Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
bcdb6f12
Commit
bcdb6f12
authored
Nov 18, 2020
by
Alan (Maciej) Paruszewski
Committed by
Heinrich Lee Yu
Nov 18, 2020
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Render scan information only when it is provided in Vulnerability
parent
93648e33
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
89 additions
and
0 deletions
+89
-0
ee/app/views/vulnerabilities/issue_description.md.erb
ee/app/views/vulnerabilities/issue_description.md.erb
+2
-0
ee/app/views/vulnerabilities/jira_issue_description.md.erb
ee/app/views/vulnerabilities/jira_issue_description.md.erb
+2
-0
ee/spec/helpers/vulnerabilities_helper_spec.rb
ee/spec/helpers/vulnerabilities_helper_spec.rb
+11
-0
ee/spec/services/ee/issues/create_from_vulnerability_data_service_spec.rb
.../ee/issues/create_from_vulnerability_data_service_spec.rb
+74
-0
No files found.
ee/app/views/vulnerabilities/issue_description.md.erb
View file @
bcdb6f12
...
@@ -67,6 +67,7 @@
...
@@ -67,6 +67,7 @@
<%
if
vulnerability
.
scanner
.
present?
%>
<%
if
vulnerability
.
scanner
.
present?
%>
*
<%=
_
(
"Name"
)
%>
:
<%=
vulnerability
.
scanner
[
:name
]
%>
*
<%=
_
(
"Name"
)
%>
:
<%=
vulnerability
.
scanner
[
:name
]
%>
<%
end
%>
<%
end
%>
<%
if
vulnerability
.
scan
.
present?
%>
<%
if
vulnerability
.
scan
[
:type
].
present?
%>
<%
if
vulnerability
.
scan
[
:type
].
present?
%>
*
<%=
_
(
"Type"
)
%>
:
<%=
vulnerability
.
scan
[
:type
]
%>
*
<%=
_
(
"Type"
)
%>
:
<%=
vulnerability
.
scan
[
:type
]
%>
<%
end
%>
<%
end
%>
...
@@ -80,3 +81,4 @@
...
@@ -80,3 +81,4 @@
*
<%=
_
(
"End Time"
)
%>
:
<%=
vulnerability
.
scan
[
:end_time
]
%>
*
<%=
_
(
"End Time"
)
%>
:
<%=
vulnerability
.
scan
[
:end_time
]
%>
<%
end
%>
<%
end
%>
<%
end
%>
<%
end
%>
<%
end
%>
ee/app/views/vulnerabilities/jira_issue_description.md.erb
View file @
bcdb6f12
...
@@ -58,6 +58,7 @@ h3. <%= _("Scanner") %>:
...
@@ -58,6 +58,7 @@ h3. <%= _("Scanner") %>:
<%
if
vulnerability
.
scanner
.
present?
%>
<%
if
vulnerability
.
scanner
.
present?
%>
*
<%=
_
(
"Name"
)
%>
:
<%=
vulnerability
.
scanner
[
:name
]
%>
*
<%=
_
(
"Name"
)
%>
:
<%=
vulnerability
.
scanner
[
:name
]
%>
<%
end
%>
<%
end
%>
<%
if
vulnerability
.
scan
.
present?
%>
<%
if
vulnerability
.
scan
[
:type
].
present?
%>
<%
if
vulnerability
.
scan
[
:type
].
present?
%>
*
<%=
_
(
"Type"
)
%>
:
<%=
vulnerability
.
scan
[
:type
]
%>
*
<%=
_
(
"Type"
)
%>
:
<%=
vulnerability
.
scan
[
:type
]
%>
<%
end
%>
<%
end
%>
...
@@ -71,3 +72,4 @@ h3. <%= _("Scanner") %>:
...
@@ -71,3 +72,4 @@ h3. <%= _("Scanner") %>:
*
<%=
_
(
"End Time"
)
%>
:
<%=
vulnerability
.
scan
[
:end_time
]
%>
*
<%=
_
(
"End Time"
)
%>
:
<%=
vulnerability
.
scan
[
:end_time
]
%>
<%
end
%>
<%
end
%>
<%
end
%>
<%
end
%>
<%
end
%>
ee/spec/helpers/vulnerabilities_helper_spec.rb
View file @
bcdb6f12
...
@@ -202,6 +202,17 @@ RSpec.describe VulnerabilitiesHelper do
...
@@ -202,6 +202,17 @@ RSpec.describe VulnerabilitiesHelper do
it
'generates url to create issue in Jira'
do
it
'generates url to create issue in Jira'
do
expect
(
subject
[
:create_jira_issue_url
]).
to
eq
(
'https://jira.example.com/new'
)
expect
(
subject
[
:create_jira_issue_url
]).
to
eq
(
'https://jira.example.com/new'
)
end
end
context
'when scan property is empty'
do
before
do
vulnerability
.
finding
.
scan
=
nil
end
it
'renders description using dedicated template without raising error'
do
expect
(
ApplicationController
).
to
receive
(
:render
).
with
(
template:
'vulnerabilities/jira_issue_description.md.erb'
,
locals:
{
vulnerability:
an_instance_of
(
VulnerabilityPresenter
)
})
expect
{
subject
}.
not_to
raise_error
end
end
end
end
context
'with jira vulnerabilities integration disabled'
do
context
'with jira vulnerabilities integration disabled'
do
...
...
ee/spec/services/ee/issues/create_from_vulnerability_data_service_spec.rb
View file @
bcdb6f12
...
@@ -175,6 +175,80 @@ RSpec.describe Issues::CreateFromVulnerabilityDataService, '#execute' do
...
@@ -175,6 +175,80 @@ RSpec.describe Issues::CreateFromVulnerabilityDataService, '#execute' do
it_behaves_like
'a created issue'
it_behaves_like
'a created issue'
end
end
context
'when scan is NOT present but scanner is'
do
let
(
:params
)
do
{
blob_path:
'/group_path/sub_group_path/project_path/-/blob/commitsha/subdir/src/main/java/com/gitlab/security_products/tests/App.java#L15'
,
category:
'sast'
,
severity:
'Low'
,
confidence:
'High'
,
solution:
'Please do something!'
,
file:
'subdir/src/main/java/com/gitlab/security_products/tests/App.java'
,
line:
'15'
,
cve:
'818bf5dacb291e15d9e6dc3c5ac32178:PREDICTABLE_RANDOM'
,
title:
'Predictable pseudorandom number generator'
,
description:
'Description of Predictable pseudorandom number generator'
,
tool:
'find_sec_bugs'
,
identifiers:
[{
type:
'CVE'
,
name:
'CVE-2017-15650'
,
value:
'CVE-2017-15650'
,
url:
'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15650'
},
{
type:
'CWE'
,
name:
'CWE-16'
,
value:
'16'
,
url:
'https://cwe.mitre.org/data/definitions/16.html'
},
{
type:
'GAS_RULE_ID'
,
name:
'GAS Rule ID G105'
,
value:
'G105'
}],
links:
[{
name:
'Awesome-security blog post'
,
url:
'https;//example.com/blog-post'
},
{
url:
'https://example.com/another-link'
}],
scanner:
{
external_id:
'gemnasium'
,
name:
'Gemnasium'
},
scan:
nil
}
end
let
(
:expected_title
)
{
'Investigate vulnerability: Predictable pseudorandom number generator'
}
let
(
:expected_description
)
do
<<~
DESC
.
chomp
### Description:
Description of Predictable pseudorandom number generator
* Severity: Low
* Confidence: High
* Location: [subdir/src/main/java/com/gitlab/security_products/tests/App.java:15](http://localhost/group_path/sub_group_path/project_path/-/blob/commitsha/subdir/src/main/java/com/gitlab/security_products/tests/App.java#L15)
### Solution:
Please do something!
### Identifiers:
* [CVE-2017-15650](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15650)
* [CWE-16](https://cwe.mitre.org/data/definitions/16.html)
* GAS Rule ID G105
### Links:
* [Awesome-security blog post](https;//example.com/blog-post)
* https://example.com/another-link
### Scanner:
* Name: Gemnasium
DESC
end
it_behaves_like
'a created issue'
end
end
end
context
'when category is dependency scanning'
do
context
'when category is dependency scanning'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment