Attach remediations to Repor::Security::Finding entities

e8bd79d5 · Mehmet Emin INAC · 3d8eb2da · e8bd79d5 · e8bd79d5 · e8bd79d5
Commit e8bd79d5 authored Nov 30, 2020 by Mehmet Emin INAC
4 changed files
--- a/ee/lib/gitlab/ci/parsers/security/common.rb
+++ b/ee/lib/gitlab/ci/parsers/security/common.rb
@@ -57,6 +57,7 @@ module Gitlab
            identifiers = create_identifiers(report, data['identifiers'])
            links = create_links(report, data['links'])
            location = create_location(data['location'] || {})
+            remediations = create_remediations(data['remediations'])

            report.add_finding(
              ::Gitlab::Ci::Reports::Security::Finding.new(
@@ -71,6 +72,7 @@ module Gitlab
                scan: report&.scan,
                identifiers: identifiers,
                links: links,
+                remediations: remediations,
                raw_metadata: data.to_json,
                metadata_version: version))
          end
@@ -126,6 +128,12 @@ module Gitlab
              url: link['url'])
          end

+          def create_remediations(remediations_data)
+            remediations_data.to_a.compact.map do |remediation_data|
+              ::Gitlab::Ci::Reports::Security::Remediation.new(remediation_data['summary'], remediation_data['diff'])
+            end
+          end
+
          def parse_severity_level(input)
            return input if ::Vulnerabilities::Finding::SEVERITY_LEVELS.key?(input)


--- a/ee/lib/gitlab/ci/reports/security/finding.rb
+++ b/ee/lib/gitlab/ci/reports/security/finding.rb
@@ -22,10 +22,11 @@ module Gitlab
          attr_reader :scan
          attr_reader :severity
          attr_reader :uuid
+          attr_reader :remediations

          delegate :file_path, :start_line, :end_line, to: :location

-          def initialize(compare_key:, identifiers:, links: [], location:, metadata_version:, name:, raw_metadata:, report_type:, scanner:, scan:, uuid:, confidence: nil, severity: nil) # rubocop:disable Metrics/ParameterLists
+          def initialize(compare_key:, identifiers:, links: [], remediations: [], location:, metadata_version:, name:, raw_metadata:, report_type:, scanner:, scan:, uuid:, confidence: nil, severity: nil) # rubocop:disable Metrics/ParameterLists
            @compare_key = compare_key
            @confidence = confidence
            @identifiers = identifiers
@@ -39,6 +40,7 @@ module Gitlab
            @scan = scan
            @severity = severity
            @uuid = uuid
+            @remediations = remediations

            @project_fingerprint = generate_project_fingerprint
          end

--- a/ee/spec/lib/gitlab/ci/parsers/security/common_spec.rb
+++ b/ee/spec/lib/gitlab/ci/parsers/security/common_spec.rb
@@ -66,16 +66,22 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do
    end

    context 'parsing remediations' do
+      let(:expected_remediation) { create(:ci_reports_security_remediation, diff: '') }
+
      it 'finds remediation with same cve' do
        vulnerability = report.findings.find { |x| x.compare_key == "CVE-1020" }
        remediation = { 'fixes' => [{ 'cve' => 'CVE-1020' }], 'summary' => '', 'diff' => '' }
+
        expect(Gitlab::Json.parse(vulnerability.raw_metadata).dig('remediations').first).to include remediation
+        expect(vulnerability.remediations.first.checksum).to eq(expected_remediation.checksum)
      end

      it 'finds remediation with same id' do
        vulnerability = report.findings.find { |x| x.compare_key == "CVE-1030" }
        remediation = { 'fixes' => [{ 'cve' => 'CVE', 'id' => 'bb2fbeb1b71ea360ce3f86f001d4e84823c3ffe1a1f7d41ba7466b14cfa953d3' }], 'summary' => '', 'diff' => '' }
+
        expect(Gitlab::Json.parse(vulnerability.raw_metadata).dig('remediations').first).to include remediation
+        expect(vulnerability.remediations.first.checksum).to eq(expected_remediation.checksum)
      end

      it 'does not find remediation with different id' do

--- a/ee/spec/lib/gitlab/ci/reports/security/finding_spec.rb
+++ b/ee/spec/lib/gitlab/ci/reports/security/finding_spec.rb
@@ -13,6 +13,7 @@ RSpec.describe Gitlab::Ci::Reports::Security::Finding do
    let(:link) { create(:ci_reports_security_link) }
    let(:scanner) { create(:ci_reports_security_scanner) }
    let(:location) { create(:ci_reports_security_locations_sast) }
+    let(:remediation) { create(:ci_reports_security_remediation) }

    let(:params) do
      {
@@ -20,6 +21,7 @@ RSpec.describe Gitlab::Ci::Reports::Security::Finding do
        confidence: :medium,
        identifiers: [primary_identifier, other_identifier],
        links: [link],
+        remediations: [remediation],
        location: location,
        metadata_version: 'sast:1.0',
        name: 'Cipher with no integrity',
@@ -42,6 +44,7 @@ RSpec.describe Gitlab::Ci::Reports::Security::Finding do
          project_fingerprint: '9a73f32d58d87d94e3dc61c4c1a94803f6014258',
          identifiers: [primary_identifier, other_identifier],
          links: [link],
+          remediations: [remediation],
          location: location,
          metadata_version: 'sast:1.0',
          name: 'Cipher with no integrity',