Commit 02ab3b58 authored by Thong Kuah's avatar Thong Kuah

Merge branch 'sk/337926-update-cis-parser' into 'master'

Add cluster_image_scanning CI parser to add cluster_id to location

See merge request gitlab-org/gitlab!71794
parents cdff3a38 c28d8ab7
...@@ -12,7 +12,7 @@ module EE ...@@ -12,7 +12,7 @@ module EE
license_scanning: ::Gitlab::Ci::Parsers::LicenseCompliance::LicenseScanning, license_scanning: ::Gitlab::Ci::Parsers::LicenseCompliance::LicenseScanning,
dependency_scanning: ::Gitlab::Ci::Parsers::Security::DependencyScanning, dependency_scanning: ::Gitlab::Ci::Parsers::Security::DependencyScanning,
container_scanning: ::Gitlab::Ci::Parsers::Security::ContainerScanning, container_scanning: ::Gitlab::Ci::Parsers::Security::ContainerScanning,
cluster_image_scanning: ::Gitlab::Ci::Parsers::Security::ContainerScanning, cluster_image_scanning: ::Gitlab::Ci::Parsers::Security::ClusterImageScanning,
dast: ::Gitlab::Ci::Parsers::Security::Dast, dast: ::Gitlab::Ci::Parsers::Security::Dast,
api_fuzzing: ::Gitlab::Ci::Parsers::Security::Dast, api_fuzzing: ::Gitlab::Ci::Parsers::Security::Dast,
coverage_fuzzing: ::Gitlab::Ci::Parsers::Security::CoverageFuzzing, coverage_fuzzing: ::Gitlab::Ci::Parsers::Security::CoverageFuzzing,
......
# frozen_string_literal: true
module Gitlab
module Ci
module Parsers
module Security
class ClusterImageScanning < Common
private
def create_location(location_data)
::Gitlab::Ci::Reports::Security::Locations::ClusterImageScanning.new(
image: location_data['image'],
cluster_id: location_data['cluster_id'],
operating_system: location_data['operating_system'],
package_name: location_data.dig('dependency', 'package', 'name'),
package_version: location_data.dig('dependency', 'version'))
end
end
end
end
end
end
# frozen_string_literal: true
module Gitlab
module Ci
module Reports
module Security
module Locations
class ClusterImageScanning < ContainerScanning
attr_reader :cluster_id
def initialize(image:, operating_system:, package_name: nil, package_version: nil, cluster_id: nil)
super(
image: image,
operating_system: operating_system,
package_name: package_name,
package_version: package_version
)
@cluster_id = cluster_id
end
end
end
end
end
end
end
...@@ -21,7 +21,8 @@ ...@@ -21,7 +21,8 @@
"version": "2.24-11+deb9u3" "version": "2.24-11+deb9u3"
}, },
"operating_system": "debian:9", "operating_system": "debian:9",
"image": "registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0@sha256:bc09fe2e0721dfaeee79364115aeedf2174cce0947b9ae5fe7c33312ee019a4e" "image": "registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0@sha256:bc09fe2e0721dfaeee79364115aeedf2174cce0947b9ae5fe7c33312ee019a4e",
"cluster_id": "1"
}, },
"identifiers": [ "identifiers": [
{ {
...@@ -57,7 +58,8 @@ ...@@ -57,7 +58,8 @@
"version": "2.24-11+deb9u3" "version": "2.24-11+deb9u3"
}, },
"operating_system": "debian:9", "operating_system": "debian:9",
"image": "registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0@sha256:bc09fe2e0721dfaeee79364115aeedf2174cce0947b9ae5fe7c33312ee019a4e" "image": "registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0@sha256:bc09fe2e0721dfaeee79364115aeedf2174cce0947b9ae5fe7c33312ee019a4e",
"cluster_id": "1"
}, },
"identifiers": [ "identifiers": [
{ {
......
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Gitlab::Ci::Parsers::Security::ClusterImageScanning do
let(:project) { artifact.project }
let(:pipeline) { artifact.job.pipeline }
let(:report) { Gitlab::Ci::Reports::Security::Report.new(artifact.file_type, pipeline, 2.weeks.ago) }
before do
artifact.each_blob { |blob| described_class.parse!(blob, report) }
end
describe '#parse!' do
let(:artifact) { create(:ee_ci_job_artifact, :cluster_image_scanning) }
let(:image) { 'registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0@sha256:bc09fe2e0721dfaeee79364115aeedf2174cce0947b9ae5fe7c33312ee019a4e' }
it "parses all identifiers and findings for unapproved vulnerabilities" do
expect(report.findings.length).to eq(2)
expect(report.identifiers.length).to eq(2)
expect(report.scanners).to include("starboard")
expect(report.scanners.length).to eq(1)
end
it 'generates expected location' do
location = report.findings.first.location
expect(location).to be_a(::Gitlab::Ci::Reports::Security::Locations::ClusterImageScanning)
expect(location).to have_attributes(
image: image,
cluster_id: '1',
operating_system: 'debian:9',
package_name: 'glibc',
package_version: '2.24-11+deb9u3'
)
end
it "generates expected metadata_version" do
expect(report.findings.first.metadata_version).to eq('2.3')
end
it "adds report image's name to raw_metadata" do
expect(report.findings.first.location).to be_a(::Gitlab::Ci::Reports::Security::Locations::ClusterImageScanning)
expect(report.findings.first.location.image).to eq(image)
end
end
end
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Gitlab::Ci::Reports::Security::Locations::ClusterImageScanning do
let(:params) do
{
image: 'registry.gitlab.com/my/project:latest',
cluster_id: '1',
operating_system: 'debian:9',
package_name: 'glibc',
package_version: '1.2.3'
}
end
let(:mandatory_params) { %i[image operating_system] }
let(:expected_fingerprint) { Digest::SHA1.hexdigest('registry.gitlab.com/my/project:glibc') }
let(:expected_fingerprint_path) { 'registry.gitlab.com/my/project:glibc' }
it_behaves_like 'vulnerability location'
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment