Commit 94ee37f1 authored by Lucas Charles's avatar Lucas Charles

refactor: Extract vulnerability enums into concern

Extracts shared enums between vulnerability models into separate
vulnerabilities enum.

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/284689
parent 28a86070
# frozen_string_literal: true
module Enums
module Vulnerability
CONFIDENCE_LEVELS = {
# undefined: 0, no longer applicable
ignore: 1,
unknown: 2,
experimental: 3,
low: 4,
medium: 5,
high: 6,
confirmed: 7
}.with_indifferent_access.freeze
REPORT_TYPES = {
sast: 0,
secret_detection: 4
}.with_indifferent_access.freeze
SEVERITY_LEVELS = {
# undefined: 0, no longer applicable
info: 1,
unknown: 2,
# experimental: 3, formerly used by confidence, no longer applicable
low: 4,
medium: 5,
high: 6,
critical: 7
}.with_indifferent_access.freeze
def self.confidence_levels
CONFIDENCE_LEVELS
end
def self.report_types
REPORT_TYPES
end
def self.severity_levels
SEVERITY_LEVELS
end
end
end
Enums::Vulnerability.prepend_if_ee('EE::Enums::Vulnerability')
...@@ -11,7 +11,7 @@ module Representation ...@@ -11,7 +11,7 @@ module Representation
attr_reader :raw_entry attr_reader :raw_entry
def report_type def report_type
::Vulnerabilities::Finding::REPORT_TYPES.key(@report_type) || @report_type ::Enums::Vulnerability.report_types.key(@report_type) || @report_type
end end
def ==(other) def ==(other)
......
...@@ -25,7 +25,7 @@ module Resolvers ...@@ -25,7 +25,7 @@ module Resolvers
private private
def generate_missing_dates(calendar_entries, start_date, end_date) def generate_missing_dates(calendar_entries, start_date, end_date)
severities = ::Vulnerabilities::Finding::SEVERITY_LEVELS.keys severities = ::Enums::Vulnerability.severity_levels.keys
(start_date..end_date) (start_date..end_date)
.each_with_object({}) { |date, result| result[date] = build_calendar_entry(date, calendar_entries[date], result[date - 1.day]) } .each_with_object({}) { |date, result| result[date] = build_calendar_entry(date, calendar_entries[date], result[date - 1.day]) }
.values .values
......
...@@ -6,7 +6,7 @@ module Types ...@@ -6,7 +6,7 @@ module Types
graphql_name 'SecurityReportSummary' graphql_name 'SecurityReportSummary'
description 'Represents summary of a security report' description 'Represents summary of a security report'
::Vulnerabilities::Finding::REPORT_TYPES.keys.each do |report_type| ::Enums::Vulnerability.report_types.keys.each do |report_type|
field report_type, ::Types::SecurityReportSummarySectionType, null: true, field report_type, ::Types::SecurityReportSummarySectionType, null: true,
description: "Aggregated counts for the #{report_type} scan" description: "Aggregated counts for the #{report_type} scan"
end end
......
...@@ -12,7 +12,7 @@ module Types ...@@ -12,7 +12,7 @@ module Types
field :total, GraphQL::INT_TYPE, null: false, field :total, GraphQL::INT_TYPE, null: false,
description: 'Total number of vulnerabilities on a particular day' description: 'Total number of vulnerabilities on a particular day'
::Vulnerabilities::Finding::SEVERITY_LEVELS.keys.each do |severity| ::Enums::Vulnerability.severity_levels.keys.each do |severity|
field severity.to_s, GraphQL::INT_TYPE, null: false, field severity.to_s, GraphQL::INT_TYPE, null: false,
description: "Total number of vulnerabilities on a particular day with #{severity} severity" description: "Total number of vulnerabilities on a particular day with #{severity} severity"
end end
......
...@@ -29,7 +29,7 @@ module Types ...@@ -29,7 +29,7 @@ module Types
when 'coverage_fuzzing' when 'coverage_fuzzing'
VulnerabilityLocation::CoverageFuzzingType VulnerabilityLocation::CoverageFuzzingType
else else
raise UnexpectedReportType, "Report type must be one of #{::Vulnerabilities::Finding::REPORT_TYPES.keys}" raise UnexpectedReportType, "Report type must be one of #{::Enums::Vulnerability.report_types.keys}"
end end
end end
end end
......
...@@ -5,7 +5,7 @@ module Types ...@@ -5,7 +5,7 @@ module Types
graphql_name 'VulnerabilityReportType' graphql_name 'VulnerabilityReportType'
description 'The type of the security scan that found the vulnerability' description 'The type of the security scan that found the vulnerability'
::Vulnerabilities::Finding::REPORT_TYPES.keys.each do |report_type| ::Enums::Vulnerability.report_types.keys.each do |report_type|
value report_type.to_s.upcase, value: report_type.to_s value report_type.to_s.upcase, value: report_type.to_s
end end
end end
......
...@@ -6,7 +6,7 @@ module Types ...@@ -6,7 +6,7 @@ module Types
graphql_name 'VulnerabilitySeveritiesCount' graphql_name 'VulnerabilitySeveritiesCount'
description 'Represents vulnerability counts by severity' description 'Represents vulnerability counts by severity'
::Vulnerabilities::Finding::SEVERITY_LEVELS.keys.each do |severity| ::Enums::Vulnerability.severity_levels.keys.each do |severity|
field severity, GraphQL::INT_TYPE, null: true, field severity, GraphQL::INT_TYPE, null: true,
description: "Number of vulnerabilities of #{severity.upcase} severity of the project" description: "Number of vulnerabilities of #{severity.upcase} severity of the project"
end end
......
...@@ -5,7 +5,7 @@ module Types ...@@ -5,7 +5,7 @@ module Types
graphql_name 'VulnerabilitySeverity' graphql_name 'VulnerabilitySeverity'
description 'The severity of the vulnerability' description 'The severity of the vulnerability'
::Vulnerabilities::Finding::SEVERITY_LEVELS.keys.each do |severity| ::Enums::Vulnerability.severity_levels.keys.each do |severity|
value severity.to_s.upcase, value: severity.to_s value severity.to_s.upcase, value: severity.to_s
end end
end end
......
...@@ -24,10 +24,10 @@ module Types ...@@ -24,10 +24,10 @@ module Types
description: "State of the vulnerability (#{::Vulnerability.states.keys.join(', ').upcase})" description: "State of the vulnerability (#{::Vulnerability.states.keys.join(', ').upcase})"
field :severity, VulnerabilitySeverityEnum, null: true, field :severity, VulnerabilitySeverityEnum, null: true,
description: "Severity of the vulnerability (#{::Vulnerabilities::Finding::SEVERITY_LEVELS.keys.join(', ').upcase})" description: "Severity of the vulnerability (#{::Enums::Vulnerability.severity_levels.keys.join(', ').upcase})"
field :report_type, VulnerabilityReportTypeEnum, null: true, field :report_type, VulnerabilityReportTypeEnum, null: true,
description: "Type of the security report that found the vulnerability (#{::Vulnerabilities::Finding::REPORT_TYPES.keys.join(', ').upcase})" description: "Type of the security report that found the vulnerability (#{::Enums::Vulnerability.report_types.keys.join(', ').upcase})"
field :resolved_on_default_branch, GraphQL::BOOLEAN_TYPE, null: false, field :resolved_on_default_branch, GraphQL::BOOLEAN_TYPE, null: false,
description: "Indicates whether the vulnerability is fixed on the default branch or not" description: "Indicates whether the vulnerability is fixed on the default branch or not"
......
# frozen_string_literal: true
module EE
module Enums
module Vulnerability
extend ActiveSupport::Concern
REPORT_TYPES = {
dependency_scanning: 1,
container_scanning: 2,
dast: 3,
coverage_fuzzing: 5,
api_fuzzing: 6
}.freeze
class_methods do
extend ::Gitlab::Utils::Override
override :report_types
def report_types
@report_types ||= super.merge(REPORT_TYPES).sort_by(&:last).to_h.with_indifferent_access.freeze
end
end
end
end
end
...@@ -59,9 +59,9 @@ module EE ...@@ -59,9 +59,9 @@ module EE
# keep the order of the values in the state enum, it is used in state_order method to properly order vulnerabilities based on state # keep the order of the values in the state enum, it is used in state_order method to properly order vulnerabilities based on state
# remember to recreate index_vulnerabilities_on_state_case_id index when you update or extend this enum # remember to recreate index_vulnerabilities_on_state_case_id index when you update or extend this enum
enum state: { detected: 1, confirmed: 4, resolved: 3, dismissed: 2 } enum state: { detected: 1, confirmed: 4, resolved: 3, dismissed: 2 }
enum severity: ::Vulnerabilities::Finding::SEVERITY_LEVELS, _prefix: :severity enum severity: ::Enums::Vulnerability.severity_levels, _prefix: :severity
enum confidence: ::Vulnerabilities::Finding::CONFIDENCE_LEVELS, _prefix: :confidence enum confidence: ::Enums::Vulnerability.confidence_levels, _prefix: :confidence
enum report_type: ::Vulnerabilities::Finding::REPORT_TYPES enum report_type: ::Enums::Vulnerability.report_types
validates :project, :author, :title, :severity, :confidence, :report_type, presence: true validates :project, :author, :title, :severity, :confidence, :report_type, presence: true
......
...@@ -16,10 +16,8 @@ module Security ...@@ -16,10 +16,8 @@ module Security
has_one :build, through: :scan has_one :build, through: :scan
# TODO: These are duplicated between this model and Vulnerabilities::Finding, enum confidence: ::Enums::Vulnerability.confidence_levels, _prefix: :confidence
# we should create a shared module to encapculate this in one place. enum severity: ::Enums::Vulnerability.severity_levels, _prefix: :severity
enum confidence: Vulnerabilities::Finding::CONFIDENCE_LEVELS, _prefix: :confidence
enum severity: Vulnerabilities::Finding::SEVERITY_LEVELS, _prefix: :severity
validates :project_fingerprint, presence: true, length: { maximum: 40 } validates :project_fingerprint, presence: true, length: { maximum: 40 }
validates :position, presence: true validates :position, presence: true
......
...@@ -15,7 +15,7 @@ module Vulnerabilities ...@@ -15,7 +15,7 @@ module Vulnerabilities
attr_accessor :vulnerability_data attr_accessor :vulnerability_data
enum feedback_type: { dismissal: 0, issue: 1, merge_request: 2 }, _prefix: :for enum feedback_type: { dismissal: 0, issue: 1, merge_request: 2 }, _prefix: :for
enum category: ::Vulnerabilities::Finding::REPORT_TYPES enum category: ::Enums::Vulnerability.report_types
validates :project, presence: true validates :project, presence: true
validates :author, presence: true validates :author, presence: true
......
...@@ -39,41 +39,9 @@ module Vulnerabilities ...@@ -39,41 +39,9 @@ module Vulnerabilities
attr_writer :sha attr_writer :sha
attr_accessor :scan attr_accessor :scan
CONFIDENCE_LEVELS = { enum confidence: ::Enums::Vulnerability.confidence_levels, _prefix: :confidence
# undefined: 0, no longer applicable enum report_type: ::Enums::Vulnerability.report_types
ignore: 1, enum severity: ::Enums::Vulnerability.severity_levels, _prefix: :severity
unknown: 2,
experimental: 3,
low: 4,
medium: 5,
high: 6,
confirmed: 7
}.with_indifferent_access.freeze
SEVERITY_LEVELS = {
# undefined: 0, no longer applicable
info: 1,
unknown: 2,
# experimental: 3, formerly used by confidence, no longer applicable
low: 4,
medium: 5,
high: 6,
critical: 7
}.with_indifferent_access.freeze
REPORT_TYPES = {
sast: 0,
dependency_scanning: 1,
container_scanning: 2,
dast: 3,
secret_detection: 4,
coverage_fuzzing: 5,
api_fuzzing: 6
}.with_indifferent_access.freeze
enum confidence: CONFIDENCE_LEVELS, _prefix: :confidence
enum report_type: REPORT_TYPES
enum severity: SEVERITY_LEVELS, _prefix: :severity
validates :scanner, presence: true validates :scanner, presence: true
validates :project, presence: true validates :project, presence: true
...@@ -124,7 +92,7 @@ module Vulnerabilities ...@@ -124,7 +92,7 @@ module Vulnerabilities
def self.counted_by_severity def self.counted_by_severity
group(:severity).count.transform_keys do |severity| group(:severity).count.transform_keys do |severity|
SEVERITY_LEVELS[severity] severities[severity]
end end
end end
......
...@@ -27,7 +27,7 @@ module Vulnerabilities ...@@ -27,7 +27,7 @@ module Vulnerabilities
select( select(
arel_table[:date], arel_table[:date],
arel_table[:total].sum.as('total'), arel_table[:total].sum.as('total'),
*Finding::SEVERITY_LEVELS.map { |severity, _| arel_table[severity].sum.as(severity.to_s) } *::Enums::Vulnerability.severity_levels.map { |severity, _| arel_table[severity].sum.as(severity.to_s) }
) )
end end
scope :grouped_by_date, -> (sort = :asc) do scope :grouped_by_date, -> (sort = :asc) do
......
