Commit 9a8bca87 authored by Jannik Lehmann's avatar Jannik Lehmann Committed by Arturo Herrero

Add link to standalone vulnerabilities page on Dependency List

This commit solves: 321715
It adds a link to the standalone vulnerabilities Page
on the Dependency List.
It is behind a feature flag (standaloneVulnDependencyList)
parent a571fe93
<script> <script>
import { GlLink } from '@gitlab/ui';
import SeverityBadge from 'ee/vue_shared/security_reports/components/severity_badge.vue'; import SeverityBadge from 'ee/vue_shared/security_reports/components/severity_badge.vue';
import glFeatureFlagMixin from '~/vue_shared/mixins/gl_feature_flags_mixin';
export default { export default {
name: 'DependencyVulnerability', name: 'DependencyVulnerability',
components: { components: {
SeverityBadge, SeverityBadge,
GlLink,
}, },
mixins: [glFeatureFlagMixin()],
props: { props: {
vulnerability: { vulnerability: {
type: Object, type: Object,
...@@ -20,6 +24,11 @@ export default { ...@@ -20,6 +24,11 @@ export default {
<div class="w-8em flex-shrink-0 text-right mr-3"> <div class="w-8em flex-shrink-0 text-right mr-3">
<severity-badge :severity="vulnerability.severity" /> <severity-badge :severity="vulnerability.severity" />
</div> </div>
{{ vulnerability.name }} <gl-link
v-if="glFeatures.standaloneVulnDependencyList && vulnerability.url"
:href="vulnerability.url"
>{{ vulnerability.name }}</gl-link
>
<span v-else data-testid="vulnerability-name-text">{{ vulnerability.name }}</span>
</div> </div>
</template> </template>
...@@ -6,6 +6,10 @@ module Projects ...@@ -6,6 +6,10 @@ module Projects
before_action :authorize_read_dependency_list! before_action :authorize_read_dependency_list!
before_action do
push_frontend_feature_flag(:standalone_vuln_dependency_list, project)
end
feature_category :dependency_scanning feature_category :dependency_scanning
def index def index
......
...@@ -11,8 +11,11 @@ exports[`DependencyVulnerability component given an vulnerability matches the sn ...@@ -11,8 +11,11 @@ exports[`DependencyVulnerability component given an vulnerability matches the sn
severity="critical" severity="critical"
/> />
</div> </div>
Insecure variable usage <span
data-testid="vulnerability-name-text"
>
Insecure variable usage
</span>
</div> </div>
`; `;
import { GlLink } from '@gitlab/ui';
import { shallowMount } from '@vue/test-utils'; import { shallowMount } from '@vue/test-utils';
import DependencyVulnerability from 'ee/dependencies/components/dependency_vulnerability.vue'; import DependencyVulnerability from 'ee/dependencies/components/dependency_vulnerability.vue';
import SeverityBadge from 'ee/vue_shared/security_reports/components/severity_badge.vue'; import SeverityBadge from 'ee/vue_shared/security_reports/components/severity_badge.vue';
import { extendedWrapper } from 'helpers/vue_test_utils_helper';
import mockDataVulnerabilities from '../../security_dashboard/store/modules/vulnerabilities/data/mock_data_vulnerabilities'; import mockDataVulnerabilities from '../../security_dashboard/store/modules/vulnerabilities/data/mock_data_vulnerabilities';
describe('DependencyVulnerability component', () => { describe('DependencyVulnerability component', () => {
let wrapper; let wrapper;
const findLink = () => wrapper.findComponent(GlLink);
const factory = ({ propsData, ...options } = {}) => { const factory = ({ propsData, ...options } = {}, standaloneVulnDependencyList = false) => {
wrapper = shallowMount(DependencyVulnerability, { wrapper = extendedWrapper(
...options, shallowMount(DependencyVulnerability, {
propsData: { ...propsData }, ...options,
}); propsData: { ...propsData },
provide: {
glFeatures: {
standaloneVulnDependencyList,
},
},
}),
);
}; };
afterEach(() => { afterEach(() => {
...@@ -36,5 +46,39 @@ describe('DependencyVulnerability component', () => { ...@@ -36,5 +46,39 @@ describe('DependencyVulnerability component', () => {
expect(badge.isVisible()).toBe(true); expect(badge.isVisible()).toBe(true);
expect(badge.props().severity).toEqual(vulnerability.severity); expect(badge.props().severity).toEqual(vulnerability.severity);
}); });
it('renders the vulnerability name as text when standaloneVulnerabilityDependencyList Flag is off', () => {
const text = wrapper.findByTestId('vulnerability-name-text');
expect(text.isVisible()).toBe(true);
expect(text.text()).toBe('Insecure variable usage');
});
it("doesn't render link when standaloneVulnerabilityDependencyList Flag is off", () => {
const link = findLink();
expect(link.exists()).toBe(false);
});
});
describe('Feature Flag on', () => {
const vulnerability = mockDataVulnerabilities[0];
beforeEach(() => {
factory(
{
propsData: {
vulnerability,
},
},
true,
);
});
it('renders the vulnerability name as Link when standaloneVulnerabilityDependencyList Flag is on', () => {
const link = findLink();
expect(link.exists()).toBe(true);
expect(link.element.getAttribute('href')).toBe(
'/testgroup/testproject/-/security/vulnerabilities/1',
);
});
}); });
}); });
...@@ -5,6 +5,7 @@ export default [ ...@@ -5,6 +5,7 @@ export default [
name: 'Insecure variable usage', name: 'Insecure variable usage',
severity: 'critical', severity: 'critical',
confidence: 'high', confidence: 'high',
url: '/testgroup/testproject/-/security/vulnerabilities/1',
scanner: { scanner: {
external_id: 'find_sec_bugs', external_id: 'find_sec_bugs',
name: 'Find Security Bugs', name: 'Find Security Bugs',
...@@ -73,6 +74,7 @@ export default [ ...@@ -73,6 +74,7 @@ export default [
name: 'Insecure variable usage', name: 'Insecure variable usage',
severity: 'critical', severity: 'critical',
confidence: 'high', confidence: 'high',
url: '/testgroup/testproject/-/security/vulnerabilities/2',
scanner: { scanner: {
external_id: 'find_sec_bugs', external_id: 'find_sec_bugs',
name: 'Find Security Bugs', name: 'Find Security Bugs',
...@@ -127,6 +129,7 @@ export default [ ...@@ -127,6 +129,7 @@ export default [
name: 'Insecure variable usage', name: 'Insecure variable usage',
severity: 'medium', severity: 'medium',
confidence: '', confidence: '',
url: '/testgroup/testproject/-/security/vulnerabilities/3',
scanner: { scanner: {
external_id: 'find_sec_bugs', external_id: 'find_sec_bugs',
name: 'Find Security Bugs', name: 'Find Security Bugs',
...@@ -205,6 +208,7 @@ export default [ ...@@ -205,6 +208,7 @@ export default [
name: 'Insecure variable usage', name: 'Insecure variable usage',
severity: 'high', severity: 'high',
confidence: 'low', confidence: 'low',
url: '/testgroup/testproject/-/security/vulnerabilities/4',
scanner: { scanner: {
external_id: 'find_sec_bugs', external_id: 'find_sec_bugs',
name: 'Find Security Bugs', name: 'Find Security Bugs',
...@@ -284,6 +288,7 @@ export default [ ...@@ -284,6 +288,7 @@ export default [
'Remote command execution due to flaw in the include params attribute of URL and Anchor tags for org.apache.struts/struts2core', 'Remote command execution due to flaw in the include params attribute of URL and Anchor tags for org.apache.struts/struts2core',
severity: 'low', severity: 'low',
confidence: '', confidence: '',
url: '/testgroup/testproject/-/security/vulnerabilities/5',
scanner: { scanner: {
external_id: 'find_sec_bugs', external_id: 'find_sec_bugs',
name: 'Find Security Bugs', name: 'Find Security Bugs',
...@@ -386,6 +391,7 @@ export default [ ...@@ -386,6 +391,7 @@ export default [
name: 'Doorkeeper Gem does not revoke token for public clients', name: 'Doorkeeper Gem does not revoke token for public clients',
severity: 'unknown', severity: 'unknown',
confidence: '', confidence: '',
url: '/testgroup/testproject/-/security/vulnerabilities/6',
scanner: { scanner: {
external_id: 'find_sec_bugs', external_id: 'find_sec_bugs',
name: 'Find Security Bugs', name: 'Find Security Bugs',
...@@ -440,6 +446,7 @@ export default [ ...@@ -440,6 +446,7 @@ export default [
name: 'Insecure variable usage', name: 'Insecure variable usage',
severity: 'high', severity: 'high',
confidence: 'low', confidence: 'low',
url: '/testgroup/testproject/-/security/vulnerabilities/7',
scanner: { scanner: {
external_id: 'find_sec_bugs', external_id: 'find_sec_bugs',
name: 'Find Security Bugs', name: 'Find Security Bugs',
...@@ -518,6 +525,7 @@ export default [ ...@@ -518,6 +525,7 @@ export default [
name: 'CVE-2018-1000001 in glibc', name: 'CVE-2018-1000001 in glibc',
severity: 'high', severity: 'high',
confidence: 'unknown', confidence: 'unknown',
url: '/testgroup/testproject/-/security/vulnerabilities/8',
scanner: { scanner: {
external_id: 'clair', external_id: 'clair',
name: 'Clair', name: 'Clair',
...@@ -575,6 +583,7 @@ export default [ ...@@ -575,6 +583,7 @@ export default [
name: 'CVE-2018-1000001 in glibc', name: 'CVE-2018-1000001 in glibc',
severity: 'high', severity: 'high',
confidence: 'unknown', confidence: 'unknown',
url: '/testgroup/testproject/-/security/vulnerabilities/9',
scanner: { scanner: {
external_id: 'clair', external_id: 'clair',
name: 'Clair', name: 'Clair',
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment