Commit c3f7a9ee authored by Heinrich Lee Yu's avatar Heinrich Lee Yu

Merge branch '284187-check-if-vulnerability-scan-is-present' into 'master'

Render scan information only when it is provided in Vulnerability

See merge request gitlab-org/gitlab!47958
parents a40a68f9 bcdb6f12
...@@ -67,6 +67,7 @@ ...@@ -67,6 +67,7 @@
<% if vulnerability.scanner.present? %> <% if vulnerability.scanner.present? %>
* <%= _("Name") %>: <%= vulnerability.scanner[:name] %> * <%= _("Name") %>: <%= vulnerability.scanner[:name] %>
<% end %> <% end %>
<% if vulnerability.scan.present? %>
<% if vulnerability.scan[:type].present? %> <% if vulnerability.scan[:type].present? %>
* <%= _("Type") %>: <%= vulnerability.scan[:type] %> * <%= _("Type") %>: <%= vulnerability.scan[:type] %>
<% end %> <% end %>
...@@ -80,3 +81,4 @@ ...@@ -80,3 +81,4 @@
* <%= _("End Time") %>: <%= vulnerability.scan[:end_time] %> * <%= _("End Time") %>: <%= vulnerability.scan[:end_time] %>
<% end %> <% end %>
<% end %> <% end %>
<% end %>
...@@ -58,6 +58,7 @@ h3. <%= _("Scanner") %>: ...@@ -58,6 +58,7 @@ h3. <%= _("Scanner") %>:
<% if vulnerability.scanner.present? %> <% if vulnerability.scanner.present? %>
* <%= _("Name") %>: <%= vulnerability.scanner[:name] %> * <%= _("Name") %>: <%= vulnerability.scanner[:name] %>
<% end %> <% end %>
<% if vulnerability.scan.present? %>
<% if vulnerability.scan[:type].present? %> <% if vulnerability.scan[:type].present? %>
* <%= _("Type") %>: <%= vulnerability.scan[:type] %> * <%= _("Type") %>: <%= vulnerability.scan[:type] %>
<% end %> <% end %>
...@@ -71,3 +72,4 @@ h3. <%= _("Scanner") %>: ...@@ -71,3 +72,4 @@ h3. <%= _("Scanner") %>:
* <%= _("End Time") %>: <%= vulnerability.scan[:end_time] %> * <%= _("End Time") %>: <%= vulnerability.scan[:end_time] %>
<% end %> <% end %>
<% end %> <% end %>
<% end %>
...@@ -202,6 +202,17 @@ RSpec.describe VulnerabilitiesHelper do ...@@ -202,6 +202,17 @@ RSpec.describe VulnerabilitiesHelper do
it 'generates url to create issue in Jira' do it 'generates url to create issue in Jira' do
expect(subject[:create_jira_issue_url]).to eq('https://jira.example.com/new') expect(subject[:create_jira_issue_url]).to eq('https://jira.example.com/new')
end end
context 'when scan property is empty' do
before do
vulnerability.finding.scan = nil
end
it 'renders description using dedicated template without raising error' do
expect(ApplicationController).to receive(:render).with(template: 'vulnerabilities/jira_issue_description.md.erb', locals: { vulnerability: an_instance_of(VulnerabilityPresenter) })
expect {subject}.not_to raise_error
end
end
end end
context 'with jira vulnerabilities integration disabled' do context 'with jira vulnerabilities integration disabled' do
......
...@@ -175,6 +175,80 @@ RSpec.describe Issues::CreateFromVulnerabilityDataService, '#execute' do ...@@ -175,6 +175,80 @@ RSpec.describe Issues::CreateFromVulnerabilityDataService, '#execute' do
it_behaves_like 'a created issue' it_behaves_like 'a created issue'
end end
context 'when scan is NOT present but scanner is' do
let(:params) do
{
blob_path: '/group_path/sub_group_path/project_path/-/blob/commitsha/subdir/src/main/java/com/gitlab/security_products/tests/App.java#L15',
category: 'sast',
severity: 'Low', confidence: 'High',
solution: 'Please do something!',
file: 'subdir/src/main/java/com/gitlab/security_products/tests/App.java',
line: '15',
cve: '818bf5dacb291e15d9e6dc3c5ac32178:PREDICTABLE_RANDOM',
title: 'Predictable pseudorandom number generator',
description: 'Description of Predictable pseudorandom number generator',
tool: 'find_sec_bugs',
identifiers: [{
type: 'CVE',
name: 'CVE-2017-15650',
value: 'CVE-2017-15650',
url: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15650'
}, {
type: 'CWE',
name: 'CWE-16',
value: '16',
url: 'https://cwe.mitre.org/data/definitions/16.html'
}, {
type: 'GAS_RULE_ID',
name: 'GAS Rule ID G105',
value: 'G105'
}],
links: [{
name: 'Awesome-security blog post',
url: 'https;//example.com/blog-post'
}, {
url: 'https://example.com/another-link'
}],
scanner: { external_id: 'gemnasium', name: 'Gemnasium' },
scan: nil
}
end
let(:expected_title) { 'Investigate vulnerability: Predictable pseudorandom number generator' }
let(:expected_description) do
<<~DESC.chomp
### Description:
Description of Predictable pseudorandom number generator
* Severity: Low
* Confidence: High
* Location: [subdir/src/main/java/com/gitlab/security_products/tests/App.java:15](http://localhost/group_path/sub_group_path/project_path/-/blob/commitsha/subdir/src/main/java/com/gitlab/security_products/tests/App.java#L15)
### Solution:
Please do something!
### Identifiers:
* [CVE-2017-15650](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15650)
* [CWE-16](https://cwe.mitre.org/data/definitions/16.html)
* GAS Rule ID G105
### Links:
* [Awesome-security blog post](https;//example.com/blog-post)
* https://example.com/another-link
### Scanner:
* Name: Gemnasium
DESC
end
it_behaves_like 'a created issue'
end
end end
context 'when category is dependency scanning' do context 'when category is dependency scanning' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment