Merge branch 'vuln-fingerprint-frontend-update' into 'master'

Update fingerprint hash See merge request gitlab-org/gitlab!15613

Merge branch 'vuln-fingerprint-frontend-update' into 'master'
Update fingerprint hash See merge request gitlab-org/gitlab!15613
d65bca6d · Kushal Pandya · c26e40b1 · be661227 · d65bca6d · d65bca6d
Commit d65bca6d authored Sep 30, 2019 by Kushal Pandya
4 changed files
--- a/ee/app/assets/javascripts/vue_shared/security_reports/store/utils.js
+++ b/ee/app/assets/javascripts/vue_shared/security_reports/store/utils.js
@@ -181,7 +181,7 @@ export const parseDependencyScanningIssues = (report = [], feedback = [], path =
    const parsed = {
      ...adaptDeprecatedIssueFormat(issue),
      category: 'dependency_scanning',
-      project_fingerprint: sha1(issue.cve || issue.message),
+      project_fingerprint: sha1(issue.cve),
      title: issue.message,
    };


--- a/ee/app/assets/javascripts/vue_shared/security_reports/store/utils/container_scanning.js
+++ b/ee/app/assets/javascripts/vue_shared/security_reports/store/utils/container_scanning.js
@@ -156,9 +156,7 @@ export const parseSastContainer = (issues = [], feedback = [], image) =>
     before switching to the Backend implementation
     */
    const frontendOnly = {
-      project_fingerprint: sha1(
-        `${issue.namespace}:${issue.vulnerability}:${issue.featurename}:${issue.featureversion}`,
-      ),
+      project_fingerprint: sha1(issue.vulnerability),
      title: message,
      vulnerability: issue.vulnerability,
    };

--- a/ee/spec/frontend/vue_shared/security_reports/mock_data.js
+++ b/ee/spec/frontend/vue_shared/security_reports/mock_data.js
+const libTiffCveFingerprint = 'e503c23a7776dd5e2c35ac63c8cce6b6468be9ba';
+const libTiffCveFingerprint2 = '29af456d1107381bc2511646e2ae488ddfe9a8ed';
+
 export const baseIssues = [
  {
    categories: ['Security'],
@@ -697,7 +700,7 @@ export const parsedSastContainerBaseStore = [
        value: 'CVE-2014-8130',
      },
    ],
-    project_fingerprint: '20a19f706d82cec1c04d1c9a8858e89b142d602f',
+    project_fingerprint: 'e1f22cd89e3c306541d7c804b29255b5cc275d6d',
    title: 'CVE-2014-8130',
    vulnerability: 'CVE-2014-8130',
  },
@@ -780,7 +783,7 @@ export const dockerNewIssues = [
        url: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16232',
      },
    ],
-    project_fingerprint: '4e010f6d292364a42c6bb05dbd2cc788c2e5e408',
+    project_fingerprint: libTiffCveFingerprint,
    title: 'CVE-2017-16232',
    vulnerability: 'CVE-2017-16232',
  },
@@ -804,7 +807,7 @@ export const dockerOnlyHeadParsed = [
        url: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944',
      },
    ],
-    project_fingerprint: '0693a82ef93c5e9d98c23a35ddcd8ed2cbd047d9',
+    project_fingerprint: libTiffCveFingerprint2,
    title: 'CVE-2017-12944',
    vulnerability: 'CVE-2017-12944',
  },
@@ -825,7 +828,7 @@ export const dockerOnlyHeadParsed = [
        url: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16232',
      },
    ],
-    project_fingerprint: '4e010f6d292364a42c6bb05dbd2cc788c2e5e408',
+    project_fingerprint: libTiffCveFingerprint,
    title: 'CVE-2017-16232',
    vulnerability: 'CVE-2017-16232',
  },
@@ -1466,7 +1469,7 @@ export const containerScanningFeedbacks = [
    category: 'container_scanning',
    feedback_type: 'dismissal',
    branch: 'try_new_container_scanning',
-    project_fingerprint: '0693a82ef93c5e9d98c23a35ddcd8ed2cbd047d9',
+    project_fingerprint: libTiffCveFingerprint2,
  },
  {
    id: 4,
@@ -1477,6 +1480,6 @@ export const containerScanningFeedbacks = [
    category: 'container_scanning',
    feedback_type: 'issue',
    branch: 'try_new_container_scanning',
-    project_fingerprint: '0693a82ef93c5e9d98c23a35ddcd8ed2cbd047d9',
+    project_fingerprint: libTiffCveFingerprint2,
  },
 ];
--- a/ee/spec/frontend/vue_shared/security_reports/store/utils_spec.js
+++ b/ee/spec/frontend/vue_shared/security_reports/store/utils_spec.js
@@ -213,16 +213,6 @@ describe('security reports utils', () => {
      expect(parsed.urlPath).toEqual('path/Gemfile.lock');
    });

-    it('uses message to generate sha1 when cve is undefined', () => {
-      const issuesWithoutCve = dependencyScanningIssuesOld.map(issue => ({
-        ...issue,
-        cve: undefined,
-      }));
-      const parsed = parseDependencyScanningIssues(issuesWithoutCve, [], 'path')[0];
-
-      expect(parsed.project_fingerprint).toEqual(sha1(dependencyScanningIssuesOld[0].message));
-    });
-
    it('includes vulnerability feedbacks', () => {
      const parsed = parseDependencyScanningIssues(
        dependencyScanningIssuesOld,
@@ -333,11 +323,7 @@ describe('security reports utils', () => {
        },
      ]);

-      expect(parsed.project_fingerprint).toEqual(
-        sha1(
-          `${issue.namespace}:${issue.vulnerability}:${issue.featurename}:${issue.featureversion}`,
-        ),
-      );
+      expect(parsed.project_fingerprint).toEqual(sha1(issue.vulnerability));
    });

    it('includes vulnerability feedbacks', () => {