Skip to content

G
gitlab-ce
Commit 94ebe948 authored by Kamil Trzciński's avatar Kamil Trzciński
Browse files
Options

Merge branch '9393-limit-report-types-for-group-sec' into 'master' 

Resolve "Limit Group Security Dashboard to selected types of vulnerabilities"

Closes #9393

See merge request gitlab-org/gitlab-ee!9626
parents e0dba282 2eb7953e
Hide whitespace changes
Inline Side-by-side
Showing with 30 additions and 14 deletions
ee/app/controllers/groups/security/vulnerabilities_controller.rb
View file @ 94ebe948
...@@ -3,6 +3,11 @@ ...@@ -3,6 +3,11 @@
class Groups::Security::VulnerabilitiesController < Groups::Security::ApplicationController class Groups::Security::VulnerabilitiesController < Groups::Security::ApplicationController
HISTORY_RANGE = 3.months HISTORY_RANGE = 3.months
# NOTE: we need this scope because DAST vulnerabilities
# shouldn't appear in the Group Dashboard in the same as we're starting
# to save them in the database
DEFAULT_REPORT_SCOPE = [:sast, :dependency_scanning, :container_scanning].freeze
def index def index
vulnerabilities = found_vulnerabilities.ordered.page(params[:page]) vulnerabilities = found_vulnerabilities.ordered.page(params[:page])
...@@ -39,8 +44,10 @@ class Groups::Security::VulnerabilitiesController < Groups::Security::Applicatio ...@@ -39,8 +44,10 @@ class Groups::Security::VulnerabilitiesController < Groups::Security::Applicatio
private private
def filter_params def filter_params
params.permit(report_type: [], project_id: [], severity: []) filter_params = params.permit(report_type: [], project_id: [], severity: [])
.merge(hide_dismissed: Gitlab::Utils.to_boolean(params[:hide_dismissed])) .merge(hide_dismissed: Gitlab::Utils.to_boolean(params[:hide_dismissed]))
filter_params[:report_type] ||= DEFAULT_REPORT_SCOPE
filter_params
end end
def found_vulnerabilities(collection = :latest) def found_vulnerabilities(collection = :latest)
......
ee/changelogs/unreleased/9393-limit-report-types-for-group-sec.yml 0 → 100644
View file @ 94ebe948
---
title: Limit Group Security Dashboard to selected types of report
merge_request: 9626
author:
type: bug
ee/spec/controllers/groups/security/vulnerabilities_controller_spec.rb
View file @ 94ebe948
...@@ -108,6 +108,7 @@ describe Groups::Security::VulnerabilitiesController do ...@@ -108,6 +108,7 @@ describe Groups::Security::VulnerabilitiesController do
context 'with multiple report types' do context 'with multiple report types' do
before do before do
projects.each do |project| projects.each do |project|
create_vulnerabilities(1, project_guest, { report_type: :dast })
create_vulnerabilities(2, project_guest, { report_type: :sast }) create_vulnerabilities(2, project_guest, { report_type: :sast })
create_vulnerabilities(1, project_dev, { report_type: :dependency_scanning }) create_vulnerabilities(1, project_dev, { report_type: :dependency_scanning })
end end
...@@ -218,14 +219,14 @@ describe Groups::Security::VulnerabilitiesController do ...@@ -218,14 +219,14 @@ describe Groups::Security::VulnerabilitiesController do
group.add_developer(user) group.add_developer(user)
end end
it 'returns vulnerabilities counts' do it 'returns vulnerabilities counts for :sast and :dependency_scanning' do
subject subject
expect(response).to have_gitlab_http_status(200) expect(response).to have_gitlab_http_status(200)
expect(json_response).to be_an(Hash) expect(json_response).to be_an(Hash)
expect(json_response['high']).to eq(3) expect(json_response['high']).to eq(3)
expect(json_response['low']).to eq(4) expect(json_response['low']).to eq(3)
expect(json_response['medium']).to eq(1) expect(json_response['medium']).to eq(0)
expect(response).to match_response_schema('vulnerabilities/summary', dir: 'ee') expect(response).to match_response_schema('vulnerabilities/summary', dir: 'ee')
end end
...@@ -292,6 +293,9 @@ describe Groups::Security::VulnerabilitiesController do ...@@ -292,6 +293,9 @@ describe Groups::Security::VulnerabilitiesController do
create_list(:vulnerabilities_occurrence, 1, create_list(:vulnerabilities_occurrence, 1,
pipelines: [pipeline], project: project_dev, report_type: :dast, severity: :low) pipelines: [pipeline], project: project_dev, report_type: :dast, severity: :low)
create_list(:vulnerabilities_occurrence, 1,
pipelines: [pipeline], project: project_dev, report_type: :container_scanning, severity: :high)
end end
end end
...@@ -319,11 +323,11 @@ describe Groups::Security::VulnerabilitiesController do ...@@ -319,11 +323,11 @@ describe Groups::Security::VulnerabilitiesController do
expect(response).to have_gitlab_http_status(200) expect(response).to have_gitlab_http_status(200)
expect(json_response).to be_an(Hash) expect(json_response).to be_an(Hash)
expect(json_response['total']).to eq({ '2018-11-10' => 5, '2018-11-12' => 4 }) expect(json_response['total']).to eq({ '2018-11-10' => 5, '2018-11-12' => 3 })
expect(json_response['critical']).to eq({ '2018-11-10' => 1 }) expect(json_response['critical']).to eq({ '2018-11-10' => 1 })
expect(json_response['high']).to eq({ '2018-11-10' => 2 }) expect(json_response['high']).to eq({ '2018-11-10' => 2, '2018-11-12' => 1 })
expect(json_response['medium']).to eq({ '2018-11-12' => 1 }) expect(json_response['medium']).to eq({})
expect(json_response['low']).to eq({ '2018-11-10' => 2, '2018-11-12' => 3 }) expect(json_response['low']).to eq({ '2018-11-10' => 2, '2018-11-12' => 2 })
expect(response).to match_response_schema('vulnerabilities/history', dir: 'ee') expect(response).to match_response_schema('vulnerabilities/history', dir: 'ee')
end end
...@@ -349,16 +353,16 @@ describe Groups::Security::VulnerabilitiesController do ...@@ -349,16 +353,16 @@ describe Groups::Security::VulnerabilitiesController do
it 'returns filtered history if filters are enabled' do it 'returns filtered history if filters are enabled' do
travel_to(Time.zone.parse('2019-02-10')) do travel_to(Time.zone.parse('2019-02-10')) do
get :history, params: { group_id: group, report_type: %w[dependency_scanning sast] }, format: :json get :history, params: { group_id: group, report_type: %w[dependency_scanning sast dast container_scanning] }, format: :json
end end
expect(response).to have_gitlab_http_status(200) expect(response).to have_gitlab_http_status(200)
expect(json_response).to be_an(Hash) expect(json_response).to be_an(Hash)
expect(json_response['total']).to eq({ '2018-11-10' => 5, '2018-11-12' => 2 }) expect(json_response['total']).to eq({ '2018-11-10' => 5, '2018-11-12' => 5 })
expect(json_response['critical']).to eq({ '2018-11-10' => 1 }) expect(json_response['critical']).to eq({ '2018-11-10' => 1 })
expect(json_response['high']).to eq({ '2018-11-10' => 2 }) expect(json_response['high']).to eq({ '2018-11-10' => 2, '2018-11-12' => 1 })
expect(json_response['medium']).to eq({}) expect(json_response['medium']).to eq({ '2018-11-12' => 1 })
expect(json_response['low']).to eq({ '2018-11-10' => 2, '2018-11-12' => 2 }) expect(json_response['low']).to eq({ '2018-11-10' => 2, '2018-11-12' => 3 })
expect(response).to match_response_schema('vulnerabilities/history', dir: 'ee') expect(response).to match_response_schema('vulnerabilities/history', dir: 'ee')
end end
end end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7