Merge branch 'qa-e2e-secure-vuln-create-issue' into 'master'

Added E2E test to create an issue from a vulnerability Closes gitlab-org/quality/testcases#135 See merge request gitlab-org/gitlab!20479

Merge branch 'qa-e2e-secure-vuln-create-issue' into 'master'
Added E2E test to create an issue from a vulnerability Closes gitlab-org/quality/testcases#135 See merge request gitlab-org/gitlab!20479
1c1eda42 · Mark Lapierre · 0ac44e6b · fabfec53 · 1c1eda42 · 1c1eda42
Commit 1c1eda42 authored Nov 25, 2019 by Mark Lapierre
3 changed files
--- a/ee/app/assets/javascripts/vue_shared/security_reports/components/modal_footer.vue
+++ b/ee/app/assets/javascripts/vue_shared/security_reports/components/modal_footer.vue
@@ -122,6 +122,7 @@ export default {
      :label="actionButtons[0].name"
      container-class="btn btn-success btn-inverted"
      class="js-action-button"
+      data-qa-selector="create_issue_button"
      @click="$emit(actionButtons[0].action)"
    />
  </div>

--- a/qa/qa/ee/page/merge_request/show.rb
+++ b/qa/qa/ee/page/merge_request/show.rb
@@ -69,6 +69,7 @@ module QA

              view 'ee/app/assets/javascripts/vue_shared/security_reports/components/modal_footer.vue' do
                element :resolve_split_button
+                element :create_issue_button
              end

              view 'ee/app/assets/javascripts/vue_shared/security_reports/components/dismiss_button.vue' do
@@ -194,6 +195,18 @@ module QA
            end
          end

+          def create_vulnerability_issue(name)
+            expand_vulnerability_report
+            click_vulnerability(name)
+
+            previous_page = page.current_url
+            click_element(:create_issue_button)
+
+            wait(max: 15, reload: false) do
+              page.current_url != previous_page
+            end
+          end
+
          def has_vulnerability_report?(timeout: 60)
            wait(reload: true, max: timeout, interval: 1) do
              finished_loading?

--- a/qa/qa/specs/features/ee/browser_ui/secure/create_merge_request_with_secure_spec.rb
+++ b/qa/qa/specs/features/ee/browser_ui/secure/create_merge_request_with_secure_spec.rb
@@ -9,7 +9,8 @@ module QA
      let(:dependency_scan_vuln_count) { 4 }
      let(:container_scan_vuln_count) { 8 }
      let(:dast_vuln_count) { 4 }
-      let(:vuln_name) { "Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js" }
+      let(:vuln_name) { "Regular Expression Denial of Service in debug" }
+      let(:remediable_vuln_name) { "Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js" }

      after do
        Service::DockerRun::GitlabRunner.new(@executor).remove!
@@ -68,16 +69,16 @@ module QA
      end

      it 'displays the Security reports in the merge request' do
-        Page::MergeRequest::Show.perform do |mergerequest|
-          expect(mergerequest).to have_vulnerability_report(timeout: 60)
-          expect(mergerequest).to have_vulnerability_count
+        Page::MergeRequest::Show.perform do |merge_request|
+          expect(merge_request).to have_vulnerability_report
+          expect(merge_request).to have_vulnerability_count

-          mergerequest.expand_vulnerability_report
+          merge_request.expand_vulnerability_report

-          expect(mergerequest).to have_sast_vulnerability_count_of(sast_vuln_count)
-          expect(mergerequest).to have_dependency_vulnerability_count_of(dependency_scan_vuln_count)
-          expect(mergerequest).to have_container_vulnerability_count_of(container_scan_vuln_count)
-          expect(mergerequest).to have_dast_vulnerability_count_of(dast_vuln_count)
+          expect(merge_request).to have_sast_vulnerability_count_of(sast_vuln_count)
+          expect(merge_request).to have_dependency_vulnerability_count_of(dependency_scan_vuln_count)
+          expect(merge_request).to have_container_vulnerability_count_of(container_scan_vuln_count)
+          expect(merge_request).to have_dast_vulnerability_count_of(dast_vuln_count)
        end
      end

@@ -85,20 +86,32 @@ module QA
        dismiss_reason = "Vulnerability not applicable"

        Page::MergeRequest::Show.perform do |merge_request|
-          vuln_name = "Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js"
-          expect(merge_request).to have_vulnerability_report(timeout: 60)
+          expect(merge_request).to have_vulnerability_report
          merge_request.dismiss_vulnerability_with_reason(vuln_name, dismiss_reason)
          merge_request.click_vulnerability(vuln_name)
+
          expect(merge_request).to have_opened_dismissed_vulnerability(dismiss_reason)
        end
      end

+      it 'can create an issue from a vulnerability' do
+        Page::MergeRequest::Show.perform do |merge_request|
+          expect(merge_request).to have_vulnerability_report
+          merge_request.create_vulnerability_issue(vuln_name)
+        end
+
+        Page::Project::Issue::Show.perform do |issue|
+          expect(issue).to have_title("Investigate vulnerability: #{vuln_name}")
+        end
+      end
+
      it 'can create an auto-remediation MR' do
-        Page::MergeRequest::Show.perform do |mergerequest|
-          expect(mergerequest).to have_vulnerability_report(timeout: 60)
-          # Context changes as resolve method created new MR
-          mergerequest.resolve_vulnerability_with_mr vuln_name
-          expect(mergerequest).to have_title vuln_name
+        Page::MergeRequest::Show.perform do |merge_request|
+          expect(merge_request).to have_vulnerability_report
+          merge_request.resolve_vulnerability_with_mr remediable_vuln_name
+
+          # Context changes as resolve method creates new MR
+          expect(merge_request).to have_title remediable_vuln_name
        end
      end