Commit 86775169 authored by Zamir Martins's avatar Zamir Martins Committed by Alex Kalderimis

Limit the amount of rules per policy to 5

EE: true
parent 21502cab
...@@ -27,7 +27,7 @@ module Security ...@@ -27,7 +27,7 @@ module Security
action_info = policy[:actions].find { |action| action[:type] == Security::ScanResultPolicy::REQUIRE_APPROVAL } action_info = policy[:actions].find { |action| action[:type] == Security::ScanResultPolicy::REQUIRE_APPROVAL }
return unless action_info return unless action_info
policy[:rules].each_with_index do |rule, rule_index| policy[:rules].first(Security::ScanResultPolicy::LIMIT).each_with_index do |rule, rule_index|
next if rule[:type] != Security::ScanResultPolicy::SCAN_FINDING next if rule[:type] != Security::ScanResultPolicy::SCAN_FINDING
::ApprovalRules::CreateService.new(project, author, rule_params(rule, rule_index, action_info)).execute ::ApprovalRules::CreateService.new(project, author, rule_params(rule, rule_index, action_info)).execute
......
...@@ -238,6 +238,7 @@ ...@@ -238,6 +238,7 @@
}, },
"rules": { "rules": {
"type": "array", "type": "array",
"maxItems": 5,
"additionalItems": false, "additionalItems": false,
"items": { "items": {
"type": "object", "type": "object",
......
...@@ -77,6 +77,41 @@ RSpec.describe Security::SecurityOrchestrationPolicies::ProcessScanResultPolicyS ...@@ -77,6 +77,41 @@ RSpec.describe Security::SecurityOrchestrationPolicies::ProcessScanResultPolicyS
it_behaves_like 'create approval rule with specific approver' it_behaves_like 'create approval rule with specific approver'
end end
context 'with a specific number of rules' do
using RSpec::Parameterized::TableSyntax
let(:rule) do
{
type: 'scan_finding',
branches: %w[master],
scanners: %w[container_scanning],
vulnerabilities_allowed: 0,
severity_levels: %w[critical],
vulnerability_states: %w[detected]
}
end
let(:rules) { [rule] * rules_count }
let(:policy) { build(:scan_result_policy, name: 'Test Policy', rules: rules) }
where(:rules_count, :expected_rules_count) do
[
[Security::ScanResultPolicy::LIMIT - 1, Security::ScanResultPolicy::LIMIT - 1],
[Security::ScanResultPolicy::LIMIT, Security::ScanResultPolicy::LIMIT],
[Security::ScanResultPolicy::LIMIT + 1, Security::ScanResultPolicy::LIMIT]
]
end
with_them do
it 'creates approval rules up to limit' do
subject
expect(project.approval_rules.count).to be expected_rules_count
end
end
end
it 'sets project approval rules names based on policy name', :aggregate_failures do it 'sets project approval rules names based on policy name', :aggregate_failures do
subject subject
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment