Commit 806d595c authored by Thong Kuah's avatar Thong Kuah

Merge branch '9102-hide-dismissed-be' into 'master'

Add scope filter to security dashboards

See merge request gitlab-org/gitlab!16692
parents 1fb87fa9 ff983fef
...@@ -35,8 +35,7 @@ module VulnerabilityFindingsActions ...@@ -35,8 +35,7 @@ module VulnerabilityFindingsActions
private private
def filter_params def filter_params
params.permit(report_type: [], confidence: [], project_id: [], severity: []) params.permit(:scope, report_type: [], confidence: [], project_id: [], severity: [])
.merge(hide_dismissed: ::Gitlab::Utils.to_boolean(params[:hide_dismissed]))
end end
def vulnerability_findings(collection = :latest) def vulnerability_findings(collection = :latest)
......
...@@ -11,6 +11,7 @@ ...@@ -11,6 +11,7 @@
# confidence: Array<String> # confidence: Array<String>
# project: Array<String> # project: Array<String>
# report_type: Array<String> # report_type: Array<String>
# scope: String
module Security module Security
class VulnerabilityFindingsFinder class VulnerabilityFindingsFinder
...@@ -22,12 +23,13 @@ module Security ...@@ -22,12 +23,13 @@ module Security
@params = params @params = params
end end
def execute(scope = :latest) def execute(collection_scope = :latest)
collection = init_collection(scope) collection = init_collection(collection_scope)
collection = by_report_type(collection) collection = by_report_type(collection)
collection = by_project(collection) collection = by_project(collection)
collection = by_severity(collection) collection = by_severity(collection)
collection = by_confidence(collection) collection = by_confidence(collection)
collection = by_scope(collection) unless Feature.disabled?(:hide_dismissed_vulnerabilities)
collection collection
end end
...@@ -63,8 +65,16 @@ module Security ...@@ -63,8 +65,16 @@ module Security
*params[:confidence]).compact) *params[:confidence]).compact)
end end
def init_collection(scope) def by_scope(items)
case scope # We're using the same params as the public Vulnerabilities API because the frontend uses both
# https://gitlab.com/gitlab-org/gitlab/issues/33468 fixes issue with param name meaning
return items if params[:scope] == 'all'
items.undismissed
end
def init_collection(collection_scope)
case collection_scope
when :all when :all
vulnerable.all_vulnerabilities vulnerable.all_vulnerabilities
when :with_sha when :with_sha
...@@ -72,7 +82,7 @@ module Security ...@@ -72,7 +82,7 @@ module Security
when :latest when :latest
vulnerable.latest_vulnerabilities vulnerable.latest_vulnerabilities
else else
raise ArgumentError, "invalid value for 'scope': #{scope}" raise ArgumentError, "invalid value for 'collection_scope': #{collection_scope}"
end end
end end
end end
......
---
title: Add filter for dismissed vulnerabilities on security dashboards.
merge_request: 16692
author:
type: added
...@@ -81,7 +81,14 @@ describe Security::VulnerabilityFindingsFinder do ...@@ -81,7 +81,14 @@ describe Security::VulnerabilityFindingsFinder do
context 'by all filters' do context 'by all filters' do
context 'with found entity' do context 'with found entity' do
let(:params) { { severity: %w[high medium low], project_id: [project1.id, project2.id], report_type: %w[sast dast] } } let(:params) { { severity: %w[high medium low], project_id: [project1.id, project2.id], report_type: %w[sast dast], scope: 'all' } }
before do
create(:vulnerability_feedback, :sast, :dismissal,
pipeline: pipeline1,
project: project1,
project_fingerprint: finding1.project_fingerprint)
end
it 'filters by all params' do it 'filters by all params' do
is_expected.to contain_exactly(finding1, finding3, finding4) is_expected.to contain_exactly(finding1, finding3, finding4)
...@@ -97,6 +104,45 @@ describe Security::VulnerabilityFindingsFinder do ...@@ -97,6 +104,45 @@ describe Security::VulnerabilityFindingsFinder do
end end
end end
context 'by scope' do
let!(:dismissal) do
create(:vulnerability_feedback, :sast, :dismissal,
pipeline: pipeline1,
project: project1,
project_fingerprint: finding1.project_fingerprint)
end
let!(:issue) do
create(:vulnerability_feedback, :sast, :issue,
pipeline: pipeline1,
project: project1,
project_fingerprint: finding4.project_fingerprint)
end
context 'when all' do
let(:params) { { scope: 'all' } }
it 'includes all vulnerabilities' do
is_expected.to contain_exactly(finding1, finding2, finding3, finding4)
end
end
context 'when not specified' do
let(:params) { {} }
it 'excludes dismissed vulnerabilities' do
is_expected.to contain_exactly(finding2, finding3, finding4)
end
end
context 'when dismissed' do
let(:params) { { scope: 'dismissed' } }
it 'excludes dismissed vulnerabilities' do
is_expected.to contain_exactly(finding2, finding3, finding4)
end
end
end
context 'by some filters' do context 'by some filters' do
context 'with found entity' do context 'with found entity' do
let(:params) { { project_id: [project2.id], severity: %w[medium low] } } let(:params) { { project_id: [project2.id], severity: %w[medium low] } }
...@@ -132,10 +178,10 @@ describe Security::VulnerabilityFindingsFinder do ...@@ -132,10 +178,10 @@ describe Security::VulnerabilityFindingsFinder do
end end
end end
context 'with an invalid scope specifier' do context 'with an invalid collection scope specifier' do
it 'raises error' do it 'raises error' do
expect { described_class.new(group).execute(:invalid) }.to( expect { described_class.new(group).execute(:invalid) }.to(
raise_error(ArgumentError, "invalid value for 'scope': invalid") raise_error(ArgumentError, "invalid value for 'collection_scope': invalid")
) )
end end
end end
......
...@@ -281,12 +281,26 @@ describe Vulnerabilities::Occurrence do ...@@ -281,12 +281,26 @@ describe Vulnerabilities::Occurrence do
end end
describe '.undismissed' do describe '.undismissed' do
it 'returns occurrences that do not have a corresponding dismissal feedback' do set(:project) { create(:project) }
undismissed_occurrence = create(:vulnerabilities_occurrence) set(:project2) { create(:project) }
dismissed_occurrence = create(:vulnerabilities_occurrence) let!(:finding1) { create(:vulnerabilities_occurrence, project: project) }
create(:vulnerability_feedback, project_fingerprint: dismissed_occurrence.project_fingerprint) let!(:finding2) { create(:vulnerabilities_occurrence, project: project) }
let!(:finding3) { create(:vulnerabilities_occurrence, project: project2) }
before do
create(
:vulnerability_feedback,
:dismissal,
project_fingerprint: finding1.project_fingerprint
)
end
it 'returns all non-dismissed occurrences' do
expect(described_class.undismissed).to contain_exactly(finding2, finding3)
end
expect(described_class.undismissed).to contain_exactly(undismissed_occurrence) it 'returns non-dismissed occurrences for project' do
expect(project2.vulnerability_findings.undismissed).to contain_exactly(finding3)
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment