)
}
it
{
is_expected
.
to
have_many
(
:incident_management_escalation_policies
).
class_name
(
'IncidentManagement::EscalationPolicy'
)
}
it
{
is_expected
.
to
have_many
(
:security_scans
)
}
include_examples
'ci_cd_settings delegation'
include_examples
'ci_cd_settings delegation'
describe
'#merge_pipelines_enabled?'
do
describe
'#merge_pipelines_enabled?'
do
...
...
ee/spec/models/security/scan_spec.rb
View file @
5548ac0a
...
@@ -5,7 +5,8 @@ require 'spec_helper'
...
@@ -5,7 +5,8 @@ require 'spec_helper'
RSpec
.
describe
Security
::
Scan
do
RSpec
.
describe
Security
::
Scan
do
describe
'associations'
do
describe
'associations'
do
it
{
is_expected
.
to
belong_to
(
:build
)
}
it
{
is_expected
.
to
belong_to
(
:build
)
}
it
{
is_expected
.
to
have_one
(
:pipeline
).
through
(
:build
).
class_name
(
'Ci::Pipeline'
)
}
it
{
is_expected
.
to
belong_to
(
:project
)
}
it
{
is_expected
.
to
belong_to
(
:pipeline
)
}
it
{
is_expected
.
to
have_many
(
:findings
)
}
it
{
is_expected
.
to
have_many
(
:findings
)
}
end
end
...
@@ -36,10 +37,6 @@ RSpec.describe Security::Scan do
...
@@ -36,10 +37,6 @@ RSpec.describe Security::Scan do
end
end
end
end
describe
'#project'
do
it
{
is_expected
.
to
delegate_method
(
:project
).
to
(
:build
)
}
end
describe
'#name'
do
describe
'#name'
do
it
{
is_expected
.
to
delegate_method
(
:name
).
to
(
:build
)
}
it
{
is_expected
.
to
delegate_method
(
:name
).
to
(
:build
)
}
end
end
...
@@ -93,15 +90,17 @@ RSpec.describe Security::Scan do
...
@@ -93,15 +90,17 @@ RSpec.describe Security::Scan do
end
end
describe
'.has_dismissal_feedback'
do
describe
'.has_dismissal_feedback'
do
let
(
:scan_1
)
{
create
(
:security_scan
)
}
let
(
:project_1
)
{
create
(
:project
)
}
let
(
:scan_2
)
{
create
(
:security_scan
)
}
let
(
:project_2
)
{
create
(
:project
)
}
let
(
:scan_1
)
{
create
(
:security_scan
,
project:
project_1
)
}
let
(
:scan_2
)
{
create
(
:security_scan
,
project:
project_2
)
}
let
(
:expected_scans
)
{
[
scan_1
]
}
let
(
:expected_scans
)
{
[
scan_1
]
}
subject
{
described_class
.
has_dismissal_feedback
}
subject
{
described_class
.
has_dismissal_feedback
}
before
do
before
do
create
(
:vulnerability_feedback
,
:dismissal
,
project:
scan_1
.
project
,
category:
scan_1
.
scan_type
)
create
(
:vulnerability_feedback
,
:dismissal
,
project:
project_1
,
category:
scan_1
.
scan_type
)
create
(
:vulnerability_feedback
,
:issue
,
project:
scan_2
.
project
,
category:
scan_2
.
scan_type
)
create
(
:vulnerability_feedback
,
:issue
,
project:
project_2
,
category:
scan_2
.
scan_type
)
end
end
it
{
is_expected
.
to
match_array
(
expected_scans
)
}
it
{
is_expected
.
to
match_array
(
expected_scans
)
}
...
...
spec/lib/gitlab/import_export/all_models.yml
View file @
5548ac0a
...
@@ -591,6 +591,7 @@ project:
...
@@ -591,6 +591,7 @@ project:
-
error_tracking_errors
-
error_tracking_errors
-
error_tracking_client_keys
-
error_tracking_client_keys
-
pending_builds
-
pending_builds
-
security_scans
award_emoji
:
award_emoji
:
-
awardable
-
awardable
-
user
-
user
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment