summaryrefslogtreecommitdiff
path: root/spec/lib/gitlab/ci/parsers/security/validators/schema_validator_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/lib/gitlab/ci/parsers/security/validators/schema_validator_spec.rb')
-rw-r--r--spec/lib/gitlab/ci/parsers/security/validators/schema_validator_spec.rb176
1 files changed, 42 insertions, 134 deletions
diff --git a/spec/lib/gitlab/ci/parsers/security/validators/schema_validator_spec.rb b/spec/lib/gitlab/ci/parsers/security/validators/schema_validator_spec.rb
index 5fbaae58a73..18ac8a7b42b 100644
--- a/spec/lib/gitlab/ci/parsers/security/validators/schema_validator_spec.rb
+++ b/spec/lib/gitlab/ci/parsers/security/validators/schema_validator_spec.rb
@@ -5,20 +5,7 @@ require 'spec_helper'
RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, feature_category: :vulnerability_management do
let_it_be(:project) { create(:project) }
- let(:current_dast_versions) { described_class::CURRENT_VERSIONS[:dast].join(', ') }
let(:supported_dast_versions) { described_class::SUPPORTED_VERSIONS[:dast].join(', ') }
- let(:deprecated_schema_version_message) {}
- let(:missing_schema_version_message) do
- "Report version not provided, dast report type supports versions: #{supported_dast_versions}"
- end
-
- let(:scanner) do
- {
- 'id' => 'gemnasium',
- 'name' => 'Gemnasium',
- 'version' => '2.1.0'
- }
- end
let(:analyzer_vendor) do
{ 'name' => 'A DAST analyzer' }
@@ -28,7 +15,18 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
{ 'name' => 'A DAST scanner' }
end
- let(:report_data) do
+ let(:scanner) do
+ {
+ 'id' => 'my-dast-scanner',
+ 'name' => 'My DAST scanner',
+ 'version' => '0.2.0',
+ 'vendor' => scanner_vendor
+ }
+ end
+
+ let(:report_type) { :dast }
+
+ let(:valid_data) do
{
'scan' => {
'analyzer' => {
@@ -39,21 +37,18 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
},
'end_time' => '2020-01-28T03:26:02',
'scanned_resources' => [],
- 'scanner' => {
- 'id' => 'my-dast-scanner',
- 'name' => 'My DAST scanner',
- 'version' => '0.2.0',
- 'vendor' => scanner_vendor
- },
+ 'scanner' => scanner,
'start_time' => '2020-01-28T03:26:01',
'status' => 'success',
- 'type' => 'dast'
+ 'type' => report_type.to_s
},
'version' => report_version,
'vulnerabilities' => []
}
end
+ let(:report_data) { valid_data }
+
let(:validator) { described_class.new(report_type, report_data, report_version, project: project, scanner: scanner) }
shared_examples 'report is valid' do
@@ -70,8 +65,8 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
security_report_version: report_version,
project_id: project.id,
security_report_failure: security_report_failure,
- security_report_scanner_id: 'gemnasium',
- security_report_scanner_version: '2.1.0'
+ security_report_scanner_id: scanner['id'],
+ security_report_scanner_version: scanner['version']
)
subject
@@ -142,7 +137,6 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
subject { validator.valid? }
context 'when given a supported MAJOR.MINOR schema version' do
- let(:report_type) { :dast }
let(:report_version) do
latest_vendored_version = described_class::SUPPORTED_VERSIONS[report_type].last.split(".")
(latest_vendored_version[0...2] << "34").join(".")
@@ -153,7 +147,6 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
end
context 'when given a supported schema version' do
- let(:report_type) { :dast }
let(:report_version) { described_class::SUPPORTED_VERSIONS[report_type].last }
it_behaves_like 'report is valid'
@@ -161,7 +154,6 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
end
context 'when given a deprecated schema version' do
- let(:report_type) { :dast }
let(:deprecations_hash) do
{
dast: %w[10.0.0]
@@ -175,13 +167,6 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
end
context 'and the report passes schema validation' do
- let(:report_data) do
- {
- 'version' => '10.0.0',
- 'vulnerabilities' => []
- }
- end
-
let(:security_report_failure) { 'using_deprecated_schema_version' }
it { is_expected.to be_truthy }
@@ -191,9 +176,8 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
context 'and the report does not pass schema validation' do
let(:report_data) do
- {
- 'version' => 'V2.7.0'
- }
+ valid_data.delete('vulnerabilities')
+ valid_data
end
it { is_expected.to be_falsey }
@@ -201,17 +185,9 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
end
context 'when given an unsupported schema version' do
- let(:report_type) { :dast }
let(:report_version) { "12.37.0" }
context 'and the report is valid' do
- let(:report_data) do
- {
- 'version' => report_version,
- 'vulnerabilities' => []
- }
- end
-
let(:security_report_failure) { 'using_unsupported_schema_version' }
it { is_expected.to be_falsey }
@@ -259,8 +235,8 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
end
context 'when not given a schema version' do
- let(:report_type) { :dast }
let(:report_version) { nil }
+
let(:report_data) do
{
'vulnerabilities' => []
@@ -285,21 +261,19 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
subject { validator.errors }
context 'when given a supported schema version' do
- let(:report_type) { :dast }
let(:report_version) { described_class::SUPPORTED_VERSIONS[report_type].last }
it_behaves_like 'report is valid with no error'
context 'and the report is invalid' do
let(:report_data) do
- {
- 'version' => report_version
- }
+ valid_data.delete('vulnerabilities')
+ valid_data
end
let(:expected_errors) do
[
- 'root is missing required keys: scan, vulnerabilities'
+ 'root is missing required keys: vulnerabilities'
]
end
@@ -308,7 +282,6 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
end
context 'when given a deprecated schema version' do
- let(:report_type) { :dast }
let(:deprecations_hash) do
{
dast: %w[10.0.0]
@@ -325,9 +298,9 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
context 'and the report does not pass schema validation' do
let(:report_data) do
- {
- 'version' => 'V2.7.0'
- }
+ valid_data['version'] = "V2.7.0"
+ valid_data.delete('vulnerabilities')
+ valid_data
end
let(:expected_errors) do
@@ -342,7 +315,6 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
end
context 'when given an unsupported schema version' do
- let(:report_type) { :dast }
let(:report_version) { "12.37.0" }
let(:expected_unsupported_message) do
"Version #{report_version} for report type #{report_type} is unsupported, supported versions for this report type are: "\
@@ -351,13 +323,6 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
end
context 'and the report is valid' do
- let(:report_data) do
- {
- 'version' => report_version,
- 'vulnerabilities' => []
- }
- end
-
let(:expected_errors) do
[
expected_unsupported_message
@@ -369,9 +334,8 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
context 'and the report is invalid' do
let(:report_data) do
- {
- 'version' => report_version
- }
+ valid_data.delete('vulnerabilities')
+ valid_data
end
let(:expected_errors) do
@@ -386,7 +350,6 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
end
context 'when not given a schema version' do
- let(:report_type) { :dast }
let(:report_version) { nil }
let(:expected_missing_version_message) do
"Report version not provided, #{report_type} report type supports versions: #{supported_dast_versions}. GitLab "\
@@ -395,9 +358,8 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
end
let(:report_data) do
- {
- 'vulnerabilities' => []
- }
+ valid_data.delete('version')
+ valid_data
end
let(:expected_errors) do
@@ -413,13 +375,6 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
shared_examples 'report is valid with no warning' do
context 'and the report is valid' do
- let(:report_data) do
- {
- 'version' => report_version,
- 'vulnerabilities' => []
- }
- end
-
it { is_expected.to be_empty }
end
end
@@ -432,25 +387,16 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
subject { validator.deprecation_warnings }
context 'when given a supported schema version' do
- let(:report_type) { :dast }
let(:report_version) { described_class::SUPPORTED_VERSIONS[report_type].last }
context 'and the report is valid' do
- let(:report_data) do
- {
- 'version' => report_version,
- 'vulnerabilities' => []
- }
- end
-
it { is_expected.to be_empty }
end
context 'and the report is invalid' do
let(:report_data) do
- {
- 'version' => report_version
- }
+ valid_data.delete('vulnerabilities')
+ valid_data
end
it { is_expected.to be_empty }
@@ -458,7 +404,6 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
end
context 'when given a deprecated schema version' do
- let(:report_type) { :dast }
let(:deprecations_hash) do
{
dast: %w[V2.7.0]
@@ -466,6 +411,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
end
let(:report_version) { described_class::DEPRECATED_VERSIONS[report_type].last }
+ let(:current_dast_versions) { described_class::CURRENT_VERSIONS[:dast].join(', ') }
let(:expected_deprecation_message) do
"version #{report_version} for report type #{report_type} is deprecated. "\
"However, GitLab will still attempt to parse and ingest this report. "\
@@ -483,21 +429,14 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
end
context 'and the report passes schema validation' do
- let(:report_data) do
- {
- 'version' => report_version,
- 'vulnerabilities' => []
- }
- end
-
it_behaves_like 'report with expected warnings'
end
context 'and the report does not pass schema validation' do
let(:report_data) do
- {
- 'version' => 'V2.7.0'
- }
+ valid_data['version'] = "V2.7.0"
+ valid_data.delete('vulnerabilities')
+ valid_data
end
it_behaves_like 'report with expected warnings'
@@ -521,15 +460,8 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
end
context 'when given an unsupported schema version' do
- let(:report_type) { :dast }
let(:report_version) { "21.37.0" }
let(:expected_deprecation_warnings) { [] }
- let(:report_data) do
- {
- 'version' => report_version,
- 'vulnerabilities' => []
- }
- end
it_behaves_like 'report with expected warnings'
end
@@ -539,7 +471,6 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
subject { validator.warnings }
context 'when given a supported MAJOR.MINOR schema version' do
- let(:report_type) { :dast }
let(:report_version) do
latest_vendored_version = described_class::SUPPORTED_VERSIONS[report_type].last.split(".")
(latest_vendored_version[0...2] << "34").join(".")
@@ -559,13 +490,6 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
end
context 'and the report is valid' do
- let(:report_data) do
- {
- 'version' => report_version,
- 'vulnerabilities' => []
- }
- end
-
it { is_expected.to match_array([message]) }
context 'without license', unless: Gitlab.ee? do
@@ -607,7 +531,6 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
end
context 'when given a supported schema version' do
- let(:report_type) { :dast }
let(:report_version) { described_class::SUPPORTED_VERSIONS[report_type].last }
it_behaves_like 'report is valid with no warning'
@@ -624,34 +547,26 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
end
context 'when given a deprecated schema version' do
- let(:report_type) { :dast }
+ let(:deprecated_version) { '14.1.3' }
+ let(:report_version) { deprecated_version }
let(:deprecations_hash) do
{
- dast: %w[V2.7.0]
+ dast: %w[deprecated_version]
}
end
- let(:report_version) { described_class::DEPRECATED_VERSIONS[report_type].last }
-
before do
stub_const("#{described_class}::DEPRECATED_VERSIONS", deprecations_hash)
end
context 'and the report passes schema validation' do
- let(:report_data) do
- {
- 'vulnerabilities' => []
- }
- end
-
it { is_expected.to be_empty }
end
context 'and the report does not pass schema validation' do
let(:report_data) do
- {
- 'version' => 'V2.7.0'
- }
+ valid_data.delete('vulnerabilities')
+ valid_data
end
it { is_expected.to be_empty }
@@ -659,7 +574,6 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
end
context 'when given an unsupported schema version' do
- let(:report_type) { :dast }
let(:report_version) { "12.37.0" }
it_behaves_like 'report is valid with no warning'
@@ -676,13 +590,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
end
context 'when not given a schema version' do
- let(:report_type) { :dast }
let(:report_version) { nil }
- let(:report_data) do
- {
- 'vulnerabilities' => []
- }
- end
it { is_expected.to be_empty }
end
View Lorry Controller Status