Improve SAST message

8b267f8a · Filipa Lacerda · 708de533 · 8b267f8a · 8b267f8a · 8b267f8a
Commit 8b267f8a authored Feb 16, 2018 by Filipa Lacerda
4 changed files
--- a/changelogs/unreleased-ee/4961-sast-text.yml
+++ b/changelogs/unreleased-ee/4961-sast-text.yml
+---
+title: Improve SAST description for no new vulnerabilities
+merge_request:
+author:
+type: fixed
--- a/ee/app/assets/javascripts/vue_merge_request_widget/mr_widget_options.js
+++ b/ee/app/assets/javascripts/vue_merge_request_widget/mr_widget_options.js
@@ -113,11 +113,13 @@ export default {
    },

    securityText() {
-      const { newIssues, resolvedIssues } = this.mr.securityReport;
+      const { newIssues, resolvedIssues, allIssues } = this.mr.securityReport;
      const text = [];

-      if (!newIssues.length && !resolvedIssues.length) {
+      if (!newIssues.length && !resolvedIssues.length && !allIssues.length) {
        text.push(s__('ciReport|SAST detected no security vulnerabilities'));
+      } else if (!newIssues.length && !resolvedIssues.length && allIssues.length) {
+        text.push(s__('ciReport|SAST detected no new security vulnerabilities'));
      } else if (newIssues.length || resolvedIssues.length) {
        text.push(s__('ciReport|SAST'));
      }

--- a/spec/javascripts/vue_mr_widget/ee_mr_widget_options_spec.js
+++ b/spec/javascripts/vue_mr_widget/ee_mr_widget_options_spec.js
@@ -15,6 +15,8 @@ import mockData, {
  dockerReportParsed,
  dast,
  parsedDast,
+  sastBaseAllIssues,
+  sastHeadAllIssues,
 } from './mock_data';
 import mountComponent from '../helpers/vue_mount_component_helper';

@@ -79,6 +81,31 @@ describe('ee merge request widget options', () => {
      });
    });

+    describe('with full report and no added or fixed issues', () => {
+      let mock;
+
+      beforeEach(() => {
+        mock = mock = new MockAdapter(axios);
+        mock.onGet('path.json').reply(200, sastBaseAllIssues);
+        mock.onGet('head_path.json').reply(200, sastHeadAllIssues);
+
+        vm = mountComponent(Component);
+      });
+
+      afterEach(() => {
+        mock.restore();
+      });
+
+      it('renders no new vulnerabilities message', (done) => {
+        setTimeout(() => {
+          expect(
+            vm.$el.querySelector('.js-sast-widget .js-code-text').textContent.trim(),
+          ).toEqual('SAST detected no new security vulnerabilities');
+          done();
+        }, 0);
+      });
+    });
+
    describe('with empty successful request', () => {
      let mock;


--- a/spec/javascripts/vue_mr_widget/mock_data.js
+++ b/spec/javascripts/vue_mr_widget/mock_data.js
@@ -657,3 +657,88 @@ export const parsedDast = [{
    param: 'X-Content-Type-Options'
  }]
 }];
+
+/**
+ * SAST report API response for no added & fixed issues but with security issues
+*/
+export const sastHeadAllIssues = [
+  {
+    tool: 'retire',
+    url: 'https://github.com/jquery/jquery/issues/2432',
+    file: '/builds/gonzoyumo/test-package-lock/node_modules/tinycolor2/demo/jquery-1.9.1.js',
+    priority: 'medium',
+    message: '3rd party CORS request may execute'
+  },
+  {
+    tool: 'retire',
+    url: 'https://bugs.jquery.com/ticket/11974',
+    file: '/builds/gonzoyumo/test-package-lock/node_modules/tinycolor2/demo/jquery-1.9.1.js',
+    priority: 'medium',
+    message: 'parseHTML() executes scripts in event handlers'
+  },
+  {
+    tool: 'retire',
+    url: 'https://nodesecurity.io/advisories/146',
+    priority: 'high',
+    message: 'growl_command-injection'
+  },
+  {
+    tool: 'retire',
+    url: 'https://nodesecurity.io/advisories/146',
+    priority: 'high',
+    message: 'growl_command-injection'
+  },
+];
+
+export const sastBaseAllIssues = [
+  {
+    tool: "gemnasium",
+    message: "Command Injection for growl",
+    url: "https://github.com/tj/node-growl/pull/61",
+    file: "package-lock.json"
+  },
+  {
+    tool: "gemnasium",
+    message: "Regular Expression Denial of Service for tough-cookie",
+    url: "https://github.com/salesforce/tough-cookie/issues/92",
+    file: "package-lock.json"
+  },
+  {
+    tool: "gemnasium",
+    message: "Regular Expression Denial of Service for string",
+    url: "https://github.com/jprichardson/string.js/issues/212",
+    file: "package-lock.json"
+  },
+  {
+    tool: "gemnasium",
+    message: "Regular Expression Denial of Service for debug",
+    url: "https://nodesecurity.io/advisories/534",
+    file: "package-lock.json"
+  },
+  {
+    tool: "retire",
+    message: "3rd party CORS request may execute",
+    url: "https://github.com/jquery/jquery/issues/2432",
+    file: "/code/node_modules/tinycolor2/demo/jquery-1.9.1.js",
+    priority: "medium",
+  },
+  {
+    tool: "retire",
+    message: "parseHTML() executes scripts in event handlers",
+    url: "https://bugs.jquery.com/ticket/11974",
+    file: "/code/node_modules/tinycolor2/demo/jquery-1.9.1.js",
+    priority: "medium",
+  },
+  {
+    tool: "retire",
+    message: "growl_command-injection",
+    url: "https://nodesecurity.io/advisories/146",
+    priority: "high",
+  },
+  {
+    tool: "retire",
+    message: "growl_command-injection",
+    url: "https://nodesecurity.io/advisories/146",
+    priority: "high",
+  },
+];