Commit 19a5e915 authored by Alan (Maciej) Paruszewski's avatar Alan (Maciej) Paruszewski Committed by Matthias Käppler

Catch YAML errors when parsing security policies

Changelog: fixed
EE: true
parent 05c81df5
...@@ -357,7 +357,7 @@ scan_execution_policy: ...@@ -357,7 +357,7 @@ scan_execution_policy:
- type: schedule - type: schedule
branches: branches:
- main - main
cadence: */10 * * * * cadence: "*/10 * * * *"
actions: actions:
- scan: dast - scan: dast
scanner_profile: Scanner Profile C scanner_profile: Scanner Profile C
...@@ -378,7 +378,7 @@ scan_execution_policy: ...@@ -378,7 +378,7 @@ scan_execution_policy:
enabled: true enabled: true
rules: rules:
- type: schedule - type: schedule
cadence: '15 3 * * *' cadence: "15 3 * * *
clusters: clusters:
production-cluster: production-cluster:
containers: containers:
......
...@@ -35,6 +35,8 @@ module Security ...@@ -35,6 +35,8 @@ module Security
Gitlab::Config::Loader::Yaml.new(policy_blob).load! Gitlab::Config::Loader::Yaml.new(policy_blob).load!
end end
rescue Gitlab::Config::Loader::FormatError
nil
end end
def policy_configuration_exists? def policy_configuration_exists?
......
...@@ -102,6 +102,14 @@ RSpec.describe Security::OrchestrationPolicyConfiguration do ...@@ -102,6 +102,14 @@ RSpec.describe Security::OrchestrationPolicyConfiguration do
it { expect(subject.dig(:scan_execution_policy, 0, :name)).to eq('Run DAST in every pipeline') } it { expect(subject.dig(:scan_execution_policy, 0, :name)).to eq('Run DAST in every pipeline') }
end end
context 'when policy has invalid YAML format' do
let(:policy_yaml) do
'cadence: * 1 2 3'
end
it { expect(subject).to be_nil }
end
context 'when policy is nil' do context 'when policy is nil' do
let(:policy_yaml) { nil } let(:policy_yaml) { nil }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment