Merge branch...

Merge branch '299420-rewrite-remove_duplicated_cs_findings_without_vulnerability_id_spec' into 'master' Remove attributes_for from RemoveDuplicatedCsFindingsWithoutVulnerabilityId spec See merge request gitlab-org/gitlab!53372

Merge branch...
Merge branch '299420-rewrite-remove_duplicated_cs_findings_without_vulnerability_id_spec' into 'master' Remove attributes_for from RemoveDuplicatedCsFindingsWithoutVulnerabilityId spec See merge request gitlab-org/gitlab!53372
311e9b9e · Peter Leitzen · fe46d96f · 7d9c46b5 · 311e9b9e
Commit 311e9b9e authored Feb 11, 2021 by Peter Leitzen
Hide whitespace changes
Inline Side-by-side

Showing with 104 additions and 14 deletions

ee/spec/lib/ee/gitlab/background_migration/remove_duplicated_cs_findings_without_vulnerability_id_spec.rb ...e_duplicated_cs_findings_without_vulnerability_id_spec.rb +104 -14

No files found.
--- a/ee/spec/lib/ee/gitlab/background_migration/remove_duplicated_cs_findings_without_vulnerability_id_spec.rb
+++ b/ee/spec/lib/ee/gitlab/background_migration/remove_duplicated_cs_findings_without_vulnerability_id_spec.rb
@@ -76,7 +76,8 @@ RSpec.describe Gitlab::BackgroundMigration::RemoveDuplicatedCsFindingsWithoutVul
  end

  def finding_params(primary_identifier_id, project_id)
-    attrs = attributes_for(:vulnerabilities_finding) # rubocop: disable RSpec/FactoriesInMigrationSpecs
+    uuid = SecureRandom.uuid
+
    {
      severity: 0,
      confidence: 5,
@@ -84,23 +85,112 @@ RSpec.describe Gitlab::BackgroundMigration::RemoveDuplicatedCsFindingsWithoutVul
      project_id: project_id,
      scanner_id: 6,
      primary_identifier_id: primary_identifier_id,
-      project_fingerprint: attrs[:project_fingerprint],
+      project_fingerprint: SecureRandom.hex(20),
      location_fingerprint: Digest::SHA1.hexdigest(SecureRandom.hex(10)),
-      uuid: SecureRandom.uuid,
-      name: attrs[:name],
+      uuid: uuid,
+      name: "Vulnerability Finding #{uuid}",
      metadata_version: '1.3',
-      raw_metadata: attrs[:raw_metadata]
+      raw_metadata: raw_metadata
    }
  end

-  def create_identifier(number_of)
-    (1..number_of).each do |identifier_id|
-      identifiers.create!(id: identifier_id,
-                          project_id: 123,
-                          fingerprint: 'd432c2ad2953e8bd587a3a43b3ce309b5b0154c' + identifier_id.to_s,
-                          external_type: 'SECURITY_ID',
-                          external_id: 'SECURITY_0',
-                          name: 'SECURITY_IDENTIFIER 0')
-    end
+  def raw_metadata
+    {
+      "description" => "The cipher does not provide data integrity update 1",
+      "message" => "The cipher does not provide data integrity",
+      "cve" => "818bf5dacb291e15d9e6dc3c5ac32178:CIPHER",
+      "solution" => "GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.",
+      "location" => {
+        "file" => "maven/src/main/java/com/gitlab/security_products/tests/App.java",
+        "start_line" => 29,
+        "end_line" => 29,
+        "class" => "com.gitlab.security_products.tests.App",
+        "method" => "insecureCypher"
+      },
+      "links" => [
+        {
+          "name" => "Cipher does not check for integrity first?",
+           "url" => "https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first"
+        }
+      ],
+      "assets" => [
+        {
+          "type" => "postman",
+          "name" => "Test Postman Collection",
+           "url" => "http://localhost/test.collection"
+        }
+      ],
+      "evidence" => {
+        "summary" => "Credit card detected",
+        "request" => {
+          "method" => "GET",
+          "url" => "http://goat:8080/WebGoat/logout",
+          "body" => nil,
+          "headers" => [
+            {
+               "name" => "Accept",
+              "value" => "*/*"
+            }
+          ]
+        },
+        "response" => {
+          "reason_phrase" => "OK",
+          "status_code" => 200,
+          "body" => nil,
+          "headers" => [
+            {
+               "name" => "Content-Length",
+              "value" => "0"
+            }
+          ]
+        },
+        "source" => {
+          "id" => "assert:Response Body Analysis",
+          "name" => "Response Body Analysis",
+          "url" => "htpp://hostname/documentation"
+        },
+        "supporting_messages" => [
+          {
+            "name" => "Origional",
+            "request" => {
+              "method" => "GET",
+              "url" => "http://goat:8080/WebGoat/logout",
+              "body" => "",
+              "headers" => [
+                {
+                  "name" => "Accept",
+                  "value" => "*/*"
+                }
+              ]
+            }
+          },
+          {
+            "name" => "Recorded",
+            "request" => {
+              "method" => "GET",
+              "url" => "http://goat:8080/WebGoat/logout",
+              "body" => "",
+              "headers" => [
+                  {
+                    "name" => "Accept",
+                    "value" => "*/*"
+                  }
+              ]
+            },
+            "response" => {
+              "reason_phrase" => "OK",
+              "status_code" => 200,
+              "body" => "",
+              "headers" => [
+                {
+                  "name" => "Content-Length",
+                  "value" => "0"
+                }
+              ]
+            }
+          }
+        ]
+      }
+    }
  end
 end