Class: Gitlab::Ci::Reports::Security::Finding
- Inherits:
-
Object
- Object
- Gitlab::Ci::Reports::Security::Finding
- Includes:
- VulnerabilityFindingHelpers
- Defined in:
- lib/gitlab/ci/reports/security/finding.rb
Constant Summary
Constants included from VulnerabilityFindingHelpers
VulnerabilityFindingHelpers::REPORT_TYPES_REQUIRING_MANUAL_RESOLUTION
Instance Attribute Summary collapse
-
#compare_key ⇒ Object
(also: #cve)
readonly
Returns the value of attribute compare_key.
-
#confidence ⇒ Object
readonly
Returns the value of attribute confidence.
-
#details ⇒ Object
readonly
Returns the value of attribute details.
-
#evidence ⇒ Object
readonly
Returns the value of attribute evidence.
-
#flags ⇒ Object
readonly
Returns the value of attribute flags.
-
#found_by_pipeline ⇒ Object
readonly
Returns the value of attribute found_by_pipeline.
-
#identifiers ⇒ Object
readonly
Returns the value of attribute identifiers.
-
#links ⇒ Object
readonly
Returns the value of attribute links.
-
#location ⇒ Object
readonly
Returns the value of attribute location.
-
#metadata_version ⇒ Object
readonly
Returns the value of attribute metadata_version.
-
#name ⇒ Object
readonly
Returns the value of attribute name.
-
#old_location ⇒ Object
readonly
Returns the value of attribute old_location.
-
#original_data ⇒ Object
readonly
Returns the value of attribute original_data.
-
#overridden_uuid ⇒ Object
Returns the value of attribute overridden_uuid.
-
#project_fingerprint ⇒ Object
readonly
Returns the value of attribute project_fingerprint.
-
#project_id ⇒ Object
readonly
Returns the value of attribute project_id.
-
#remediations ⇒ Object
readonly
Returns the value of attribute remediations.
-
#report_type ⇒ Object
readonly
Returns the value of attribute report_type.
-
#scan ⇒ Object
readonly
Returns the value of attribute scan.
-
#scanner ⇒ Object
readonly
Returns the value of attribute scanner.
-
#severity ⇒ Object
readonly
Returns the value of attribute severity.
-
#signatures ⇒ Object
readonly
Returns the value of attribute signatures.
-
#uuid ⇒ Object
Returns the value of attribute uuid.
Instance Method Summary collapse
- #<=>(other) ⇒ Object
- #assets ⇒ Object
- #description ⇒ Object
- #eql?(other) ⇒ Boolean
- #false_positive? ⇒ Boolean
- #has_signatures? ⇒ Boolean
- #hash ⇒ Object
-
#initialize(compare_key:, identifiers:, flags: [], links: [], remediations: [], location:, evidence:, metadata_version:, name:, original_data:, report_type:, scanner:, scan:, uuid:, confidence: nil, severity: nil, details: {}, signatures: [], project_id: nil, vulnerability_finding_signatures_enabled: false, found_by_pipeline: nil) ⇒ Finding
constructor
rubocop:disable Metrics/ParameterLists.
- #keys ⇒ Object
- #location_data ⇒ Object
-
#location_fingerprint ⇒ Object
Returns either the max priority signature hex or the location fingerprint.
- #primary_identifier ⇒ Object
- #primary_identifier_fingerprint ⇒ Object
- #raw_metadata ⇒ Object
- #raw_source_code_extract ⇒ Object
- #remediation_byte_offsets ⇒ Object
- #scanner_order_to(other) ⇒ Object
- #solution ⇒ Object
- #to_hash ⇒ Object
- #unsafe?(severity_levels, report_types) ⇒ Boolean
- #update_location(new_location) ⇒ Object
- #valid? ⇒ Boolean
Methods included from VulnerabilityFindingHelpers
#build_vulnerability_finding, #calculate_false_positive?, #matches_signatures, #requires_manual_resolution?, #signature_uuids
Constructor Details
#initialize(compare_key:, identifiers:, flags: [], links: [], remediations: [], location:, evidence:, metadata_version:, name:, original_data:, report_type:, scanner:, scan:, uuid:, confidence: nil, severity: nil, details: {}, signatures: [], project_id: nil, vulnerability_finding_signatures_enabled: false, found_by_pipeline: nil) ⇒ Finding
rubocop:disable Metrics/ParameterLists
38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 38 def initialize(compare_key:, identifiers:, flags: [], links: [], remediations: [], location:, evidence:, metadata_version:, name:, original_data:, report_type:, scanner:, scan:, uuid:, confidence: nil, severity: nil, details: {}, signatures: [], project_id: nil, vulnerability_finding_signatures_enabled: false, found_by_pipeline: nil) # rubocop:disable Metrics/ParameterLists @compare_key = compare_key @confidence = confidence @identifiers = identifiers @flags = flags @links = links @location = location @evidence = evidence @metadata_version = @name = name @original_data = original_data @report_type = report_type @scanner = scanner @scan = scan @severity = severity @uuid = uuid @remediations = remediations @details = details @signatures = signatures @project_id = project_id @vulnerability_finding_signatures_enabled = vulnerability_finding_signatures_enabled @found_by_pipeline = found_by_pipeline @project_fingerprint = generate_project_fingerprint end |
Instance Attribute Details
#compare_key ⇒ Object (readonly) Also known as: cve
Returns the value of attribute compare_key.
10 11 12 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 10 def compare_key @compare_key end |
#confidence ⇒ Object (readonly)
Returns the value of attribute confidence.
11 12 13 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 11 def confidence @confidence end |
#details ⇒ Object (readonly)
Returns the value of attribute details.
28 29 30 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 28 def details @details end |
#evidence ⇒ Object (readonly)
Returns the value of attribute evidence.
16 17 18 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 16 def evidence @evidence end |
#flags ⇒ Object (readonly)
Returns the value of attribute flags.
13 14 15 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 13 def flags @flags end |
#found_by_pipeline ⇒ Object (readonly)
Returns the value of attribute found_by_pipeline.
32 33 34 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 32 def found_by_pipeline @found_by_pipeline end |
#identifiers ⇒ Object (readonly)
Returns the value of attribute identifiers.
12 13 14 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 12 def identifiers @identifiers end |
#links ⇒ Object (readonly)
Returns the value of attribute links.
14 15 16 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 14 def links @links end |
#location ⇒ Object (readonly)
Returns the value of attribute location.
15 16 17 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 15 def location @location end |
#metadata_version ⇒ Object (readonly)
Returns the value of attribute metadata_version.
17 18 19 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 17 def @metadata_version end |
#name ⇒ Object (readonly)
Returns the value of attribute name.
18 19 20 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 18 def name @name end |
#old_location ⇒ Object (readonly)
Returns the value of attribute old_location.
19 20 21 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 19 def old_location @old_location end |
#original_data ⇒ Object (readonly)
Returns the value of attribute original_data.
31 32 33 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 31 def original_data @original_data end |
#overridden_uuid ⇒ Object
Returns the value of attribute overridden_uuid.
26 27 28 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 26 def overridden_uuid @overridden_uuid end |
#project_fingerprint ⇒ Object (readonly)
Returns the value of attribute project_fingerprint.
20 21 22 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 20 def project_fingerprint @project_fingerprint end |
#project_id ⇒ Object (readonly)
Returns the value of attribute project_id.
30 31 32 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 30 def project_id @project_id end |
#remediations ⇒ Object (readonly)
Returns the value of attribute remediations.
27 28 29 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 27 def remediations @remediations end |
#report_type ⇒ Object (readonly)
Returns the value of attribute report_type.
21 22 23 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 21 def report_type @report_type end |
#scan ⇒ Object (readonly)
Returns the value of attribute scan.
23 24 25 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 23 def scan @scan end |
#scanner ⇒ Object (readonly)
Returns the value of attribute scanner.
22 23 24 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 22 def scanner @scanner end |
#severity ⇒ Object (readonly)
Returns the value of attribute severity.
24 25 26 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 24 def severity @severity end |
#signatures ⇒ Object (readonly)
Returns the value of attribute signatures.
