Commit ab3da159 authored by Jonathan Schafer's avatar Jonathan Schafer

Fix exports for missing vuln findings

parent 32366684
......@@ -4,7 +4,7 @@ module VulnerabilityExports
module Exporters
class CsvService
IDENTIFIER_DELIMITER = '; '
IDENTIFIER_FORMATTER = -> (v) { v.other_identifier_values.to_csv(col_sep: IDENTIFIER_DELIMITER, row_sep: '') }
IDENTIFIER_FORMATTER = -> (v) { v&.other_identifier_values&.to_csv(col_sep: IDENTIFIER_DELIMITER, row_sep: '') }
MAPPING = {
'Group Name' => 'group_name',
'Project Name' => 'project_name',
......
......@@ -25,39 +25,62 @@ RSpec.describe VulnerabilityExports::Exporters::CsvService do
end
describe 'CSV content' do
before do
vulnerability.finding.identifiers << create(:vulnerabilities_identifier, external_type: 'GSO', name: 'GSO-1234;1234')
vulnerability.finding.identifiers << create(:vulnerabilities_identifier, external_type: 'TSO', name: 'TSO-1234')
end
context 'with valid findings' do
before do
vulnerability.finding.identifiers << create(:vulnerabilities_identifier, external_type: 'GSO', name: 'GSO-1234;1234')
vulnerability.finding.identifiers << create(:vulnerabilities_identifier, external_type: 'TSO', name: 'TSO-1234')
end
context 'when a project belongs to a group' do
let_it_be(:group) { create(:group) }
let_it_be(:project) { create(:project, :public, group: group) }
let_it_be(:vulnerability) { create(:vulnerability, :with_findings, project: project) }
context 'when a project belongs to a group' do
let_it_be(:group) { create(:group) }
let_it_be(:project) { create(:project, :public, group: group) }
let_it_be(:vulnerability) { create(:vulnerability, :with_findings, project: project) }
it 'includes proper values for each column type', :aggregate_failures do
expect(csv[0]['Group Name']).to eq group.name
expect(csv[0]['Project Name']).to eq project.name
expect(csv[0]['Scanner Type']).to eq vulnerability.report_type
expect(csv[0]['Scanner Name']).to eq vulnerability.finding_scanner_name
expect(csv[0]['Status']).to eq vulnerability.state
expect(csv[0]['Vulnerability']).to eq vulnerability.title
expect(csv[0]['Details']).to eq vulnerability.finding_description
expect(csv[0]['Additional Info']).to eq vulnerability.finding_message
expect(csv[0]['Severity']).to eq vulnerability.severity
expect(csv[0]['CVE']).to eq vulnerability.cve_value
expect(csv[0]['CWE']).to eq vulnerability.cwe_value
expect(csv[0]['Other Identifiers']).to eq '"GSO-1234;1234"; TSO-1234'
it 'includes proper values for each column type', :aggregate_failures do
expect(csv[0]['Group Name']).to eq group.name
expect(csv[0]['Project Name']).to eq project.name
expect(csv[0]['Scanner Type']).to eq vulnerability.report_type
expect(csv[0]['Scanner Name']).to eq vulnerability.finding_scanner_name
expect(csv[0]['Status']).to eq vulnerability.state
expect(csv[0]['Vulnerability']).to eq vulnerability.title
expect(csv[0]['Details']).to eq vulnerability.finding_description
expect(csv[0]['Additional Info']).to eq vulnerability.finding_message
expect(csv[0]['Severity']).to eq vulnerability.severity
expect(csv[0]['CVE']).to eq vulnerability.cve_value
expect(csv[0]['CWE']).to eq vulnerability.cwe_value
expect(csv[0]['Other Identifiers']).to eq '"GSO-1234;1234"; TSO-1234'
end
end
context 'when a project belongs to a user' do
let_it_be(:user) { create(:user) }
let_it_be(:project) { create(:project, :public, namespace: user.namespace ) }
let_it_be(:vulnerability) { create(:vulnerability, :with_findings, project: project) }
it 'includes proper values for each column except group name' do
expect(csv[0]['Group Name']).to be_nil
expect(csv[0]['Project Name']).to eq project.name
expect(csv[0]['Scanner Type']).to eq vulnerability.report_type
expect(csv[0]['Scanner Name']).to eq vulnerability.finding_scanner_name
expect(csv[0]['Status']).to eq vulnerability.state
expect(csv[0]['Vulnerability']).to eq vulnerability.title
expect(csv[0]['Details']).to eq vulnerability.finding_description
expect(csv[0]['Additional Info']).to eq vulnerability.finding_message
expect(csv[0]['Severity']).to eq vulnerability.severity
expect(csv[0]['CVE']).to eq vulnerability.cve_value
expect(csv[0]['CWE']).to eq vulnerability.cwe_value
expect(csv[0]['Other Identifiers']).to eq '"GSO-1234;1234"; TSO-1234'
end
end
end
context 'when a project belongs to a user' do
let_it_be(:user) { create(:user) }
let_it_be(:project) { create(:project, :public, namespace: user.namespace ) }
let_it_be(:vulnerability) { create(:vulnerability, :with_findings, project: project) }
context 'when a vulnerability is missing a finding' do
let_it_be(:group) { create(:group) }
let_it_be(:project) { create(:project, :public, group: group) }
let_it_be(:vulnerability) { create(:vulnerability, project: project) }
it 'includes proper values for each column except group name' do
expect(csv[0]['Group Name']).to be_nil
it 'includes proper values for each column except Other Identifiers' do
expect(csv[0]['Group Name']).to eq group.name
expect(csv[0]['Project Name']).to eq project.name
expect(csv[0]['Scanner Type']).to eq vulnerability.report_type
expect(csv[0]['Scanner Name']).to eq vulnerability.finding_scanner_name
......@@ -68,7 +91,7 @@ RSpec.describe VulnerabilityExports::Exporters::CsvService do
expect(csv[0]['Severity']).to eq vulnerability.severity
expect(csv[0]['CVE']).to eq vulnerability.cve_value
expect(csv[0]['CWE']).to eq vulnerability.cwe_value
expect(csv[0]['Other Identifiers']).to eq '"GSO-1234;1234"; TSO-1234'
expect(csv[0]['Other Identifiers']).to be_nil
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment