Commit 198fd9a1 authored by Philip Cunningham's avatar Philip Cunningham Committed by Thong Kuah

Associate DastSiteProfile and validation on create

parent 674f3cd5
......@@ -12,15 +12,18 @@ module AppSec
end
end
attr_reader :dast_site_profile
attr_reader :dast_site, :dast_site_profile, :dast_site_validation
def execute(name:, target_url:, **params)
return ServiceResponse.error(message: _('Insufficient permissions')) unless allowed?
ActiveRecord::Base.transaction do
dast_site = ::DastSites::FindOrCreateService.new(project, current_user).execute!(url: target_url)
@dast_site = ::DastSites::FindOrCreateService.new(project, current_user).execute!(url: target_url)
params.merge!(project: project, dast_site: dast_site, name: name).compact!
@dast_site_validation = find_existing_dast_site_validation
associate_dast_site_validation! if dast_site_validation
@dast_site_profile = DastSiteProfile.create!(params.except(:request_headers, :auth_password))
create_secret_variable!(::Dast::SiteProfileSecretVariable::PASSWORD, params[:auth_password])
create_secret_variable!(::Dast::SiteProfileSecretVariable::REQUEST_HEADERS, params[:request_headers])
......@@ -39,6 +42,10 @@ module AppSec
Ability.allowed?(current_user, :create_on_demand_dast_scan, project)
end
def associate_dast_site_validation!
dast_site.update!(dast_site_validation_id: dast_site_validation.id)
end
def create_secret_variable!(key, value)
return ServiceResponse.success unless value
......@@ -52,6 +59,15 @@ module AppSec
response
end
def find_existing_dast_site_validation
url_base = DastSiteValidation.get_normalized_url_base(dast_site.url)
DastSiteValidationsFinder.new(
project_id: project.id,
url_base: url_base
).execute.first
end
end
end
end
......
---
title: Eagerly associate DastSiteProfile and DastSiteValidation on create
merge_request: 53800
author:
type: fixed
......@@ -179,6 +179,25 @@ RSpec.describe AppSec::Dast::SiteProfiles::CreateService do
it_behaves_like 'it handles secret variable creation failure'
end
context 'when an existing dast_site_validation does not exist' do
it 'does not create a dast_site_validation association' do
dast_site = subject.payload.dast_site
expect(dast_site.dast_site_validation).to be_nil
end
end
context 'when an existing dast_site_validation exists' do
let(:dast_site_validation) { create(:dast_site_validation, dast_site_token: create(:dast_site_token, project: project)) }
let(:target_url) { dast_site_validation.dast_site_token.url }
it 'gets associated with the dast_site' do
dast_site = subject.payload.dast_site
expect(dast_site.dast_site_validation).to eq(dast_site_validation)
end
end
context 'when on demand scan licensed feature is not available' do
before do
stub_licensed_features(security_on_demand_scans: false)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment