Class: Gitlab::Ci::Parsers::Security::Validators::SchemaValidator

Inherits:

Object

• Object
• Gitlab::Ci::Parsers::Security::Validators::SchemaValidator

Defined in:

lib/gitlab/ci/parsers/security/validators/schema_validator.rb

Defined Under Namespace

Classes: Schema

Constant Summary

SUPPORTED_VERSIONS =

{
  cluster_image_scanning: %w[15.0.0 15.0.1 15.0.2 15.0.4 15.0.5 15.0.6],
  container_scanning: %w[15.0.0 15.0.1 15.0.2 15.0.4 15.0.5 15.0.6],
  coverage_fuzzing: %w[15.0.0 15.0.1 15.0.2 15.0.4 15.0.5 15.0.6],
  dast: %w[15.0.0 15.0.1 15.0.2 15.0.4 15.0.5 15.0.6],
  api_fuzzing: %w[15.0.0 15.0.1 15.0.2 15.0.4 15.0.5 15.0.6],
  dependency_scanning: %w[15.0.0 15.0.1 15.0.2 15.0.4 15.0.5 15.0.6],
  sast: %w[15.0.0 15.0.1 15.0.2 15.0.4 15.0.5 15.0.6],
  secret_detection: %w[15.0.0 15.0.1 15.0.2 15.0.4 15.0.5 15.0.6]
}.freeze

VERSIONS_TO_REMOVE_IN_17_0 =

%w[].freeze

DEPRECATED_VERSIONS =

{
  cluster_image_scanning: VERSIONS_TO_REMOVE_IN_17_0,
  container_scanning: VERSIONS_TO_REMOVE_IN_17_0,
  coverage_fuzzing: VERSIONS_TO_REMOVE_IN_17_0,
  dast: VERSIONS_TO_REMOVE_IN_17_0,
  api_fuzzing: VERSIONS_TO_REMOVE_IN_17_0,
  dependency_scanning: VERSIONS_TO_REMOVE_IN_17_0,
  sast: VERSIONS_TO_REMOVE_IN_17_0,
  secret_detection: VERSIONS_TO_REMOVE_IN_17_0
}.freeze

CURRENT_VERSIONS =

SUPPORTED_VERSIONS.to_h { |k, v| [k, v - DEPRECATED_VERSIONS[k]] }

Instance Attribute Summary

• #deprecation_warnings ⇒ Object readonly

  Returns the value of attribute deprecation_warnings.

• #errors ⇒ Object readonly

  Returns the value of attribute errors.

• #warnings ⇒ Object readonly

  Returns the value of attribute warnings.

Instance Method Summary

• #add_deprecated_report_version_message ⇒ Object
• #add_message_as(level:, message:) ⇒ Object
• #add_schema_version_error? ⇒ Boolean
• #add_schema_version_errors ⇒ Object
• #add_supported_major_minor_behavior_warning ⇒ Object
• #current_schema_versions ⇒ Object
• #find_latest_patch_version ⇒ Object
• #initialize(report_type, report_data, report_version = nil, project: nil, scanner: nil) ⇒ SchemaValidator constructor

  A new instance of SchemaValidator.

• #log_warnings(problem_type:) ⇒ Object
• #populate_deprecation_warnings ⇒ Object
• #populate_schema_version_errors ⇒ Object
• #populate_validation_errors ⇒ Object
• #report_uses_deprecated_schema_version? ⇒ Boolean
• #report_uses_supported_major_and_minor_schema_version? ⇒ Boolean
• #report_uses_supported_schema_version? ⇒ Boolean
• #supported_schema_versions ⇒ Object
• #valid? ⇒ Boolean

Constructor Details

#initialize(report_type, report_data, report_version = nil, project: nil, scanner: nil) ⇒ SchemaValidator

Returns a new instance of SchemaValidator.

# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 89

def initialize(report_type, report_data, report_version = nil, project: nil, scanner: nil)
  @report_type = report_type&.to_sym
  @report_data = report_data
  @report_version = report_version
  @project = project
  @scanner = scanner
  @errors = []
  @warnings = []
  @deprecation_warnings = []

  populate_schema_version_errors
  populate_validation_errors
  populate_deprecation_warnings
end

Instance Attribute Details

#deprecation_warnings ⇒ Object (readonly)

Returns the value of attribute deprecation_warnings.

# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 235

def deprecation_warnings
  @deprecation_warnings
end

#errors ⇒ Object (readonly)

Returns the value of attribute errors.

# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 235

def errors
  @errors
end

#warnings ⇒ Object (readonly)

Returns the value of attribute warnings.

# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 235

def warnings
  @warnings
end

Instance Method Details

#add_deprecated_report_version_message ⇒ Object

# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 184

def add_deprecated_report_version_message
  log_warnings(problem_type: 'using_deprecated_schema_version')

  template = _("version %{report_version} for report type %{report_type} is deprecated. "\
  "However, GitLab will still attempt to parse and ingest this report. "\
  "Upgrade the security report to one of the following versions: %{current_schema_versions}.")

  message = format(
    template,
    report_version: report_version,
    report_type: report_type,
    current_schema_versions: current_schema_versions)

  add_message_as(level: :deprecation_warning, message: message)
end

#add_message_as(level:, message:) ⇒ Object

# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 224

def add_message_as(level:, message:)
  case level
  when :deprecation_warning
    @deprecation_warnings << message
  when :error
    @errors << message
  when :warning
    @warnings << message
  end
end

#add_schema_version_error? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 127

def add_schema_version_error?
  !report_uses_supported_schema_version? &&
    !report_uses_deprecated_schema_version? &&
    !report_uses_supported_major_and_minor_schema_version?
end

#add_schema_version_errors ⇒ Object

# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 108

def add_schema_version_errors
  if report_version.nil?
    template = _("Report version not provided,"\
    " %{report_type} report type supports versions: %{supported_schema_versions}."\
    " GitLab will attempt to validate this report against the earliest supported versions of this report"\
    " type, to show all the errors but will not ingest the report")
    message = format(template, report_type: report_type, supported_schema_versions: supported_schema_versions)
  else
    template = _("Version %{report_version} for report type %{report_type} is unsupported, supported versions"\
    " for this report type are: %{supported_schema_versions}."\
    " GitLab will attempt to validate this report against the earliest supported versions of this report"\
    " type, to show all the errors but will not ingest the report")
    message = format(template, report_version: report_version, report_type: report_type, supported_schema_versions: supported_schema_versions)
  end

  log_warnings(problem_type: 'using_unsupported_schema_version')
  add_message_as(level: :error, message: message)
end

#add_supported_major_minor_behavior_warning ⇒ Object

# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 159

def add_supported_major_minor_behavior_warning
  template = _("This report uses a supported MAJOR.MINOR schema version but the PATCH version doesn't match"\
    " any vendored schema version. Validation will be attempted against version"\
    " %{find_latest_patch_version}")

  message = format(template, find_latest_patch_version: find_latest_patch_version)

  add_message_as(
    level: :warning,
    message: message
  )
end

#current_schema_versions ⇒ Object

# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 216

def current_schema_versions
  CURRENT_VERSIONS[report_type].join(", ")
end

#find_latest_patch_version ⇒ Object

# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 150

def find_latest_patch_version
  ::Security::ReportSchemaVersionMatcher.new(
    report_declared_version: report_version,
    supported_versions: SUPPORTED_VERSIONS[report_type]
  ).call
rescue ArgumentError
  nil
end

#log_warnings(problem_type:) ⇒ Object

# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 204

def log_warnings(problem_type:)
  Gitlab::AppLogger.info(
    message: 'security report schema validation problem',
    security_report_type: report_type,
    security_report_version: report_version,
    project_id: @project.id,
    security_report_failure: problem_type,
    security_report_scanner_id: @scanner&.dig('id'),
    security_report_scanner_version: @scanner&.dig('version')
  )
end

#populate_deprecation_warnings ⇒ Object

# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 180

def populate_deprecation_warnings
  add_deprecated_report_version_message if report_uses_deprecated_schema_version?
end

#populate_schema_version_errors ⇒ Object

# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 104

def populate_schema_version_errors
  add_schema_version_errors if add_schema_version_error?
end

#populate_validation_errors ⇒ Object

# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 172

def populate_validation_errors
  schema_validation_errors = schema.validate(report_data).map { |error| JSONSchemer::Errors.pretty(error) }

  log_warnings(problem_type: 'schema_validation_fails') unless schema_validation_errors.empty?

  @errors += schema_validation_errors
end

#report_uses_deprecated_schema_version? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 133

def report_uses_deprecated_schema_version?
  DEPRECATED_VERSIONS[report_type].include?(report_version)
end

#report_uses_supported_major_and_minor_schema_version? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 141

def report_uses_supported_major_and_minor_schema_version?
  if !find_latest_patch_version.nil?
    add_supported_major_minor_behavior_warning
    true
  else
    false
  end
end

#report_uses_supported_schema_version? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 137

def report_uses_supported_schema_version?
  SUPPORTED_VERSIONS[report_type].include?(report_version)
end

#supported_schema_versions ⇒ Object

# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 220

def supported_schema_versions
  SUPPORTED_VERSIONS[report_type].join(", ")
end

#valid? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 200

def valid?
  errors.empty?
end