Commit 814cb658 authored by Mehmet Emin INAC's avatar Mehmet Emin INAC Committed by Mayra Cabrera

Rename kwards as file_types & report_types

Using `file_types` in JobArtifact model and `report_type` in Pipeline
as kwargs makes it easier to reason about.
parent d795ab07
...@@ -24,8 +24,6 @@ module Security ...@@ -24,8 +24,6 @@ module Security
end end
def execute def execute
requested_reports = pipeline_reports.select { |report_type| requested_type?(report_type) }
findings = requested_reports.each_with_object([]) do |(type, report), findings| findings = requested_reports.each_with_object([]) do |(type, report), findings|
raise ParseError, 'JSON parsing failed' if report.error.is_a?(Gitlab::Ci::Parsers::Security::Common::SecurityReportParserError) raise ParseError, 'JSON parsing failed' if report.error.is_a?(Gitlab::Ci::Parsers::Security::Common::SecurityReportParserError)
...@@ -54,8 +52,8 @@ module Security ...@@ -54,8 +52,8 @@ module Security
Gitlab::Utils.stable_sort_by(findings) { |x| [-x.severity_value, -x.confidence_value] } Gitlab::Utils.stable_sort_by(findings) { |x| [-x.severity_value, -x.confidence_value] }
end end
def pipeline_reports def requested_reports
pipeline&.security_reports&.reports || {} @requested_reports ||= pipeline&.security_reports(report_types: report_types)&.reports || {}
end end
def vulnerabilities_by_finding_fingerprint(report_type, report) def vulnerabilities_by_finding_fingerprint(report_type, report)
...@@ -105,10 +103,6 @@ module Security ...@@ -105,10 +103,6 @@ module Security
end end
end end
def requested_type?(type)
report_types.include?(type)
end
def include_dismissed? def include_dismissed?
params[:scope] == 'all' params[:scope] == 'all'
end end
......
...@@ -26,8 +26,10 @@ module EE ...@@ -26,8 +26,10 @@ module EE
scope :project_id_in, ->(ids) { where(project_id: ids) } scope :project_id_in, ->(ids) { where(project_id: ids) }
scope :with_files_stored_remotely, -> { where(file_store: ::JobArtifactUploader::Store::REMOTE) } scope :with_files_stored_remotely, -> { where(file_store: ::JobArtifactUploader::Store::REMOTE) }
scope :security_reports, -> do scope :security_reports, -> (file_types: SECURITY_REPORT_FILE_TYPES) do
with_file_types(SECURITY_REPORT_FILE_TYPES) requested_file_types = *file_types
with_file_types(requested_file_types & SECURITY_REPORT_FILE_TYPES)
end end
scope :license_scanning_reports, -> do scope :license_scanning_reports, -> do
......
...@@ -101,9 +101,11 @@ module EE ...@@ -101,9 +101,11 @@ module EE
batch_lookup_report_artifact_for_file_type(:license_scanning).present? batch_lookup_report_artifact_for_file_type(:license_scanning).present?
end end
def security_reports def security_reports(report_types: [])
reports_scope = report_types.empty? ? ::Ci::JobArtifact.security_reports : ::Ci::JobArtifact.security_reports(file_types: report_types)
::Gitlab::Ci::Reports::Security::Reports.new(self).tap do |security_reports| ::Gitlab::Ci::Reports::Security::Reports.new(self).tap do |security_reports|
builds.latest.with_reports(::Ci::JobArtifact.security_reports).each do |build| builds.latest.with_reports(reports_scope).each do |build|
build.collect_security_reports!(security_reports) build.collect_security_reports!(security_reports)
end end
end end
......
---
title: Load only the requested report artifacts into the memory for vulnerability_findings
endpoint
merge_request: 39749
author:
type: performance
...@@ -169,6 +169,14 @@ RSpec.describe Ci::Pipeline do ...@@ -169,6 +169,14 @@ RSpec.describe Ci::Pipeline do
expect(subject.get_report('container_scanning', cs1_artifact).findings.size).to eq(8) expect(subject.get_report('container_scanning', cs1_artifact).findings.size).to eq(8)
end end
end end
context 'when the `report_types` parameter is provided' do
subject(:filtered_report_types) { pipeline.security_reports(report_types: %w(sast)).reports.values.map(&:type).uniq }
it 'returns only the reports which are requested' do
expect(filtered_report_types).to eq(%w(sast))
end
end
end end
context 'when pipeline does not have any builds with security reports' do context 'when pipeline does not have any builds with security reports' do
......
...@@ -54,13 +54,41 @@ RSpec.describe Ci::JobArtifact do ...@@ -54,13 +54,41 @@ RSpec.describe Ci::JobArtifact do
end end
describe '.security_reports' do describe '.security_reports' do
context 'when the `file_types` parameter is provided' do
let!(:sast_artifact) { create(:ee_ci_job_artifact, :sast) }
subject { Ci::JobArtifact.security_reports(file_types: file_types) }
context 'when the provided file_types is array' do
let(:file_types) { %w(secret_detection) }
context 'when there is a security report with the given value' do
let!(:secret_detection_artifact) { create(:ee_ci_job_artifact, :secret_detection) }
it { is_expected.to eq([secret_detection_artifact]) }
end
context 'when there are no security reports with the given value' do
it { is_expected.to be_empty }
end
end
context 'when the provided file_types is string' do
let(:file_types) { 'secret_detection' }
let!(:secret_detection_artifact) { create(:ee_ci_job_artifact, :secret_detection) }
it { is_expected.to eq([secret_detection_artifact]) }
end
end
context 'when the file_types parameter is not provided' do
subject { Ci::JobArtifact.security_reports } subject { Ci::JobArtifact.security_reports }
context 'when there is a security report' do context 'when there is a security report' do
let!(:sast_artifact) { create(:ee_ci_job_artifact, :sast) } let!(:sast_artifact) { create(:ee_ci_job_artifact, :sast) }
let!(:secret_detection_artifact) { create(:ee_ci_job_artifact, :secret_detection) } let!(:secret_detection_artifact) { create(:ee_ci_job_artifact, :secret_detection) }
it { is_expected.to eq([sast_artifact, secret_detection_artifact]) } it { is_expected.to match_array([sast_artifact, secret_detection_artifact]) }
end end
context 'when there are no security reports' do context 'when there are no security reports' do
...@@ -69,6 +97,7 @@ RSpec.describe Ci::JobArtifact do ...@@ -69,6 +97,7 @@ RSpec.describe Ci::JobArtifact do
it { is_expected.to be_empty } it { is_expected.to be_empty }
end end
end end
end
describe '.coverage_fuzzing_reports' do describe '.coverage_fuzzing_reports' do
subject { Ci::JobArtifact.coverage_fuzzing } subject { Ci::JobArtifact.coverage_fuzzing }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment