Merge branch '10078-add-filtering-to-service' into 'master'

Filter DependencyList by package_manager See merge request gitlab-org/gitlab-ee!14562

Merge branch '10078-add-filtering-to-service' into 'master'
Filter DependencyList by package_manager See merge request gitlab-org/gitlab-ee!14562
4333f6f2 · Nick Thomas · b4f8e281 · 4d719fc2 · 4333f6f2 · 4333f6f2
Commit 4333f6f2 authored Jul 09, 2019 by Nick Thomas
5 changed files
--- a/ee/app/services/security/dependency_list_service.rb
+++ b/ee/app/services/security/dependency_list_service.rb
@@ -4,11 +4,13 @@ module Security
  class DependencyListService
    SORT_BY_VALUES = %w(name packager).freeze
    SORT_VALUES = %w(asc desc).freeze
+    FILTER_PACKAGE_MANAGERS_VALUES = %w(bundler yarn npm maven composer pip).freeze

    # @param pipeline [Ci::Pipeline]
-    # @param [Hash] params to sort dependencies
+    # @param [Hash] params to sort and filter dependencies
    # @option params ['asc', 'desc'] :sort ('asc') Order
    # @option params ['name', 'packager'] :sort_by ('name') Field to sort
+    # @option params ['bundler', 'yarn', 'npm', 'maven', 'composer', 'pip'] :package_manager ('bundler') Field to filter
    def initialize(pipeline:, params: {})
      @pipeline = pipeline
      @params = params
@@ -17,6 +19,7 @@ module Security
    # @return [Array<Hash>] collection of found dependencies
    def execute
      collection = init_collection
+      collection = filter(collection)
      collection = sort(collection)
      collection
    end
@@ -29,6 +32,14 @@ module Security
      pipeline.dependency_list_report.dependencies
    end

+    def filter(collection)
+      return collection unless params[:package_manager]
+
+      collection.select do |dependency|
+        params[:package_manager].include?(dependency[:package_manager])
+      end
+    end
+
    def sort(collection)
      if params[:sort_by] == 'packager'
        collection.sort_by! { |a| a[:packager] }

--- a/ee/changelogs/unreleased/10078-add-filtering-to-service.yml
+++ b/ee/changelogs/unreleased/10078-add-filtering-to-service.yml
+---
+title: Add filtering by package manager for dependencies
+merge_request: 14562
+author:
+type: added
--- a/ee/lib/gitlab/ci/parsers/security/formatters/dependency_list.rb
+++ b/ee/lib/gitlab/ci/parsers/security/formatters/dependency_list.rb
@@ -14,6 +14,7 @@ module Gitlab
              {
                name:     dependency['package']['name'],
                packager: packager(package_manager),
+                package_manager: package_manager,
                location: {
                  blob_path: blob_path(file_path),
                  path:      file_path

--- a/ee/spec/lib/gitlab/ci/parsers/security/formatters/dependency_list_spec.rb
+++ b/ee/spec/lib/gitlab/ci/parsers/security/formatters/dependency_list_spec.rb
@@ -26,6 +26,7 @@ describe Gitlab::Ci::Parsers::Security::Formatters::DependencyList do

      expect(data[:name]).to eq('mini_portile2')
      expect(data[:packager]).to eq('Ruby (Bundler)')
+      expect(data[:package_manager]).to eq('bundler')
      expect(data[:location][:blob_path]).to eq(blob_path)
      expect(data[:location][:path]).to eq('rails/Gemfile.lock')
      expect(data[:version]).to eq('2.2.0')

--- a/ee/spec/services/security/dependency_list_service_spec.rb
+++ b/ee/spec/services/security/dependency_list_service_spec.rb
@@ -27,6 +27,15 @@ describe Security::DependencyListService do
    end

    context 'with params' do
+      context 'filtered by package_managers' do
+        let(:params) { { package_manager: 'bundler' } }
+
+        it 'returns filtered items' do
+          expect(subject.size).to eq(2)
+          expect(subject.first[:packager]).to eq('Ruby (Bundler)')
+        end
+      end
+
      context 'sorted desc by packagers' do
        let(:params) do
          {