Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/lib/gitlab/ci/parsers/security/common_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/lib/gitlab/ci/parsers/security/common_spec.rb')
-rw-r--r--spec/lib/gitlab/ci/parsers/security/common_spec.rb236
1 files changed, 108 insertions, 128 deletions
diff --git a/spec/lib/gitlab/ci/parsers/security/common_spec.rb b/spec/lib/gitlab/ci/parsers/security/common_spec.rb
index 1e96c717a4f..dfc5dec1481 100644
--- a/spec/lib/gitlab/ci/parsers/security/common_spec.rb
+++ b/spec/lib/gitlab/ci/parsers/security/common_spec.rb
@@ -4,6 +4,18 @@ require 'spec_helper'
RSpec.describe Gitlab::Ci::Parsers::Security::Common do
describe '#parse!' do
+ let_it_be(:scanner_data) do
+ {
+ scan: {
+ scanner: {
+ id: "gemnasium",
+ name: "Gemnasium",
+ version: "2.1.0"
+ }
+ }
+ }
+ end
+
where(vulnerability_finding_signatures_enabled: [true, false])
with_them do
let_it_be(:pipeline) { create(:ci_pipeline) }
@@ -30,7 +42,9 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do
describe 'schema validation' do
let(:validator_class) { Gitlab::Ci::Parsers::Security::Validators::SchemaValidator }
- let(:parser) { described_class.new('{}', report, vulnerability_finding_signatures_enabled, validate: validate) }
+ let(:data) { {}.merge(scanner_data) }
+ let(:json_data) { data.to_json }
+ let(:parser) { described_class.new(json_data, report, vulnerability_finding_signatures_enabled, validate: validate) }
subject(:parse_report) { parser.parse! }
@@ -38,172 +52,138 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do
allow(validator_class).to receive(:new).and_call_original
end
- context 'when show_report_validation_warnings is enabled' do
- before do
- stub_feature_flags(show_report_validation_warnings: true)
- end
-
- context 'when the validate flag is set to `false`' do
- let(:validate) { false }
- let(:valid?) { false }
- let(:errors) { ['foo'] }
-
- before do
- allow_next_instance_of(validator_class) do |instance|
- allow(instance).to receive(:valid?).and_return(valid?)
- allow(instance).to receive(:errors).and_return(errors)
- end
-
- allow(parser).to receive_messages(create_scanner: true, create_scan: true)
- end
-
- it 'instantiates the validator with correct params' do
- parse_report
-
- expect(validator_class).to have_received(:new).with(report.type, {}, report.version)
- end
-
- context 'when the report data is not valid according to the schema' do
- it 'adds warnings to the report' do
- expect { parse_report }.to change { report.warnings }.from([]).to([{ message: 'foo', type: 'Schema' }])
- end
-
- it 'keeps the execution flow as normal' do
- parse_report
+ context 'when the validate flag is set to `false`' do
+ let(:validate) { false }
+ let(:valid?) { false }
+ let(:errors) { ['foo'] }
+ let(:warnings) { ['bar'] }
- expect(parser).to have_received(:create_scanner)
- expect(parser).to have_received(:create_scan)
- end
+ before do
+ allow_next_instance_of(validator_class) do |instance|
+ allow(instance).to receive(:valid?).and_return(valid?)
+ allow(instance).to receive(:errors).and_return(errors)
+ allow(instance).to receive(:warnings).and_return(warnings)
end
- context 'when the report data is valid according to the schema' do
- let(:valid?) { true }
- let(:errors) { [] }
-
- it 'does not add warnings to the report' do
- expect { parse_report }.not_to change { report.errors }
- end
-
- it 'keeps the execution flow as normal' do
- parse_report
-
- expect(parser).to have_received(:create_scanner)
- expect(parser).to have_received(:create_scan)
- end
- end
+ allow(parser).to receive_messages(create_scanner: true, create_scan: true)
end
- context 'when the validate flag is set to `true`' do
- let(:validate) { true }
- let(:valid?) { false }
- let(:errors) { ['foo'] }
+ it 'instantiates the validator with correct params' do
+ parse_report
- before do
- allow_next_instance_of(validator_class) do |instance|
- allow(instance).to receive(:valid?).and_return(valid?)
