Commit 19df21e0 authored by Mehmet Emin INAC's avatar Mehmet Emin INAC

Mark projects as vulnerable

parent 621b221c
...@@ -6,20 +6,35 @@ module Security ...@@ -6,20 +6,35 @@ module Security
class StoreReportsService < ::BaseService class StoreReportsService < ::BaseService
def initialize(pipeline) def initialize(pipeline)
@pipeline = pipeline @pipeline = pipeline
@errors = []
end end
def execute def execute
errors = [] store_reports
@pipeline.security_reports.reports.each do |report_type, report| mark_project_as_vulnerable
result = StoreReportService.new(@pipeline, report).execute
errors.any? ? error(full_errors) : success
end
private
attr_reader :pipeline, :errors
delegate :project, to: :pipeline, private: true
def store_reports
pipeline.security_reports.reports.each do |report_type, report|
result = StoreReportService.new(pipeline, report).execute
errors << result[:message] if result[:status] == :error errors << result[:message] if result[:status] == :error
end end
end
if errors.any? def mark_project_as_vulnerable
error(errors.join(", ")) project.project_setting.update(has_vulnerabilities: true)
else
success
end end
def full_errors
errors.join(", ")
end end
end end
end end
...@@ -33,6 +33,10 @@ RSpec.describe Security::StoreReportsService do ...@@ -33,6 +33,10 @@ RSpec.describe Security::StoreReportsService do
subject subject
end end
it 'marks the project as vulnerable' do
expect { subject }.to change { project.project_setting.has_vulnerabilities }.from(false).to(true)
end
context 'when StoreReportService returns an error for a report' do context 'when StoreReportService returns an error for a report' do
let(:reports) { Gitlab::Ci::Reports::Security::Reports.new(pipeline) } let(:reports) { Gitlab::Ci::Reports::Security::Reports.new(pipeline) }
let(:sast_report) { reports.get_report('sast', sast_artifact) } let(:sast_report) { reports.get_report('sast', sast_artifact) }
......
...@@ -683,6 +683,7 @@ ProjectCiCdSetting: ...@@ -683,6 +683,7 @@ ProjectCiCdSetting:
ProjectSetting: ProjectSetting:
- allow_merge_on_skipped_pipeline - allow_merge_on_skipped_pipeline
- has_confluence - has_confluence
- has_vulnerabilities
ProtectedEnvironment: ProtectedEnvironment:
- id - id
- project_id - project_id
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment