Commit 1044e5d4 authored by Sean McGivern's avatar Sean McGivern

Merge branch 'sort-vulnerabilities-for-mr-widget' into 'master'

Add test to ensure MR widget vulnerabilities are sorted

See merge request gitlab-org/gitlab!18751
parents 88bee24b d1be9148
......@@ -3,9 +3,9 @@
require 'spec_helper'
describe Gitlab::Ci::Reports::Security::VulnerabilityReportsComparer do
let!(:identifier) { create(:vulnerabilities_identifier) }
let!(:base_vulnerability) { build(:vulnerabilities_occurrence, report_type: :sast, identifiers: [identifier], location_fingerprint: '123') }
let!(:head_vulnerability) { build(:vulnerabilities_occurrence, report_type: :sast, identifiers: [identifier], location_fingerprint: '123') }
let!(:identifier) { build(:vulnerabilities_identifier) }
let!(:base_vulnerability) { build(:vulnerabilities_occurrence, report_type: :sast, identifiers: [identifier], location_fingerprint: '123', confidence: Vulnerabilities::Occurrence::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Occurrence::SEVERITY_LEVELS[:critical]) }
let!(:head_vulnerability) { build(:vulnerabilities_occurrence, report_type: :sast, identifiers: [identifier], location_fingerprint: '123', confidence: Vulnerabilities::Occurrence::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Occurrence::SEVERITY_LEVELS[:critical]) }
before do
allow(base_vulnerability).to receive(:location).and_return({})
......@@ -14,40 +14,61 @@ describe Gitlab::Ci::Reports::Security::VulnerabilityReportsComparer do
describe '#existing' do
context 'with existing reports' do
let(:vuln) { build(:vulnerabilities_occurrence, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: Vulnerabilities::Occurrence::CONFIDENCE_LEVELS[:medium]) }
let(:low_vuln) { build(:vulnerabilities_occurrence, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: Vulnerabilities::Occurrence::CONFIDENCE_LEVELS[:low]) }
let(:comparer) { described_class.new([base_vulnerability], [head_vulnerability]) }
it 'points to source tree' do
allow(head_vulnerability).to receive(:raw_metadata).and_return('')
comparer = described_class.new([base_vulnerability], [head_vulnerability])
expect(comparer.existing.count).to eq(1)
expect(comparer.existing).to eq([head_vulnerability])
end
it 'does not change order' do
comparer = described_class.new([base_vulnerability, vuln], [head_vulnerability, vuln, low_vuln])
expect(comparer.existing).to eq([head_vulnerability, vuln])
end
end
end
describe '#added' do
let(:vuln) { build(:vulnerabilities_occurrence, report_type: :sast, identifiers: [identifier], location_fingerprint: '888') }
let(:vuln) { build(:vulnerabilities_occurrence, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: Vulnerabilities::Occurrence::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Occurrence::SEVERITY_LEVELS[:critical]) }
let(:low_vuln) { build(:vulnerabilities_occurrence, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: Vulnerabilities::Occurrence::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Occurrence::SEVERITY_LEVELS[:low]) }
context 'with new vulnerability' do
let(:comparer) { described_class.new([base_vulnerability], [head_vulnerability, vuln]) }
let(:comparer) { described_class.new([base_vulnerability], [vuln, low, head_vulnerability]) }
it 'points to source tree' do
expect(comparer.added.count).to eq(1)
comparer = described_class.new([base_vulnerability], [head_vulnerability, vuln])
expect(comparer.added).to eq([vuln])
end
it 'does not change order' do
comparer = described_class.new([base_vulnerability], [head_vulnerability, vuln, low_vuln])
expect(comparer.added).to eq([vuln, low_vuln])
end
end
end
describe '#fixed' do
let(:vuln) { build(:vulnerabilities_occurrence, report_type: :sast, identifiers: [identifier], location_fingerprint: '888') }
let(:medium_vuln) { build(:vulnerabilities_occurrence, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: Vulnerabilities::Occurrence::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Occurrence::SEVERITY_LEVELS[:medium]) }
context 'with fixed vulnerability' do
let(:comparer) { described_class.new([base_vulnerability, vuln], [head_vulnerability]) }
it 'points to base tree' do
expect(comparer.fixed.count).to eq(1)
comparer = described_class.new([base_vulnerability, vuln], [head_vulnerability])
expect(comparer.fixed).to eq([vuln])
end
it 'does not change order' do
comparer = described_class.new([vuln, medium_vuln, base_vulnerability], [head_vulnerability])
expect(comparer.fixed).to eq([vuln, medium_vuln])
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment