Commit 67b531f5 authored by David Fernandez's avatar David Fernandez

Merge branch...

Merge branch '299420-refactor-remove_duplicated_cs_findings_without_vulnerability_id_spec' into 'master'

Remove attributes_for from RemoveDuplicatedCsFindingsWithoutVulnerabilityId spec

See merge request gitlab-org/gitlab!53375
parents ab9552f6 238402b3
...@@ -5,6 +5,8 @@ require 'spec_helper' ...@@ -5,6 +5,8 @@ require 'spec_helper'
require_migration! require_migration!
RSpec.describe RemoveDuplicatedCsFindingsWithoutVulnerabilityId, :migration do RSpec.describe RemoveDuplicatedCsFindingsWithoutVulnerabilityId, :migration do
include MigrationHelpers::VulnerabilitiesFindingsHelper
let(:migration) { 'RemoveDuplicatedCsFindingsWithoutVulnerabilityId'} let(:migration) { 'RemoveDuplicatedCsFindingsWithoutVulnerabilityId'}
let(:namespaces) { table(:namespaces) } let(:namespaces) { table(:namespaces) }
let(:notes) { table(:notes) } let(:notes) { table(:notes) }
...@@ -99,21 +101,16 @@ RSpec.describe RemoveDuplicatedCsFindingsWithoutVulnerabilityId, :migration do ...@@ -99,21 +101,16 @@ RSpec.describe RemoveDuplicatedCsFindingsWithoutVulnerabilityId, :migration do
end end
def finding_params(primary_identifier_id, project_id) def finding_params(primary_identifier_id, project_id)
attrs = attributes_for(:vulnerabilities_finding) # rubocop: disable RSpec/FactoriesInMigrationSpecs custom_attributes = {
{
severity: 0, severity: 0,
confidence: 5, confidence: 5,
report_type: 2, report_type: 2,
project_id: project_id, project_id: project_id,
scanner_id: 6, scanner_id: 6,
primary_identifier_id: primary_identifier_id, primary_identifier_id: primary_identifier_id
project_fingerprint: attrs[:project_fingerprint],
location_fingerprint: Digest::SHA1.hexdigest(SecureRandom.hex(10)),
uuid: SecureRandom.uuid,
name: attrs[:name],
metadata_version: '1.3',
raw_metadata: attrs[:raw_metadata]
} }
attributes_for_vulnerabilities_finding.merge(custom_attributes)
end end
def create_identifier(number_of) def create_identifier(number_of)
......
# frozen_string_literal: true
module MigrationHelpers
module VulnerabilitiesFindingsHelper
def attributes_for_vulnerabilities_finding
uuid = SecureRandom.uuid
{
project_fingerprint: SecureRandom.hex(20),
location_fingerprint: Digest::SHA1.hexdigest(SecureRandom.hex(10)),
uuid: uuid,
name: "Vulnerability Finding #{uuid}",
metadata_version: '1.3',
raw_metadata: raw_metadata
}
end
def raw_metadata
{
"description" => "The cipher does not provide data integrity update 1",
"message" => "The cipher does not provide data integrity",
"cve" => "818bf5dacb291e15d9e6dc3c5ac32178:CIPHER",
"solution" => "GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.",
"location" => {
"file" => "maven/src/main/java/com/gitlab/security_products/tests/App.java",
"start_line" => 29,
"end_line" => 29,
"class" => "com.gitlab.security_products.tests.App",
"method" => "insecureCypher"
},
"links" => [
{
"name" => "Cipher does not check for integrity first?",
"url" => "https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first"
}
],
"assets" => [
{
"type" => "postman",
"name" => "Test Postman Collection",
"url" => "http://localhost/test.collection"
}
],
"evidence" => {
"summary" => "Credit card detected",
"request" => {
"method" => "GET",
"url" => "http://goat:8080/WebGoat/logout",
"body" => nil,
"headers" => [
{
"name" => "Accept",
"value" => "*/*"
}
]
},
"response" => {
"reason_phrase" => "OK",
"status_code" => 200,
"body" => nil,
"headers" => [
{
"name" => "Content-Length",
"value" => "0"
}
]
},
"source" => {
"id" => "assert:Response Body Analysis",
"name" => "Response Body Analysis",
"url" => "htpp://hostname/documentation"
},
"supporting_messages" => [
{
"name" => "Origional",
"request" => {
"method" => "GET",
"url" => "http://goat:8080/WebGoat/logout",
"body" => "",
"headers" => [
{
"name" => "Accept",
"value" => "*/*"
}
]
}
},
{
"name" => "Recorded",
"request" => {
"method" => "GET",
"url" => "http://goat:8080/WebGoat/logout",
"body" => "",
"headers" => [
{
"name" => "Accept",
"value" => "*/*"
}
]
},
"response" => {
"reason_phrase" => "OK",
"status_code" => 200,
"body" => "",
"headers" => [
{
"name" => "Content-Length",
"value" => "0"
}
]
}
}
]
}
}
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment