Add OWASP filter to vulnerabilities report GraphQL API's
What does this MR do and why?
Add's owaspTop10
filter to GraphQL API's: project.vulnerabilitySeveritiesCount
and project.vulnerabilities
. For group level vulnerability report, is disabled with FF #437253 (closed) and can be unblocked after closing #432715 (closed)
GraphQL
-
project.vulnerabilitySeveritiesCount
filter:
query {
project(fullPath: "root/owasp-top-10-grouping-test") {
vulnerabilitySeveritiesCount(owaspTop10: [A1_2017, A2_2017, A3_2017, A4_2017, A5_2017, A6_2017, A7_2017, A8_2017, A9_2017, A10_2017]) {
critical
high
info
low
medium
unknown
}
}
}
-
project.vulnerabilities
filter:
query {
project(fullPath: "root/owasp-top-10-grouping-test") {
vulnerabilities(owaspTop10: [A1_2017, A2_2017, A3_2017, A4_2017, A5_2017, A6_2017, A7_2017, A8_2017, A9_2017, A10_2017]) {
nodes {
id
identifiers {
externalId
externalType
name
url
}
}
}
}
}
Database
- Query to be executed from UI to
vulnerabilitySeveritiesCount
GraphQL API:
SELECT
count(*) AS count_all,
vulnerability_reads.severity AS vulnerability_reads_severity
FROM
vulnerability_reads
WHERE
vulnerability_reads.project_id = 278964 AND
vulnerability_reads.report_type IN ( 6, 2, 5, 3, 1, 0, 4, 99 ) AND
vulnerability_reads.owasp_top_10 = 4 AND
vulnerability_reads.resolved_on_default_branch = false
GROUP BY
vulnerability_reads.severity
ORDER BY
vulnerability_reads.severity DESC;
- Query to be executed from UI to
vulnerabilities
GraphQL API:
SELECT
vulnerability_reads.*
FROM
vulnerability_reads
WHERE
vulnerability_reads.project_id = 278964 AND
vulnerability_reads.owasp_top_10 = 13 AND
vulnerability_reads.report_type IN ( 6, 2, 5, 3, 1, 0, 4, 99 ) AND
vulnerability_reads.state IN ( 1, 4 ) AND
vulnerability_reads.resolved_on_default_branch = false
ORDER BY
vulnerability_reads.severity DESC,
vulnerability_reads.vulnerability_id DESC
LIMIT 21;
Index to support the above queries are already implemented and performance details of these queries are available in !141045 (merged)
Screenshots or screen recordings
How to set up and validate locally
- Import project https://gitlab.com/bala.kumar/verify-owasp-top-10-grouping into local and run pipeline for the main branch.
- It will create the one vulnerability for each of owasp_top_10 labels respectively.
- Run the above GraphQL queries on GraphiQL and we should get the results as shared in above screenshots.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Related to #432618 (closed)
Edited by Brian Williams