Commit a83c8de8 authored by Lucas Charles's avatar Lucas Charles

chore: Rename security parser method from vulnerability to finding

Improve method naming to more accurately reflect what objects are being
created. `create_vulnerability` is misleading since we are dealing with
`findings` here instead.

Also renames the instantiations within the specs in a similar manner
parent 3e8bc389
...@@ -36,9 +36,9 @@ module EE ...@@ -36,9 +36,9 @@ module EE
end end
end end
override :create_vulnerabilities override :create_findings
def create_vulnerabilities def create_findings
collate_remediations.each { |vulnerability| create_vulnerability(vulnerability, create_remediations(report_data['remediations'])) } collate_remediations.each { |finding| create_finding(finding, create_remediations(report_data['remediations'])) }
end end
end end
end end
......
...@@ -98,42 +98,42 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do ...@@ -98,42 +98,42 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do
context 'when message is provided' do context 'when message is provided' do
it 'sets message from the report as a finding name' do it 'sets message from the report as a finding name' do
vulnerability = report.findings.find { |x| x.compare_key == 'CVE-1020' } finding = report.findings.find { |x| x.compare_key == 'CVE-1020' }
expected_name = Gitlab::Json.parse(vulnerability.raw_metadata)['message'] expected_name = Gitlab::Json.parse(finding.raw_metadata)['message']
expect(vulnerability.name).to eq(expected_name) expect(finding.name).to eq(expected_name)
end end
end end
context 'when message is not provided' do context 'when message is not provided' do
context 'and name is provided' do context 'and name is provided' do
it 'sets name from the report as a name' do it 'sets name from the report as a name' do
vulnerability = report.findings.find { |x| x.compare_key == 'CVE-1030' } finding = report.findings.find { |x| x.compare_key == 'CVE-1030' }
expected_name = Gitlab::Json.parse(vulnerability.raw_metadata)['name'] expected_name = Gitlab::Json.parse(finding.raw_metadata)['name']
expect(vulnerability.name).to eq(expected_name) expect(finding.name).to eq(expected_name)
end end
end end
context 'and name is not provided' do context 'and name is not provided' do
context 'when CVE identifier exists' do context 'when CVE identifier exists' do
it 'combines identifier with location to create name' do it 'combines identifier with location to create name' do
vulnerability = report.findings.find { |x| x.compare_key == 'CVE-2017-11429' } finding = report.findings.find { |x| x.compare_key == 'CVE-2017-11429' }
expect(vulnerability.name).to eq("CVE-2017-11429 in yarn.lock") expect(finding.name).to eq("CVE-2017-11429 in yarn.lock")
end end
end end
context 'when CWE identifier exists' do context 'when CWE identifier exists' do
it 'combines identifier with location to create name' do it 'combines identifier with location to create name' do
vulnerability = report.findings.find { |x| x.compare_key == 'CWE-2017-11429' } finding = report.findings.find { |x| x.compare_key == 'CWE-2017-11429' }
expect(vulnerability.name).to eq("CWE-2017-11429 in yarn.lock") expect(finding.name).to eq("CWE-2017-11429 in yarn.lock")
end end
end end
context 'when neither CVE nor CWE identifier exist' do context 'when neither CVE nor CWE identifier exist' do
it 'combines identifier with location to create name' do it 'combines identifier with location to create name' do
vulnerability = report.findings.find { |x| x.compare_key == 'OTHER-2017-11429' } finding = report.findings.find { |x| x.compare_key == 'OTHER-2017-11429' }
expect(vulnerability.name).to eq("other-2017-11429 in yarn.lock") expect(finding.name).to eq("other-2017-11429 in yarn.lock")
end end
end end
end end
...@@ -143,17 +143,17 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do ...@@ -143,17 +143,17 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do
describe 'parsing finding.details' do describe 'parsing finding.details' do
context 'when details are provided' do context 'when details are provided' do
it 'sets details from the report' do it 'sets details from the report' do
vulnerability = report.findings.find { |x| x.compare_key == 'CVE-1020' } finding = report.findings.find { |x| x.compare_key == 'CVE-1020' }
expected_details = Gitlab::Json.parse(vulnerability.raw_metadata)['details'] expected_details = Gitlab::Json.parse(finding.raw_metadata)['details']
expect(vulnerability.details).to eq(expected_details) expect(finding.details).to eq(expected_details)
end end
end end
context 'when details are not provided' do context 'when details are not provided' do
it 'sets empty hash' do it 'sets empty hash' do
vulnerability = report.findings.find { |x| x.compare_key == 'CVE-1030' } finding = report.findings.find { |x| x.compare_key == 'CVE-1030' }
expect(vulnerability.details).to eq({}) expect(finding.details).to eq({})
end end
end end
end end
...@@ -162,19 +162,19 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do ...@@ -162,19 +162,19 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do
let(:expected_remediation) { create(:ci_reports_security_remediation, diff: '') } let(:expected_remediation) { create(:ci_reports_security_remediation, diff: '') }
it 'finds remediation with same cve' do it 'finds remediation with same cve' do
vulnerability = report.findings.find { |x| x.compare_key == "CVE-1020" } finding = report.findings.find { |x| x.compare_key == "CVE-1020" }
remediation = { 'fixes' => [{ 'cve' => 'CVE-1020' }], 'summary' => '', 'diff' => '' } remediation = { 'fixes' => [{ 'cve' => 'CVE-1020' }], 'summary' => '', 'diff' => '' }
expect(Gitlab::Json.parse(vulnerability.raw_metadata).dig('remediations').first).to include remediation expect(Gitlab::Json.parse(finding.raw_metadata).dig('remediations').first).to include remediation
expect(vulnerability.remediations.first.checksum).to eq(expected_remediation.checksum) expect(finding.remediations.first.checksum).to eq(expected_remediation.checksum)
end end
it 'finds remediation with same id' do it 'finds remediation with same id' do
vulnerability = report.findings.find { |x| x.compare_key == "CVE-1030" } finding = report.findings.find { |x| x.compare_key == "CVE-1030" }
remediation = { 'fixes' => [{ 'cve' => 'CVE', 'id' => 'bb2fbeb1b71ea360ce3f86f001d4e84823c3ffe1a1f7d41ba7466b14cfa953d3' }], 'summary' => '', 'diff' => '' } remediation = { 'fixes' => [{ 'cve' => 'CVE', 'id' => 'bb2fbeb1b71ea360ce3f86f001d4e84823c3ffe1a1f7d41ba7466b14cfa953d3' }], 'summary' => '', 'diff' => '' }
expect(Gitlab::Json.parse(vulnerability.raw_metadata).dig('remediations').first).to include remediation expect(Gitlab::Json.parse(finding.raw_metadata).dig('remediations').first).to include remediation
expect(vulnerability.remediations.first.checksum).to eq(expected_remediation.checksum) expect(finding.remediations.first.checksum).to eq(expected_remediation.checksum)
end end
it 'does not find remediation with different id' do it 'does not find remediation with different id' do
...@@ -189,8 +189,8 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do ...@@ -189,8 +189,8 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do
"diff": "" "diff": ""
} }
report.findings.map do |vulnerability| report.findings.map do |finding|
expect(Gitlab::Json.parse(vulnerability.raw_metadata).dig('remediations')).not_to include(fix_with_id) expect(Gitlab::Json.parse(finding.raw_metadata).dig('remediations')).not_to include(fix_with_id)
end end
end end
end end
......
...@@ -28,7 +28,7 @@ module Gitlab ...@@ -28,7 +28,7 @@ module Gitlab
create_analyzer create_analyzer
set_report_version set_report_version
create_vulnerabilities create_findings
report_data report_data
rescue JSON::ParserError rescue JSON::ParserError
...@@ -78,13 +78,13 @@ module Gitlab ...@@ -78,13 +78,13 @@ module Gitlab
data['tracking'] data['tracking']
end end
def create_vulnerabilities def create_findings
if report_data["vulnerabilities"] if report_data["vulnerabilities"]
report_data["vulnerabilities"].each { |vulnerability| create_vulnerability(vulnerability) } report_data["vulnerabilities"].each { |finding| create_finding(finding) }
end end
end end
def create_vulnerability(data, remediations = []) def create_finding(data, remediations = [])
identifiers = create_identifiers(data['identifiers']) identifiers = create_identifiers(data['identifiers'])
links = create_links(data['links']) links = create_links(data['links'])
location = create_location(data['location'] || {}) location = create_location(data['location'] || {})
......
...@@ -99,42 +99,42 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do ...@@ -99,42 +99,42 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do
context 'when message is provided' do context 'when message is provided' do
it 'sets message from the report as a finding name' do it 'sets message from the report as a finding name' do
vulnerability = report.findings.find { |x| x.compare_key == 'CVE-1020' } finding = report.findings.find { |x| x.compare_key == 'CVE-1020' }
expected_name = Gitlab::Json.parse(vulnerability.raw_metadata)['message'] expected_name = Gitlab::Json.parse(finding.raw_metadata)['message']
expect(vulnerability.name).to eq(expected_name) expect(finding.name).to eq(expected_name)
end end
end end
context 'when message is not provided' do context 'when message is not provided' do
context 'and name is provided' do context 'and name is provided' do
it 'sets name from the report as a name' do it 'sets name from the report as a name' do
vulnerability = report.findings.find { |x| x.compare_key == 'CVE-1030' } finding = report.findings.find { |x| x.compare_key == 'CVE-1030' }
expected_name = Gitlab::Json.parse(vulnerability.raw_metadata)['name'] expected_name = Gitlab::Json.parse(finding.raw_metadata)['name']
expect(vulnerability.name).to eq(expected_name) expect(finding.name).to eq(expected_name)
end end
end end
context 'and name is not provided' do context 'and name is not provided' do
context 'when CVE identifier exists' do context 'when CVE identifier exists' do
it 'combines identifier with location to create name' do it 'combines identifier with location to create name' do
vulnerability = report.findings.find { |x| x.compare_key == 'CVE-2017-11429' } finding = report.findings.find { |x| x.compare_key == 'CVE-2017-11429' }
expect(vulnerability.name).to eq("CVE-2017-11429 in yarn.lock") expect(finding.name).to eq("CVE-2017-11429 in yarn.lock")
end end
end end
context 'when CWE identifier exists' do context 'when CWE identifier exists' do
it 'combines identifier with location to create name' do it 'combines identifier with location to create name' do
vulnerability = report.findings.find { |x| x.compare_key == 'CWE-2017-11429' } finding = report.findings.find { |x| x.compare_key == 'CWE-2017-11429' }
expect(vulnerability.name).to eq("CWE-2017-11429 in yarn.lock") expect(finding.name).to eq("CWE-2017-11429 in yarn.lock")
end end
end end
context 'when neither CVE nor CWE identifier exist' do context 'when neither CVE nor CWE identifier exist' do
it 'combines identifier with location to create name' do it 'combines identifier with location to create name' do
vulnerability = report.findings.find { |x| x.compare_key == 'OTHER-2017-11429' } finding = report.findings.find { |x| x.compare_key == 'OTHER-2017-11429' }
expect(vulnerability.name).to eq("other-2017-11429 in yarn.lock") expect(finding.name).to eq("other-2017-11429 in yarn.lock")
end end
end end
end end
...@@ -144,17 +144,17 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do ...@@ -144,17 +144,17 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do
describe 'parsing finding.details' do describe 'parsing finding.details' do
context 'when details are provided' do context 'when details are provided' do
it 'sets details from the report' do it 'sets details from the report' do
vulnerability = report.findings.find { |x| x.compare_key == 'CVE-1020' } finding = report.findings.find { |x| x.compare_key == 'CVE-1020' }
expected_details = Gitlab::Json.parse(vulnerability.raw_metadata)['details'] expected_details = Gitlab::Json.parse(finding.raw_metadata)['details']
expect(vulnerability.details).to eq(expected_details) expect(finding.details).to eq(expected_details)
end end
end end
context 'when details are not provided' do context 'when details are not provided' do
it 'sets empty hash' do it 'sets empty hash' do
vulnerability = report.findings.find { |x| x.compare_key == 'CVE-1030' } finding = report.findings.find { |x| x.compare_key == 'CVE-1030' }
expect(vulnerability.details).to eq({}) expect(finding.details).to eq({})
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment