diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-17 21:07:21 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-17 21:07:21 +0000 |
commit | cf7a32bf29a7412a0f4b373ac3045f2555762d03 (patch) | |
tree | 1630edf014bf7101b63864b63a3c95befedc2100 | |
parent | 8746f6e79d7717a8cb16737fecdb977feaa22cdb (diff) | |
download | gitlab-ce-cf7a32bf29a7412a0f4b373ac3045f2555762d03.tar.gz |
Add latest changes from gitlab-org/gitlab@master
33 files changed, 164 insertions, 115 deletions
diff --git a/.rubocop_todo/layout/first_hash_element_indentation.yml b/.rubocop_todo/layout/first_hash_element_indentation.yml index 4537d0a499b..bd8bee3b69f 100644 --- a/.rubocop_todo/layout/first_hash_element_indentation.yml +++ b/.rubocop_todo/layout/first_hash_element_indentation.yml @@ -56,7 +56,6 @@ Layout/FirstHashElementIndentation: - 'ee/app/services/timebox_report_service.rb' - 'ee/lib/ee/gitlab/ci/parsers.rb' - 'ee/lib/ee/gitlab/usage_data.rb' - - 'ee/lib/elastic/latest/application_class_proxy.rb' - 'ee/lib/elastic/latest/issue_class_proxy.rb' - 'ee/lib/gitlab/analytics/type_of_work/tasks_by_type.rb' - 'ee/lib/gitlab/ci/parsers/security/formatters/dependency_list.rb' diff --git a/.rubocop_todo/layout/line_length.yml b/.rubocop_todo/layout/line_length.yml index 13ed078563f..3e29279693e 100644 --- a/.rubocop_todo/layout/line_length.yml +++ b/.rubocop_todo/layout/line_length.yml @@ -1287,7 +1287,6 @@ Layout/LineLength: - 'ee/lib/ee/gitlab/usage_data.rb' - 'ee/lib/ee/sidebars/groups/panel.rb' - 'ee/lib/ee/sidebars/projects/menus/security_compliance_menu.rb' - - 'ee/lib/elastic/latest/application_class_proxy.rb' - 'ee/lib/elastic/latest/config.rb' - 'ee/lib/elastic/latest/custom_language_analyzers.rb' - 'ee/lib/elastic/latest/git_class_proxy.rb' diff --git a/.rubocop_todo/style/guard_clause.yml b/.rubocop_todo/style/guard_clause.yml index 50a823c9ee8..18075377acb 100644 --- a/.rubocop_todo/style/guard_clause.yml +++ b/.rubocop_todo/style/guard_clause.yml @@ -406,7 +406,6 @@ Style/GuardClause: - 'ee/lib/ee/gitlab/gon_helper.rb' - 'ee/lib/ee/gitlab/omniauth_initializer.rb' - 'ee/lib/ee/sidebars/projects/panel.rb' - - 'ee/lib/elastic/latest/application_class_proxy.rb' - 'ee/lib/gitlab/analytics/cycle_analytics/summary/base_time.rb' - 'ee/lib/gitlab/ci/config/security_orchestration_policies/processor.rb' - 'ee/lib/gitlab/ci/minutes/cost_factor.rb' diff --git a/.rubocop_todo/style/lambda.yml b/.rubocop_todo/style/lambda.yml index 270cdafa855..adbf5a5b8be 100644 --- a/.rubocop_todo/style/lambda.yml +++ b/.rubocop_todo/style/lambda.yml @@ -27,7 +27,6 @@ Style/Lambda: - 'ee/lib/ee/api/entities/group_push_rule.rb' - 'ee/lib/ee/banzai/filter/sanitization_filter.rb' - 'ee/lib/ee/gitlab/checks/diff_check.rb' - - 'ee/lib/elastic/latest/application_class_proxy.rb' - 'ee/lib/gem_extensions/elasticsearch/model/adapter/active_record/importing.rb' - 'ee/spec/elastic_integration/global_search_spec.rb' - 'ee/spec/lib/gitlab/geo/event_gap_tracking_spec.rb' diff --git a/.rubocop_todo/style/redundant_self.yml b/.rubocop_todo/style/redundant_self.yml index 3168a5d2150..df5c1b6172a 100644 --- a/.rubocop_todo/style/redundant_self.yml +++ b/.rubocop_todo/style/redundant_self.yml @@ -232,7 +232,6 @@ Style/RedundantSelf: - 'ee/lib/ee/legacy_model.rb' - 'ee/lib/ee/model.rb' - 'ee/lib/elastic/instance_proxy_util.rb' - - 'ee/lib/elastic/latest/application_class_proxy.rb' - 'ee/lib/elastic/latest/commit_config.rb' - 'ee/lib/elastic/latest/issue_config.rb' - 'ee/lib/elastic/latest/merge_request_config.rb' diff --git a/.rubocop_todo/style/sole_nested_conditional.yml b/.rubocop_todo/style/sole_nested_conditional.yml index 9b867a430f2..65cac595cde 100644 --- a/.rubocop_todo/style/sole_nested_conditional.yml +++ b/.rubocop_todo/style/sole_nested_conditional.yml @@ -33,7 +33,6 @@ Style/SoleNestedConditional: - 'ee/app/workers/ee/post_receive.rb' - 'ee/lib/ee/gitlab/auth/o_auth/auth_hash.rb' - 'ee/lib/ee/gitlab/checks/push_rules/commit_check.rb' - - 'ee/lib/elastic/latest/application_class_proxy.rb' - 'ee/lib/elastic/latest/issue_class_proxy.rb' - 'ee/lib/gitlab/code_owners/groups_loader.rb' - 'lib/api/deploy_keys.rb' diff --git a/app/assets/javascripts/ci/pipeline_schedules/components/pipeline_schedules_empty_state.vue b/app/assets/javascripts/ci/pipeline_schedules/components/pipeline_schedules_empty_state.vue index f633ba053ee..39ac55bb9c5 100644 --- a/app/assets/javascripts/ci/pipeline_schedules/components/pipeline_schedules_empty_state.vue +++ b/app/assets/javascripts/ci/pipeline_schedules/components/pipeline_schedules_empty_state.vue @@ -1,5 +1,5 @@ <script> -import scheduleSvg from '@gitlab/svgs/dist/illustrations/schedule-md.svg'; +import scheduleSvg from '@gitlab/svgs/dist/illustrations/schedule-md.svg?raw'; import { GlEmptyState, GlLink, GlSprintf } from '@gitlab/ui'; import { helpPagePath } from '~/helpers/help_page_helper'; import { s__ } from '~/locale'; diff --git a/app/assets/javascripts/ensure_data.js b/app/assets/javascripts/ensure_data.js index 69c81c35bd4..4566ab20258 100644 --- a/app/assets/javascripts/ensure_data.js +++ b/app/assets/javascripts/ensure_data.js @@ -1,4 +1,4 @@ -import emptySvg from '@gitlab/svgs/dist/illustrations/security-dashboard-empty-state.svg'; +import emptySvg from '@gitlab/svgs/dist/illustrations/security-dashboard-empty-state.svg?raw'; import { GlEmptyState } from '@gitlab/ui'; import * as Sentry from '@sentry/browser'; import { __ } from '~/locale'; diff --git a/app/assets/javascripts/environments/components/deploy_board.vue b/app/assets/javascripts/environments/components/deploy_board.vue index b2843b79ba6..ce7a6f0abe7 100644 --- a/app/assets/javascripts/environments/components/deploy_board.vue +++ b/app/assets/javascripts/environments/components/deploy_board.vue @@ -8,7 +8,7 @@ * - Button Actions. * [Mockup](https://gitlab.com/gitlab-org/gitlab-foss/uploads/2f655655c0eadf655d0ae7467b53002a/environments__deploy-graphic.png) */ -import deployBoardSvg from '@gitlab/svgs/dist/illustrations/deploy-boards.svg'; +import deployBoardSvg from '@gitlab/svgs/dist/illustrations/deploy-boards.svg?raw'; import { GlIcon, GlLoadingIcon, diff --git a/app/assets/javascripts/feature_highlight/feature_highlight_popover.vue b/app/assets/javascripts/feature_highlight/feature_highlight_popover.vue index 1c6e6380e76..24f7d567ea7 100644 --- a/app/assets/javascripts/feature_highlight/feature_highlight_popover.vue +++ b/app/assets/javascripts/feature_highlight/feature_highlight_popover.vue @@ -1,5 +1,5 @@ <script> -import clusterPopover from '@gitlab/svgs/dist/illustrations/cluster_popover.svg'; +import clusterPopover from '@gitlab/svgs/dist/illustrations/cluster_popover.svg?raw'; import { GlPopover, GlSprintf, GlLink, GlButton } from '@gitlab/ui'; import SafeHtml from '~/vue_shared/directives/safe_html'; import { __ } from '~/locale'; diff --git a/app/assets/javascripts/monitoring/components/charts/empty_chart.vue b/app/assets/javascripts/monitoring/components/charts/empty_chart.vue index da4c92df711..6419c45c20c 100644 --- a/app/assets/javascripts/monitoring/components/charts/empty_chart.vue +++ b/app/assets/javascripts/monitoring/components/charts/empty_chart.vue @@ -1,5 +1,5 @@ <script> -import chartEmptyStateIllustration from '@gitlab/svgs/dist/illustrations/chart-empty-state.svg'; +import chartEmptyStateIllustration from '@gitlab/svgs/dist/illustrations/chart-empty-state.svg?raw'; import SafeHtml from '~/vue_shared/directives/safe_html'; import { chartHeight } from '../../constants'; diff --git a/app/assets/javascripts/pages/groups/new/components/app.vue b/app/assets/javascripts/pages/groups/new/components/app.vue index 513f4968dbd..167f56bbfcf 100644 --- a/app/assets/javascripts/pages/groups/new/components/app.vue +++ b/app/assets/javascripts/pages/groups/new/components/app.vue @@ -1,6 +1,6 @@ <script> -import importGroupIllustration from '@gitlab/svgs/dist/illustrations/group-import.svg'; -import newGroupIllustration from '@gitlab/svgs/dist/illustrations/group-new.svg'; +import importGroupIllustration from '@gitlab/svgs/dist/illustrations/group-import.svg?raw'; +import newGroupIllustration from '@gitlab/svgs/dist/illustrations/group-new.svg?raw'; import { s__ } from '~/locale'; import NewNamespacePage from '~/vue_shared/new_namespace/new_namespace_page.vue'; diff --git a/app/assets/javascripts/projects/new/components/app.vue b/app/assets/javascripts/projects/new/components/app.vue index 2f58d4468be..6ca83b0b500 100644 --- a/app/assets/javascripts/projects/new/components/app.vue +++ b/app/assets/javascripts/projects/new/components/app.vue @@ -1,8 +1,8 @@ <script> -import createFromTemplateIllustration from '@gitlab/svgs/dist/illustrations/project-create-from-template-sm.svg'; -import blankProjectIllustration from '@gitlab/svgs/dist/illustrations/project-create-new-sm.svg'; -import importProjectIllustration from '@gitlab/svgs/dist/illustrations/project-import-sm.svg'; -import ciCdProjectIllustration from '@gitlab/svgs/dist/illustrations/project-run-CICD-pipelines-sm.svg'; +import