Update Ruleset package with custom errors and fix Null Vulnerability bug
What does this MR do?
Fixes a bug where null
could be the value for vulnerabilities if the project being scanned does not have a valid ruleset config file.
Two pipelines demonstrating this:
- https://gitlab.com/gitlab-org/security-products/analyzers/brakeman/-/pipelines/206537930: passing because there is a valid bug that gets bubbled up which prevents execution of the block of code containing the bug
- https://gitlab.com/gitlab-org/security-products/analyzers/brakeman/-/pipelines/206533369: failing pipeline because
var vulns []Issue
for _, vuln := range r.Vulnerabilities {
if vulnerabilityEnabled(vuln, disabledIds) {
vulns = append(vulns, vuln)
}
}
r.Vulnerabilities = vulns
was getting hit
What are the relevant issue numbers?
gitlab-org/gitlab#235358 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Zach Rice