diff options
Diffstat (limited to 'spec/lib/gitlab/ci/parsers/security/validators')
-rw-r--r-- | spec/lib/gitlab/ci/parsers/security/validators/schema_validator_spec.rb | 273 |
1 files changed, 117 insertions, 156 deletions
diff --git a/spec/lib/gitlab/ci/parsers/security/validators/schema_validator_spec.rb b/spec/lib/gitlab/ci/parsers/security/validators/schema_validator_spec.rb index 7828aa99f6a..e730afc72b5 100644 --- a/spec/lib/gitlab/ci/parsers/security/validators/schema_validator_spec.rb +++ b/spec/lib/gitlab/ci/parsers/security/validators/schema_validator_spec.rb @@ -19,8 +19,72 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do } end + let(:report_data) do + { + 'scan' => { + 'analyzer' => { + 'id' => 'my-dast-analyzer', + 'name' => 'My DAST analyzer', + 'version' => '0.1.0', + 'vendor' => { 'name' => 'A DAST analyzer' } + }, + 'end_time' => '2020-01-28T03:26:02', + 'scanned_resources' => [], + 'scanner' => { + 'id' => 'my-dast-scanner', + 'name' => 'My DAST scanner', + 'version' => '0.2.0', + 'vendor' => { 'name' => 'A DAST scanner' } + }, + 'start_time' => '2020-01-28T03:26:01', + 'status' => 'success', + 'type' => 'dast' + }, + 'version' => report_version, + 'vulnerabilities' => [] + } + end + let(:validator) { described_class.new(report_type, report_data, report_version, project: project, scanner: scanner) } + shared_examples 'report is valid' do + context 'and the report is valid' do + it { is_expected.to be_truthy } + end + end + + shared_examples 'logs related information' do + it 'logs related information' do + expect(Gitlab::AppLogger).to receive(:info).with( + message: "security report schema validation problem", + security_report_type: report_type, + security_report_version: report_version, + project_id: project.id, + security_report_failure: security_report_failure, + security_report_scanner_id: 'gemnasium', + security_report_scanner_version: '2.1.0' + ) + + subject + end + end + + shared_examples 'report is invalid' do + context 'and the report is invalid' do + let(:report_data) do + { + 'version' => report_version + } + end + + let(:security_report_failure) { 'schema_validation_fails' } + + it { is_expected.to be_falsey } + + it_behaves_like 'logs related information' + end + end + describe 'SUPPORTED_VERSIONS' do schema_path = Rails.root.join("lib", "gitlab", "ci", "parsers", "security", "validators", "schemas") @@ -75,80 +139,16 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do (latest_vendored_version[0...2] << "34").join(".") end - context 'and the report is valid' do - let(:report_data) do - { - 'version' => report_version, - 'vulnerabilities' => [] - } - end - - it { is_expected.to be_truthy } - end - - context 'and the report is invalid' do - let(:report_data) do - { - 'version' => report_version - } - end - - it { is_expected.to be_falsey } - - it 'logs related information' do - expect(Gitlab::AppLogger).to receive(:info).with( - message: "security report schema validation problem", - security_report_type: report_type, - security_report_version: report_version, - project_id: project.id, - security_report_failure: 'schema_validation_fails', - security_report_scanner_id: 'gemnasium', - security_report_scanner_version: '2.1.0' - ) - - subject - end - end + it_behaves_like 'report is valid' + it_behaves_like 'report is invalid' end context 'when given a supported schema version' do let(:report_type) { :dast } let(:report_version) { described_class::SUPPORTED_VERSIONS[report_type].last } - context 'and the report is valid' do - let(:report_data) do - { - 'version' => report_version, - 'vulnerabilities' => [] - } - end - - it { is_expected.to be_truthy } - end - - context 'and the report is invalid' do - let(:report_data) do - { - 'version' => report_version - } - end - - it { is_expected.to be_falsey } - - it 'logs related information' do - expect(Gitlab::AppLogger).to receive(:info).with( - message: "security report schema validation problem", - security_report_type: report_type, - security_report_version: report_version, - project_id: project.id, - security_report_failure: 'schema_validation_fails', - security_report_scanner_id: 'gemnasium', - security_report_scanner_version: '2.1.0' - ) - - subject - end - end + it_behaves_like 'report is valid' + it_behaves_like 'report is invalid' end context 'when given a deprecated schema version' do @@ -173,21 +173,11 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do } end + let(:security_report_failure) { 'using_deprecated_schema_version' } + it { is_expected.to be_truthy } - it 'logs related information' do - expect(Gitlab::AppLogger).to receive(:info).with( - message: "security report schema validation problem", - security_report_type: report_type, - security_report_version: report_version, - project_id: project.id, - security_report_failure: 'using_deprecated_schema_version', - security_report_scanner_id: 'gemnasium', - security_report_scanner_version: '2.1.0' - ) - - subject - end + it_behaves_like 'logs related information' end context 'and the report does not pass schema validation' do @@ -213,21 +203,11 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do } end + let(:security_report_failure) { 'using_unsupported_schema_version' } + it { is_expected.to be_falsey } - it 'logs related information' do - expect(Gitlab::AppLogger).to receive(:info).with( - message: "security report schema validation problem", - security_report_type: report_type, - security_report_version: report_version, - project_id: project.id, - security_report_failure: 'using_unsupported_schema_version', - security_report_scanner_id: 'gemnasium', - security_report_scanner_version: '2.1.0' - ) - - subject - end + it_behaves_like 'logs related information' end context 'and the report is invalid' do @@ -282,6 +262,16 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do end end + shared_examples 'report is valid with no error' do + context 'and the report is valid' do + it { is_expected.to be_empty } + end + end + + shared_examples 'report with expected errors' do + it { is_expected.to match_array(expected_errors) } + end + describe '#errors' do subject { validator.errors } @@ -289,16 +279,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do let(:report_type) { :dast } let(:report_version) { described_class::SUPPORTED_VERSIONS[report_type].last } - context 'and the report is valid' do - let(:report_data) do - { - 'version' => report_version, - 'vulnerabilities' => [] - } - end - - it { is_expected.to be_empty } - end + it_behaves_like 'report is valid with no error' context 'and the report is invalid' do let(:report_data) do @@ -309,11 +290,11 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do let(:expected_errors) do [ - 'root is missing required keys: vulnerabilities' + 'root is missing required keys: scan, vulnerabilities' ] end - it { is_expected.to match_array(expected_errors) } + it_behaves_like 'report with expected errors' end end @@ -331,16 +312,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do stub_const("#{described_class}::DEPRECATED_VERSIONS", deprecations_hash) end - context 'and the report passes schema validation' do - let(:report_data) do - { - 'version' => '10.0.0', - 'vulnerabilities' => [] - } - end - - it { is_expected.to be_empty } - end + it_behaves_like 'report is valid with no error' context 'and the report does not pass schema validation' do let(:report_data) do @@ -356,7 +328,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do ] end - it { is_expected.to match_array(expected_errors) } + it_behaves_like 'report with expected errors' end end @@ -383,7 +355,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do ] end - it { is_expected.to match_array(expected_errors) } + it_behaves_like 'report with expected errors' end context 'and the report is invalid' do @@ -400,7 +372,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do ] end - it { is_expected.to match_array(expected_errors) } + it_behaves_like 'report with expected errors' end end @@ -426,10 +398,27 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do ] end - it { is_expected.to match_array(expected_errors) } + it_behaves_like 'report with expected errors' end end + shared_examples 'report is valid with no warning' do + context 'and the report is valid' do + let(:report_data) do + { + 'version' => report_version, + 'vulnerabilities' => [] + } + end + + it { is_expected.to be_empty } + end + end + + shared_examples 'report with expected warnings' do + it { is_expected.to match_array(expected_deprecation_warnings) } + end + describe '#deprecation_warnings' do subject { validator.deprecation_warnings } @@ -491,7 +480,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do } end - it { is_expected.to match_array(expected_deprecation_warnings) } + it_behaves_like 'report with expected warnings' end context 'and the report does not pass schema validation' do @@ -501,7 +490,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do } end - it { is_expected.to match_array(expected_deprecation_warnings) } + it_behaves_like 'report with expected warnings' end end @@ -516,7 +505,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do } end - it { is_expected.to match_array(expected_deprecation_warnings) } + it_behaves_like 'report with expected warnings' end end @@ -561,21 +550,11 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do } end + let(:security_report_failure) { 'schema_validation_fails' } + it { is_expected.to match_array([message]) } - it 'logs related information' do - expect(Gitlab::AppLogger).to receive(:info).with( - message: "security report schema validation problem", - security_report_type: report_type, - security_report_version: report_version, - project_id: project.id, - security_report_failure: 'schema_validation_fails', - security_report_scanner_id: 'gemnasium', - security_report_scanner_version: '2.1.0' - ) - - subject - end + it_behaves_like 'logs related information' end end @@ -583,16 +562,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do let(:report_type) { :dast } let(:report_version) { described_class::SUPPORTED_VERSIONS[report_type].last } - context 'and the report is valid' do - let(:report_data) do - { - 'version' => report_version, - 'vulnerabilities' => [] - } - end - - it { is_expected.to be_empty } - end + it_behaves_like 'report is valid with no warning' context 'and the report is invalid' do let(:report_data) do @@ -644,16 +614,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do let(:report_type) { :dast } let(:report_version) { "12.37.0" } - context 'and the report is valid' do - let(:report_data) do - { - 'version' => report_version, - 'vulnerabilities' => [] - } - end - - it { is_expected.to be_empty } - end + it_behaves_like 'report is valid with no warning' context 'and the report is invalid' do let(:report_data) do |