Parse scan object

Added text using updated fixtures

Parse scan object
Added text using updated fixtures
417ccb03 · can eldem · 38c86c73 · 417ccb03 · 417ccb03 · 417ccb03
Commit 417ccb03 authored Sep 29, 2020 by can eldem
9 changed files
--- a/ee/app/services/security/store_report_service.rb
+++ b/ee/app/services/security/store_report_service.rb
@@ -47,7 +47,7 @@ module Security
        return
      end

-      vulnerability_params = finding.to_hash.except(:compare_key, :identifiers, :location, :scanner)
+      vulnerability_params = finding.to_hash.except(:compare_key, :identifiers, :location, :scanner, :scan)
      vulnerability_finding = create_or_find_vulnerability_finding(finding, vulnerability_params)

      update_vulnerability_scanner(finding)

--- a/ee/lib/gitlab/ci/parsers/security/common.rb
+++ b/ee/lib/gitlab/ci/parsers/security/common.rb
@@ -12,6 +12,7 @@ module Gitlab
            raise SecurityReportParserError, "Invalid report format" unless report_data.is_a?(Hash)

            create_scanner(report, report_data.dig('scan', 'scanner'))
+            create_scan(report, report_data.dig('scan'))

            collate_remediations(report_data).each do |vulnerability|
              create_vulnerability(report, vulnerability, report_data["version"])
@@ -53,7 +54,6 @@ module Gitlab
          end

          def create_vulnerability(report, data, version)
-            scanner = create_scanner(report, data['scanner'])
            identifiers = create_identifiers(report, data['identifiers'])
            report.add_finding(
              ::Gitlab::Ci::Reports::Security::Finding.new(
@@ -64,13 +64,19 @@ module Gitlab
                location: create_location(data['location'] || {}),
                severity: parse_severity_level(data['severity']&.downcase),
                confidence: parse_confidence_level(data['confidence']&.downcase),
-                scanner: scanner,
-                scan: create_scan(data['scan']),
+                scanner: create_scanner(report, data['scanner']),
+                scan: report&.scan,
                identifiers: identifiers,
                raw_metadata: data.to_json,
                metadata_version: version))
          end

+          def create_scan(report, scan_data)
+            return unless scan_data.is_a?(Hash)
+
+            report.scan = ::Gitlab::Ci::Reports::Security::Scan.new(scan_data)
+          end
+
          def create_scanner(report, scanner)
            return unless scanner.is_a?(Hash)


--- a/ee/lib/gitlab/ci/reports/security/report.rb
+++ b/ee/lib/gitlab/ci/reports/security/report.rb
@@ -12,6 +12,7 @@ module Gitlab
          attr_reader :scanners
          attr_reader :identifiers

+          attr_accessor :scan
          attr_accessor :scanned_resources
          attr_accessor :error


--- a/ee/lib/gitlab/ci/reports/security/scan.rb
+++ b/ee/lib/gitlab/ci/reports/security/scan.rb
@@ -5,15 +5,23 @@ module Gitlab
    module Reports
      module Security
        class Scan
-
          attr_accessor :type, :status, :start_time, :end_time

          def initialize(params = {})
-            @type= params.dig('type')
-            @status = params.dig('success')
+            @type = params.dig('type')
+            @status = params.dig('status')
            @start_time = params.dig('start_time')
            @end_time = params.dig('end_time')
          end
+
+          def to_hash
+            {
+              type: type,
+              status: status,
+              start_time: start_time,
+              end_time: end_time
+            }.compact
+          end
        end
      end
    end

--- a/ee/spec/factories/ci/reports/security/findings.rb
+++ b/ee/spec/factories/ci/reports/security/findings.rb
@@ -30,6 +30,7 @@ FactoryBot.define do
    end
    scanner factory: :ci_reports_security_scanner
    severity { :high }
+    scan factory: :ci_reports_security_scan
    sequence(:uuid) { generate(:vulnerability_finding_uuid) }

    skip_create

--- a/ee/spec/factories/ci/reports/security/scanners.rb
+++ b/ee/spec/factories/ci/reports/security/scanners.rb
@@ -12,4 +12,17 @@ FactoryBot.define do
      ::Gitlab::Ci::Reports::Security::Scanner.new(attributes)
    end
  end
+
+  factory :ci_reports_security_scan, class: '::Gitlab::Ci::Reports::Security::Scan' do
+    status { 'success' }
+    type { 'sast' }
+    start_time { 'placeholder' }
+    end_time { 'placeholder' }
+
+    skip_create
+
+    initialize_with do
+      ::Gitlab::Ci::Reports::Security::Scan.new(attributes)
+    end
+  end
 end
--- a/ee/spec/lib/gitlab/ci/parsers/security/common_spec.rb
+++ b/ee/spec/lib/gitlab/ci/parsers/security/common_spec.rb
@@ -57,5 +57,26 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do
        end
      end
    end
+
+    context 'parsing scan' do
+      it 'returns scan object for each finding' do
+        scans = report.findings.map(&:scan)
+
+        expect(scans.map(&:status).all?('success')).to be(true)
+        expect(scans.map(&:type).all?('dependency_scanning')).to be(true)
+        expect(scans.map(&:start_time).all?('placeholder-value')).to be(true)
+        expect(scans.map(&:end_time).all?('placeholder-value')).to be(true)
+        expect(scans.size).to eq(3)
+        expect(scans.first).to be_a(::Gitlab::Ci::Reports::Security::Scan)
+      end
+
+      it 'returns nil when scan is not a hash' do
+        parser =  described_class.new
+        empty_report = Gitlab::Ci::Reports::Security::Report.new(artifact.file_type, pipeline, 2.weeks.ago)
+        parser.parse!({}.to_json, empty_report)
+
+        expect(empty_report.scan).to be(nil)
+      end
+    end
  end
 end
--- a/ee/spec/lib/gitlab/ci/reports/security/finding_spec.rb
+++ b/ee/spec/lib/gitlab/ci/reports/security/finding_spec.rb
@@ -24,6 +24,7 @@ RSpec.describe Gitlab::Ci::Reports::Security::Finding do
        raw_metadata: 'I am a stringified json object',
        report_type: :sast,
        scanner: scanner,
+        scan: nil,
        severity: :high,
        uuid: 'cadf8cf0a8228fa92a0f4897a0314083bb38'
      }

--- a/ee/spec/lib/gitlab/ci/reports/security/scan_spec.rb
+++ b/ee/spec/lib/gitlab/ci/reports/security/scan_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Gitlab::Ci::Reports::Security::Scan do
+  describe '#initialize' do
+    subject { described_class.new(params.with_indifferent_access) }
+
+    let(:params) do
+      {
+        status: 'success',
+        type: 'dependency-scanning',
+        start_time: 'placeholer',
+        end_time: 'placholder'
+      }
+    end
+
+    context 'when all params are given' do
+      it 'initializes an instance' do
+        expect { subject }.not_to raise_error
+
+        expect(subject).to have_attributes(
+          status: 'success',
+          type: 'dependency-scanning',
+          start_time: 'placeholer',
+          end_time: 'placholder'
+        )
+      end
+    end
+
+    describe '#to_hash' do
+      subject { described_class.new(params.with_indifferent_access).to_hash }
+
+      it 'returns expected hash' do
+        is_expected.to eq(
+          {
+            status: 'success',
+            type: 'dependency-scanning',
+            start_time: 'placeholer',
+            end_time: 'placholder'
+          }
+        )
+      end
+    end
+  end
+end