Update security report `details` field validator
What does this MR do and why?
Updates vulnerability_finding_details.json
to match the latest changes introduced in v15.1.2
- 15.1.4
of security-report-schemas
.
those changes can be found here
.
This change should fix https://gitlab.com/gitlab-org/gitlab/-/issues/472124+s
How to set up and validate locally
- Create a job that uploads a pre-defined
gl-sast-report.json
:
Modify the `.gitlab-ci.yml` file.
stages:
- reproduce
repreduce:
stage: reproduce
script:
- echo hello
artifacts:
access: 'developer'
reports:
sast: gl-sast-report.json
Add `gl-sast-report.json` to the root dir of the repo
This JSON complies with 15.1.4
of security-report-schemas
.
{
"version": "15.1.4",
"vulnerabilities": [
{
"id": ":SKIP:",
"category": "sast",
"name": "Active debug code",
"description": "hello",
"cve": "gitlab-advanced-sast_id:python-flask-rule-app-debug-atomic:13:13",
"severity": "Medium",
"scanner": {
"id": "gitlab-advanced-sast",
"name": "GitLab Advanced SAST"
},
"location": {
"file": "app/app.py",
"start_line": 13
},
"identifiers": [
{
"type": "gitlab-advanced-sast_id",
"name": "python-flask-rule-app-debug-atomic",
"value": "python-flask-rule-app-debug-atomic"
}
]
},
{
"id": ":SKIP:",
"category": "sast",
"name": "hello",
"cve": "gitlab-advanced-sast_id:python-lang-cmdi-system-call-taint:5:5",
"severity": "Critical",
"scanner": {
"id": "gitlab-advanced-sast",
"name": "GitLab Advanced SAST"
},
"location": {
"file": "app/utils.py",
"start_line": 5
},
"identifiers": [
{
"type": "gitlab-advanced-sast_id",
"name": "python-lang-cmdi-system-call-taint",
"value": "python-lang-cmdi-system-call-taint"
}
],
"tracking": {
"type": "source",
"items": [
{
"file": "app/utils.py",
"line_start": 5,
"line_end": 5,
"signatures": [
{
"algorithm": "scope_offset",
"value": "app/utils.py|process_input[0]:2"
}
]
}
]
},
"details": {
"code_flows": {
"items": [
[
{
"file_location": {
"file_name": "app/app.py",
"line_end": 8,
"line_start": 8,
"type": "file-location"
},
"node_type": "source",
"type": "code-flow-node"
},
{
"file_location": {
"file_name": "app/app.py",
"line_end": 8,
"line_start": 8,
"type": "file-location"
},
"node_type": "propagation",
"type": "code-flow-node"
},
{
"file_location": {
"file_name": "app/app.py",
"line_end": 9,
"line_start": 9,
"type": "file-location"
},
"node_type": "propagation",
"type": "code-flow-node"
},
{
"file_location": {
"file_name": "app/utils.py",
"line_end": 4,
"line_start": 4,
"type": "file-location"
},
"node_type": "propagation",
"type": "code-flow-node"
},
{
"file_location": {
"file_name": "app/utils.py",
"line_end": 5,
"line_start": 5,
"type": "file-location"
},
"node_type": "sink",
"type": "code-flow-node"
}
]
],
"name": "code_flows",
"type": "code-flows"
}
}
}
],
"dependency_files": null,
"scan": {
"analyzer": {
"id": "gitlab-advanced-sast",
"name": "GitLab Advanced SAST",
"url": "https://gitlab.com/gitlab-org/security-products/analyzers/gitlab-advanced-sast-src",
"vendor": {
"name": "GitLab"
},
"version": ":SKIP:"
},
"scanner": {
"id": "gitlab-advanced-sast",
"name": "GitLab Advanced SAST",
"url": "https://gitlab.com",
"vendor": {
"name": "GitLab"
},
"version": ":SKIP:"
},
"type": "sast",
"start_time": "1234-11-11T33:22:22",
"end_time": "1234-11-11T33:22:22",
"status": "success"
}
}
-
Run the pipeline.
-
Make sure the ingestion successfully finished.
Related issue:
Edited by Gal Katz