Skip to content

G
gitlab-ce
Commit a930de78 authored by Can Eldem's avatar Can Eldem Committed by James Lopez
Browse files
Options

Sort vulnerabilities for pipeline dashboard 

Consider enum values rather than string
Added further test
parent 51c5859c
Hide whitespace changes
Inline Side-by-side
Showing with 31 additions and 9 deletions
changelogs/unreleased/sort-vulnerabilities-for-pipeline-dashboard.yml 0 → 100644
View file @ a930de78
---
title: Pipeline vulnerability dashboard sort vulnerabilities by severity then confidence
merge_request: 18863
author:
type: fixed
ee/app/finders/security/pipeline_vulnerabilities_finder.rb
View file @ a930de78
......@@ -41,7 +41,7 @@ module Security
occurrences.concat(filtered_occurrences)
end
occurrences.sort_by { |x| [x.severity, x.confidence] }
occurrences.sort_by { |x| [-x.severity_value, -x.confidence_value] }
end
private
......
ee/app/models/vulnerabilities/occurrence.rb
View file @ a930de78
......@@ -221,6 +221,14 @@ module Vulnerabilities
report_type.hash ^ location.hash ^ first_fingerprint.hash
end
def severity_value
self.class.severities[self.severity]
end
def confidence_value
self.class.confidences[self.confidence]
end
protected
def first_fingerprint
......
ee/spec/finders/security/pipeline_vulnerabilities_finder_spec.rb
View file @ a930de78
......@@ -54,15 +54,24 @@ describe Security::PipelineVulnerabilitiesFinder do
context 'by order' do
let(:params) { { report_type: %w[sast] } }
let!(:occurrence1) { build(:vulnerabilities_occurrence, confidence: Vulnerabilities::Occurrence::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Occurrence::SEVERITY_LEVELS[:high]) }
let!(:occurrence2) { build(:vulnerabilities_occurrence, confidence: Vulnerabilities::Occurrence::CONFIDENCE_LEVELS[:medium], severity: Vulnerabilities::Occurrence::SEVERITY_LEVELS[:critical]) }
let!(:occurrence3) { build(:vulnerabilities_occurrence, confidence: Vulnerabilities::Occurrence::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Occurrence::SEVERITY_LEVELS[:critical]) }
let!(:res) { [occurrence3, occurrence2, occurrence1] }
let!(:high_high) { build(:vulnerabilities_occurrence, confidence: :high, severity: :high) }
let!(:critical_medium) { build(:vulnerabilities_occurrence, confidence: :medium, severity: :critical) }
let!(:critical_high) { build(:vulnerabilities_occurrence, confidence: :high, severity: :critical) }
let!(:unknown_high) { build(:vulnerabilities_occurrence, confidence: :high, severity: :unknown) }
let!(:unknown_medium) { build(:vulnerabilities_occurrence, confidence: :medium, severity: :unknown) }
let!(:unknown_low) { build(:vulnerabilities_occurrence, confidence: :low, severity: :unknown) }
it 'orders by severity and confidence' do
allow_any_instance_of(described_class).to receive(:filter).and_return(res)
expect(subject).to eq([occurrence3, occurrence2, occurrence1])
allow_any_instance_of(described_class).to receive(:filter).and_return([
unknown_low,
unknown_medium,
critical_high,
unknown_high,
critical_medium,
high_high
])
expect(subject).to eq([critical_high, critical_medium, high_high, unknown_high, unknown_medium, unknown_low])
end
end
......
ee/spec/support/shared_examples/requests/api/vulnerabilities_shared_examples.rb
View file @ a930de78
......@@ -127,7 +127,7 @@ shared_examples 'getting list of vulnerability findings' do
# occurrences are implicitly sorted by Security::MergeReportsService,
# occurrences order differs from what is present in fixture file
expect(json_response.first['name']).to eq 'Consider possible security implications associated with Popen module.'
expect(json_response.first['name']).to eq 'ECB mode is insecure'
end
it 'returns vulnerabilities with dependency_scanning report_type' do
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7