Merge branch 'add_generic_scan_type_to_security_scan' into 'master'

Sanitize given scan types before querying the security_scans See merge request gitlab-org/gitlab!71836

Merge branch 'add_generic_scan_type_to_security_scan' into 'master'
Sanitize given scan types before querying the security_scans See merge request gitlab-org/gitlab!71836
fc59ad96 · Stan Hu · b3d179e5 · a06867f1 · fc59ad96 · fc59ad96
Commit fc59ad96 authored Oct 06, 2021 by Stan Hu
Showing with 16 additions and 5 deletions

ee/app/models/security/scan.rb ee/app/models/security/scan.rb +5 -1

ee/lib/ee/gitlab/usage_data.rb ee/lib/ee/gitlab/usage_data.rb +2 -2

ee/spec/models/security/scan_spec.rb ee/spec/models/security/scan_spec.rb +9 -2

No files found.
--- a/ee/app/models/security/scan.rb
+++ b/ee/app/models/security/scan.rb
@@ -27,7 +27,7 @@ module Security
      cluster_image_scanning: 8
    }

-    scope :by_scan_types, -> (scan_types) { where(scan_type: scan_types) }
+    scope :by_scan_types, -> (scan_types) { where(scan_type: sanitize_scan_types(scan_types)) }

    scope :scoped_project, -> { where('security_scans.project_id = projects.id') }

@@ -50,6 +50,10 @@ module Security

    before_save :ensure_project_id_pipeline_id

+    def self.sanitize_scan_types(given_types)
+      scan_types.keys & Array(given_types).map(&:to_s)
+    end
+
    def has_errors?
      processing_errors.present?
    end

--- a/ee/lib/ee/gitlab/usage_data.rb
+++ b/ee/lib/ee/gitlab/usage_data.rb
@@ -418,9 +418,9 @@ module EE

          start_id, finish_id = min_max_security_scan_id(time_period)

-          ::Security::Scan.scan_types.each do |name, scan_type|
+          ::Security::Scan.scan_types.each do |name, _|
            relation = ::Security::Scan
-                         .by_scan_types(scan_type)
+                         .by_scan_types(name)
                         .where(time_period)

            metric_name = "#{name}_pipeline"

--- a/ee/spec/models/security/scan_spec.rb
+++ b/ee/spec/models/security/scan_spec.rb
@@ -70,13 +70,20 @@ RSpec.describe Security::Scan do
  end

  describe '.by_scan_types' do
-    let!(:sast_scan) { create(:security_scan, scan_type: :sast) }
-    let!(:dast_scan) { create(:security_scan, scan_type: :dast) }
+    let_it_be(:sast_scan) { create(:security_scan, scan_type: :sast) }
+    let_it_be(:dast_scan) { create(:security_scan, scan_type: :dast) }
+
    let(:expected_scans) { [sast_scan] }

    subject { described_class.by_scan_types(:sast) }

    it { is_expected.to match_array(expected_scans) }
+
+    context 'when an invalid enum value is given' do
+      subject { described_class.by_scan_types([:sast, :generic]) }
+
+      it { is_expected.to match_array(expected_scans) }
+    end
  end

  describe '.latest_successful_by_build' do