Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
ab3da159
Commit
ab3da159
authored
Mar 17, 2021
by
Jonathan Schafer
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix exports for missing vuln findings
parent
32366684
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
52 additions
and
29 deletions
+52
-29
ee/app/services/vulnerability_exports/exporters/csv_service.rb
...p/services/vulnerability_exports/exporters/csv_service.rb
+1
-1
ee/spec/services/vulnerability_exports/exporters/csv_service_spec.rb
...vices/vulnerability_exports/exporters/csv_service_spec.rb
+51
-28
No files found.
ee/app/services/vulnerability_exports/exporters/csv_service.rb
View file @
ab3da159
...
...
@@ -4,7 +4,7 @@ module VulnerabilityExports
module
Exporters
class
CsvService
IDENTIFIER_DELIMITER
=
'; '
IDENTIFIER_FORMATTER
=
->
(
v
)
{
v
.
other_identifier_values
.
to_csv
(
col_sep:
IDENTIFIER_DELIMITER
,
row_sep:
''
)
}
IDENTIFIER_FORMATTER
=
->
(
v
)
{
v
&
.
other_identifier_values
&
.
to_csv
(
col_sep:
IDENTIFIER_DELIMITER
,
row_sep:
''
)
}
MAPPING
=
{
'Group Name'
=>
'group_name'
,
'Project Name'
=>
'project_name'
,
...
...
ee/spec/services/vulnerability_exports/exporters/csv_service_spec.rb
View file @
ab3da159
...
...
@@ -25,39 +25,62 @@ RSpec.describe VulnerabilityExports::Exporters::CsvService do
end
describe
'CSV content'
do
before
do
vulnerability
.
finding
.
identifiers
<<
create
(
:vulnerabilities_identifier
,
external_type:
'GSO'
,
name:
'GSO-1234;1234'
)
vulnerability
.
finding
.
identifiers
<<
create
(
:vulnerabilities_identifier
,
external_type:
'TSO'
,
name:
'TSO-1234'
)
end
context
'with valid findings'
do
before
do
vulnerability
.
finding
.
identifiers
<<
create
(
:vulnerabilities_identifier
,
external_type:
'GSO'
,
name:
'GSO-1234;1234'
)
vulnerability
.
finding
.
identifiers
<<
create
(
:vulnerabilities_identifier
,
external_type:
'TSO'
,
name:
'TSO-1234'
)
end
context
'when a project belongs to a group'
do
let_it_be
(
:group
)
{
create
(
:group
)
}
let_it_be
(
:project
)
{
create
(
:project
,
:public
,
group:
group
)
}
let_it_be
(
:vulnerability
)
{
create
(
:vulnerability
,
:with_findings
,
project:
project
)
}
context
'when a project belongs to a group'
do
let_it_be
(
:group
)
{
create
(
:group
)
}
let_it_be
(
:project
)
{
create
(
:project
,
:public
,
group:
group
)
}
let_it_be
(
:vulnerability
)
{
create
(
:vulnerability
,
:with_findings
,
project:
project
)
}
it
'includes proper values for each column type'
,
:aggregate_failures
do
expect
(
csv
[
0
][
'Group Name'
]).
to
eq
group
.
name
expect
(
csv
[
0
][
'Project Name'
]).
to
eq
project
.
name
expect
(
csv
[
0
][
'Scanner Type'
]).
to
eq
vulnerability
.
report_type
expect
(
csv
[
0
][
'Scanner Name'
]).
to
eq
vulnerability
.
finding_scanner_name
expect
(
csv
[
0
][
'Status'
]).
to
eq
vulnerability
.
state
expect
(
csv
[
0
][
'Vulnerability'
]).
to
eq
vulnerability
.
title
expect
(
csv
[
0
][
'Details'
]).
to
eq
vulnerability
.
finding_description
expect
(
csv
[
0
][
'Additional Info'
]).
to
eq
vulnerability
.
finding_message
expect
(
csv
[
0
][
'Severity'
]).
to
eq
vulnerability
.
severity
expect
(
csv
[
0
][
'CVE'
]).
to
eq
vulnerability
.
cve_value
expect
(
csv
[
0
][
'CWE'
]).
to
eq
vulnerability
.
cwe_value
expect
(
csv
[
0
][
'Other Identifiers'
]).
to
eq
'"GSO-1234;1234"; TSO-1234'
it
'includes proper values for each column type'
,
:aggregate_failures
do
expect
(
csv
[
0
][
'Group Name'
]).
to
eq
group
.
name
expect
(
csv
[
0
][
'Project Name'
]).
to
eq
project
.
name
expect
(
csv
[
0
][
'Scanner Type'
]).
to
eq
vulnerability
.
report_type
expect
(
csv
[
0
][
'Scanner Name'
]).
to
eq
vulnerability
.
finding_scanner_name
expect
(
csv
[
0
][
'Status'
]).
to
eq
vulnerability
.
state
expect
(
csv
[
0
][
'Vulnerability'
]).
to
eq
vulnerability
.
title
expect
(
csv
[
0
][
'Details'
]).
to
eq
vulnerability
.
finding_description
expect
(
csv
[
0
][
'Additional Info'
]).
to
eq
vulnerability
.
finding_message
expect
(
csv
[
0
][
'Severity'
]).
to
eq
vulnerability
.
severity
expect
(
csv
[
0
][
'CVE'
]).
to
eq
vulnerability
.
cve_value
expect
(
csv
[
0
][
'CWE'
]).
to
eq
vulnerability
.
cwe_value
expect
(
csv
[
0
][
'Other Identifiers'
]).
to
eq
'"GSO-1234;1234"; TSO-1234'
end
end
context
'when a project belongs to a user'
do
let_it_be
(
:user
)
{
create
(
:user
)
}
let_it_be
(
:project
)
{
create
(
:project
,
:public
,
namespace:
user
.
namespace
)
}
let_it_be
(
:vulnerability
)
{
create
(
:vulnerability
,
:with_findings
,
project:
project
)
}
it
'includes proper values for each column except group name'
do
expect
(
csv
[
0
][
'Group Name'
]).
to
be_nil
expect
(
csv
[
0
][
'Project Name'
]).
to
eq
project
.
name
expect
(
csv
[
0
][
'Scanner Type'
]).
to
eq
vulnerability
.
report_type
expect
(
csv
[
0
][
'Scanner Name'
]).
to
eq
vulnerability
.
finding_scanner_name
expect
(
csv
[
0
][
'Status'
]).
to
eq
vulnerability
.
state
expect
(
csv
[
0
][
'Vulnerability'
]).
to
eq
vulnerability
.
title
expect
(
csv
[
0
][
'Details'
]).
to
eq
vulnerability
.
finding_description
expect
(
csv
[
0
][
'Additional Info'
]).
to
eq
vulnerability
.
finding_message
expect
(
csv
[
0
][
'Severity'
]).
to
eq
vulnerability
.
severity
expect
(
csv
[
0
][
'CVE'
]).
to
eq
vulnerability
.
cve_value
expect
(
csv
[
0
][
'CWE'
]).
to
eq
vulnerability
.
cwe_value
expect
(
csv
[
0
][
'Other Identifiers'
]).
to
eq
'"GSO-1234;1234"; TSO-1234'
end
end
end
context
'when a
project belongs to a user
'
do
let_it_be
(
:
user
)
{
create
(
:user
)
}
let_it_be
(
:project
)
{
create
(
:project
,
:public
,
namespace:
user
.
namespace
)
}
let_it_be
(
:vulnerability
)
{
create
(
:vulnerability
,
:with_findings
,
project:
project
)
}
context
'when a
vulnerability is missing a finding
'
do
let_it_be
(
:
group
)
{
create
(
:group
)
}
let_it_be
(
:project
)
{
create
(
:project
,
:public
,
group:
group
)
}
let_it_be
(
:vulnerability
)
{
create
(
:vulnerability
,
project:
project
)
}
it
'includes proper values for each column except
group name
'
do
expect
(
csv
[
0
][
'Group Name'
]).
to
be_nil
it
'includes proper values for each column except
Other Identifiers
'
do
expect
(
csv
[
0
][
'Group Name'
]).
to
eq
group
.
name
expect
(
csv
[
0
][
'Project Name'
]).
to
eq
project
.
name
expect
(
csv
[
0
][
'Scanner Type'
]).
to
eq
vulnerability
.
report_type
expect
(
csv
[
0
][
'Scanner Name'
]).
to
eq
vulnerability
.
finding_scanner_name
...
...
@@ -68,7 +91,7 @@ RSpec.describe VulnerabilityExports::Exporters::CsvService do
expect
(
csv
[
0
][
'Severity'
]).
to
eq
vulnerability
.
severity
expect
(
csv
[
0
][
'CVE'
]).
to
eq
vulnerability
.
cve_value
expect
(
csv
[
0
][
'CWE'
]).
to
eq
vulnerability
.
cwe_value
expect
(
csv
[
0
][
'Other Identifiers'
]).
to
eq
'"GSO-1234;1234"; TSO-1234'
expect
(
csv
[
0
][
'Other Identifiers'
]).
to
be_nil
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment