Merge branch '332473-allow-storing-method-of-detection-in-vulnerabilities' into 'master'

Allow storing detection method in Vulnerabilities::Finding

See merge request gitlab-org/gitlab!63989

app/models/concerns/enums/vulnerability.rb

@@ -29,6 +29,14 @@ module Enums
       critical: 7
     }.with_indifferent_access.freeze
 
+    DETECTION_METHODS = {
+      gitlab_security_report: 0,
+      external_security_report: 1,
+      bug_bounty: 2,
+      code_review: 3,
+      security_audit: 4
+    }.with_indifferent_access.freeze
+
     def self.confidence_levels
       CONFIDENCE_LEVELS
     end
@@ -40,6 +48,10 @@ module Enums
     def self.severity_levels
       SEVERITY_LEVELS
     end
+
+    def self.detection_methods
+      DETECTION_METHODS
+    end
   end
 end
 

db/migrate/20210614131002_add_detection_method_to_vulnerabilities_finding.rb

+# frozen_string_literal: true
+
+class AddDetectionMethodToVulnerabilitiesFinding < ActiveRecord::Migration[6.1]
+  include Gitlab::Database::MigrationHelpers
+
+  def up
+    with_lock_retries do
+      add_column :vulnerability_occurrences, :detection_method, :smallint, null: false, default: 0
+    end
+  end
+
+  def down
+    with_lock_retries do
+      remove_column :vulnerability_occurrences, :detection_method
+    end
+  end
+end

db/schema_migrations/20210614131002

+dedf2f8d76f4131f34d61fe2c730f8b092ca46f8b35b08a76b7bc096c140aad1
\ No newline at end of file

db/structure.sql

@@ -19272,6 +19272,7 @@ CREATE TABLE vulnerability_occurrences (
     solution text,
     cve text,
     location jsonb,
+    detection_method smallint DEFAULT 0 NOT NULL,
     CONSTRAINT check_4a3a60f2ba CHECK ((char_length(solution) <= 7000)),
     CONSTRAINT check_ade261da6b CHECK ((char_length(description) <= 15000)),
     CONSTRAINT check_df6dd20219 CHECK ((char_length(message) <= 3000)),

ee/app/models/vulnerabilities/finding.rb

@@ -47,6 +47,7 @@ module Vulnerabilities
     enum confidence: ::Enums::Vulnerability.confidence_levels, _prefix: :confidence
     enum report_type: ::Enums::Vulnerability.report_types
     enum severity: ::Enums::Vulnerability.severity_levels, _prefix: :severity
+    enum detection_method: ::Enums::Vulnerability.detection_methods
 
     validates :scanner, presence: true
     validates :project, presence: true
@@ -62,6 +63,7 @@ module Vulnerabilities
     validates :report_type, presence: true
     validates :severity, presence: true
     validates :confidence, presence: true
+    validates :detection_method, presence: true
 
     validates :metadata_version, presence: true
     validates :raw_metadata, presence: true

ee/spec/factories/vulnerabilities/findings.rb

@@ -57,6 +57,7 @@ FactoryBot.define do
     end
     severity { :high }
     confidence { :medium }
+    detection_method { :gitlab_security_report }
     scanner factory: :vulnerabilities_scanner
     metadata_version { 'sast:1.0' }
 

ee/spec/models/vulnerabilities/finding_spec.rb

@@ -6,6 +6,7 @@ RSpec.describe Vulnerabilities::Finding do
   it { is_expected.to define_enum_for(:confidence) }
   it { is_expected.to define_enum_for(:report_type) }
   it { is_expected.to define_enum_for(:severity) }
+  it { is_expected.to define_enum_for(:detection_method) }
 
   where(vulnerability_finding_signatures_enabled: [true, false])
   with_them do
@@ -44,6 +45,7 @@ RSpec.describe Vulnerabilities::Finding do
       it { is_expected.to validate_presence_of(:raw_metadata) }
       it { is_expected.to validate_presence_of(:severity) }
       it { is_expected.to validate_presence_of(:confidence) }
+      it { is_expected.to validate_presence_of(:detection_method) }
 
       it { is_expected.to validate_length_of(:description).is_at_most(15000) }
       it { is_expected.to validate_length_of(:message).is_at_most(3000) }