Commit 732ba41b authored by Bob Van Landuyt's avatar Bob Van Landuyt

Merge branch '13190-symbolize-vulnerabilities-keys' into 'master'

Symbolize keys for vulnerability

See merge request gitlab-org/gitlab-ee!14976
parents b58b8099 06b98532
...@@ -72,10 +72,8 @@ module Security ...@@ -72,10 +72,8 @@ module Security
# will have highest severity # will have highest severity
def sort_by_severity(collection) def sort_by_severity(collection)
collection.sort do |dep_i, dep_j| collection.sort do |dep_i, dep_j|
vuln_i = dep_i[:vulnerabilities] level_i = dep_i.dig(:vulnerabilities, 0, :severity) || :undefined
vuln_j = dep_j[:vulnerabilities] level_j = dep_j.dig(:vulnerabilities, 0, :severity) || :undefined
level_i = vuln_i.any? ? vuln_i.first['severity'].downcase : :undefined
level_j = vuln_j.any? ? vuln_j.first['severity'].downcase : :undefined
::Vulnerabilities::Occurrence::SEVERITY_LEVELS[level_j] <=> ::Vulnerabilities::Occurrence::SEVERITY_LEVELS[level_i] ::Vulnerabilities::Occurrence::SEVERITY_LEVELS[level_j] <=> ::Vulnerabilities::Occurrence::SEVERITY_LEVELS[level_i]
end end
......
...@@ -37,7 +37,7 @@ module Gitlab ...@@ -37,7 +37,7 @@ module Gitlab
# https://gitlab.com/gitlab-org/security-products/analyzers/common/blob/a0a5074c49f34332aa3948cd9d6dc2c054cdf3a7/issue/issue.go#L169 # https://gitlab.com/gitlab-org/security-products/analyzers/common/blob/a0a5074c49f34332aa3948cd9d6dc2c054cdf3a7/issue/issue.go#L169
def location(dependency, file_path) def location(dependency, file_path)
{ {
"file" => file_path, 'file' => file_path,
'dependency' => { 'dependency' => {
'package' => { 'package' => {
'name' => dependency['package']['name'] 'name' => dependency['package']['name']
...@@ -69,9 +69,16 @@ module Gitlab ...@@ -69,9 +69,16 @@ module Gitlab
def collect_vulnerabilities(vulnerabilities, dependency, file_path) def collect_vulnerabilities(vulnerabilities, dependency, file_path)
dependency_location = location(dependency, file_path) dependency_location = location(dependency, file_path)
vulnerabilities.select do |vulnerability| vulnerabilities
vulnerability['location'] == dependency_location .select { |vulnerability| vulnerability['location'] == dependency_location }
end .map { |vulnerability| formatted_vulnerability(vulnerability) }
end
def formatted_vulnerability(vulnerability)
{
name: vulnerability['name'],
severity: vulnerability['severity'].downcase
}
end end
end end
end end
......
...@@ -37,10 +37,10 @@ describe Gitlab::Ci::Parsers::Security::DependencyList do ...@@ -37,10 +37,10 @@ describe Gitlab::Ci::Parsers::Security::DependencyList do
vuln_async = report.dependencies[3][:vulnerabilities] vuln_async = report.dependencies[3][:vulnerabilities]
expect(vuln_nokogiri.size).to eq(4) expect(vuln_nokogiri.size).to eq(4)
expect(vuln_nokogiri[0]['name']).to eq('Vulnerabilities in libxml2') expect(vuln_nokogiri[0][:name]).to eq('Vulnerabilities in libxml2')
expect(vuln_nokogiri[0]['severity']).to eq('High') expect(vuln_nokogiri[0][:severity]).to eq('high')
expect(vuln_debug.size).to eq(1) expect(vuln_debug.size).to eq(1)
expect(vuln_debug[0]['name']).to eq('Regular Expression Denial of Service') expect(vuln_debug[0][:name]).to eq('Regular Expression Denial of Service')
expect(vuln_async.size).to eq(0) expect(vuln_async.size).to eq(0)
end end
end end
......
...@@ -43,9 +43,9 @@ describe Gitlab::Ci::Parsers::Security::Formatters::DependencyList do ...@@ -43,9 +43,9 @@ describe Gitlab::Ci::Parsers::Security::Formatters::DependencyList do
vulnerabilities = data[:vulnerabilities] vulnerabilities = data[:vulnerabilities]
expect(vulnerabilities.size).to eq(4) expect(vulnerabilities.size).to eq(4)
expect(vulnerabilities[0]['name']).to eq('Vulnerabilities in libxml2') expect(vulnerabilities[0][:name]).to eq('Vulnerabilities in libxml2')
expect(vulnerabilities[3]['name']).to eq('Bypass of a protection mechanism in libxslt') expect(vulnerabilities[3][:name]).to eq('Bypass of a protection mechanism in libxslt')
expect(vulnerabilities[0]['severity']).to eq('High') expect(vulnerabilities[0][:severity]).to eq('high')
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment