Include owasp_top_10 to vulnerabilities read model

Changelog: added EE: true

Include owasp_top_10 to vulnerabilities read model
43cc8c3f · Bala Kumar · 2904617d · 43cc8c3f · 43cc8c3f · 43cc8c3f
--- a/app/models/concerns/enums/vulnerability.rb
+++ b/app/models/concerns/enums/vulnerability.rb
@@ -46,6 +46,30 @@ module Vulnerability
      dismissed: 2
    }.with_indifferent_access.freeze

+    OWASP_TOP_10 = {
+      "A1:2017-Injection" => 1,
+      "A2:2017-Broken Authentication" => 2,
+      "A3:2017-Sensitive Data Exposure" => 3,
+      "A4:2017-XML External Entities (XXE)" => 4,
+      "A5:2017-Broken Access Control" => 5,
+      "A6:2017-Security Misconfiguration" => 6,
+      "A7:2017-Cross-Site Scripting (XSS)" => 7,
+      "A8:2017-Insecure Deserialization" => 8,
+      "A9:2017-Using Components with Known Vulnerabilities" => 9,
+      "A10:2017-Insufficient Logging & Monitoring" => 10,
+
+      "A1:2021-Broken Access Control" => 11,
+      "A2:2021-Cryptographic Failures" => 12,
+      "A3:2021-Injection" => 13,
+      "A4:2021-Insecure Design" => 14,
+      "A5:2021-Security Misconfiguration" => 15,
+      "A6:2021-Vulnerable and Outdated Components" => 16,
+      "A7:2021-Identification and Authentication Failures" => 17,
+      "A8:2021-Software and Data Integrity Failures" => 18,
+      "A9:2021-Security Logging and Monitoring Failures" => 19,
+      "A10:2021-Server-Side Request Forgery" => 20
+    }.with_indifferent_access.freeze
+
    def self.confidence_levels
      CONFIDENCE_LEVELS
    end
@@ -73,6 +97,10 @@ def self.detection_methods
    def self.vulnerability_states
      VULNERABILITY_STATES
    end
+
+    def self.owasp_top_10
+      OWASP_TOP_10
+    end
  end
 end


--- a/ee/app/models/vulnerabilities/read.rb
+++ b/ee/app/models/vulnerabilities/read.rb
@@ -32,6 +32,7 @@ class Read < ApplicationRecord
    enum state: ::Enums::Vulnerability.vulnerability_states
    enum report_type: ::Enums::Vulnerability.report_types
    enum severity: ::Enums::Vulnerability.severity_levels, _prefix: :severity
+    enum owasp_top_10: ::Enums::Vulnerability.owasp_top_10

    scope :by_uuid, -> (uuids) { where(uuid: uuids) }
    scope :by_vulnerabilities, -> (vulnerabilities) { where(vulnerability: vulnerabilities) }

--- a/ee/spec/models/vulnerabilities/read_spec.rb
+++ b/ee/spec/models/vulnerabilities/read_spec.rb
@@ -618,6 +618,16 @@
    end
  end

+  describe '.owasp_top_10' do
+    it 'raises ArgumentError for invalid enum value' do
+      expect { described_class.new(owasp_top_10: '123456') }.to raise_error(ArgumentError)
+    end
+
+    it 'accepts nil value' do
+      is_expected.to allow_value(nil).for(:owasp_top_10)
+    end
+  end
+
  private

  def create_vulnerability(severity: 7, confidence: 7, report_type: 0)