Commit d1be9148 authored by Can Eldem's avatar Can Eldem Committed by Sean McGivern

Add test to ensure MR widget vulnerabilities are sorted

parent 88bee24b
...@@ -3,9 +3,9 @@ ...@@ -3,9 +3,9 @@
require 'spec_helper' require 'spec_helper'
describe Gitlab::Ci::Reports::Security::VulnerabilityReportsComparer do describe Gitlab::Ci::Reports::Security::VulnerabilityReportsComparer do
let!(:identifier) { create(:vulnerabilities_identifier) } let!(:identifier) { build(:vulnerabilities_identifier) }
let!(:base_vulnerability) { build(:vulnerabilities_occurrence, report_type: :sast, identifiers: [identifier], location_fingerprint: '123') } let!(:base_vulnerability) { build(:vulnerabilities_occurrence, report_type: :sast, identifiers: [identifier], location_fingerprint: '123', confidence: Vulnerabilities::Occurrence::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Occurrence::SEVERITY_LEVELS[:critical]) }
let!(:head_vulnerability) { build(:vulnerabilities_occurrence, report_type: :sast, identifiers: [identifier], location_fingerprint: '123') } let!(:head_vulnerability) { build(:vulnerabilities_occurrence, report_type: :sast, identifiers: [identifier], location_fingerprint: '123', confidence: Vulnerabilities::Occurrence::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Occurrence::SEVERITY_LEVELS[:critical]) }
before do before do
allow(base_vulnerability).to receive(:location).and_return({}) allow(base_vulnerability).to receive(:location).and_return({})
...@@ -14,40 +14,61 @@ describe Gitlab::Ci::Reports::Security::VulnerabilityReportsComparer do ...@@ -14,40 +14,61 @@ describe Gitlab::Ci::Reports::Security::VulnerabilityReportsComparer do
describe '#existing' do describe '#existing' do
context 'with existing reports' do context 'with existing reports' do
let(:vuln) { build(:vulnerabilities_occurrence, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: Vulnerabilities::Occurrence::CONFIDENCE_LEVELS[:medium]) }
let(:low_vuln) { build(:vulnerabilities_occurrence, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: Vulnerabilities::Occurrence::CONFIDENCE_LEVELS[:low]) }
let(:comparer) { described_class.new([base_vulnerability], [head_vulnerability]) } let(:comparer) { described_class.new([base_vulnerability], [head_vulnerability]) }
it 'points to source tree' do it 'points to source tree' do
allow(head_vulnerability).to receive(:raw_metadata).and_return('') comparer = described_class.new([base_vulnerability], [head_vulnerability])
expect(comparer.existing.count).to eq(1)
expect(comparer.existing).to eq([head_vulnerability]) expect(comparer.existing).to eq([head_vulnerability])
end end
it 'does not change order' do
comparer = described_class.new([base_vulnerability, vuln], [head_vulnerability, vuln, low_vuln])
expect(comparer.existing).to eq([head_vulnerability, vuln])
end
end end
end end
describe '#added' do describe '#added' do
let(:vuln) { build(:vulnerabilities_occurrence, report_type: :sast, identifiers: [identifier], location_fingerprint: '888') } let(:vuln) { build(:vulnerabilities_occurrence, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: Vulnerabilities::Occurrence::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Occurrence::SEVERITY_LEVELS[:critical]) }
let(:low_vuln) { build(:vulnerabilities_occurrence, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: Vulnerabilities::Occurrence::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Occurrence::SEVERITY_LEVELS[:low]) }
context 'with new vulnerability' do context 'with new vulnerability' do
let(:comparer) { described_class.new([base_vulnerability], [head_vulnerability, vuln]) } let(:comparer) { described_class.new([base_vulnerability], [vuln, low, head_vulnerability]) }
it 'points to source tree' do it 'points to source tree' do
expect(comparer.added.count).to eq(1) comparer = described_class.new([base_vulnerability], [head_vulnerability, vuln])
expect(comparer.added).to eq([vuln]) expect(comparer.added).to eq([vuln])
end end
it 'does not change order' do
comparer = described_class.new([base_vulnerability], [head_vulnerability, vuln, low_vuln])
expect(comparer.added).to eq([vuln, low_vuln])
end
end end
end end
describe '#fixed' do describe '#fixed' do
let(:vuln) { build(:vulnerabilities_occurrence, report_type: :sast, identifiers: [identifier], location_fingerprint: '888') } let(:vuln) { build(:vulnerabilities_occurrence, report_type: :sast, identifiers: [identifier], location_fingerprint: '888') }
let(:medium_vuln) { build(:vulnerabilities_occurrence, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: Vulnerabilities::Occurrence::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Occurrence::SEVERITY_LEVELS[:medium]) }
context 'with fixed vulnerability' do context 'with fixed vulnerability' do
let(:comparer) { described_class.new([base_vulnerability, vuln], [head_vulnerability]) }
it 'points to base tree' do it 'points to base tree' do
expect(comparer.fixed.count).to eq(1) comparer = described_class.new([base_vulnerability, vuln], [head_vulnerability])
expect(comparer.fixed).to eq([vuln]) expect(comparer.fixed).to eq([vuln])
end end
it 'does not change order' do
comparer = described_class.new([vuln, medium_vuln, base_vulnerability], [head_vulnerability])
expect(comparer.fixed).to eq([vuln, medium_vuln])
end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment