Class: Gitlab::Ci::Parsers::Security::Validators::SchemaValidator
- Inherits:
-
Object
- Object
- Gitlab::Ci::Parsers::Security::Validators::SchemaValidator
- Defined in:
- lib/gitlab/ci/parsers/security/validators/schema_validator.rb
Defined Under Namespace
Classes: Schema
Constant Summary collapse
- SUPPORTED_VERSIONS =
{ cluster_image_scanning: %w[15.0.0 15.0.1 15.0.2 15.0.4 15.0.5 15.0.6], container_scanning: %w[15.0.0 15.0.1 15.0.2 15.0.4 15.0.5 15.0.6], coverage_fuzzing: %w[15.0.0 15.0.1 15.0.2 15.0.4 15.0.5 15.0.6], dast: %w[15.0.0 15.0.1 15.0.2 15.0.4 15.0.5 15.0.6], api_fuzzing: %w[15.0.0 15.0.1 15.0.2 15.0.4 15.0.5 15.0.6], dependency_scanning: %w[15.0.0 15.0.1 15.0.2 15.0.4 15.0.5 15.0.6], sast: %w[15.0.0 15.0.1 15.0.2 15.0.4 15.0.5 15.0.6], secret_detection: %w[15.0.0 15.0.1 15.0.2 15.0.4 15.0.5 15.0.6] }.freeze
- VERSIONS_TO_REMOVE_IN_17_0 =
%w[].freeze
- DEPRECATED_VERSIONS =
{ cluster_image_scanning: VERSIONS_TO_REMOVE_IN_17_0, container_scanning: VERSIONS_TO_REMOVE_IN_17_0, coverage_fuzzing: VERSIONS_TO_REMOVE_IN_17_0, dast: VERSIONS_TO_REMOVE_IN_17_0, api_fuzzing: VERSIONS_TO_REMOVE_IN_17_0, dependency_scanning: VERSIONS_TO_REMOVE_IN_17_0, sast: VERSIONS_TO_REMOVE_IN_17_0, secret_detection: VERSIONS_TO_REMOVE_IN_17_0 }.freeze
- CURRENT_VERSIONS =
SUPPORTED_VERSIONS.to_h { |k, v| [k, v - DEPRECATED_VERSIONS[k]] }
Instance Attribute Summary collapse
-
#deprecation_warnings ⇒ Object
readonly
Returns the value of attribute deprecation_warnings.
-
#errors ⇒ Object
readonly
Returns the value of attribute errors.
-
#warnings ⇒ Object
readonly
Returns the value of attribute warnings.
Instance Method Summary collapse
- #add_deprecated_report_version_message ⇒ Object
- #add_message_as(level:, message:) ⇒ Object
- #add_schema_version_error? ⇒ Boolean
- #add_schema_version_errors ⇒ Object
- #add_supported_major_minor_behavior_warning ⇒ Object
- #current_schema_versions ⇒ Object
- #find_latest_patch_version ⇒ Object
-
#initialize(report_type, report_data, report_version = nil, project: nil, scanner: nil) ⇒ SchemaValidator
constructor
A new instance of SchemaValidator.
- #log_warnings(problem_type:) ⇒ Object
- #populate_deprecation_warnings ⇒ Object
- #populate_schema_version_errors ⇒ Object
- #populate_validation_errors ⇒ Object
- #report_uses_deprecated_schema_version? ⇒ Boolean
- #report_uses_supported_major_and_minor_schema_version? ⇒ Boolean
- #report_uses_supported_schema_version? ⇒ Boolean
- #supported_schema_versions ⇒ Object
- #valid? ⇒ Boolean
Constructor Details
#initialize(report_type, report_data, report_version = nil, project: nil, scanner: nil) ⇒ SchemaValidator
Returns a new instance of SchemaValidator.
89 90 91 92 93 94 95 96 97 98 99 100 101 102 |
# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 89 def initialize(report_type, report_data, report_version = nil, project: nil, scanner: nil) @report_type = report_type&.to_sym @report_data = report_data @report_version = report_version @project = project @scanner = scanner @errors = [] @warnings = [] @deprecation_warnings = [] populate_schema_version_errors populate_validation_errors populate_deprecation_warnings end |
Instance Attribute Details
#deprecation_warnings ⇒ Object (readonly)
Returns the value of attribute deprecation_warnings.
235 236 237 |
# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 235 def deprecation_warnings @deprecation_warnings end |
#errors ⇒ Object (readonly)
Returns the value of attribute errors.
235 236 237 |
# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 235 def errors @errors end |
#warnings ⇒ Object (readonly)
Returns the value of attribute warnings.
