Fix report comparison for DS w/o dependency_path
What does this MR do?
This MR adds a fix for the issue reported here that was introduced by Update compare script to work with empty dependency_path values:
The compare_reports.sh
script was exiting with an error when a dependency scanning report without a dependency_path
key was being compared, for example:
"dependency_files": [
{
"path": "api/build.gradle",
"package_manager": "maven",
"dependencies": [
{
"package": {
"name": "asm/asm"
},
"version": "3.3"
},
{
"package": {
"name": "asm/asm-commons"
},
"version": "3.3"
},
meanwhile, it would function properly if the dependency_path
key was present:
"dependency_files": [
{
"path": "src/web.api/packages.lock.json",
"package_manager": "nuget",
"dependencies": [
{
"iid": 12,
"dependency_path": [
{
"iid": 27
}
],
"package": {
"name": "Antlr3.Runtime"
},
"version": "3.5.1"
},
{
"iid": 35,
"dependency_path": [
{
"iid": 27
}
],
"package": {
"name": "Iesi.Collections"
},
"version": "4.0.4"
}
The fix is to only modify the dependency_path
value if an iid
field is present
What are the relevant issue numbers?
gitlab-org/gitlab#229840 (closed)