diff options
Diffstat (limited to 'lib/gitlab/ci/parsers/security/common.rb')
-rw-r--r-- | lib/gitlab/ci/parsers/security/common.rb | 45 |
1 files changed, 22 insertions, 23 deletions
diff --git a/lib/gitlab/ci/parsers/security/common.rb b/lib/gitlab/ci/parsers/security/common.rb index da7faaab6ff..0c117d5f214 100644 --- a/lib/gitlab/ci/parsers/security/common.rb +++ b/lib/gitlab/ci/parsers/security/common.rb @@ -44,31 +44,15 @@ module Gitlab attr_reader :json_data, :report, :validate def valid? - # We want validation to happen regardless of VALIDATE_SCHEMA - # CI variable. - # - # Previously it controlled BOTH validation and enforcement of - # schema validation result. - # - # After 15.0 we will enforce schema validation by default - # See: https://gitlab.com/groups/gitlab-org/-/epics/6968 - schema_validator.deprecation_warnings.each { |deprecation_warning| report.add_warning('Schema', deprecation_warning) } - - if validate - schema_validation_passed = schema_validator.valid? + return true unless validate - # Validation warnings are errors - schema_validator.errors.each { |error| report.add_error('Schema', error) } - schema_validator.warnings.each { |warning| report.add_error('Schema', warning) } + schema_validation_passed = schema_validator.valid? - schema_validation_passed - else - # Validation warnings are warnings - schema_validator.errors.each { |error| report.add_warning('Schema', error) } - schema_validator.warnings.each { |warning| report.add_warning('Schema', warning) } + schema_validator.errors.each { |error| report.add_error('Schema', error) } + schema_validator.deprecation_warnings.each { |deprecation_warning| report.add_warning('Schema', deprecation_warning) } + schema_validator.warnings.each { |warning| report.add_warning('Schema', warning) } - true - end + schema_validation_passed end def schema_validator @@ -216,7 +200,22 @@ module Gitlab external_id: scanner_data['id'], name: scanner_data['name'], vendor: scanner_data.dig('vendor', 'name'), - version: scanner_data.dig('version'))) + version: scanner_data.dig('version'), + primary_identifiers: create_scan_primary_identifiers)) + end + + # TODO: primary_identifiers should be initialized on the + # scan itself but we do not currently parse scans through `MergeReportsService` + def create_scan_primary_identifiers + return unless scan_data.is_a?(Hash) && scan_data.dig('primary_identifiers') + + scan_data.dig('primary_identifiers').map do |identifier| + ::Gitlab::Ci::Reports::Security::Identifier.new( + external_type: identifier['type'], + external_id: identifier['value'], + name: identifier['name'], + url: identifier['url']) + end end def create_identifiers(identifiers) |