1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
# frozen_string_literal: true
require 'spec_helper'
require_migration!
RSpec.describe AddUpdateVulnerabilityReadsTrigger do
let(:migration) { described_class.new }
let(:vulnerability_reads) { table(:vulnerability_reads) }
let(:issue_links) { table(:vulnerability_issue_links) }
let(:vulnerabilities) { table(:vulnerabilities) }
let(:vulnerabilities_findings) { table(:vulnerability_occurrences) }
let(:namespace) { table(:namespaces).create!(name: 'user', path: 'user') }
let(:user) { table(:users).create!(id: 13, email: 'author@example.com', username: 'author', projects_limit: 10) }
let(:project) { table(:projects).create!(id: 123, namespace_id: namespace.id) }
let(:issue) { table(:issues).create!(description: '1234', state_id: 1, project_id: project.id) }
let(:scanner) { table(:vulnerability_scanners).create!(project_id: project.id, external_id: 'test 1', name: 'test scanner 1') }
let(:vulnerability) do
create_vulnerability!(
project_id: project.id,
report_type: 7,
author_id: user.id
)
end
let(:identifier) do
table(:vulnerability_identifiers).create!(
project_id: project.id,
external_type: 'uuid-v5',
external_id: 'uuid-v5',
fingerprint: '7e394d1b1eb461a7406d7b1e08f057a1cf11287a',
name: 'Identifier for UUIDv5')
end
describe '#up' do
before do
migrate!
end
describe 'UPDATE trigger' do
before do
create_finding!(
vulnerability_id: vulnerability.id,
project_id: project.id,
scanner_id: scanner.id,
report_type: 7,
primary_identifier_id: identifier.id
)
end
context 'when vulnerability attributes are updated' do
it 'updates vulnerability attributes in vulnerability_reads' do
expect do
vulnerability.update!(severity: 6)
end.to change { vulnerability_reads.first.severity }.from(7).to(6)
end
end
context 'when vulnerability attributes are not updated' do
it 'does not update vulnerability attributes in vulnerability_reads' do
expect do
vulnerability.update!(title: "New vulnerability")
end.not_to change { vulnerability_reads.first }
end
end
end
end
describe '#down' do
before do
migration.up
migration.down
create_finding!(
vulnerability_id: vulnerability.id,
project_id: project.id,
scanner_id: scanner.id,
report_type: 7,
primary_identifier_id: identifier.id
)
end
it 'drops the trigger' do
expect do
vulnerability.update!(severity: 6)
end.not_to change { vulnerability_reads.first.severity }
end
end
private
def create_vulnerability!(project_id:, author_id:, title: 'test', severity: 7, confidence: 7, report_type: 0)
vulnerabilities.create!(
project_id: project_id,
author_id: author_id,
title: title,
severity: severity,
confidence: confidence,
report_type: report_type
)
end
# rubocop:disable Metrics/ParameterLists
def create_finding!(
vulnerability_id: nil, project_id:, scanner_id:, primary_identifier_id:,
name: "test", severity: 7, confidence: 7, report_type: 0,
project_fingerprint: '123qweasdzxc', location: { "image" => "alpine:3.4" }, location_fingerprint: 'test',
metadata_version: 'test', raw_metadata: 'test', uuid: SecureRandom.uuid)
vulnerabilities_findings.create!(
vulnerability_id: vulnerability_id,
project_id: project_id,
name: name,
severity: severity,
confidence: confidence,
report_type: report_type,
project_fingerprint: project_fingerprint,
scanner_id: scanner_id,
primary_identifier_id: primary_identifier_id,
location: location,
location_fingerprint: location_fingerprint,
metadata_version: metadata_version,
raw_metadata: raw_metadata,
uuid: uuid
)
end
# rubocop:enable Metrics/ParameterLists
end
|