235 236 237 |
# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 235 def warnings @warnings end |
Instance Method Details
#add_deprecated_report_version_message ⇒ Object
184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 |
# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 184 def log_warnings(problem_type: 'using_deprecated_schema_version') template = _("version %{report_version} for report type %{report_type} is deprecated. "\ "However, GitLab will still attempt to parse and ingest this report. "\ "Upgrade the security report to one of the following versions: %{current_schema_versions}.") = format( template, report_version: report_version, report_type: report_type, current_schema_versions: current_schema_versions) (level: :deprecation_warning, message: ) end |
#add_message_as(level:, message:) ⇒ Object
224 225 226 227 228 229 230 231 232 233 |
# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 224 def (level:, message:) case level when :deprecation_warning @deprecation_warnings << when :error @errors << when :warning @warnings << end end |
#add_schema_version_error? ⇒ Boolean
127 128 129 130 131 |
# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 127 def add_schema_version_error? !report_uses_supported_schema_version? && !report_uses_deprecated_schema_version? && !report_uses_supported_major_and_minor_schema_version? end |
#add_schema_version_errors ⇒ Object
108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 |
# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 108 def add_schema_version_errors if report_version.nil? template = _("Report version not provided,"\ " %{report_type} report type supports versions: %{supported_schema_versions}."\ " GitLab will attempt to validate this report against the earliest supported versions of this report"\ " type, to show all the errors but will not ingest the report") = format(template, report_type: report_type, supported_schema_versions: supported_schema_versions) else template = _("Version %{report_version} for report type %{report_type} is unsupported, supported versions"\ " for this report type are: %{supported_schema_versions}."\ " GitLab will attempt to validate this report against the earliest supported versions of this report"\ " type, to show all the errors but will not ingest the report") = format(template, report_version: report_version, report_type: report_type, supported_schema_versions: supported_schema_versions) end log_warnings(problem_type: 'using_unsupported_schema_version') (level: :error, message: ) end |
#add_supported_major_minor_behavior_warning ⇒ Object
159 160 161 162 163 164 165 166 167 168 169 170 |
# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 159 def add_supported_major_minor_behavior_warning template = _("This report uses a supported MAJOR.MINOR schema version but the PATCH version doesn't match"\ " any vendored schema version. Validation will be attempted against version"\ " %{find_latest_patch_version}") = format(template, find_latest_patch_version: find_latest_patch_version) ( level: :warning, message: ) end |
#current_schema_versions ⇒ Object
216 217 218 |
# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 216 def current_schema_versions CURRENT_VERSIONS[report_type].join(", ") end |
#find_latest_patch_version ⇒ Object
150 151 152 153 154 155 156 157 |
# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 150 def find_latest_patch_version ::Security::ReportSchemaVersionMatcher.new( report_declared_version: report_version, supported_versions: SUPPORTED_VERSIONS[report_type] ).call rescue ArgumentError nil end |
#log_warnings(problem_type:) ⇒ Object
204 205 206 207 208 209 210 211 212 213 214 |
# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 204 def log_warnings(problem_type:) Gitlab::AppLogger.info( message: 'security report schema validation problem', security_report_type: report_type, security_report_version: report_version, project_id: @project.id, security_report_failure: problem_type, security_report_scanner_id: @scanner&.dig('id'), security_report_scanner_version: @scanner&.dig('version') ) end |
#populate_deprecation_warnings ⇒ Object
180 181 182 |
# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 180 def populate_deprecation_warnings if report_uses_deprecated_schema_version? end |
#populate_schema_version_errors ⇒ Object
104 105 106 |
# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 104 def populate_schema_version_errors add_schema_version_errors if add_schema_version_error? end |
#populate_validation_errors ⇒ Object
172 173 174 175 176 177 178 |
# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 172 def populate_validation_errors schema_validation_errors = schema.validate(report_data).map { |error| JSONSchemer::Errors.pretty(error) } log_warnings(problem_type: 'schema_validation_fails') unless schema_validation_errors.empty? @errors += schema_validation_errors end |
#report_uses_deprecated_schema_version? ⇒ Boolean
133 134 135 |
# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 133 def report_uses_deprecated_schema_version? DEPRECATED_VERSIONS[report_type].include?(report_version) end |
#report_uses_supported_major_and_minor_schema_version? ⇒ Boolean
141 142 143 144 145 146 147 148 |
# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 141 def report_uses_supported_major_and_minor_schema_version? if !find_latest_patch_version.nil? add_supported_major_minor_behavior_warning true else false end end |
#report_uses_supported_schema_version? ⇒ Boolean
137 138 139 |
# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 137 def report_uses_supported_schema_version? SUPPORTED_VERSIONS[report_type].include?(report_version) end |
#supported_schema_versions ⇒ Object
220 221 222 |
# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 220 def supported_schema_versions SUPPORTED_VERSIONS[report_type].join(", ") end |
#valid? ⇒ Boolean
200 201 202 |
# File 'lib/gitlab/ci/parsers/security/validators/schema_validator.rb', line 200 def valid? errors.empty? end |