diff options
Diffstat (limited to 'spec/lib/gitlab/ci/reports/security')
-rw-r--r-- | spec/lib/gitlab/ci/reports/security/identifier_spec.rb | 125 | ||||
-rw-r--r-- | spec/lib/gitlab/ci/reports/security/link_spec.rb | 31 | ||||
-rw-r--r-- | spec/lib/gitlab/ci/reports/security/scan_spec.rb | 46 | ||||
-rw-r--r-- | spec/lib/gitlab/ci/reports/security/scanned_resource_spec.rb | 30 | ||||
-rw-r--r-- | spec/lib/gitlab/ci/reports/security/scanner_spec.rb | 146 |
5 files changed, 378 insertions, 0 deletions
diff --git a/spec/lib/gitlab/ci/reports/security/identifier_spec.rb b/spec/lib/gitlab/ci/reports/security/identifier_spec.rb new file mode 100644 index 00000000000..123730b6ee6 --- /dev/null +++ b/spec/lib/gitlab/ci/reports/security/identifier_spec.rb @@ -0,0 +1,125 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::Ci::Reports::Security::Identifier do + using RSpec::Parameterized::TableSyntax + + describe '#initialize' do + subject { described_class.new(**params) } + + let(:params) do + { + external_type: 'brakeman_warning_code', + external_id: '107', + name: 'Brakeman Warning Code 107', + url: 'https://brakemanscanner.org/docs/warning_types/cross_site_scripting/' + } + end + + context 'when all params are given' do + it 'initializes an instance' do + expect { subject }.not_to raise_error + + expect(subject).to have_attributes( + external_type: 'brakeman_warning_code', + external_id: '107', + fingerprint: 'aa2254904a69148ad14b6ac5db25b355da9c987f', + name: 'Brakeman Warning Code 107', + url: 'https://brakemanscanner.org/docs/warning_types/cross_site_scripting/' + ) + end + end + + %i[external_type external_id name].each do |attribute| + context "when attribute #{attribute} is missing" do + before do + params.delete(attribute) + end + + it 'raises an error' do + expect { subject }.to raise_error(ArgumentError) + end + end + end + end + + describe '#key' do + let(:identifier) { create(:ci_reports_security_identifier) } + + subject { identifier.key } + + it 'returns fingerprint' do + is_expected.to eq(identifier.fingerprint) + end + end + + describe '#type_identifier?' do + where(:external_type, :expected_result) do + 'cve' | false + 'foo' | false + 'cwe' | true + 'wasc' | true + end + + with_them do + let(:identifier) { create(:ci_reports_security_identifier, external_type: external_type) } + + subject { identifier.type_identifier? } + + it { is_expected.to be(expected_result) } + end + end + + describe 'external type check methods' do + where(:external_type, :is_cve?, :is_cwe?, :is_wasc?) do + 'Foo' | false | false | false + 'Cve' | true | false | false + 'Cwe' | false | true | false + 'Wasc' | false | false | true + end + + with_them do + let(:identifier) { create(:ci_reports_security_identifier, external_type: external_type) } + + it 'returns correct result for the type check method' do + expect(identifier.cve?).to be(is_cve?) + expect(identifier.cwe?).to be(is_cwe?) + expect(identifier.wasc?).to be(is_wasc?) + end + end + end + + describe '#to_hash' do + let(:identifier) { create(:ci_reports_security_identifier) } + + subject { identifier.to_hash } + + it 'returns expected hash' do + is_expected.to eq({ + external_type: identifier.external_type, + external_id: identifier.external_id, + fingerprint: identifier.fingerprint, + name: identifier.name, + url: identifier.url + }) + end + end + + describe '#==' do + where(:type_1, :id_1, :type_2, :id_2, :equal, :case_name) do + 'CVE' | '2018-1234' | 'CVE' | '2018-1234' | true | 'when external_type and external_id are equal' + 'CVE' | '2018-1234' | 'brakeman_code' | '2018-1234' | false | 'when external_type is different' + 'CVE' | '2018-1234' | 'CVE' | '2019-6789' | false | 'when external_id is different' + end + + with_them do + let(:identifier_1) { create(:ci_reports_security_identifier, external_type: type_1, external_id: id_1) } + let(:identifier_2) { create(:ci_reports_security_identifier, external_type: type_2, external_id: id_2) } + + it "returns #{params[:equal]}" do + expect(identifier_1 == identifier_2).to eq(equal) + end + end + end +end diff --git a/spec/lib/gitlab/ci/reports/security/link_spec.rb b/spec/lib/gitlab/ci/reports/security/link_spec.rb new file mode 100644 index 00000000000..7b55af27f4d --- /dev/null +++ b/spec/lib/gitlab/ci/reports/security/link_spec.rb @@ -0,0 +1,31 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::Ci::Reports::Security::Link do + subject(:security_link) { described_class.new(name: 'CVE-2020-0202', url: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0202') } + + describe '#initialize' do + context 'when all params are given' do + it 'initializes an instance' do + expect { subject }.not_to raise_error + + expect(subject).to have_attributes( + name: 'CVE-2020-0202', + url: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0202' + ) + end + end + + describe '#to_hash' do + it 'returns expected hash' do + expect(security_link.to_hash).to eq( + { + name: 'CVE-2020-0202', + url: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0202' + } + ) + end + end + end +end diff --git a/spec/lib/gitlab/ci/reports/security/scan_spec.rb b/spec/lib/gitlab/ci/reports/security/scan_spec.rb new file mode 100644 index 00000000000..b4968ff3a6e --- /dev/null +++ b/spec/lib/gitlab/ci/reports/security/scan_spec.rb @@ -0,0 +1,46 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::Ci::Reports::Security::Scan do + describe '#initialize' do + subject { described_class.new(params.with_indifferent_access) } + + let(:params) do + { + status: 'success', + type: 'dependency-scanning', + start_time: 'placeholer', + end_time: 'placholder' + } + end + + context 'when all params are given' do + it 'initializes an instance' do + expect { subject }.not_to raise_error + + expect(subject).to have_attributes( + status: 'success', + type: 'dependency-scanning', + start_time: 'placeholer', + end_time: 'placholder' + ) + end + end + + describe '#to_hash' do + subject { described_class.new(params.with_indifferent_access).to_hash } + + it 'returns expected hash' do + is_expected.to eq( + { + status: 'success', + type: 'dependency-scanning', + start_time: 'placeholer', + end_time: 'placholder' + } + ) + end + end + end +end diff --git a/spec/lib/gitlab/ci/reports/security/scanned_resource_spec.rb b/spec/lib/gitlab/ci/reports/security/scanned_resource_spec.rb new file mode 100644 index 00000000000..e9daa05e8b9 --- /dev/null +++ b/spec/lib/gitlab/ci/reports/security/scanned_resource_spec.rb @@ -0,0 +1,30 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::Ci::Reports::Security::ScannedResource do + let(:url) { 'http://example.com:3001/1?foo=bar' } + let(:request_method) { 'GET' } + + context 'when the URI is not a URI' do + subject { ::Gitlab::Ci::Reports::Security::ScannedResource.new(url, request_method) } + + it 'raises an error' do + expect { subject }.to raise_error(ArgumentError) + end + end + + context 'when the URL is valid' do + subject { ::Gitlab::Ci::Reports::Security::ScannedResource.new(URI.parse(url), request_method) } + + it 'sets the URL attributes' do + expect(subject.request_method).to eq(request_method) + expect(subject.request_uri.to_s).to eq(url) + expect(subject.url_scheme).to eq('http') + expect(subject.url_host).to eq('example.com') + expect(subject.url_port).to eq(3001) + expect(subject.url_path).to eq('/1') + expect(subject.url_query).to eq('foo=bar') + end + end +end diff --git a/spec/lib/gitlab/ci/reports/security/scanner_spec.rb b/spec/lib/gitlab/ci/reports/security/scanner_spec.rb new file mode 100644 index 00000000000..99f5d4723d3 --- /dev/null +++ b/spec/lib/gitlab/ci/reports/security/scanner_spec.rb @@ -0,0 +1,146 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::Ci::Reports::Security::Scanner do + describe '#initialize' do + subject { described_class.new(**params) } + + let(:params) do + { + external_id: 'brakeman', + name: 'Brakeman', + vendor: 'GitLab', + version: '1.0.1' + } + end + + context 'when all params are given' do + it 'initializes an instance' do + expect { subject }.not_to raise_error + + expect(subject).to have_attributes( + external_id: 'brakeman', + name: 'Brakeman', + vendor: 'GitLab' + ) + end + end + + %i[external_id name].each do |attribute| + context "when attribute #{attribute} is missing" do + before do + params.delete(attribute) + end + + it 'raises an error' do + expect { subject }.to raise_error(ArgumentError) + end + end + end + end + + describe '#key' do + let(:scanner) { create(:ci_reports_security_scanner) } + + subject { scanner.key } + + it 'returns external_id' do + is_expected.to eq(scanner.external_id) + end + end + + describe '#to_hash' do + let(:scanner) { create(:ci_reports_security_scanner) } + + subject { scanner.to_hash } + + it 'returns expected hash' do + is_expected.to eq({ + external_id: scanner.external_id, + name: scanner.name, + vendor: scanner.vendor + }) + end + + context 'when vendor is not defined' do + let(:scanner) { create(:ci_reports_security_scanner, vendor: nil) } + + it 'returns expected hash' do + is_expected.to eq({ + external_id: scanner.external_id, + name: scanner.name + }) + end + end + end + + describe '#==' do + using RSpec::Parameterized::TableSyntax + + where(:id_1, :id_2, :equal, :case_name) do + 'brakeman' | 'brakeman' | true | 'when external_id is equal' + 'brakeman' | 'bandit' | false | 'when external_id is different' + end + + with_them do + let(:scanner_1) { create(:ci_reports_security_scanner, external_id: id_1) } + let(:scanner_2) { create(:ci_reports_security_scanner, external_id: id_2) } + + it "returns #{params[:equal]}" do + expect(scanner_1 == scanner_2).to eq(equal) + end + end + end + + describe '#<=>' do + using RSpec::Parameterized::TableSyntax + + let(:scanner_1) { create(:ci_reports_security_scanner, **scanner_1_attributes) } + let(:scanner_2) { create(:ci_reports_security_scanner, **scanner_2_attributes) } + + subject { scanner_1 <=> scanner_2 } + + context 'when the `external_id` of the scanners are different' do + where(:scanner_1_attributes, :scanner_2_attributes, :expected_comparison_result) do + { external_id: 'bundler_audit', name: 'foo', vendor: 'bar' } | { external_id: 'retire.js', name: 'foo', vendor: 'bar' } | -1 + { external_id: 'retire.js', name: 'foo', vendor: 'bar' } | { external_id: 'gemnasium', name: 'foo', vendor: 'bar' } | -1 + { external_id: 'gemnasium', name: 'foo', vendor: 'bar' } | { external_id: 'gemnasium-maven', name: 'foo', vendor: 'bar' } | -1 + { external_id: 'gemnasium-maven', name: 'foo', vendor: 'bar' } | { external_id: 'gemnasium-python', name: 'foo', vendor: 'bar' } | -1 + { external_id: 'gemnasium-python', name: 'foo', vendor: 'bar' } | { external_id: 'bandit', name: 'foo', vendor: 'bar' } | 1 + { external_id: 'bandit', name: 'foo', vendor: 'bar' } | { external_id: 'semgrep', name: 'foo', vendor: 'bar' } | -1 + { external_id: 'semgrep', name: 'foo', vendor: 'bar' } | { external_id: 'unknown', name: 'foo', vendor: 'bar' } | -1 + { external_id: 'gemnasium', name: 'foo', vendor: 'bar' } | { external_id: 'gemnasium', name: 'foo', vendor: nil } | 1 + end + + with_them do + it { is_expected.to eq(expected_comparison_result) } + end + end + + context 'when the `external_id` of the scanners are equal' do + context 'when the `name` of the scanners are different' do + where(:scanner_1_attributes, :scanner_2_attributes, :expected_comparison_result) do + { external_id: 'gemnasium', name: 'a', vendor: 'bar' } | { external_id: 'gemnasium', name: 'b', vendor: 'bar' } | -1 + { external_id: 'gemnasium', name: 'd', vendor: 'bar' } | { external_id: 'gemnasium', name: 'c', vendor: 'bar' } | 1 + end + + with_them do + it { is_expected.to eq(expected_comparison_result) } + end + end + + context 'when the `name` of the scanners are equal' do + where(:scanner_1_attributes, :scanner_2_attributes, :expected_comparison_result) do + { external_id: 'gemnasium', name: 'foo', vendor: 'a' } | { external_id: 'gemnasium', name: 'foo', vendor: 'a' } | 0 # rubocop:disable Lint/BinaryOperatorWithIdenticalOperands + { external_id: 'gemnasium', name: 'foo', vendor: 'a' } | { external_id: 'gemnasium', name: 'foo', vendor: 'b' } | -1 + { external_id: 'gemnasium', name: 'foo', vendor: 'b' } | { external_id: 'gemnasium', name: 'foo', vendor: 'a' } | 1 + end + + with_them do + it { is_expected.to eq(expected_comparison_result) } + end + end + end + end +end |