...@@ -75,7 +75,7 @@ module Security ...@@ -75,7 +75,7 @@ module Security
level_i = dep_i.dig(:vulnerabilities, 0, :severity) || :info level_i = dep_i.dig(:vulnerabilities, 0, :severity) || :info
level_j = dep_j.dig(:vulnerabilities, 0, :severity) || :info level_j = dep_j.dig(:vulnerabilities, 0, :severity) || :info
::Vulnerabilities::Finding::SEVERITY_LEVELS[level_j] <=> ::Vulnerabilities::Finding::SEVERITY_LEVELS[level_i] ::Enums::Vulnerability.severity_levels[level_j] <=> ::Enums::Vulnerability.severity_levels[level_i]
end end
end end
end end
......
...@@ -72,8 +72,8 @@ module Security ...@@ -72,8 +72,8 @@ module Security
if a_severity == b_severity if a_severity == b_severity
a.compare_key <=> b.compare_key a.compare_key <=> b.compare_key
else else
Vulnerabilities::Finding::SEVERITY_LEVELS[b_severity] <=> ::Enums::Vulnerability.severity_levels[b_severity] <=>
Vulnerabilities::Finding::SEVERITY_LEVELS[a_severity] ::Enums::Vulnerability.severity_levels[a_severity]
end end
end end
end end
......
...@@ -5,7 +5,7 @@ module Security ...@@ -5,7 +5,7 @@ module Security
include Gitlab::Utils::StrongMemoize include Gitlab::Utils::StrongMemoize
# @param [Ci::Pipeline] pipeline # @param [Ci::Pipeline] pipeline
# @param [Hash[Symbol, Array[Symbol]] selection_information keys must be in the set of Vulnerabilities::Finding::REPORT_TYPES for example: {dast: [:scanned_resources_count, :vulnerabilities_count], container_scanning:[:vulnerabilities_count]} # @param [Hash[Symbol, Array[Symbol]] selection_information keys must be in the set of Enums::Vulnerability.report_types for example: {dast: [:scanned_resources_count, :vulnerabilities_count], container_scanning:[:vulnerabilities_count]}
def initialize(pipeline, selection_information) def initialize(pipeline, selection_information)
@pipeline = pipeline @pipeline = pipeline
@selection_information = selection_information @selection_information = selection_information
......
...@@ -6,7 +6,7 @@ module Security ...@@ -6,7 +6,7 @@ module Security
# #
class ScannedResourcesCountingService class ScannedResourcesCountingService
# @param [Ci::Pipeline] pipeline # @param [Ci::Pipeline] pipeline
# @param Array[Symbol] report_types Summary report types. Valid values are members of Vulnerabilities::Finding::REPORT_TYPES # @param Array[Symbol] report_types Summary report types. Valid values are members of Enums::Vulnerability.report_types
def initialize(pipeline, report_types) def initialize(pipeline, report_types)
@pipeline = pipeline @pipeline = pipeline
@report_types = report_types @report_types = report_types
......
...@@ -6,7 +6,7 @@ module Security ...@@ -6,7 +6,7 @@ module Security
# #
class ScannedResourcesService class ScannedResourcesService
# @param [Ci::Pipeline] pipeline # @param [Ci::Pipeline] pipeline
# @param Array[Symbol] report_types Summary report types. Valid values are members of Vulnerabilities::Finding::REPORT_TYPES # @param Array[Symbol] report_types Summary report types. Valid values are members of Enums::Vulnerability.report_types
# @param [Int] The maximum number of scanned resources to return # @param [Int] The maximum number of scanned resources to return
def initialize(pipeline, report_types, limit = nil) def initialize(pipeline, report_types, limit = nil)
@pipeline = pipeline @pipeline = pipeline
......
...@@ -6,7 +6,7 @@ module Security ...@@ -6,7 +6,7 @@ module Security
# #
class VulnerabilityCountingService class VulnerabilityCountingService
# @param [Ci::Pipeline] pipeline # @param [Ci::Pipeline] pipeline
# @param Array[String] report_types Summary report types. Valid values are members of Vulnerabilities::Finding::REPORT_TYPES # @param Array[String] report_types Summary report types. Valid values are members of Enums::Vulnerability.report_types
def initialize(pipeline, report_types) def initialize(pipeline, report_types)
@pipeline = pipeline @pipeline = pipeline
@report_types = report_types @report_types = report_types
......
