Merge branch 'qa-e2e-secure-mr-runtime' into 'master'

Split Secure MR E2E files and reuse test setup Closes gitlab-org/quality/team-tasks#266 See merge request gitlab-org/gitlab!22929

Merge branch 'qa-e2e-secure-mr-runtime' into 'master'
Split Secure MR E2E files and reuse test setup Closes gitlab-org/quality/team-tasks#266 See merge request gitlab-org/gitlab!22929
00d09aab · Walmyr Lima e Silva Filho · 4ab7ae86 · 96e663b0 · 00d09aab · 00d09aab
Commit 00d09aab authored Jan 14, 2020 by Walmyr Lima e Silva Filho
2 changed files
--- a/qa/qa/specs/features/ee/browser_ui/secure/create_merge_request_with_secure_spec.rb
+++ b/qa/qa/specs/features/ee/browser_ui/secure/create_merge_request_with_secure_spec.rb
@@ -74,39 +74,6 @@ module QA
          expect(merge_request).to have_dast_vulnerability_count
        end
      end
-
-      it 'can dismiss a vulnerability with a reason' do
-        dismiss_reason = "Vulnerability not applicable"
-
-        Page::MergeRequest::Show.perform do |merge_request|
-          expect(merge_request).to have_vulnerability_report
-          merge_request.dismiss_vulnerability_with_reason(vuln_name, dismiss_reason)
-          merge_request.click_vulnerability(vuln_name)
-
-          expect(merge_request).to have_opened_dismissed_vulnerability(dismiss_reason)
-        end
-      end
-
-      it 'can create an issue from a vulnerability' do
-        Page::MergeRequest::Show.perform do |merge_request|
-          expect(merge_request).to have_vulnerability_report
-          merge_request.create_vulnerability_issue(vuln_name)
-        end
-
-        Page::Project::Issue::Show.perform do |issue|
-          expect(issue).to have_title("Investigate vulnerability: #{vuln_name}")
-        end
-      end
-
-      it 'can create an auto-remediation MR' do
-        Page::MergeRequest::Show.perform do |merge_request|
-          expect(merge_request).to have_vulnerability_report
-          merge_request.resolve_vulnerability_with_mr remediable_vuln_name
-
-          # Context changes as resolve method creates new MR
-          expect(merge_request).to have_title remediable_vuln_name
-        end
-      end
    end
  end
 end
--- a/qa/qa/specs/features/ee/browser_ui/secure/vulnerability_management_spec.rb
+++ b/qa/qa/specs/features/ee/browser_ui/secure/vulnerability_management_spec.rb
+# frozen_string_literal: true
+
+require 'pathname'
+
+module QA
+  context 'Secure', :docker do
+    describe 'Security Reports in a Merge Request' do
+      let(:sast_vuln_count) { 5 }
+      let(:dependency_scan_vuln_count) { 4 }
+      let(:container_scan_vuln_count) { 8 }
+      let(:vuln_name) { "Regular Expression Denial of Service in debug" }
+      let(:remediable_vuln_name) { "Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js" }
+
+      after(:all) do
+        Service::DockerRun::GitlabRunner.new(@executor).remove!
+
+        Runtime::Feature.enable('job_log_json') if @job_log_json_flag_enabled
+      end
+
+      before(:all) do
+        @executor = "qa-runner-#{Time.now.to_i}"
+
+        Flow::Login.sign_in
+
+        @project = Resource::Project.fabricate_via_api! do |p|
+          p.name = Runtime::Env.auto_devops_project_name || 'project-with-secure'
+          p.description = 'Project with Secure'
+          p.auto_devops_enabled = false
+          p.initialize_with_readme = true
+        end
+
+        Resource::Runner.fabricate! do |runner|
+          runner.project = @project
+          runner.name = @executor
+          runner.tags = %w[qa test]
+        end
+
+        # Push fixture to generate Secure reports
+        @source = Resource::Repository::ProjectPush.fabricate! do |push|
+          push.project = @project
+          push.directory = Pathname
+            .new(__dir__)
+            .join('../../../../../ee/fixtures/secure_premade_reports')
+          push.commit_message = 'Create Secure compatible application to serve premade reports'
+          push.branch_name = 'secure-mr'
+        end
+
+        @merge_request = Resource::MergeRequest.fabricate_via_api! do |mr|
+          mr.project = @project
+          mr.source_branch = 'secure-mr'
+          mr.target_branch = 'master'
+          mr.source = @source
+          mr.target = 'master'
+          mr.target_new_branch = false
+        end
+
+        @project.visit!
+        Page::Project::Menu.perform(&:click_ci_cd_pipelines)
+        Page::Project::Pipeline::Index.perform(&:wait_for_latest_pipeline_success)
+      end
+
+      before do
+        Flow::Login.sign_in_unless_signed_in
+        @merge_request.visit!
+      end
+
+      it 'can dismiss a vulnerability with a reason' do
+        dismiss_reason = "Vulnerability not applicable"
+
+        Page::MergeRequest::Show.perform do |merge_request|
+          expect(merge_request).to have_vulnerability_report
+          merge_request.dismiss_vulnerability_with_reason(vuln_name, dismiss_reason)
+          merge_request.click_vulnerability(vuln_name)
+
+          expect(merge_request).to have_opened_dismissed_vulnerability(dismiss_reason)
+        end
+      end
+
+      it 'can create an issue from a vulnerability' do
+        Page::MergeRequest::Show.perform do |merge_request|
+          expect(merge_request).to have_vulnerability_report
+          merge_request.create_vulnerability_issue(vuln_name)
+        end
+
+        Page::Project::Issue::Show.perform do |issue|
+          expect(issue).to have_title("Investigate vulnerability: #{vuln_name}")
+        end
+      end
+
+      it 'can create an auto-remediation MR' do
+        Page::MergeRequest::Show.perform do |merge_request|
+          expect(merge_request).to have_vulnerability_report
+          merge_request.resolve_vulnerability_with_mr remediable_vuln_name
+
+          # Context changes as resolve method creates new MR
+          expect(merge_request).to have_title remediable_vuln_name
+        end
+      end
+    end
+  end
+end