Skip to content
Snippets Groups Projects
Commit d64a5b53 authored by Alan (Maciej) Paruszewski's avatar Alan (Maciej) Paruszewski Committed by Peter Leitzen
Browse files

Update details JSON Schema for Finding 

This change updates JSON Schema for details field in Vulnerability
Finding with newest version of the schema from Security Report Schemas
parent c5744b1a
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 1086 additions and 313 deletions
app/validators/json_schemas/vulnerability_finding_details.json
+ 189
77
View file @ d64a5b53
@@ -6,60 +6,67 @@
"^.*$": {
"allOf": [
{ "$ref": "#/definitions/named_field" },
{ "$ref": "#/definitions/type_list" }
{ "$ref": "#/definitions/detail_type" }
]
}
},
"definitions": {
"type_list": {
"detail_type": {
"oneOf": [
{ "$ref": "#/definitions/named_list" },
{ "$ref": "#/definitions/list" },
{ "$ref": "#/definitions/table" },
{ "$ref": "#/definitions/text" },
{ "$ref": "#/definitions/url" },
{ "$ref": "#/definitions/code" },
{ "$ref": "#/definitions/int" },
{ "$ref": "#/definitions/value" },
{ "$ref": "#/definitions/diff" },
{ "$ref": "#/definitions/markdown" },
{ "$ref": "#/definitions/commit" },
{ "$ref": "#/definitions/file_location" },
{ "$ref": "#/definitions/module_location" }
]
},
"lang_text": {
"type": "object",
"required": [ "value", "lang" ],
"properties": {
"lang": { "type": "string" },
"value": { "type": "string" }
}
},
"lang_text_list": {
"type": "array",
"items": { "$ref": "#/definitions/lang_text" }
"text_value": {
"type": "string"
},
"named_field": {
"type": "object",
"required": [ "name" ],
"required": [
"name"
],
"properties": {
"name": { "$ref": "#/definitions/lang_text_list" },
"description": { "$ref": "#/definitions/lang_text_list" }
"name": {
"$ref": "#/definitions/text_value",
"minLength": 1
},
"description": {
"$ref": "#/definitions/text_value"
}
}
},
"named_list": {
"type": "object",
"description": "An object with named and typed fields",
"required": [ "type", "items" ],
"required": [
"type",
"items"
],
"properties": {
"type": { "const": "named-list" },
"type": {
"const": "named-list"
},
"items": {
"type": "object",
"patternProperties": {
"^.*$": {
"allOf": [
{ "$ref": "#/definitions/named_field" },
{ "$ref": "#/definitions/type_list" }
{
"$ref": "#/definitions/named_field"
},
{
"$ref": "#/definitions/detail_type"
}
]
}
}
@@ -69,38 +76,45 @@
"list": {
"type": "object",
"description": "A list of typed fields",
"required": [ "type", "items" ],
"required": [
"type",
"items"
],
"properties": {
"type": { "const": "list" },
"type": {
"const": "list"
},
"items": {
"type": "array",
"items": { "$ref": "#/definitions/type_list" }
"items": {
"$ref": "#/definitions/detail_type"
}
}
}
},
"table": {
"type": "object",
"description": "A table of typed fields",
"required": [],
"required": [
"type",
"rows"
],
"properties": {
"type": { "const": "table" },
"items": {
"type": "object",
"properties": {
"header": {
"type": "array",
"items": {
"$ref": "#/definitions/type_list"
}
},
"rows": {
"type": "array",
"items": {
"type": "array",
"items": {
"$ref": "#/definitions/type_list"
}
}
"type": {
"const": "table"
},
"header": {
"type": "array",
"items": {
"$ref": "#/definitions/detail_type"
}
},
"rows": {
"type": "array",
"items": {
"type": "array",
"items": {
"$ref": "#/definitions/detail_type"
}
}
}
@@ -109,73 +123,171 @@
"text": {
"type": "object",
"description": "Raw text",
"required": [ "type", "value" ],
"required": [
"type",
"value"
],
"properties": {
"type": { "const": "text" },
"value": { "$ref": "#/definitions/lang_text_list" }
"type": {
"const": "text"
},
"value": {
"$ref": "#/definitions/text_value"
}
}
},
"url": {
"type": "object",
"description": "A single URL",
"required": [ "type", "href" ],
"required": [
"type",
"href"
],
"properties": {
"type": { "const": "url" },
"text": { "$ref": "#/definitions/lang_text_list" },
"href": { "type": "string" }
"type": {
"const": "url"
},
"text": {
"$ref": "#/definitions/text_value"
},
"href": {
"type": "string",
"minLength": 1,
"examples": ["http://mysite.com"]
}
}
},
"code": {
"type": "object",
"description": "A codeblock",
"required": [ "type", "value" ],
"required": [
"type",
"value"
],
"properties": {
"type": { "const": "code" },
"value": { "type": "string" },
"lang": { "type": "string" }
"type": {
"const": "code"
},
"value": {
"type": "string"
},
"lang": {
"type": "string",
"description": "A programming language"
}
}
},
"int": {
"value": {
"type": "object",
"description": "An integer",
"required": [ "type", "value" ],
"description": "A field that can store a range of types of value",
"required": ["type", "value"],
"properties": {
"type": { "const": "int" },
"value": { "type": "integer" },
"format": {
"type": "string",
"enum": [ "default", "hex" ]
"type": { "const": "value" },
"value": {
"type": ["number", "string", "boolean"]
}
}
},
"diff": {
"type": "object",
"description": "A diff",
"required": [
"type",
"before",
"after"
],
"properties": {
"type": {
"const": "diff"
},
"before": {
"type": "string"
},
"after": {
"type": "string"
}
}
},
"markdown": {
"type": "object",
"description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html",
"required": [
"type",
"value"
],
"properties": {
"type": {
"const": "markdown"
},
"value": {
"$ref": "#/definitions/text_value",
"examples": ["Here is markdown `inline code` #1 [test](gitlab.com)\n\n![GitLab Logo](https://about.gitlab.com/images/press/logo/preview/gitlab-logo-white-preview.png)"]
}
}
},
"commit": {
"type": "object",
"description": "A specific commit within the project",
"required": [ "type", "value" ],
"description": "A commit/tag/branch within the GitLab project",
"required": [
"type",
"value"
],
"properties": {
"type": { "const": "commit" },
"value": { "type": "string", "description": "The commit SHA" }
"type": {
"const": "commit"
},
"value": {
"type": "string",
"description": "The commit SHA",
"minLength": 1
}
}
},
"file_location": {
"type": "object",
"description": "A location within a file in the project",
"required": [ "type", "file_name", "line_start" ],
"required": [
"type",
"file_name",
"line_start"
],
"properties": {
"type": { "const": "file-location" },
"file_name": { "type": "string" },
"line_start": { "type": "integer" },
"line_end": { "type": "integer" }
"type": {
"const": "file-location"
},
"file_name": {
"type": "string",
"minLength": 1
},
"line_start": {
"type": "integer"
},
"line_end": {
"type": "integer"
}
}
},
"module_location": {
"type": "object",
"description": "A location within a binary module of the form module+relative_offset",
"required": [ "type", "module_name", "offset" ],
"required": [
"type",
"module_name",
"offset"
],
"properties": {
"type": { "const": "module-location" },
"module_name": { "type": "string" },
"offset": { "type": "integer" }
"type": {
"const": "module-location"
},
"module_name": {
"type": "string",
"minLength": 1,
"examples": ["compiled_binary"]
},
"offset": {
"type": "integer",
"examples": [100]
}
}
}
}
doc/api/graphql/reference/gitlab_schema.graphql
+ 26
26
View file @ d64a5b53
@@ -28462,7 +28462,7 @@ type VulnerabilityDetailBase {
"""
Description of the field.
"""
description: String!
description: String
 
"""
Name of the field.
@@ -28472,7 +28472,7 @@ type VulnerabilityDetailBase {
"""
Name of the field.
"""
name: String!
name: String
}
 
"""
@@ -28482,7 +28482,7 @@ type VulnerabilityDetailBoolean {
"""
Description of the field.
"""
description: String!
description: String
 
"""
Name of the field.
@@ -28492,7 +28492,7 @@ type VulnerabilityDetailBoolean {
"""
Name of the field.
"""
name: String!
name: String
 
"""
Value of the field.
@@ -28507,7 +28507,7 @@ type VulnerabilityDetailCode {
"""
Description of the field.
"""
description: String!
description: String
 
"""
Name of the field.
@@ -28522,7 +28522,7 @@ type VulnerabilityDetailCode {
"""
Name of the field.
"""
name: String!
name: String
 
"""
Source code.
@@ -28537,7 +28537,7 @@ type VulnerabilityDetailCommit {
"""
Description of the field.
"""
description: String!
description: String
 
"""
Name of the field.
@@ -28547,7 +28547,7 @@ type VulnerabilityDetailCommit {
"""
Name of the field.
"""
name: String!
name: String
 
"""
The commit SHA value.
@@ -28572,7 +28572,7 @@ type VulnerabilityDetailDiff {
"""
Description of the field.
"""
description: String!
description: String
 
"""
Name of the field.
@@ -28582,7 +28582,7 @@ type VulnerabilityDetailDiff {
"""
Name of the field.
"""
name: String!
name: String
}
 
"""
@@ -28592,7 +28592,7 @@ type VulnerabilityDetailFileLocation {
"""
Description of the field.
"""
description: String!
description: String
 
"""
Name of the field.
@@ -28617,7 +28617,7 @@ type VulnerabilityDetailFileLocation {
"""
Name of the field.
"""
name: String!
name: String
}
 
"""
@@ -28627,7 +28627,7 @@ type VulnerabilityDetailInt {
"""
Description of the field.
"""
description: String!
description: String
 
"""
Name of the field.
@@ -28637,7 +28637,7 @@ type VulnerabilityDetailInt {
"""
Name of the field.
"""
name: String!
name: String
 
"""
Value of the field.
@@ -28652,7 +28652,7 @@ type VulnerabilityDetailList {
"""
Description of the field.
"""
description: String!
description: String
 
"""
Name of the field.
@@ -28667,7 +28667,7 @@ type VulnerabilityDetailList {
"""
Name of the field.
"""
name: String!
name: String
}
 
"""
@@ -28677,7 +28677,7 @@ type VulnerabilityDetailMarkdown {
"""
Description of the field.
"""
description: String!
description: String
 
"""
Name of the field.
@@ -28687,7 +28687,7 @@ type VulnerabilityDetailMarkdown {
"""
Name of the field.
"""
name: String!
name: String
 
"""
Value of the Markdown field.
@@ -28702,7 +28702,7 @@ type VulnerabilityDetailModuleLocation {
"""
Description of the field.
"""
description: String!
description: String
 
"""
Name of the field.
@@ -28717,7 +28717,7 @@ type VulnerabilityDetailModuleLocation {
"""
Name of the field.
"""
name: String!
name: String
 
"""
Offset of the module location.
@@ -28732,7 +28732,7 @@ type VulnerabilityDetailTable {
"""
Description of the field.
"""
description: String!
description: String
 
"""
Name of the field.
@@ -28747,7 +28747,7 @@ type VulnerabilityDetailTable {
"""
Name of the field.
"""
name: String!
name: String
 
"""
Table rows.
@@ -28762,7 +28762,7 @@ type VulnerabilityDetailText {
"""
Description of the field.
"""
description: String!
description: String
 
"""
Name of the field.
@@ -28772,7 +28772,7 @@ type VulnerabilityDetailText {
"""
Name of the field.
"""
name: String!
name: String
 
"""
Value of the text field.
@@ -28787,7 +28787,7 @@ type VulnerabilityDetailUrl {
"""
Description of the field.
"""
description: String!
description: String
 
"""
Name of the field.
@@ -28802,7 +28802,7 @@ type VulnerabilityDetailUrl {
"""
Name of the field.
"""
name: String!
name: String
 
"""
Text of the URL.
doc/api/graphql/reference/gitlab_schema.json
+ 78
182
View file @ d64a5b53
@@ -81731,13 +81731,9 @@
 
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
"kind": "SCALAR",
"name": "String",
"ofType": null
},
"isDeprecated": false,
"deprecationReason": null
@@ -81763,13 +81759,9 @@
 
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
"kind": "SCALAR",
"name": "String",
"ofType": null
},
"isDeprecated": false,
"deprecationReason": null
@@ -81794,13 +81786,9 @@
 
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
"kind": "SCALAR",
"name": "String",
"ofType": null
},
"isDeprecated": false,
"deprecationReason": null
@@ -81826,13 +81814,9 @@
 
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
"kind": "SCALAR",
"name": "String",
"ofType": null
},
"isDeprecated": false,
"deprecationReason": null
@@ -81875,13 +81859,9 @@
 
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
"kind": "SCALAR",
"name": "String",
"ofType": null
},
"isDeprecated": false,
"deprecationReason": null
@@ -81921,13 +81901,9 @@
 