29 30 31 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 29 def signatures @signatures end |
#uuid ⇒ Object
Returns the value of attribute uuid.
25 26 27 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 25 def uuid @uuid end |
Instance Method Details
#<=>(other) ⇒ Object
140 141 142 143 144 145 146 147 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 140 def <=>(other) if severity == other.severity compare_key <=> other.compare_key else ::Enums::Vulnerability.severity_levels[other.severity] <=> ::Enums::Vulnerability.severity_levels[severity] end end |
#assets ⇒ Object
184 185 186 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 184 def assets original_data['assets'] || [] end |
#description ⇒ Object
172 173 174 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 172 def description original_data['description'] end |
#eql?(other) ⇒ Boolean
105 106 107 108 109 110 111 112 113 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 105 def eql?(other) return false unless report_type == other.report_type && primary_identifier_fingerprint == other.primary_identifier_fingerprint if @vulnerability_finding_signatures_enabled matches_signatures(other.signatures, other.uuid) else location.fingerprint == other.location.fingerprint end end |
#false_positive? ⇒ Boolean
160 161 162 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 160 def false_positive? flags.any?(&:false_positive?) end |
#has_signatures? ⇒ Boolean
156 157 158 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 156 def has_signatures? signatures.present? end |
#hash ⇒ Object
115 116 117 118 119 120 121 122 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 115 def hash if @vulnerability_finding_signatures_enabled && !signatures.empty? highest_signature = signatures.max_by(&:priority) report_type.hash ^ highest_signature.signature_hex.hash ^ primary_identifier_fingerprint.hash else report_type.hash ^ location.fingerprint.hash ^ primary_identifier_fingerprint.hash end end |
#keys ⇒ Object
128 129 130 131 132 133 134 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 128 def keys @keys ||= identifiers.reject(&:type_identifier?).flat_map do |identifier| location_fingerprints.map do |location_fingerprint| FindingKey.new(location_fingerprint: location_fingerprint, identifier_fingerprint: identifier.fingerprint) end end.push(uuid) end |
#location_data ⇒ Object
180 181 182 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 180 def location_data original_data['location'] end |
#location_fingerprint ⇒ Object
Returns either the max priority signature hex or the location fingerprint
194 195 196 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 194 def location_fingerprint location_fingerprints.first end |
#primary_identifier ⇒ Object
92 93 94 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 92 def primary_identifier identifiers.first end |
#primary_identifier_fingerprint ⇒ Object
136 137 138 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 136 def primary_identifier_fingerprint primary_identifier&.fingerprint end |
#raw_metadata ⇒ Object
168 169 170 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 168 def @raw_metadata ||= original_data.to_json end |
#raw_source_code_extract ⇒ Object
188 189 190 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 188 def raw_source_code_extract original_data['raw_source_code_extract'] end |
#remediation_byte_offsets ⇒ Object
164 165 166 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 164 def remediation_byte_offsets remediations.map(&:byte_offsets).compact end |
#scanner_order_to(other) ⇒ Object
149 150 151 152 153 154 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 149 def scanner_order_to(other) return 1 unless scanner return -1 unless other&.scanner scanner <=> other.scanner end |
#solution ⇒ Object
176 177 178 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 176 def solution original_data['solution'] end |
#to_hash ⇒ Object
64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 64 def to_hash %i[ compare_key confidence identifiers flags links location evidence metadata_version name project_fingerprint raw_metadata report_type scanner scan severity uuid details signatures description cve solution ].index_with do |key| public_send(key) # rubocop:disable GitlabSecurity/PublicSend end end |
#unsafe?(severity_levels, report_types) ⇒ Boolean
101 102 103 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 101 def unsafe?(severity_levels, report_types) severity.to_s.in?(severity_levels) && (report_types.blank? || report_type.to_s.in?(report_types)) end |
#update_location(new_location) ⇒ Object
96 97 98 99 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 96 def update_location(new_location) @old_location = location @location = new_location end |
#valid? ⇒ Boolean
124 125 126 |
# File 'lib/gitlab/ci/reports/security/finding.rb', line 124 def valid? scanner.present? && primary_identifier.present? && location.present? && uuid.present? end |