createFromTemplateIllustration from '@gitlab/svgs/dist/illustrations/project-create-from-template-sm.svg?raw'; +import blankProjectIllustration from '@gitlab/svgs/dist/illustrations/project-create-new-sm.svg?raw'; +import importProjectIllustration from '@gitlab/svgs/dist/illustrations/project-import-sm.svg?raw'; +import ciCdProjectIllustration from '@gitlab/svgs/dist/illustrations/project-run-CICD-pipelines-sm.svg?raw'; import SafeHtml from '~/vue_shared/directives/safe_html'; import { s__ } from '~/locale'; import NewNamespacePage from '~/vue_shared/new_namespace/new_namespace_page.vue'; diff --git a/app/assets/javascripts/security_configuration/components/constants.js b/app/assets/javascripts/security_configuration/components/constants.js index 1b86d7d0a2b..1c2be99b393 100644 --- a/app/assets/javascripts/security_configuration/components/constants.js +++ b/app/assets/javascripts/security_configuration/components/constants.js @@ -15,9 +15,9 @@ import { REPORT_TYPE_API_FUZZING, } from '~/vue_shared/security_reports/constants'; -import kontraLogo from 'images/vulnerability/kontra-logo.svg'; -import scwLogo from 'images/vulnerability/scw-logo.svg'; -import secureflagLogo from 'images/vulnerability/secureflag-logo.svg'; +import kontraLogo from 'images/vulnerability/kontra-logo.svg?raw'; +import scwLogo from 'images/vulnerability/scw-logo.svg?raw'; +import secureflagLogo from 'images/vulnerability/secureflag-logo.svg?raw'; import configureSastMutation from '../graphql/configure_sast.mutation.graphql'; import configureSastIacMutation from '../graphql/configure_iac.mutation.graphql'; import configureSecretDetectionMutation from '../graphql/configure_secret_detection.mutation.graphql'; diff --git a/app/assets/javascripts/super_sidebar/components/user_bar.vue b/app/assets/javascripts/super_sidebar/components/user_bar.vue index 768914584e8..0b71cb4341b 100644 --- a/app/assets/javascripts/super_sidebar/components/user_bar.vue +++ b/app/assets/javascripts/super_sidebar/components/user_bar.vue @@ -7,7 +7,7 @@ import { createUserCountsManager, userCounts, } from '~/super_sidebar/user_counts_manager'; -import logo from '../../../../views/shared/_logo.svg'; +import logo from '../../../../views/shared/_logo.svg?raw'; import { JS_TOGGLE_COLLAPSE_CLASS } from '../constants'; import CreateMenu from './create_menu.vue'; import Counter from './counter.vue'; diff --git a/app/assets/javascripts/surveys/merge_request_experience/app.vue b/app/assets/javascripts/surveys/merge_request_experience/app.vue index 6e90ad2e0fd..333059b5340 100644 --- a/app/assets/javascripts/surveys/merge_request_experience/app.vue +++ b/app/assets/javascripts/surveys/merge_request_experience/app.vue @@ -1,6 +1,6 @@ <script> import { GlButton, GlSprintf, GlTooltipDirective } from '@gitlab/ui'; -import gitlabLogo from '@gitlab/svgs/dist/illustrations/gitlab_logo.svg'; +import gitlabLogo from '@gitlab/svgs/dist/illustrations/gitlab_logo.svg?raw'; import SafeHtml from '~/vue_shared/directives/safe_html'; import { s__, __ } from '~/locale'; import UserCalloutDismisser from '~/vue_shared/components/user_callout_dismisser.vue'; diff --git a/app/assets/javascripts/work_items/components/work_item_detail.vue b/app/assets/javascripts/work_items/components/work_item_detail.vue index f20ca1ce69a..54bd3ac719c 100644 --- a/app/assets/javascripts/work_items/components/work_item_detail.vue +++ b/app/assets/javascripts/work_items/components/work_item_detail.vue @@ -11,7 +11,7 @@ import { GlTooltipDirective, GlEmptyState, } from '@gitlab/ui'; -import noAccessSvg from '@gitlab/svgs/dist/illustrations/analytics/no-access.svg'; +import noAccessSvg from '@gitlab/svgs/dist/illustrations/analytics/no-access.svg?raw'; import * as Sentry from '@sentry/browser'; import { s__ } from '~/locale'; import { getParameterByName, updateHistory, setUrlParams } from '~/lib/utils/url_utility'; diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb index 97b625d1ae2..91788444f1f 100644 --- a/app/controllers/projects/merge_requests_controller.rb +++ b/app/controllers/projects/merge_requests_controller.rb @@ -196,10 +196,12 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo end end + # documented in doc/development/rails_endpoints/index.md def codequality_mr_diff_reports reports_response(@merge_request.find_codequality_mr_diff_reports, head_pipeline) end + # documented in doc/development/rails_endpoints/index.md def codequality_reports reports_response(@merge_request.compare_codequality_reports) end diff --git a/config/routes/merge_requests.rb b/config/routes/merge_requests.rb index 29e0d65b58c..0f973867068 100644 --- a/config/routes/merge_requests.rb +++ b/config/routes/merge_requests.rb @@ -17,7 +17,10 @@ resources :merge_requests, concerns: :awardable, except: [:new, :create, :show], get :accessibility_reports get :coverage_reports get :terraform_reports + + # documented in doc/development/rails_endpoints/index.md get :codequality_reports + # documented in doc/development/rails_endpoints/index.md get :codequality_mr_diff_reports scope constraints: ->(req) { req.format == :json }, as: :json do diff --git a/config/webpack.config.js b/config/webpack.config.js index e3505ae47b8..4b90fe5e108 100644 --- a/config/webpack.config.js +++ b/config/webpack.config.js @@ -425,19 +425,12 @@ module.exports = { { test: /\.svg$/, exclude: /icons\.svg$/, - oneOf: [ - { - resourceQuery: /url/, - loader: 'file-loader', - options: { - name: '[name].[contenthash:8].[ext]', - esModule: false, - }, - }, - { - loader: 'raw-loader', - }, - ], + resourceQuery: /url/, + loader: 'file-loader', + options: { + name: '[name].[contenthash:8].[ext]', + esModule: false, + }, }, { test: /\.(gif|png|mp4)$/, diff --git a/doc/ci/runners/saas/linux_saas_runner.md b/doc/ci/runners/saas/linux_saas_runner.md index ebc1f617691..a1864c59d47 100644 --- a/doc/ci/runners/saas/linux_saas_runner.md +++ b/doc/ci/runners/saas/linux_saas_runner.md @@ -17,7 +17,7 @@ For Free, Premium, and Ultimate plan customers, jobs on these instances consume | | Small | Medium | Large | |-------------------|---------------------------|---------------------------|--------------------------| -| Specs | 1 vCPU, 3.75 GB RAM | 2 vCPUs, 8 GB RAM | 4 vCPUs, 16 GB RAM | +| Specs | 2 vCPU, 8 GB RAM | 4 vCPUs, 16 GB RAM | 8 vCPUs, 32 GB RAM | | GitLab CI/CD tags | `saas-linux-small-amd64` | `saas-linux-medium-amd64` | `saas-linux-large-amd64` | | Subscription | Free, Premium, Ultimate | Free, Premium, Ultimate | Premium, Ultimate | diff --git a/doc/development/rails_endpoints/index.md b/doc/development/rails_endpoints/index.md new file mode 100644 index 00000000000..c5a166dd4be --- /dev/null +++ b/doc/development/rails_endpoints/index.md @@ -0,0 +1,79 @@ +--- +stage: Create +group: Source Code +info: "To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments" +type: reference, api +--- + +# Rails Endpoints + +Rails Endpoints are used by different GitLab components, they cannot be +used by other consumers. This documentation is intended for people +working on the GitLab codebase. + +These Rails Endpoints: + +- May not have extensive documentation or follow the same conventions as our public or private APIs. +- May not adhere to standardized rules or guidelines. +- Are designed to serve specific internal purposes in the codebase. +- Are subject to change at any time. + +## Proof of concept period: Feedback Request + +We are currently evaluating a new approach for documenting Rails endpoints. Please [check out the Feedback Issue](https://gitlab.com/gitlab-org/gitlab/-/issues/411605) and feel free to share your thoughts, suggestions, or concerns. We appreciate your participation in helping us improve the documentation! + +## SAST Scanners + +Static Application Security Testing (SAST) checks your source code for known vulnerabilities. When SAST is enabled +on a Project these endpoints are available. + +### List existing merge request code quality findings sorted by files + +Get a list of existing code quality Findings, if any, sorted by files. + +```plaintext +GET /projects/:id/merge_requests/:merge_request_iid/codequality_mr_diff_reports.json +``` + +Response: + +```json +{ + "files": { + "index.js": [ + { + "line": 1, + "description": "Unexpected 'debugger' statement.", + "severity": "major" + } + ] + } +} +``` + +### List new, resolved and existing merge request code quality findings + +Get a list of new, resolved, and existing code quality Findings, if any. + +```plaintext +GET /projects/:id/merge_requests/:merge_request_iid/codequality_reports.json +``` + +```json +{ + "status": "failed", + "new_errors": [ + { + "description": "Unexpected 'debugger' statement.", + "severity": "major", + "file_path": "index.js", + "line": 1, + "web_url": "https://gitlab.com/jannik_lehmann/code-quality-test/-/blob/ed1c1b3052fe6963beda0e416d5e2ba3378eb715/noise.rb#L12", + "engine_name": "eslint" + } + ], + "resolved_errors": [], + "existing_errors": [], + "summary": { "total": 1, "resolved": 0, "errored": 1 } +} +``` diff --git a/jest.config.base.js b/jest.config.base.js index d11b3a5c1e6..88ccee4d201 100644 --- a/jest.config.base.js +++ b/jest.config.base.js @@ -96,6 +96,10 @@ module.exports = (path, options = {}) => { const TEST_FIXTURES_RAW_LOADER_PATTERN = `(${TEST_FIXTURES_HOME}|${TEST_FIXTURES_STATIC_HOME}).*\\.html$`; const moduleNameMapper = { + [TEST_FIXTURES_PATTERN]: `<rootDir>${TEST_FIXTURES_HOME}$1`, + '^test_fixtures_static(/.*)$': `<rootDir>${TEST_FIXTURES_STATIC_HOME}$1`, + '\\.(svg|gif|png|mp4)(\\?\\w+)?$': '<rootDir>/spec/frontend/__mocks__/file_mock.js', + '\\.css$': '<rootDir>/spec/frontend/__mocks__/file_mock.js', '^~(/.*)\\?(worker|raw)$': '<rootDir>/app/assets/javascripts$1', '^(.*)\\?(worker|raw)$': '$1', '^~(/.*)$': '<rootDir>/app/assets/javascripts$1', @@ -109,10 +113,6 @@ module.exports = (path, options = {}) => { '^any_else_ce(/.*)$': '<rootDir>/app/assets/javascripts$1', '^helpers(/.*)$': '<rootDir>/spec/frontend/__helpers__$1', '^vendor(/.*)$': '<rootDir>/vendor/assets/javascripts$1', - [TEST_FIXTURES_PATTERN]: `<rootDir>${TEST_FIXTURES_HOME}$1`, - '^test_fixtures_static(/.*)$': `<rootDir>${TEST_FIXTURES_STATIC_HOME}$1`, - '\\.(jpg|jpeg|png|svg|css)$': '<rootDir>/spec/frontend/__mocks__/file_mock.js', - '\\.svg\\?url$': '<rootDir>/spec/frontend/__mocks__/file_mock.js', '^public(/.*)$': '<rootDir>/public$1', 'emojis(/.*).json': '<rootDir>/fixtures/emojis$1.json', '^spec/test_constants$': '<rootDir>/spec/frontend/__helpers__/test_constants', diff --git a/lib/gitlab/ci/parsers/security/common.rb b/lib/gitlab/ci/parsers/security/common.rb index f393d86dea4..447136df81f 100644 --- a/lib/gitlab/ci/parsers/security/common.rb +++ b/lib/gitlab/ci/parsers/security/common.rb @@ -123,6 +123,7 @@ module Gitlab uuid: uuid, report_type: report.type, name: finding_name(data, identifiers, location), + compare_key: data['cve'] || '', location: location, evidence: evidence, severity: parse_severity_level(data['severity']), diff --git a/lib/gitlab/ci/reports/security/finding.rb b/lib/gitlab/ci/reports/security/finding.rb index aad730349cd..bf48c7d0bb7 100644 --- a/lib/gitlab/ci/reports/security/finding.rb +++ b/lib/gitlab/ci/reports/security/finding.rb @@ -7,6 +7,7 @@ module Gitlab class Finding include ::VulnerabilityFindingHelpers + attr_reader :compare_key attr_reader :confidence attr_reader :identifiers attr_reader :flags @@ -32,10 +33,10 @@ module Gitlab delegate :file_path, :start_line, :end_line, to: :location - alias_method :compare_key, :uuid alias_method :cve, :compare_key - def initialize(identifiers:, flags: [], links: [], remediations: [], location:, evidence:, metadata_version:, name:, original_data:, report_type:, scanner:, scan:, uuid:, confidence: nil, severity: nil, details: {}, signatures: [], project_id: nil, vulnerability_finding_signatures_enabled: false, found_by_pipeline: nil) # rubocop:disable Metrics/ParameterLists + def initialize(compare_key:, identifiers:, flags: [], links: [], remediations: [], location:, evidence:, metadata_version:, name:, original_data:, report_type:, scanner:, scan:, uuid:, confidence: nil, severity: nil, details: {}, signatures: [], project_id: nil, vulnerability_finding_signatures_enabled: false, found_by_pipeline: nil) # rubocop:disable Metrics/ParameterLists + @compare_key = compare_key @confidence = confidence @identifiers = identifiers @flags = flags @@ -202,7 +203,7 @@ module Gitlab private def generate_project_fingerprint - Digest::SHA1.hexdigest(compare_key.to_s) + Digest::SHA1.hexdigest(compare_key) end def location_fingerprints diff --git a/lib/tasks/gitlab/db.rake b/lib/tasks/gitlab/db.rake index 34ccce3ba2f..a64273b9a26 100644 --- a/lib/tasks/gitlab/db.rake +++ b/lib/tasks/gitlab/db.rake @@ -473,7 +473,7 @@ namespace :gitlab do Gitlab::Database::SchemaValidation::TrackInconsistency.new( inconsistency, Project.find_by_full_path(gitlab_url), - User.support_bot + User.automation_bot ).execute puts inconsistency.inspect diff --git a/qa/qa/resource/base.rb b/qa/qa/resource/base.rb index 6c03f45bdfd..c05997d0405 100644 --- a/qa/qa/resource/base.rb +++ b/qa/qa/resource/base.rb @@ -182,11 +182,12 @@ module QA raise NotImplementedError end - def visit!(skip_resp_code_check: false) + def visit!(skip_finished_loading_check: false, skip_resp_code_check: false) Runtime::Logger.info("Visiting #{Rainbow(self.class.name).black.bg(:white)} at #{web_url}") # Just in case an async action is not yet complete - Support::WaitForRequests.wait_for_requests(skip_resp_code_check: skip_resp_code_check) + Support::WaitForRequests.wait_for_requests(skip_finished_loading_check: skip_finished_loading_check, + skip_resp_code_check: skip_resp_code_check) Support::Retrier.retry_until do visit(web_url) @@ -194,7 +195,8 @@ module QA end # Wait until the new page is ready for us to interact with it - Support::WaitForRequests.wait_for_requests(skip_resp_code_check: skip_resp_code_check) + Support::WaitForRequests.wait_for_requests(skip_finished_loading_check: skip_finished_loading_check, + skip_resp_code_check: skip_resp_code_check) end def populate(*attribute_names) diff --git a/qa/spec/resource/base_spec.rb b/qa/spec/resource/base_spec.rb index e0bfccf5e78..d7e16c1f84b 100644 --- a/qa/spec/resource/base_spec.rb +++ b/qa/spec/resource/base_spec.rb @@ -362,7 +362,8 @@ RSpec.describe QA::Resource::Base do it 'calls #visit with the underlying #web_url' do allow(resource).to receive(:current_url).and_return(subject.current_url) - expect(wait_for_requests_class).to receive(:wait_for_requests).with({ skip_resp_code_check: false }).twice + expect(wait_for_requests_class).to receive(:wait_for_requests).with({ skip_finished_loading_check: false, + skip_resp_code_check: false }).twice resource.web_url = subject.current_url resource.visit! @@ -372,12 +373,24 @@ RSpec.describe QA::Resource::Base do it 'calls #visit with the underlying #web_url with skip_resp_code_check specified as true' do allow(resource).to receive(:current_url).and_return(subject.current_url) - expect(wait_for_requests_class).to receive(:wait_for_requests).with({ skip_resp_code_check: true }).twice + expect(wait_for_requests_class).to receive(:wait_for_requests).with({ skip_finished_loading_check: false, + skip_resp_code_check: true }).twice resource.web_url = subject.current_url resource.visit!(skip_resp_code_check: true) expect(resource).to have_received(:visit).with(subject.current_url) end + + it 'calls #visit with the underlying #web_url with skip_finished_loading_check specified as true' do + allow(resource).to receive(:current_url).and_return(subject.current_url) + expect(wait_for_requests_class).to receive(:wait_for_requests).with({ skip_finished_loading_check: true, + skip_resp_code_check: false }).twice + + resource.web_url = subject.current_url + resource.visit!(skip_finished_loading_check: true) + + expect(resource).to have_received(:visit).with(subject.current_url) + end end end diff --git a/spec/factories/ci/reports/security/findings.rb b/spec/factories/ci/reports/security/findings.rb index 2641c618b09..c57a2dd479f 100644 --- a/spec/factories/ci/reports/security/findings.rb +++ b/spec/factories/ci/reports/security/findings.rb @@ -2,6 +2,7 @@ FactoryBot.define do factory :ci_reports_security_finding, class: '::Gitlab::Ci::Reports::Security::Finding' do + compare_key { "#{identifiers.first&.external_type}:#{identifiers.first&.external_id}:#{location.fingerprint}" } confidence { :medium } identifiers { Array.new(1) { association(:ci_reports_security_identifier) } } location factory: :ci_reports_security_locations_sast diff --git a/spec/fixtures/security_reports/master/gl-common-scanning-report.json b/spec/fixtures/security_reports/master/gl-common-scanning-report.json index d1f824b90fa..4c494963a79 100644 --- a/spec/fixtures/security_reports/master/gl-common-scanning-report.json +++ b/spec/fixtures/security_reports/master/gl-common-scanning-report.json @@ -90,7 +90,6 @@ "message": "Remediation for this vulnerability should remediate CVE-2140 as well", "description": "", "cve": "CVE-2139", - "id": "bb2fbeb1b71ea360ce3f86f001d4e84823c3ffe1a1f7d41ba7466b14cfa953d4", "severity": "High", "solution": "Upgrade to latest version.", "scanner": { @@ -133,7 +132,6 @@ "message": "Remediation for this vulnerability should remediate CVE-2139 as well", "description": "", "cve": "CVE-2140", - "id": "bb2fbeb1b71ea360ce3f86f001d4e84823c3ffe1a1f7d41ba7466b14cfa953d5", "severity": "High", "solution": "Upgrade to latest version.", "scanner": { @@ -441,10 +439,10 @@ { "fixes": [ { - "id": "bb2fbeb1b71ea360ce3f86f001d4e84823c3ffe1a1f7d41ba7466b14cfa953d4" + "cve": "CVE-2139" }, { - "id": "bb2fbeb1b71ea360ce3f86f001d4e84823c3ffe1a1f7d41ba7466b14cfa953d5" + "cve": "CVE-2140" } ], "summary": "this remediates CVE-2139 and CVE-2140", diff --git a/spec/lib/gitlab/ci/parsers/security/common_spec.rb b/spec/lib/gitlab/ci/parsers/security/common_spec.rb index bce82a5fb4a..421aa29f860 100644 --- a/spec/lib/gitlab/ci/parsers/security/common_spec.rb +++ b/spec/lib/gitlab/ci/parsers/security/common_spec.rb @@ -184,9 +184,8 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common, feature_category: :vulnera let(:artifact) { build(:ci_job_artifact, :common_security_report_with_blank_names) } context 'when message is provided' do - let(:finding) { report.findings.first } - it 'sets message from the report as a finding name' do + finding = report.findings.find { |x| x.compare_key == 'CVE-1020' } expected_name = Gitlab::Json.parse(finding.raw_metadata)['message'] expect(finding.name).to eq(expected_name) @@ -195,9 +194,8 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common, feature_category: :vulnera context 'when message is not provided' do context 'and name is provided' do - let(:finding) { report.findings.second } - it 'sets name from the report as a name' do + finding = report.findings.find { |x| x.compare_key == 'CVE-1030' } expected_name = Gitlab::Json.parse(finding.raw_metadata)['name'] expect(finding.name).to eq(expected_name) @@ -205,12 +203,11 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common, feature_category: :vulnera end context 'and name is not provided' do - let(:finding) { report.findings[2] } - context 'when location does not exist' do let(:location) { nil } it 'returns only identifier name' do + finding = report.findings.find { |x| x.compare_key == 'CVE-2017-11429' } expect(finding.name).to eq("CVE-2017-11429") end end @@ -218,22 +215,21 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common, feature_category: :vulnera context 'when location exists' do context 'when CVE identifier exists' do it 'combines identifier with location to create name' do + finding = report.findings.find { |x| x.compare_key == 'CVE-2017-11429' } expect(finding.name).to eq("CVE-2017-11429 in yarn.lock") end end context 'when CWE identifier exists' do - let(:finding) { report.findings[3] } - it 'combines identifier with location to create name' do + finding = report.findings.find { |x| x.compare_key == 'CWE-2017-11429' } expect(finding.name).to eq("CWE-2017-11429 in yarn.lock") end end context 'when neither CVE nor CWE identifier exist' do - let(:finding) { report.findings[4] } - it 'combines identifier with location to create name' do + finding = report.findings.find { |x| x.compare_key == 'OTHER-2017-11429' } expect(finding.name).to eq("other-2017-11429 in yarn.lock") end end @@ -244,9 +240,8 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common, feature_category: :vulnera describe 'parsing finding.details' do context 'when details are provided' do - let(:finding) { report.findings[4] } - it 'sets details from the report' do + finding = report.findings.find { |x| x.compare_key == 'CVE-1020' } expected_details = Gitlab::Json.parse(finding.raw_metadata)['details'] expect(finding.details).to eq(expected_details) @@ -254,9 +249,8 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common, feature_category: :vulnera end context 'when details are not provided' do - let(:finding) { report.findings[5] } - it 'sets empty hash' do + finding = report.findings.find { |x| x.compare_key == 'CVE-1030' } expect(finding.details).to eq({}) end end diff --git a/spec/lib/gitlab/ci/reports/security/report_spec.rb b/spec/lib/gitlab/ci/reports/security/report_spec.rb index dabee0f32de..d7f967f1c55 100644 --- a/spec/lib/gitlab/ci/reports/security/report_spec.rb +++ b/spec/lib/gitlab/ci/reports/security/report_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Gitlab::Ci::Reports::Security::Report, feature_category: :vulnerability_management do +RSpec.describe Gitlab::Ci::Reports::Security::Report do let_it_be(:pipeline) { create(:ci_pipeline) } let(:created_at) { 2.weeks.ago } @@ -89,7 +89,7 @@ RSpec.describe Gitlab::Ci::Reports::Security::Report, feature_category: :vulnera let(:other_report) do create( :ci_reports_security_report, - findings: [create(:ci_reports_security_finding)], + findings: [create(:ci_reports_security_finding, compare_key: 'other_finding')], scanners: [create(:ci_reports_security_scanner, external_id: 'other_scanner', name: 'Other Scanner')], identifiers: [create(:ci_reports_security_identifier, external_id: 'other_id', name: 'other_scanner')] ) diff --git a/spec/services/security/merge_reports_service_spec.rb b/spec/services/security/merge_reports_service_spec.rb index a101003a7dd..809d0b27c20 100644 --- a/spec/services/security/merge_reports_service_spec.rb +++ b/spec/services/security/merge_reports_service_spec.rb @@ -19,8 +19,7 @@ RSpec.describe Security::MergeReportsService, '#execute', feature_category: :cod build(:ci_reports_security_finding, identifiers: [identifier_1_primary, identifier_1_cve], scanner: scanner_1, - severity: :low, - uuid: '61eb8e3e-3be1-4d6c-ba26-4e0dd4f94610' + severity: :low ) end @@ -28,8 +27,7 @@ RSpec.describe Security::MergeReportsService, '#execute', feature_category: :cod build(:ci_reports_security_finding, identifiers: [identifier_1_primary, identifier_1_cve], scanner: scanner_1, - severity: :low, - uuid: '61eb8e3e-3be1-4d6c-ba26-4e0dd4f94611' + severity: :low ) end @@ -38,8 +36,7 @@ RSpec.describe Security::MergeReportsService, '#execute', feature_category: :cod identifiers: [identifier_2_primary, identifier_2_cve], location: build(:ci_reports_security_locations_sast, start_line: 32, end_line: 34), scanner: scanner_2, - severity: :medium, - uuid: '61eb8e3e-3be1-4d6c-ba26-4e0dd4f94612' + severity: :medium ) end @@ -48,8 +45,7 @@ RSpec.describe Security::MergeReportsService, '#execute', feature_category: :cod identifiers: [identifier_2_primary, identifier_2_cve], location: build(:ci_reports_security_locations_sast, start_line: 32, end_line: 34), scanner: scanner_2, - severity: :medium, - uuid: '61eb8e3e-3be1-4d6c-ba26-4e0dd4f94613' + severity: :medium ) end @@ -58,8 +54,7 @@ RSpec.describe Security::MergeReportsService, '#execute', feature_category: :cod identifiers: [identifier_2_primary, identifier_2_cve], location: build(:ci_reports_security_locations_sast, start_line: 42, end_line: 44), scanner: scanner_2, - severity: :medium, - uuid: '61eb8e3e-3be1-4d6c-ba26-4e0dd4f94614' + severity: :medium ) end @@ -67,8 +62,7 @@ RSpec.describe Security::MergeReportsService, '#execute', feature_category: :cod build(:ci_reports_security_finding, identifiers: [identifier_cwe], scanner: scanner_3, - severity: :high, - uuid: '61eb8e3e-3be1-4d6c-ba26-4e0dd4f94615' + severity: :high ) end @@ -76,8 +70,7 @@ RSpec.describe Security::MergeReportsService, '#execute', feature_category: :cod build(:ci_reports_security_finding, identifiers: [identifier_cwe], scanner: scanner_1, - severity: :critical, - uuid: '61eb8e3e-3be1-4d6c-ba26-4e0dd4f94616' + severity: :critical ) end @@ -85,8 +78,7 @@ RSpec.describe Security::MergeReportsService, '#execute', feature_category: :cod build(:ci_reports_security_finding, identifiers: [identifier_wasc], scanner: scanner_1, - severity: :medium, - uuid: '61eb8e3e-3be1-4d6c-ba26-4e0dd4f94617' + severity: :medium ) end @@ -94,8 +86,7 @@ RSpec.describe Security::MergeReportsService, '#execute', feature_category: :cod build(:ci_reports_security_finding, identifiers: [identifier_wasc], scanner: scanner_2, - severity: :critical, - uuid: '61eb8e3e-3be1-4d6c-ba26-4e0dd4f94618' + severity: :critical ) end @@ -199,8 +190,8 @@ RSpec.describe Security::MergeReportsService, '#execute', feature_category: :cod finding_cwe_2, finding_wasc_2, finding_cwe_1, - finding_id_2_loc_1, finding_id_2_loc_2, + finding_id_2_loc_1, finding_wasc_1, finding_id_1 ]) @@ -226,32 +217,9 @@ RSpec.describe Security::MergeReportsService, '#execute', feature_category: :cod let(:identifier_cve) { build(:ci_reports_security_identifier, external_id: 'CVE-2019-123', external_type: 'cve') } let(:identifier_semgrep) { build(:ci_reports_security_identifier, external_id: 'rules.bandit.B105', external_type: 'semgrep_id') } - let(:finding_id_1) do - build( - :ci_reports_security_finding, - identifiers: [identifier_bandit, identifier_cve], - scanner: bandit_scanner, - report_type: :sast, - uuid: '21ab978a-7052-5428-af0b-c7a4b3fe5020') - end - - let(:finding_id_2) do - build( - :ci_reports_security_finding, - identifiers: [identifier_cve], - scanner: semgrep_scanner, - report_type: :sast, - uuid: '21ab978a-7052-5428-af0b-c7a4b3fe5021') - end - - let(:finding_id_3) do - build( - :ci_reports_security_finding, - identifiers: [identifier_semgrep], - scanner: semgrep_scanner, - report_type: :sast, - uuid: '21ab978a-7052-5428-af0b-c7a4b3fe5022') - end + let(:finding_id_1) { build(:ci_reports_security_finding, identifiers: [identifier_bandit, identifier_cve], scanner: bandit_scanner, report_type: :sast) } + let(:finding_id_2) { build(:ci_reports_security_finding, identifiers: [identifier_cve], scanner: semgrep_scanner, report_type: :sast) } + let(:finding_id_3) { build(:ci_reports_security_finding, identifiers: [identifier_semgrep], scanner: semgrep_scanner, report_type: :sast) } let(:bandit_report) do build(:ci_reports_security_report, |