- allow(instance).to receive(:errors).and_return(errors)
- end
+ expect(validator_class).to have_received(:new).with(
+ report.type,
+ data.deep_stringify_keys,
+ report.version,
+ project: pipeline.project,
+ scanner: data.dig(:scan, :scanner).deep_stringify_keys
+ )
+ end
- allow(parser).to receive_messages(create_scanner: true, create_scan: true)
+ context 'when the report data is not valid according to the schema' do
+ it 'adds warnings to the report' do
+ expect { parse_report }.to change { report.warnings }.from([]).to(
+ [
+ { message: 'foo', type: 'Schema' },
+ { message: 'bar', type: 'Schema' }
+ ]
+ )
end
- it 'instantiates the validator with correct params' do
+ it 'keeps the execution flow as normal' do
parse_report
- expect(validator_class).to have_received(:new).with(report.type, {}, report.version)
+ expect(parser).to have_received(:create_scanner)
+ expect(parser).to have_received(:create_scan)
end
+ end
- context 'when the report data is not valid according to the schema' do
- it 'adds errors to the report' do
- expect { parse_report }.to change { report.errors }.from([]).to([{ message: 'foo', type: 'Schema' }])
- end
-
- it 'does not try to create report entities' do
- parse_report
+ context 'when the report data is valid according to the schema' do
+ let(:valid?) { true }
+ let(:errors) { [] }
+ let(:warnings) { [] }
- expect(parser).not_to have_received(:create_scanner)
- expect(parser).not_to have_received(:create_scan)
- end
+ it 'does not add errors to the report' do
+ expect { parse_report }.not_to change { report.errors }
end
- context 'when the report data is valid according to the schema' do
- let(:valid?) { true }
- let(:errors) { [] }
-
- it 'does not add errors to the report' do
- expect { parse_report }.not_to change { report.errors }.from([])
- end
+ it 'does not add warnings to the report' do
+ expect { parse_report }.not_to change { report.warnings }
+ end
- it 'keeps the execution flow as normal' do
- parse_report
+ it 'keeps the execution flow as normal' do
+ parse_report
- expect(parser).to have_received(:create_scanner)
- expect(parser).to have_received(:create_scan)
- end
+ expect(parser).to have_received(:create_scanner)
+ expect(parser).to have_received(:create_scan)
end
end
end
- context 'when show_report_validation_warnings is disabled' do
- before do
- stub_feature_flags(show_report_validation_warnings: false)
- end
-
- context 'when the validate flag is set as `false`' do
- let(:validate) { false }
+ context 'when the validate flag is set to `true`' do
+ let(:validate) { true }
+ let(:valid?) { false }
+ let(:errors) { ['foo'] }
+ let(:warnings) { ['bar'] }
- it 'does not run the validation logic' do
- parse_report
-
- expect(validator_class).not_to have_received(:new)
+ before do
+ allow_next_instance_of(validator_class) do |instance|
+ allow(instance).to receive(:valid?).and_return(valid?)
+ allow(instance).to receive(:errors).and_return(errors)
+ allow(instance).to receive(:warnings).and_return(warnings)
end
+
+ allow(parser).to receive_messages(create_scanner: true, create_scan: true)
end
- context 'when the validate flag is set as `true`' do
- let(:validate) { true }
- let(:valid?) { false }
+ it 'instantiates the validator with correct params' do
+ parse_report
- before do
- allow_next_instance_of(validator_class) do |instance|
- allow(instance).to receive(:valid?).and_return(valid?)
- allow(instance).to receive(:errors).and_return(['foo'])
- end
+ expect(validator_class).to have_received(:new).with(
+ report.type,
+ data.deep_stringify_keys,
+ report.version,
+ project: pipeline.project,
+ scanner: data.dig(:scan, :scanner).deep_stringify_keys
+ )
+ end
- allow(parser).to receive_messages(create_scanner: true, create_scan: true)
+ context 'when the report data is not valid according to the schema' do
+ it 'adds errors to the report' do
+ expect { parse_report }.to change { report.errors }.from([]).to(
+ [
+ { message: 'foo', type: 'Schema' },
+ { message: 'bar', type: 'Schema' }
+ ]
+ )
end
- it 'instantiates the validator with correct params' do
+ it 'does not try to create report entities' do
parse_report
- expect(validator_class).to have_received(:new).with(report.type, {}, report.version)
+ expect(parser).not_to have_received(:create_scanner)
+ expect(parser).not_to have_received(:create_scan)
end
+ end
- context 'when the report data is not valid according to the schema' do
- it 'adds errors to the report' do
- expect { parse_report }.to change { report.errors }.from([]).to([{ message: 'foo', type: 'Schema' }])
- end
-
- it 'does not try to create report entities' do
- parse_report
+ context 'when the report data is valid according to the schema' do
+ let(:valid?) { true }
+ let(:errors) { [] }
+ let(:warnings) { [] }
- expect(parser).not_to have_received(:create_scanner)
- expect(parser).not_to have_received(:create_scan)
- end
+ it 'does not add errors to the report' do
+ expect { parse_report }.not_to change { report.errors }.from([])
end
- context 'when the report data is valid according to the schema' do
- let(:valid?) { true }
-
- it 'does not add errors to the report' do
- expect { parse_report }.not_to change { report.errors }.from([])
- end
+ it 'does not add warnings to the report' do
+ expect { parse_report }.not_to change { report.warnings }.from([])
+ end
- it 'keeps the execution flow as normal' do
- parse_report
+ it 'keeps the execution flow as normal' do
+ parse_report
- expect(parser).to have_received(:create_scanner)
- expect(parser).to have_received(:create_scan)
- end
+ expect(parser).to have_received(:create_scanner)
+ expect(parser).to have_received(:create_scan)
end
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-16 13:56:29 +0300