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
"kind": "SCALAR",
"name": "String",
"ofType": null
},
"isDeprecated": false,
"deprecationReason": null
@@ -81939,13 +81915,9 @@
 
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
"kind": "SCALAR",
"name": "String",
"ofType": null
},
"isDeprecated": false,
"deprecationReason": null
@@ -81970,13 +81942,9 @@
 
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
"kind": "SCALAR",
"name": "String",
"ofType": null
},
"isDeprecated": false,
"deprecationReason": null
@@ -82002,13 +81970,9 @@
 
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
"kind": "SCALAR",
"name": "String",
"ofType": null
},
"isDeprecated": false,
"deprecationReason": null
@@ -82020,13 +81984,9 @@
 
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
"kind": "SCALAR",
"name": "String",
"ofType": null
},
"isDeprecated": false,
"deprecationReason": null
@@ -82051,13 +82011,9 @@
 
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
"kind": "SCALAR",
"name": "String",
"ofType": null
},
"isDeprecated": false,
"deprecationReason": null
@@ -82069,13 +82025,9 @@
 
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
"kind": "SCALAR",
"name": "String",
"ofType": null
},
"isDeprecated": false,
"deprecationReason": null
@@ -82087,13 +82039,9 @@
 
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
"kind": "SCALAR",
"name": "String",
"ofType": null
},
"isDeprecated": false,
"deprecationReason": null
@@ -82119,13 +82067,9 @@
 
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
"kind": "SCALAR",
"name": "String",
"ofType": null
},
"isDeprecated": false,
"deprecationReason": null
@@ -82150,13 +82094,9 @@
 
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
"kind": "SCALAR",
"name": "String",
"ofType": null
},
"isDeprecated": false,
"deprecationReason": null
@@ -82182,13 +82122,9 @@
 
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
"kind": "SCALAR",
"name": "String",
"ofType": null
},
"isDeprecated": false,
"deprecationReason": null
@@ -82236,13 +82172,9 @@
 
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
"kind": "SCALAR",
"name": "String",
"ofType": null
},
"isDeprecated": false,
"deprecationReason": null
@@ -82267,13 +82199,9 @@
 
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
"kind": "SCALAR",
"name": "String",
"ofType": null
},
"isDeprecated": false,
"deprecationReason": null
@@ -82299,13 +82227,9 @@
 
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
"kind": "SCALAR",
"name": "String",
"ofType": null
},
"isDeprecated": false,
"deprecationReason": null
@@ -82348,13 +82272,9 @@
 
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
"kind": "SCALAR",
"name": "String",
"ofType": null
},
"isDeprecated": false,
"deprecationReason": null
@@ -82406,13 +82326,9 @@
 
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
"kind": "SCALAR",
"name": "String",
"ofType": null
},
"isDeprecated": false,
"deprecationReason": null
@@ -82437,13 +82353,9 @@
 
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
"kind": "SCALAR",
"name": "String",
"ofType": null
},
"isDeprecated": false,
"deprecationReason": null
@@ -82469,13 +82381,9 @@
 
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
"kind": "SCALAR",
"name": "String",
"ofType": null
},
"isDeprecated": false,
"deprecationReason": null
@@ -82487,13 +82395,9 @@
 
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
"kind": "SCALAR",
"name": "String",
"ofType": null
},
"isDeprecated": false,
"deprecationReason": null
@@ -82518,13 +82422,9 @@
 
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
"kind": "SCALAR",
"name": "String",
"ofType": null
},
"isDeprecated": false,
"deprecationReason": null
@@ -82550,13 +82450,9 @@
 
],
"type": {
"kind": "NON_NULL",
"name": null,
"ofType": {
"kind": "SCALAR",
"name": "String",
"ofType": null
}
"kind": "SCALAR",
"name": "String",
"ofType": null
},
"isDeprecated": false,
"deprecationReason": null
doc/api/graphql/reference/index.md
+ 26
26
View file @ d64a5b53
@@ -4335,9 +4335,9 @@ Represents the vulnerability details base.
 
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
 
### VulnerabilityDetailBoolean
 
@@ -4345,9 +4345,9 @@ Represents the vulnerability details boolean value.
 
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
| `value` | Boolean! | Value of the field. |
 
### VulnerabilityDetailCode
@@ -4356,10 +4356,10 @@ Represents the vulnerability details code field.
 
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `lang` | String | Language of the code. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
| `value` | String! | Source code. |
 
### VulnerabilityDetailCommit
@@ -4368,9 +4368,9 @@ Represents the vulnerability details commit field.
 
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
| `value` | String! | The commit SHA value. |
 
### VulnerabilityDetailDiff
@@ -4381,9 +4381,9 @@ Represents the vulnerability details diff field.
| ----- | ---- | ----------- |
| `after` | String! | Value of the field after the change. |
| `before` | String! | Value of the field before the change. |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
 
### VulnerabilityDetailFileLocation
 
@@ -4391,12 +4391,12 @@ Represents the vulnerability details location within a file in the project.
 
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `fileName` | String! | File name. |
| `lineEnd` | Int! | End line number of the file location. |
| `lineStart` | Int! | Start line number of the file location. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
 
### VulnerabilityDetailInt
 
@@ -4404,9 +4404,9 @@ Represents the vulnerability details integer value.
 
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
| `value` | Int! | Value of the field. |
 
### VulnerabilityDetailList
@@ -4415,10 +4415,10 @@ Represents the vulnerability details list value.
 
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `items` | VulnerabilityDetail! => Array | List of details. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
 
### VulnerabilityDetailMarkdown
 
@@ -4426,9 +4426,9 @@ Represents the vulnerability details Markdown field.
 
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
| `value` | String! | Value of the Markdown field. |
 
### VulnerabilityDetailModuleLocation
@@ -4437,10 +4437,10 @@ Represents the vulnerability details location within a file in the project.
 
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `moduleName` | String! | Module name. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
| `offset` | Int! | Offset of the module location. |
 
### VulnerabilityDetailTable
@@ -4449,10 +4449,10 @@ Represents the vulnerability details table value.
 
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `headers` | VulnerabilityDetail! => Array | Table headers. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
| `rows` | VulnerabilityDetail! => Array | Table rows. |
 
### VulnerabilityDetailText
@@ -4461,9 +4461,9 @@ Represents the vulnerability details text field.
 
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
| `value` | String! | Value of the text field. |
 
### VulnerabilityDetailUrl
@@ -4472,10 +4472,10 @@ Represents the vulnerability details URL field.
 
| Field | Type | Description |
| ----- | ---- | ----------- |
| `description` | String! | Description of the field. |
| `description` | String | Description of the field. |
| `fieldName` | String | Name of the field. |
| `href` | String! | Href of the URL. |
| `name` | String! | Name of the field. |
| `name` | String | Name of the field. |
| `text` | String | Text of the URL. |
 
### VulnerabilityDismissPayload
ee/app/graphql/types/vulnerability_details/base_type.rb
+ 2
2
View file @ d64a5b53
@@ -10,10 +10,10 @@ class BaseType < BaseObject
field :field_name, GraphQL::STRING_TYPE, null: true,
description: 'Name of the field.'
 
field :name, GraphQL::STRING_TYPE, null: false,
field :name, GraphQL::STRING_TYPE, null: true,
description: 'Name of the field.'
 
field :description, GraphQL::STRING_TYPE, null: false,
field :description, GraphQL::STRING_TYPE, null: true,
description: 'Description of the field.'
end
end
ee/changelogs/unreleased/263497-update-details-schema-for-finding.yml 0 → 100644
+ 5
0
View file @ d64a5b53
---
title: Update details JSON Schema and GraphQL Schema for Vulnerability Finding
merge_request: 54423
author:
type: fixed
ee/spec/factories/vulnerabilities/findings.rb
+ 222
0
View file @ d64a5b53
@@ -225,6 +225,228 @@
end
end
 
trait :with_details do
details do
{
commit: {
name: 'The Commit',
description: 'Commit where the vulnerability was identified',
type: 'commit',
value: '41df7b7eb3be2b5be2c406c2f6d28cd6631eeb19'
},
marked_up: {
name: 'Marked Data',
description: 'GFM-flavored markdown',
type: 'markdown',
value: "Here is markdown `inline code` #1 [test](gitlab.com)\n\n![GitLab Logo](https://about.gitlab.com/images/press/logo/preview/gitlab-logo-white-preview.png)"
},
diff: {
name: 'Modified data',
description: 'How the data was modified',
type: 'diff',
before: "Hello there\nHello world\nhello again",
after: "Hello there\nHello Wooorld\nanew line\nhello again\nhello again"
},
table_data: {
name: 'Registers',
type: 'table',
header: [
{
type: 'text',
value: 'Register'
},
{
type: 'text',
value: 'Value'
},
{
type: 'text',
value: 'Note'
}
],
rows: [
[
{
type: 'text',
value: 'eax'
},
{
type: 'value',
value: 1336
},
{
type: 'text',
value: 'A note for eax'
}
],
[
{
type: 'value',
value: 'ebx'
},
{
type: 'value',
value: 1337
},
{
type: 'value',
value: true
}
],
[
{
type: 'text',
value: 'ecx'
},
{
type: 'value',
value: 1338
},
{
type: 'text',
value: 'A note for ecx'
}
],
[
{
type: 'text',
value: 'edx'
},
{
type: 'value',
value: 1339
},
{
type: 'text',
value: 'A note for edx'
}
]
]
},
urls: {
name: 'URLs',
description: 'The list of URLs in this report',
type: 'list',
items: [
{
type: 'url',
href: 'https://gitlab.com'
},
{
type: 'url',
href: 'https://gitlab.com'
},
{
type: 'url',
href: 'https://gitlab.com'
}
]
},
description: {
name: 'Description',
description: 'The actual description of the description',
type: 'text',
value: 'Text value'
},
code_block: {
name: 'Code Block',
type: 'code',
value: "Here\nis\ncode"
},
named_list: {
name: 'A Named List',
type: 'named-list',
items: {
field1: {
name: 'Field 1',
description: 'The description for field 1',
type: 'text',
value: 'Text'
},
field2: {
name: 'Field 2',
description: 'The description for field 2',
type: 'text',
value: 'Text'
},
nested_ints: {
name: 'Nested Ints',
type: 'list',
items: [
{
type: 'value',
value: 1337
},
{
type: 'value',
value: '0x1337'
}
]
}
}
},
stack_trace: {
name: 'Stack Trace',
type: 'list',
items: [
{
type: 'module-location',
module_name: 'compiled_binary',
offset: 100
},
{
type: 'module-location',
module_name: 'compiled_binary',
offset: 500
},
{
type: 'module-location',
module_name: 'compiled_binary',
offset: 700
},
{
type: 'module-location',
module_name: 'compiled_binary',
offset: 1000
}
]
},
location1: {
name: 'Location 1',
description: 'The first location',
type: 'file-location',
file_name: 'new_file.c',
line_start: 5,
line_end: 6
},
module_location1: {
name: 'Module Location 1',
description: 'The first location',
type: 'module-location',
module_name: 'gitlab.h',
offset: 100
},
code: {
type: 'code',
name: 'Truthy Code',
value: 'function isTrue(value) { value ? true : false }',
lang: 'javascript'
},
url: {
type: 'url',
name: 'GitLab URL',
text: 'URL to GitLab.com',
href: 'https://gitlab.com'
},
text: {
type: 'text',
name: 'Text with more info',
value: 'More info about this vulnerability'
}
}
end
end
trait :identifier do
after(:build) do |finding|
identifier = build(
ee/spec/requests/api/graphql/vulnerabilities/details_spec.rb 0 → 100644
+ 538
0
View file @ d64a5b53
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe 'Query.vulnerabilities.details' do
include GraphqlHelpers
let_it_be(:project) { create(:project) }
let_it_be(:user) { create(:user, security_dashboard_projects: [project]) }
let_it_be(:fields) do
<<~QUERY
details {
__typename
... on VulnerabilityDetailBoolean {
description
fieldName
name
value
}
... on VulnerabilityDetailCode {
fieldName
lang
name
value
}
... on VulnerabilityDetailCommit {
description
fieldName
name
value
}
... on VulnerabilityDetailDiff {
after
before
description
fieldName
name
}
... on VulnerabilityDetailFileLocation {
description
fieldName
fileName
lineEnd
lineStart
name
}
... on VulnerabilityDetailInt {
description
fieldName
name
value
}
... on VulnerabilityDetailMarkdown {
description
fieldName
name
value
}
... on VulnerabilityDetailModuleLocation {
description
fieldName
moduleName
name
offset
}
... on VulnerabilityDetailText {
description
fieldName
name
value
}
... on VulnerabilityDetailUrl {
description
fieldName
href
name
text
}
... on VulnerabilityDetailTable {
description
fieldName
name
headers {
__typename
... on VulnerabilityDetailBoolean {
description
fieldName
name
value
}
... on VulnerabilityDetailCode {
fieldName
lang
name
value
}
... on VulnerabilityDetailCommit {
description
fieldName
name
value
}
... on VulnerabilityDetailDiff {
after
before
description
fieldName
name
}
... on VulnerabilityDetailFileLocation {
description
fieldName
fileName
lineEnd
lineStart
name
}
... on VulnerabilityDetailInt {
description
fieldName
name
value
}
... on VulnerabilityDetailMarkdown {
description
fieldName
name
value
}
... on VulnerabilityDetailModuleLocation {
description
fieldName
moduleName
name
offset
}
... on VulnerabilityDetailText {
description
fieldName
name
value
}
... on VulnerabilityDetailUrl {
description
fieldName
href
name
text
}
}
rows {
__typename
... on VulnerabilityDetailBoolean {
description
fieldName
name
value
}
... on VulnerabilityDetailCode {
fieldName
lang
name
value
}
... on VulnerabilityDetailCommit {
description
fieldName
name
value
}
... on VulnerabilityDetailDiff {
after
before
description
fieldName
name
}
... on VulnerabilityDetailFileLocation {
description
fieldName
fileName
lineEnd
lineStart
name
}
... on VulnerabilityDetailInt {
description
fieldName
name
value
}
... on VulnerabilityDetailMarkdown {
description
fieldName
name
value
}
... on VulnerabilityDetailModuleLocation {
description
fieldName
moduleName
name
offset
}
... on VulnerabilityDetailText {
description
fieldName
name
value
}
... on VulnerabilityDetailUrl {
description
fieldName
href
name
text
}
}
}
... on VulnerabilityDetailList {
description
fieldName
items {
__typename
... on VulnerabilityDetailBoolean {
description
fieldName
name
value
}
... on VulnerabilityDetailCode {
fieldName
lang
name
value
}
... on VulnerabilityDetailCommit {
description
fieldName
name
value
}
... on VulnerabilityDetailDiff {
after
before
description
fieldName
name
}
... on VulnerabilityDetailFileLocation {
description
fieldName
fileName
lineEnd
lineStart
name
}
... on VulnerabilityDetailInt {
description
fieldName
name
value
}
... on VulnerabilityDetailMarkdown {
description
fieldName
name
value
}
... on VulnerabilityDetailModuleLocation {
description
fieldName
moduleName
name
offset
}
... on VulnerabilityDetailText {
description
fieldName
name
value
}
... on VulnerabilityDetailUrl {
description
fieldName
href
name
text
}
}
name
}
}
QUERY
end
let_it_be(:query) do
graphql_query_for('vulnerabilities', {}, query_graphql_field('nodes', {}, fields))
end
let_it_be(:vulnerability) { create(:vulnerability, project: project, report_type: :container_scanning) }
let_it_be(:finding) do
create(
:vulnerabilities_finding,
:with_details,
vulnerability: vulnerability
)
end
subject { graphql_data.dig('vulnerabilities', 'nodes') }
before do
project.add_developer(user)
stub_licensed_features(security_dashboard: true)
post_graphql(query, current_user: user)
end
let(:expected_details) do
[
{
"__typename" => "VulnerabilityDetailUrl",
"description" => nil,
"fieldName" => "url",
"href" => "https://gitlab.com",
"name" => "GitLab URL",
"text" => "URL to GitLab.com"
},
{
"__typename" => "VulnerabilityDetailCode",
"fieldName" => "code",
"lang" => "javascript",
"name" => "Truthy Code",
"value" => "function isTrue(value) { value ? true : false }"
},
{
"__typename" => "VulnerabilityDetailDiff",
"after" => "Hello there\nHello Wooorld\nanew line\nhello again\nhello again",
"before" => "Hello there\nHello world\nhello again",
"description" => "How the data was modified",
"fieldName" => "diff",
"name" => "Modified data"
},
{
"__typename" => "VulnerabilityDetailText",
"description" => nil,
"fieldName" => "text",
"name" => "Text with more info",
"value" => "More info about this vulnerability"
},
{
"__typename" => "VulnerabilityDetailList",
"description" => "The list of URLs in this report",
"fieldName" => "urls",
"items" => [
{
"__typename" => "VulnerabilityDetailUrl",
"description" => nil,
"fieldName" => nil,
"href" => "https://gitlab.com",
"name" => nil,
"text" => nil
},
{
"__typename" => "VulnerabilityDetailUrl",
"description" => nil,
"fieldName" => nil,
"href" => "https://gitlab.com",
"name" => nil,
"text" => nil
},
{
"__typename" => "VulnerabilityDetailUrl",
"description" => nil,
"fieldName" => nil,
"href" => "https://gitlab.com",
"name" => nil,
"text" => nil
}
],
"name" => "URLs"
},
{
"__typename" => "VulnerabilityDetailCommit",
"description" => "Commit where the vulnerability was identified",
"fieldName" => "commit",
"name" => "The Commit",
"value" => "41df7b7eb3be2b5be2c406c2f6d28cd6631eeb19"
},
{
"__typename" => "VulnerabilityDetailFileLocation",
"description" => "The first location",
"fieldName" => "location1",
"fileName" => "new_file.c",
"lineEnd" => 6,
"lineStart" => 5,
"name" => "Location 1"
},
{
"__typename" => "VulnerabilityDetailMarkdown",
"description" => "GFM-flavored markdown",
"fieldName" => "marked_up",
"name" => "Marked Data",
"value" => "Here is markdown `inline code` #1 [test](gitlab.com)\n\n![GitLab Logo](https://about.gitlab.com/images/press/logo/preview/gitlab-logo-white-preview.png)"
},
{
"__typename" => "VulnerabilityDetailCode",
"fieldName" => "code_block",
"lang" => nil,
"name" => "Code Block",
"value" => "Here\nis\ncode"
},
{
"__typename" => "VulnerabilityDetailList",
"description" => nil,
"fieldName" => "named_list",
"items" => [
{
"__typename" => "VulnerabilityDetailText",
"description" => "The description for field 1",
"fieldName" => "field1",
"name" => "Field 1",
"value" => "Text"
},
{
"__typename" => "VulnerabilityDetailText",
"description" => "The description for field 2",
"fieldName" => "field2",
"name" => "Field 2",
"value" => "Text"
},
{
"__typename" => "VulnerabilityDetailList"
}
],
"name" => "A Named List"
},
{
"__typename" => "VulnerabilityDetailTable",
"description" => nil,
"fieldName" => "table_data",
"name" => "Registers",
"headers" => [],
"rows" => [
{
"__typename" => "VulnerabilityDetailInt",
"description" => nil,
"fieldName" => "{\"type\"=>\"text\", \"value\"=>\"eax\"}",
"name" => nil,
"value" => 1336
},
{
"__typename" => "VulnerabilityDetailInt",
"description" => nil,
"fieldName" => "{\"type\"=>\"value\", \"value\"=>\"ebx\"}",
"name" => nil,
"value" => 1337
},
{
"__typename" => "VulnerabilityDetailInt",
"description" => nil,
"fieldName" => "{\"type\"=>\"text\", \"value\"=>\"ecx\"}",
"name" => nil,
"value" => 1338
},
{
"__typename" => "VulnerabilityDetailInt",
"description" => nil,
"fieldName" => "{\"type\"=>\"text\", \"value\"=>\"edx\"}",
"name" => nil,
"value" => 1339
}
]
},
{
"__typename" => "VulnerabilityDetailText",
"description" => "The actual description of the description",
"fieldName" => "description",
"name" => "Description",
"value" => "Text value"
},
{
"__typename" => "VulnerabilityDetailList",
"description" => nil,
"fieldName" => "stack_trace",
"items" => [
{
"__typename" => "VulnerabilityDetailModuleLocation",
"description" => nil,
"fieldName" => nil,
"moduleName" => "compiled_binary",
"name" => nil,
"offset" => 100
},
{
"__typename" => "VulnerabilityDetailModuleLocation",
"description" => nil,
"fieldName" => nil,
"moduleName" => "compiled_binary",
"name" => nil,
"offset" => 500
},
{
"__typename" => "VulnerabilityDetailModuleLocation",
"description" => nil,
"fieldName" => nil,
"moduleName" => "compiled_binary",
"name" => nil,
"offset" => 700
},
{
"__typename" => "VulnerabilityDetailModuleLocation",
"description" => nil,
"fieldName" => nil,
"moduleName" => "compiled_binary",
"name" => nil,
"offset" => 1000
}
],
"name" => "Stack Trace"
},
{
"__typename" => "VulnerabilityDetailModuleLocation",
"description" => "The first location",
"fieldName" => "module_location1",
"moduleName" => "gitlab.h",
"name" => "Module Location 1",
"offset" => 100
}
]
end
it 'returns a vulnerability details' do
expect(subject.first['details']).to eq(expected_details)
end
end
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment