53 lines
1.8 KiB
Ruby
53 lines
1.8 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
module Gitlab
|
|
module Ci
|
|
module Reports
|
|
module Security
|
|
class Reports
|
|
attr_reader :reports, :pipeline
|
|
|
|
delegate :each, :empty?, to: :reports
|
|
|
|
def initialize(pipeline)
|
|
@reports = {}
|
|
@pipeline = pipeline
|
|
end
|
|
|
|
def get_report(report_type, report_artifact)
|
|
reports[report_type] ||= Report.new(report_type, pipeline, report_artifact.created_at)
|
|
end
|
|
|
|
def findings
|
|
reports.values.flat_map(&:findings)
|
|
end
|
|
|
|
def violates_default_policy_against?(target_reports, vulnerabilities_allowed, severity_levels, vulnerability_states, report_types = [])
|
|
if Feature.enabled?(:require_approval_on_scan_removal, pipeline.project) && scan_removed?(target_reports)
|
|
return true
|
|
end
|
|
|
|
unsafe_findings_count(target_reports, severity_levels, vulnerability_states, report_types) > vulnerabilities_allowed
|
|
end
|
|
|
|
def unsafe_findings_uuids(severity_levels, report_types)
|
|
findings.select { |finding| finding.unsafe?(severity_levels, report_types) }.map(&:uuid)
|
|
end
|
|
|
|
private
|
|
|
|
def unsafe_findings_count(target_reports, severity_levels, vulnerability_states, report_types)
|
|
new_uuids = unsafe_findings_uuids(severity_levels, report_types) - target_reports&.unsafe_findings_uuids(severity_levels, report_types).to_a
|
|
new_uuids.count
|
|
end
|
|
|
|
def scan_removed?(target_reports)
|
|
(target_reports&.reports&.keys.to_a - reports.keys).any?
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
Gitlab::Ci::Reports::Security::Reports.prepend_mod_with('Gitlab::Ci::Reports::Security::Reports')
|