Skip to content
代码片段 群组 项目
未验证 提交 59a0ece4 编辑于 作者: Marcos Rocha's avatar Marcos Rocha 提交者: GitLab
浏览文件

Merge branch 'sk/515851-fix-policy-idx' into 'master' 

Fix storing incorrect policy index in scan_result_policies

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/179860



Merged-by: default avatarMarcos Rocha <mrocha@gitlab.com>
Approved-by: default avatarMartin Čavoj <mcavoj@gitlab.com>
Approved-by: default avatarMarcos Rocha <mrocha@gitlab.com>
Reviewed-by: default avatarMartin Čavoj <mcavoj@gitlab.com>
Co-authored-by: default avatarSashi Kumar Kumaresan <skumar@gitlab.com>
上级 47e451b5 77fc1e01
No related branches found
No related tags found
无相关合并请求
隐藏空白变更内容
行内 左右并排
ee/app/workers/security/process_scan_result_policy_worker.rb
+ 1
1
浏览文件 @ 59a0ece4
......@@ -51,7 +51,7 @@ def sync_policies(project, configuration)
measure_and_log(:policy_creation) do
configuration
.applicable_scan_result_policies_with_real_index(project) do |policy, policy_idx, real_policy_idx|
.applicable_scan_result_policies_with_real_index(project) do |policy, real_policy_idx, policy_idx|
Security::SecurityOrchestrationPolicies::ProcessScanResultPolicyService.new(
project: project,
policy_configuration: configuration,
......
ee/spec/workers/security/process_scan_result_policy_worker_spec.rb
+ 77
0
浏览文件 @ 59a0ece4
......@@ -126,6 +126,83 @@
end
end
context 'with multiple policies' do
let(:policies) do
{
scan_execution_policy: [],
scan_result_policy:
[
{
name: 'CS critical policy',
description: 'This policy with CS for critical policy',
enabled: true,
rules: [
{ type: 'scan_finding', branches: %w[production], vulnerabilities_allowed: 0,
severity_levels: %w[critical], scanners: %w[container_scanning],
vulnerability_states: %w[newly_detected] }
],
actions: [
{ type: 'require_approval', approvals_required: 1, user_approvers: %w[admin] }
]
},
{
name: 'Disabled policy',
description: 'This policy with CS for critical policy',
enabled: false,
rules: [
{ type: 'scan_finding', branches: %w[production], vulnerabilities_allowed: 0,
severity_levels: %w[critical], scanners: %w[container_scanning],
vulnerability_states: %w[newly_detected] }
],
actions: [
{ type: 'require_approval', approvals_required: 1, user_approvers: %w[admin] }
]
},
{
name: 'DS critical policy',
description: 'This policy with DS for critical policy',
enabled: true,
rules: [
{ type: 'scan_finding', branches: %w[production], vulnerabilities_allowed: 0,
severity_levels: %w[critical], scanners: %w[dependency_scanning],
vulnerability_states: %w[newly_detected] }
],
actions: [
{ type: 'require_approval', approvals_required: 1, user_approvers: %w[admin] }
]
}
]
}
end
it_behaves_like 'when policy is applicable based on the policy scope configuration' do
it 'calls service with correct policy_index and real_policy_index' do
expect_next_instance_of(
Security::SecurityOrchestrationPolicies::ProcessScanResultPolicyService,
project: configuration.project,
policy_configuration: configuration,
policy: active_scan_result_policies[0],
policy_index: 0,
real_policy_index: 0
) do |service|
expect(service).to receive(:execute)
end
expect_next_instance_of(
Security::SecurityOrchestrationPolicies::ProcessScanResultPolicyService,
project: configuration.project,
policy_configuration: configuration,
policy: active_scan_result_policies[1],
policy_index: 1,
real_policy_index: 2
) do |service|
expect(service).to receive(:execute)
end
worker.perform(configuration.project_id, configuration.id)
end
end
end
context 'without transaction' do
it 'does not wrap the execution within transaction' do
expect(Security::OrchestrationPolicyConfiguration).not_to receive(:transaction).and_yield
......
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册