...@@ -128,15 +128,15 @@ class Gitlab::Seeder::Vulnerabilities ...@@ -128,15 +128,15 @@ class Gitlab::Seeder::Vulnerabilities
end end
def random_confidence_level def random_confidence_level
::Vulnerabilities::Finding::CONFIDENCE_LEVELS.keys.sample ::Enums::Vulnerability.confidence_levels.keys.sample
end end
def random_severity_level def random_severity_level
::Vulnerabilities::Finding::SEVERITY_LEVELS.keys.sample ::Enums::Vulnerability.severity_levels.keys.sample
end end
def random_report_type def random_report_type
::Vulnerabilities::Finding::REPORT_TYPES.keys.sample ::Enums::Vulnerability.report_types.keys.sample
end end
def metadata(line) def metadata(line)
......
...@@ -136,13 +136,13 @@ module Gitlab ...@@ -136,13 +136,13 @@ module Gitlab
end end
def parse_severity_level(input) def parse_severity_level(input)
return input if ::Vulnerabilities::Finding::SEVERITY_LEVELS.key?(input) return input if ::Enums::Vulnerability.severity_levels.key?(input)
'unknown' 'unknown'
end end
def parse_confidence_level(input) def parse_confidence_level(input)
return input if ::Vulnerabilities::Finding::CONFIDENCE_LEVELS.key?(input) return input if ::Enums::Vulnerability.confidence_levels.key?(input)
'unknown' 'unknown'
end end
......
...@@ -46,13 +46,13 @@ FactoryBot.define do ...@@ -46,13 +46,13 @@ FactoryBot.define do
severity { :low } severity { :low }
end end
::Vulnerabilities::Finding::SEVERITY_LEVELS.keys.each do |severity_level| ::Enums::Vulnerability.severity_levels.keys.each do |severity_level|
trait severity_level do trait severity_level do
severity { severity_level } severity { severity_level }
end end
end end
::Vulnerabilities::Finding::REPORT_TYPES.keys.each do |report_type| ::Enums::Vulnerability.report_types.keys.each do |report_type|
trait report_type do trait report_type do
report_type { report_type } report_type { report_type }
end end
......
...@@ -237,7 +237,7 @@ FactoryBot.define do ...@@ -237,7 +237,7 @@ FactoryBot.define do
end end
end end
::Vulnerabilities::Finding::REPORT_TYPES.keys.each do |security_report_type| ::Enums::Vulnerability.report_types.keys.each do |security_report_type|
trait security_report_type do trait security_report_type do
report_type { security_report_type } report_type { security_report_type }
end end
......
...@@ -4,7 +4,7 @@ require 'spec_helper' ...@@ -4,7 +4,7 @@ require 'spec_helper'
RSpec.describe GitlabSchema.types['VulnerabilitySeveritiesCount'] do RSpec.describe GitlabSchema.types['VulnerabilitySeveritiesCount'] do
let_it_be(:fields) do let_it_be(:fields) do
::Vulnerabilities::Finding::SEVERITY_LEVELS.keys ::Enums::Vulnerability.severity_levels.keys
end end
it { expect(described_class).to have_graphql_fields(fields) } it { expect(described_class).to have_graphql_fields(fields) }
......
...@@ -13,9 +13,9 @@ RSpec.describe Gitlab::BackgroundMigration::UpdateVulnerabilitiesFromDismissalFe ...@@ -13,9 +13,9 @@ RSpec.describe Gitlab::BackgroundMigration::UpdateVulnerabilitiesFromDismissalFe
let(:feedback) { table(:vulnerability_feedback) } let(:feedback) { table(:vulnerability_feedback) }
let(:namespaces) { table(:namespaces)} let(:namespaces) { table(:namespaces)}
let(:severity) { Vulnerabilities::Finding::SEVERITY_LEVELS[:unknown] } let(:severity) { ::Enums::Vulnerability.severity_levels[:unknown] }
let(:confidence) { Vulnerabilities::Finding::CONFIDENCE_LEVELS[:medium] } let(:confidence) { ::Enums::Vulnerability.confidence_levels[:medium] }
let(:report_type) { Vulnerabilities::Finding::REPORT_TYPES[:sast] } let(:report_type) { ::Enums::Vulnerability.report_types[:sast] }
let!(:user) { users.create!(email: 'author@example.com', username: 'author', projects_limit: 10) } let!(:user) { users.create!(email: 'author@example.com', username: 'author', projects_limit: 10) }
let!(:project) { projects.create!(namespace_id: namespace.id, name: 'gitlab', path: 'gitlab') } let!(:project) { projects.create!(namespace_id: namespace.id, name: 'gitlab', path: 'gitlab') }
......
...@@ -12,9 +12,9 @@ RSpec.describe Gitlab::BackgroundMigration::UpdateVulnerabilitiesToDismissed, :m ...@@ -12,9 +12,9 @@ RSpec.describe Gitlab::BackgroundMigration::UpdateVulnerabilitiesToDismissed, :m
let(:identifiers) { table(:vulnerability_identifiers) } let(:identifiers) { table(:vulnerability_identifiers) }
let(:feedback) { table(:vulnerability_feedback) } let(:feedback) { table(:vulnerability_feedback) }
let(:severity) { Vulnerabilities::Finding::SEVERITY_LEVELS[:unknown] } let(:severity) { ::Enums::Vulnerability.severity_levels[:unknown] }
let(:confidence) { Vulnerabilities::Finding::CONFIDENCE_LEVELS[:medium] } let(:confidence) { ::Enums::Vulnerability.confidence_levels[:medium] }
let(:report_type) { Vulnerabilities::Finding::REPORT_TYPES[:sast] } let(:report_type) { ::Enums::Vulnerability.report_types[:sast] }
let!(:user) { users.create!(id: 13, email: 'author@example.com', username: 'author', projects_limit: 10) } let!(:user) { users.create!(id: 13, email: 'author@example.com', username: 'author', projects_limit: 10) }
let!(:project) { projects.create!(id: 123, namespace_id: 12, name: 'gitlab', path: 'gitlab') } let!(:project) { projects.create!(id: 123, namespace_id: 12, name: 'gitlab', path: 'gitlab') }
......
...@@ -5,10 +5,10 @@ require 'spec_helper' ...@@ -5,10 +5,10 @@ require 'spec_helper'
RSpec.describe Gitlab::Ci::Reports::Security::VulnerabilityReportsComparer do RSpec.describe Gitlab::Ci::Reports::Security::VulnerabilityReportsComparer do
let(:identifier) { build(:vulnerabilities_identifier) } let(:identifier) { build(:vulnerabilities_identifier) }
let(:base_vulnerability) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '123', confidence: Vulnerabilities::Finding::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Finding::SEVERITY_LEVELS[:critical]) } let(:base_vulnerability) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '123', confidence: ::Enums::Vulnerability.confidence_levels[:high], severity: ::Enums::Vulnerability.severity_levels[:critical]) }
let(:base_report) { build(:ci_reports_security_aggregated_reports, findings: [base_vulnerability])} let(:base_report) { build(:ci_reports_security_aggregated_reports, findings: [base_vulnerability])}
let(:head_vulnerability) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '123', confidence: Vulnerabilities::Finding::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Finding::SEVERITY_LEVELS[:critical]) } let(:head_vulnerability) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '123', confidence: ::Enums::Vulnerability.confidence_levels[:high], severity: ::Enums::Vulnerability.severity_levels[:critical]) }
let(:head_report) { build(:ci_reports_security_aggregated_reports, findings: [head_vulnerability])} let(:head_report) { build(:ci_reports_security_aggregated_reports, findings: [head_vulnerability])}
before do before do
...@@ -62,8 +62,8 @@ RSpec.describe Gitlab::Ci::Reports::Security::VulnerabilityReportsComparer do ...@@ -62,8 +62,8 @@ RSpec.describe Gitlab::Ci::Reports::Security::VulnerabilityReportsComparer do
end end
context 'new vulnerabilities' do context 'new vulnerabilities' do
let(:vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: Vulnerabilities::Finding::CONFIDENCE_LEVELS[:medium]) } let(:vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: ::Enums::Vulnerability.confidence_levels[:medium]) }
let(:low_vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: Vulnerabilities::Finding::CONFIDENCE_LEVELS[:low]) } let(:low_vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: ::Enums::Vulnerability.confidence_levels[:low]) }
let(:base_report) { build(:ci_reports_security_aggregated_reports, findings: [base_vulnerability, vuln])} let(:base_report) { build(:ci_reports_security_aggregated_reports, findings: [base_vulnerability, vuln])}
let(:head_report) { build(:ci_reports_security_aggregated_reports, findings: [head_vulnerability, vuln, low_vuln])} let(:head_report) { build(:ci_reports_security_aggregated_reports, findings: [head_vulnerability, vuln, low_vuln])}
...@@ -75,8 +75,8 @@ RSpec.describe Gitlab::Ci::Reports::Security::VulnerabilityReportsComparer do ...@@ -75,8 +75,8 @@ RSpec.describe Gitlab::Ci::Reports::Security::VulnerabilityReportsComparer do
end end
describe '#added' do describe '#added' do
let(:vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: Vulnerabilities::Finding::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Finding::SEVERITY_LEVELS[:critical]) } let(:vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: ::Enums::Vulnerability.confidence_levels[:high], severity: Enums::Vulnerability.severity_levels[:critical]) }
let(:low_vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: Vulnerabilities::Finding::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Finding::SEVERITY_LEVELS[:low]) } let(:low_vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: ::Enums::Vulnerability.confidence_levels[:high], severity: Enums::Vulnerability.severity_levels[:low]) }
context 'with new vulnerability' do context 'with new vulnerability' do
let(:head_report) { build(:ci_reports_security_aggregated_reports, findings: [head_vulnerability, vuln])} let(:head_report) { build(:ci_reports_security_aggregated_reports, findings: [head_vulnerability, vuln])}
...@@ -107,7 +107,7 @@ RSpec.describe Gitlab::Ci::Reports::Security::VulnerabilityReportsComparer do ...@@ -107,7 +107,7 @@ RSpec.describe Gitlab::Ci::Reports::Security::VulnerabilityReportsComparer do
describe '#fixed' do describe '#fixed' do
let(:vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888') } let(:vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888') }
let(:medium_vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: Vulnerabilities::Finding::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Finding::SEVERITY_LEVELS[:medium]) } let(:medium_vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: ::Enums::Vulnerability.confidence_levels[:high], severity: Enums::Vulnerability.severity_levels[:medium]) }
context 'with fixed vulnerability' do context 'with fixed vulnerability' do
let(:base_report) { build(:ci_reports_security_aggregated_reports, findings: [base_vulnerability, vuln])} let(:base_report) { build(:ci_reports_security_aggregated_reports, findings: [base_vulnerability, vuln])}
......
...@@ -16,9 +16,9 @@ RSpec.describe MigrateVulnerabilityDismissalFeedback, :migration, :sidekiq do ...@@ -16,9 +16,9 @@ RSpec.describe MigrateVulnerabilityDismissalFeedback, :migration, :sidekiq do
let(:vulnerabilities) { table(:vulnerabilities) } let(:vulnerabilities) { table(:vulnerabilities) }
let(:dismissed_state) { Gitlab::BackgroundMigration::UpdateVulnerabilitiesFromDismissalFeedback::VULNERABILITY_DISMISSED_STATE } let(:dismissed_state) { Gitlab::BackgroundMigration::UpdateVulnerabilitiesFromDismissalFeedback::VULNERABILITY_DISMISSED_STATE }
let(:severity) { Vulnerabilities::Finding::SEVERITY_LEVELS[:unknown] } let(:severity) { ::Enums::Vulnerability.severity_levels[:unknown] }
let(:confidence) { Vulnerabilities::Finding::CONFIDENCE_LEVELS[:medium] } let(:confidence) { ::Enums::Vulnerability.confidence_levels[:medium] }
let(:report_type) { Vulnerabilities::Finding::REPORT_TYPES[:sast] } let(:report_type) { ::Enums::Vulnerability.report_types[:sast] }
before do before do
stub_const("#{described_class.name}::BATCH_SIZE", 1) stub_const("#{described_class.name}::BATCH_SIZE", 1)
......
...@@ -16,9 +16,9 @@ RSpec.describe MigrateVulnerabilityDismissals, :migration, :sidekiq do ...@@ -16,9 +16,9 @@ RSpec.describe MigrateVulnerabilityDismissals, :migration, :sidekiq do
let(:vulnerabilities) { table(:vulnerabilities) } let(:vulnerabilities) { table(:vulnerabilities) }
let(:detected_state) { Gitlab::BackgroundMigration::UpdateVulnerabilitiesToDismissed::VULNERABILITY_DETECTED } let(:detected_state) { Gitlab::BackgroundMigration::UpdateVulnerabilitiesToDismissed::VULNERABILITY_DETECTED }
let(:severity) { Vulnerabilities::Finding::SEVERITY_LEVELS[:unknown] } let(:severity) { ::Enums::Vulnerability.severity_levels[:unknown] }
let(:confidence) { Vulnerabilities::Finding::CONFIDENCE_LEVELS[:medium] } let(:confidence) { ::Enums::Vulnerability.confidence_levels[:medium] }
let(:report_type) { Vulnerabilities::Finding::REPORT_TYPES[:sast] } let(:report_type) { ::Enums::Vulnerability.report_types[:sast] }
before do before do
stub_const("#{described_class.name}::BATCH_SIZE", 1) stub_const("#{described_class.name}::BATCH_SIZE", 1)
......
...@@ -82,9 +82,9 @@ RSpec.describe Vulnerabilities::Finding do ...@@ -82,9 +82,9 @@ RSpec.describe Vulnerabilities::Finding do
end end
context 'order' do context 'order' do
let!(:finding1) { create(:vulnerabilities_finding, confidence: described_class::CONFIDENCE_LEVELS[:high], severity: described_class::SEVERITY_LEVELS[:high]) } let!(:finding1) { create(:vulnerabilities_finding, confidence: ::Enums::Vulnerability.confidence_levels[:high], severity: ::Enums::Vulnerability.severity_levels[:high]) }
let!(:finding2) { create(:vulnerabilities_finding, confidence: described_class::CONFIDENCE_LEVELS[:medium], severity: described_class::SEVERITY_LEVELS[:critical]) } let!(:finding2) { create(:vulnerabilities_finding, confidence: ::Enums::Vulnerability.confidence_levels[:medium], severity: ::Enums::Vulnerability.severity_levels[:critical]) }
let!(:finding3) { create(:vulnerabilities_finding, confidence: described_class::CONFIDENCE_LEVELS[:high], severity: described_class::SEVERITY_LEVELS[:critical]) } let!(:finding3) { create(:vulnerabilities_finding, confidence: ::Enums::Vulnerability.confidence_levels[:high], severity: ::Enums::Vulnerability.severity_levels[:critical]) }
it 'orders by severity and confidence' do it 'orders by severity and confidence' do
expect(described_class.all.ordered).to eq([finding3, finding2, finding1]) expect(described_class.all.ordered).to eq([finding3, finding2, finding1])
...@@ -139,7 +139,7 @@ RSpec.describe Vulnerabilities::Finding do ...@@ -139,7 +139,7 @@ RSpec.describe Vulnerabilities::Finding do
subject { described_class.by_report_types(param) } subject { described_class.by_report_types(param) }
context 'with one param' do context 'with one param' do
let(:param) { Vulnerabilities::Finding::REPORT_TYPES['sast'] } let(:param) { Vulnerabilities::Finding.report_types['sast'] }
it 'returns found record' do it 'returns found record' do
is_expected.to contain_exactly(vulnerability_sast) is_expected.to contain_exactly(vulnerability_sast)
...@@ -149,11 +149,11 @@ RSpec.describe Vulnerabilities::Finding do ...@@ -149,11 +149,11 @@ RSpec.describe Vulnerabilities::Finding do
context 'with array of params' do context 'with array of params' do
let(:param) do let(:param) do
[ [
Vulnerabilities::Finding::REPORT_TYPES['dependency_scanning'], Vulnerabilities::Finding.report_types['dependency_scanning'],
Vulnerabilities::Finding::REPORT_TYPES['dast'], Vulnerabilities::Finding.report_types['dast'],
Vulnerabilities::Finding::REPORT_TYPES['secret_detection'], Vulnerabilities::Finding.report_types['secret_detection'],
Vulnerabilities::Finding::REPORT_TYPES['coverage_fuzzing'], Vulnerabilities::Finding.report_types['coverage_fuzzing'],
Vulnerabilities::Finding::REPORT_TYPES['api_fuzzing'] Vulnerabilities::Finding.report_types['api_fuzzing']
] ]
end end
...@@ -168,7 +168,7 @@ RSpec.describe Vulnerabilities::Finding do ...@@ -168,7 +168,7 @@ RSpec.describe Vulnerabilities::Finding do
end end
context 'without found record' do context 'without found record' do
let(:param) { Vulnerabilities::Finding::REPORT_TYPES['container_scanning']} let(:param) { ::Enums::Vulnerability.report_types['container_scanning']}
it 'returns empty collection' do it 'returns empty collection' do
is_expected.to be_empty is_expected.to be_empty
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment