Class: Gitlab::Ci::Reports::Security::Finding

Inherits:

Object

• Object
• Gitlab::Ci::Reports::Security::Finding

Includes:

VulnerabilityFindingHelpers

Defined in:

lib/gitlab/ci/reports/security/finding.rb

Constant Summary

Constants included from VulnerabilityFindingHelpers

VulnerabilityFindingHelpers::REPORT_TYPES_REQUIRING_MANUAL_RESOLUTION

Instance Attribute Summary

• #compare_key ⇒ Object (also: #cve) readonly

  Returns the value of attribute compare_key.

• #confidence ⇒ Object readonly

  Returns the value of attribute confidence.

• #details ⇒ Object readonly

  Returns the value of attribute details.

• #evidence ⇒ Object readonly

  Returns the value of attribute evidence.

• #flags ⇒ Object readonly

  Returns the value of attribute flags.

• #found_by_pipeline ⇒ Object readonly

  Returns the value of attribute found_by_pipeline.

• #identifiers ⇒ Object readonly

  Returns the value of attribute identifiers.

• #links ⇒ Object readonly

  Returns the value of attribute links.

• #location ⇒ Object readonly

  Returns the value of attribute location.

• #metadata_version ⇒ Object readonly

  Returns the value of attribute metadata_version.

• #name ⇒ Object readonly

  Returns the value of attribute name.

• #old_location ⇒ Object readonly

  Returns the value of attribute old_location.

• #original_data ⇒ Object readonly

  Returns the value of attribute original_data.

• #overridden_uuid ⇒ Object

  Returns the value of attribute overridden_uuid.

• #project_fingerprint ⇒ Object readonly

  Returns the value of attribute project_fingerprint.

• #project_id ⇒ Object readonly

  Returns the value of attribute project_id.

• #remediations ⇒ Object readonly

  Returns the value of attribute remediations.

• #report_type ⇒ Object readonly

  Returns the value of attribute report_type.

• #scan ⇒ Object readonly

  Returns the value of attribute scan.

• #scanner ⇒ Object readonly

  Returns the value of attribute scanner.

• #severity ⇒ Object readonly

  Returns the value of attribute severity.

• #signatures ⇒ Object readonly

  Returns the value of attribute signatures.

• #uuid ⇒ Object

  Returns the value of attribute uuid.

Instance Method Summary

• #<=>(other) ⇒ Object
• #assets ⇒ Object
• #description ⇒ Object
• #eql?(other) ⇒ Boolean
• #false_positive? ⇒ Boolean
• #has_signatures? ⇒ Boolean
• #hash ⇒ Object
• #initialize(compare_key:, identifiers:, flags: [], links: [], remediations: [], location:, evidence:, metadata_version:, name:, original_data:, report_type:, scanner:, scan:, uuid:, confidence: nil, severity: nil, details: {}, signatures: [], project_id: nil, vulnerability_finding_signatures_enabled: false, found_by_pipeline: nil) ⇒ Finding constructor

  rubocop:disable Metrics/ParameterLists.

• #keys ⇒ Object
• #location_data ⇒ Object
• #location_fingerprint ⇒ Object

  Returns either the max priority signature hex or the location fingerprint.

• #primary_identifier ⇒ Object
• #primary_identifier_fingerprint ⇒ Object
• #raw_metadata ⇒ Object
• #raw_source_code_extract ⇒ Object
• #remediation_byte_offsets ⇒ Object
• #scanner_order_to(other) ⇒ Object
• #solution ⇒ Object
• #to_hash ⇒ Object
• #unsafe?(severity_levels, report_types) ⇒ Boolean
• #update_location(new_location) ⇒ Object
• #valid? ⇒ Boolean

Methods included from VulnerabilityFindingHelpers

#build_vulnerability_finding, #calculate_false_positive?, #matches_signatures, #requires_manual_resolution?, #signature_uuids

Constructor Details

#initialize(compare_key:, identifiers:, flags: [], links: [], remediations: [], location:, evidence:, metadata_version:, name:, original_data:, report_type:, scanner:, scan:, uuid:, confidence: nil, severity: nil, details: {}, signatures: [], project_id: nil, vulnerability_finding_signatures_enabled: false, found_by_pipeline: nil) ⇒ Finding

rubocop:disable Metrics/ParameterLists

# File 'lib/gitlab/ci/reports/security/finding.rb', line 38

def initialize(compare_key:, identifiers:, flags: [], links: [], remediations: [], location:, evidence:, metadata_version:, name:, original_data:, report_type:, scanner:, scan:, uuid:, confidence: nil, severity: nil, details: {}, signatures: [], project_id: nil, vulnerability_finding_signatures_enabled: false, found_by_pipeline: nil) # rubocop:disable Metrics/ParameterLists
  @compare_key = compare_key
  @confidence = confidence
  @identifiers = identifiers
  @flags = flags
  @links = links
  @location = location
  @evidence = evidence
  @metadata_version = metadata_version
  @name = name
  @original_data = original_data
  @report_type = report_type
  @scanner = scanner
  @scan = scan
  @severity = severity
  @uuid = uuid
  @remediations = remediations
  @details = details
  @signatures = signatures
  @project_id = project_id
  @vulnerability_finding_signatures_enabled = vulnerability_finding_signatures_enabled
  @found_by_pipeline = found_by_pipeline

  @project_fingerprint = generate_project_fingerprint
end

Instance Attribute Details

#compare_key ⇒ Object (readonly) Also known as: cve

Returns the value of attribute compare_key.

# File 'lib/gitlab/ci/reports/security/finding.rb', line 10

def compare_key
  @compare_key
end

#confidence ⇒ Object (readonly)

Returns the value of attribute confidence.

# File 'lib/gitlab/ci/reports/security/finding.rb', line 11

def confidence
  @confidence
end

#details ⇒ Object (readonly)

Returns the value of attribute details.

# File 'lib/gitlab/ci/reports/security/finding.rb', line 28

def details
  @details
end

#evidence ⇒ Object (readonly)

Returns the value of attribute evidence.

# File 'lib/gitlab/ci/reports/security/finding.rb', line 16

def evidence
  @evidence
end

#flags ⇒ Object (readonly)

Returns the value of attribute flags.

# File 'lib/gitlab/ci/reports/security/finding.rb', line 13

def flags
  @flags
end

#found_by_pipeline ⇒ Object (readonly)

Returns the value of attribute found_by_pipeline.

# File 'lib/gitlab/ci/reports/security/finding.rb', line 32

def found_by_pipeline
  @found_by_pipeline
end

#identifiers ⇒ Object (readonly)

Returns the value of attribute identifiers.

# File 'lib/gitlab/ci/reports/security/finding.rb', line 12

def identifiers
  @identifiers
end

#links ⇒ Object (readonly)

Returns the value of attribute links.

# File 'lib/gitlab/ci/reports/security/finding.rb', line 14

def links
  @links
end

#location ⇒ Object (readonly)

Returns the value of attribute location.

# File 'lib/gitlab/ci/reports/security/finding.rb', line 15

def location
  @location
end

#metadata_version ⇒ Object (readonly)

Returns the value of attribute metadata_version.

# File 'lib/gitlab/ci/reports/security/finding.rb', line 17

def metadata_version
  @metadata_version
end

#name ⇒ Object (readonly)

Returns the value of attribute name.

# File 'lib/gitlab/ci/reports/security/finding.rb', line 18

def name
  @name
end

#old_location ⇒ Object (readonly)

Returns the value of attribute old_location.

# File 'lib/gitlab/ci/reports/security/finding.rb', line 19

def old_location
  @old_location
end

#original_data ⇒ Object (readonly)

Returns the value of attribute original_data.

# File 'lib/gitlab/ci/reports/security/finding.rb', line 31

def original_data
  @original_data
end

#overridden_uuid ⇒ Object

Returns the value of attribute overridden_uuid.

# File 'lib/gitlab/ci/reports/security/finding.rb', line 26

def overridden_uuid
  @overridden_uuid
end

#project_fingerprint ⇒ Object (readonly)

Returns the value of attribute project_fingerprint.

# File 'lib/gitlab/ci/reports/security/finding.rb', line 20

def project_fingerprint
  @project_fingerprint
end

#project_id ⇒ Object (readonly)

Returns the value of attribute project_id.

# File 'lib/gitlab/ci/reports/security/finding.rb', line 30

def project_id
  @project_id
end

#remediations ⇒ Object (readonly)

Returns the value of attribute remediations.

# File 'lib/gitlab/ci/reports/security/finding.rb', line 27

def remediations
  @remediations
end

#report_type ⇒ Object (readonly)

Returns the value of attribute report_type.

# File 'lib/gitlab/ci/reports/security/finding.rb', line 21

def report_type
  @report_type
end

#scan ⇒ Object (readonly)

Returns the value of attribute scan.

# File 'lib/gitlab/ci/reports/security/finding.rb', line 23

def scan
  @scan
end

#scanner ⇒ Object (readonly)

Returns the value of attribute scanner.

# File 'lib/gitlab/ci/reports/security/finding.rb', line 22

def scanner
  @scanner
end

#severity ⇒ Object (readonly)

Returns the value of attribute severity.

# File 'lib/gitlab/ci/reports/security/finding.rb', line 24

def severity
  @severity
end

#signatures ⇒ Object (readonly)

Returns the value of attribute signatures.

# File 'lib/gitlab/ci/reports/security/finding.rb', line 29

def signatures
  @signatures
end

#uuid ⇒ Object

Returns the value of attribute uuid.

# File 'lib/gitlab/ci/reports/security/finding.rb', line 25

def uuid
  @uuid
end

Instance Method Details

#<=>(other) ⇒ Object

# File 'lib/gitlab/ci/reports/security/finding.rb', line 140

def <=>(other)
  if severity == other.severity
    compare_key <=> other.compare_key
  else
    ::Enums::Vulnerability.severity_levels[other.severity] <=>
      ::Enums::Vulnerability.severity_levels[severity]
  end
end

#assets ⇒ Object

# File 'lib/gitlab/ci/reports/security/finding.rb', line 184

def assets
  original_data['assets'] || []
end

#description ⇒ Object

# File 'lib/gitlab/ci/reports/security/finding.rb', line 172

def description
  original_data['description']
end

#eql?(other) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/ci/reports/security/finding.rb', line 105

def eql?(other)
  return false unless report_type == other.report_type && primary_identifier_fingerprint == other.primary_identifier_fingerprint

  if @vulnerability_finding_signatures_enabled
    matches_signatures(other.signatures, other.uuid)
  else
    location.fingerprint == other.location.fingerprint
  end
end

#false_positive? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/ci/reports/security/finding.rb', line 160

def false_positive?
  flags.any?(&:false_positive?)
end

#has_signatures? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/ci/reports/security/finding.rb', line 156

def has_signatures?
  signatures.present?
end

#hash ⇒ Object

# File 'lib/gitlab/ci/reports/security/finding.rb', line 115

def hash
  if @vulnerability_finding_signatures_enabled && !signatures.empty?
    highest_signature = signatures.max_by(&:priority)
    report_type.hash ^ highest_signature.signature_hex.hash ^ primary_identifier_fingerprint.hash
  else
    report_type.hash ^ location.fingerprint.hash ^ primary_identifier_fingerprint.hash
  end
end

#keys ⇒ Object

# File 'lib/gitlab/ci/reports/security/finding.rb', line 128

def keys
  @keys ||= identifiers.reject(&:type_identifier?).flat_map do |identifier|
    location_fingerprints.map do |location_fingerprint|
      FindingKey.new(location_fingerprint: location_fingerprint, identifier_fingerprint: identifier.fingerprint)
    end
  end.push(uuid)
end

#location_data ⇒ Object

# File 'lib/gitlab/ci/reports/security/finding.rb', line 180

def location_data
  original_data['location']
end

#location_fingerprint ⇒ Object

Returns either the max priority signature hex or the location fingerprint

# File 'lib/gitlab/ci/reports/security/finding.rb', line 194

def location_fingerprint
  location_fingerprints.first
end

#primary_identifier ⇒ Object

# File 'lib/gitlab/ci/reports/security/finding.rb', line 92

def primary_identifier
  identifiers.first
end

#primary_identifier_fingerprint ⇒ Object

# File 'lib/gitlab/ci/reports/security/finding.rb', line 136

def primary_identifier_fingerprint
  primary_identifier&.fingerprint
end

#raw_metadata ⇒ Object

# File 'lib/gitlab/ci/reports/security/finding.rb', line 168

def raw_metadata
  @raw_metadata ||= original_data.to_json
end

#raw_source_code_extract ⇒ Object

# File 'lib/gitlab/ci/reports/security/finding.rb', line 188

def raw_source_code_extract
  original_data['raw_source_code_extract']
end

#remediation_byte_offsets ⇒ Object

# File 'lib/gitlab/ci/reports/security/finding.rb', line 164

def remediation_byte_offsets
  remediations.map(&:byte_offsets).compact
end

#scanner_order_to(other) ⇒ Object

# File 'lib/gitlab/ci/reports/security/finding.rb', line 149

def scanner_order_to(other)
  return 1 unless scanner
  return -1 unless other&.scanner

  scanner <=> other.scanner
end

#solution ⇒ Object

# File 'lib/gitlab/ci/reports/security/finding.rb', line 176

def solution
  original_data['solution']
end

#to_hash ⇒ Object

# File 'lib/gitlab/ci/reports/security/finding.rb', line 64

def to_hash
  %i[
    compare_key
    confidence
    identifiers
    flags
    links
    location
    evidence
    metadata_version
    name
    project_fingerprint
    raw_metadata
    report_type
    scanner
    scan
    severity
    uuid
    details
    signatures
    description
    cve
    solution
  ].index_with do |key|
    public_send(key) # rubocop:disable GitlabSecurity/PublicSend
  end
end

#unsafe?(severity_levels, report_types) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/ci/reports/security/finding.rb', line 101

def unsafe?(severity_levels, report_types)
  severity.to_s.in?(severity_levels) && (report_types.blank? || report_type.to_s.in?(report_types))
end

#update_location(new_location) ⇒ Object

# File 'lib/gitlab/ci/reports/security/finding.rb', line 96

def update_location(new_location)
  @old_location = location
  @location = new_location
end

#valid? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/ci/reports/security/finding.rb', line 124

def valid?
  scanner.present? && primary_identifier.present? && location.present? && uuid.present?
end