Move sorting from integration-test Comparable module to Report package
Proposal
As discussed in this comment, we should remove sorting from the GitlabSecure::IntegrationTest::Comparable
module and instead implement it in the Report.Sort() function of the report package.
- The
report
Go package becomes the only project responsible for the sorting. - It's easier to compare reports using
diff
.
Implementation Plan
-
Move sorting of report.vulnerabilities
:-
Remove sorting from GitlabSecure::IntegrationTest::Comparable.vulnerabilities(): def self.vulnerabilities(vulns) - (vulns || []).map { |v| vulnerability(v) }.sort_by { |x| JSON.generate(x) } + (vulns || []).map { |v| vulnerability(v) } end
-
Update Report.Sort() so that it sorts vulnerabilities by Severity
,CompareKey
andLocation.Dependency.Version
.
-
-
Move sorting of vulnerability.links
andvulnerability.identifiers
:-
Remove sorting vuln["links"] and vuln["identifiers"]: - # sort arrays using all comparable fields - vuln["links"].sort_by! { |x| JSON.generate(x) } - vuln["identifiers"].sort_by! { |x| JSON.generate(x) }
-
Update Report.Sort() so that it sorts Report.Vulnerability.Links
andReport.Vulnerability.Identifiers
.
-
-
Move sorting of report.dependency_files
:-
Remove sorting from GitlabSecure::IntegrationTest::Comparable.dependency_files(): def self.dependency_files(files) - (files || []).map { |f| dependency_file(f) }.sort_by { |f| JSON.generate(f) } + (files || []).map { |f| dependency_file(f) } end
-
Update Report.Sort() so that it sorts Report.DependencyFiles
.This has already been implemented here.
-
-
Move sorting of report.dependencies
:-
Remove sorting from GitlabSecure::IntegrationTest::Comparable.dependencies(): def self.dependencies(deps) - (deps || []).map { |dep| dependency(dep) }.sort_by { |x| JSON.generate(x) } + (deps || []).map { |dep| dependency(dep) } end
-
Update Report.Sort() so that it sorts Report.DependencyFiles[].Dependencies[]
.This has already been implemented here.
-
-
Move sorting of report.remediations
:-
Remove sorting from GitlabSecure::IntegrationTest::Comparable.remediations(): def self.remediations(deps) - (rems || []).map { |r| remediation(r) }.sort_by { |x| JSON.generate(x) } + (rems || []).map { |r| remediation(r) } end
-
Update Report.Sort() so that it sorts Report.Remediations
.This has already been implemented here.
-