diff options
Diffstat (limited to 'spec/factories/ci/reports')
-rw-r--r-- | spec/factories/ci/reports/security/aggregated_reports.rb | 14 | ||||
-rw-r--r-- | spec/factories/ci/reports/security/finding_keys.rb | 18 | ||||
-rw-r--r-- | spec/factories/ci/reports/security/findings.rb | 54 | ||||
-rw-r--r-- | spec/factories/ci/reports/security/locations/sast.rb | 23 | ||||
-rw-r--r-- | spec/factories/ci/reports/security/reports.rb | 28 |
5 files changed, 137 insertions, 0 deletions
diff --git a/spec/factories/ci/reports/security/aggregated_reports.rb b/spec/factories/ci/reports/security/aggregated_reports.rb new file mode 100644 index 00000000000..eb678dc9766 --- /dev/null +++ b/spec/factories/ci/reports/security/aggregated_reports.rb @@ -0,0 +1,14 @@ +# frozen_string_literal: true + +FactoryBot.define do + factory :ci_reports_security_aggregated_reports, class: '::Gitlab::Ci::Reports::Security::AggregatedReport' do + reports { FactoryBot.build_list(:ci_reports_security_report, 1) } + findings { FactoryBot.build_list(:ci_reports_security_finding, 1) } + + skip_create + + initialize_with do + ::Gitlab::Ci::Reports::Security::AggregatedReport.new(reports, findings) + end + end +end diff --git a/spec/factories/ci/reports/security/finding_keys.rb b/spec/factories/ci/reports/security/finding_keys.rb new file mode 100644 index 00000000000..f00a043012e --- /dev/null +++ b/spec/factories/ci/reports/security/finding_keys.rb @@ -0,0 +1,18 @@ +# frozen_string_literal: true + +FactoryBot.define do + factory :ci_reports_security_finding_key, class: '::Gitlab::Ci::Reports::Security::FindingKey' do + sequence :location_fingerprint do |a| + Digest::SHA1.hexdigest(a.to_s) + end + sequence :identifier_fingerprint do |a| + Digest::SHA1.hexdigest(a.to_s) + end + + skip_create + + initialize_with do + ::Gitlab::Ci::Reports::Security::FindingKey.new(**attributes) + end + end +end diff --git a/spec/factories/ci/reports/security/findings.rb b/spec/factories/ci/reports/security/findings.rb new file mode 100644 index 00000000000..e3971bc48f3 --- /dev/null +++ b/spec/factories/ci/reports/security/findings.rb @@ -0,0 +1,54 @@ +# frozen_string_literal: true + +FactoryBot.define do + factory :ci_reports_security_finding, class: '::Gitlab::Ci::Reports::Security::Finding' do + compare_key { "#{identifiers.first&.external_type}:#{identifiers.first&.external_id}:#{location.fingerprint}" } + confidence { :medium } + identifiers { Array.new(1) { association(:ci_reports_security_identifier) } } + location factory: :ci_reports_security_locations_sast + metadata_version { 'sast:1.0' } + name { 'Cipher with no integrity' } + report_type { :sast } + raw_metadata do + { + description: "The cipher does not provide data integrity update 1", + solution: "GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.", + location: { + file: "maven/src/main/java/com/gitlab/security_products/tests/App.java", + start_line: 29, + end_line: 29, + class: "com.gitlab.security_products.tests.App", + method: "insecureCypher" + }, + links: [ + { + name: "Cipher does not check for integrity first?", + url: "https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first" + } + ] + }.to_json + end + scanner factory: :ci_reports_security_scanner + severity { :high } + scan factory: :ci_reports_security_scan + sequence(:uuid) do |n| + ::Security::VulnerabilityUUID.generate( + report_type: report_type, + primary_identifier_fingerprint: identifiers.first&.fingerprint, + location_fingerprint: location.fingerprint, + project_id: n + ) + end + vulnerability_finding_signatures_enabled { false } + + skip_create + + trait :dynamic do + location { association(:ci_reports_security_locations_sast, :dynamic) } + end + + initialize_with do + ::Gitlab::Ci::Reports::Security::Finding.new(**attributes) + end + end +end diff --git a/spec/factories/ci/reports/security/locations/sast.rb b/spec/factories/ci/reports/security/locations/sast.rb new file mode 100644 index 00000000000..59b54ecd8f2 --- /dev/null +++ b/spec/factories/ci/reports/security/locations/sast.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +FactoryBot.define do + factory :ci_reports_security_locations_sast, class: '::Gitlab::Ci::Reports::Security::Locations::Sast' do + file_path { 'maven/src/main/java/com/gitlab/security_products/tests/App.java' } + start_line { 29 } + end_line { 31 } + class_name { 'com.gitlab.security_products.tests.App' } + method_name { 'insecureCypher' } + + skip_create + + initialize_with do + ::Gitlab::Ci::Reports::Security::Locations::Sast.new(**attributes) + end + + trait :dynamic do + sequence(:file_path, 'a') { |n| "path/#{n}" } + start_line { Random.rand(20) } + end_line { start_line + Random.rand(5) } + end + end +end diff --git a/spec/factories/ci/reports/security/reports.rb b/spec/factories/ci/reports/security/reports.rb new file mode 100644 index 00000000000..5699b8fee3e --- /dev/null +++ b/spec/factories/ci/reports/security/reports.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +FactoryBot.define do + factory :ci_reports_security_report, class: '::Gitlab::Ci::Reports::Security::Report' do + type { :sast } + pipeline { association(:ci_pipeline) } + created_at { 2.weeks.ago } + scanned_resources { [] } + + transient do + findings { [] } + scanners { [] } + identifiers { [] } + end + + after :build do |report, evaluator| + evaluator.scanners.each { |s| report.add_scanner(s) } + evaluator.identifiers.each { |id| report.add_identifier(id) } + evaluator.findings.each { |o| report.add_finding(o) } + end + + skip_create + + initialize_with do + ::Gitlab::Ci::Reports::Security::Report.new(type, pipeline, created_at) + end + end +end |