Skip to content

Fix parsers design flaw

Mehmet Emin INAC requested to merge fix_parsers_design_flaw into master

What does this MR do?

This MR changes the public interface of Security parsers to prevent passing arguments from method to method within the instance itself.

Previously, we were instantiating the parser objects without passing any arguments, and then we were calling the parse! method with the necessary arguments to parse the reports like so;

Gitlab::Ci::Parsers::Security::Dast.new.parse!(data, report)

This was forcing us to pass the data and report object between the methods of the parser instance. Basically, we were using the objects as if they are the singleton class instance.

By just fixing the interface of the initialization method of the parsers, now we can work on the JSON data and report without the need of passing them all around.

Gitlab::Ci::Parsers::Security::Dast.new(data, report).parse!
# or
Gitlab::Ci::Parsers::Security::Dast.parse!(data, report)

This change will enable us to apply more refactoring on these parsers.

Screenshots (strongly suggested)

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • [-] Label as security and @ mention @gitlab-com/gl-security/appsec
  • [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • [-] Security reports checked/validated by a reviewer from the AppSec team
Edited by Mehmet Emin INAC

Merge request reports

Loading