Merge branch 'qa-e2e-secure-vuln-create-issue' into 'master'

Added E2E test to create an issue from a vulnerability Closes gitlab-org/quality/testcases#135 See merge request gitlab-org/gitlab!20479

Merge branch 'qa-e2e-secure-vuln-create-issue' into 'master'
Added E2E test to create an issue from a vulnerability Closes gitlab-org/quality/testcases#135 See merge request gitlab-org/gitlab!20479
1c1eda42 · Mark Lapierre · 0ac44e6b · fabfec53 · 1c1eda42 · 1c1eda42
Commit 1c1eda42 authored Nov 25, 2019 by Mark Lapierre
3 changed files
--- a/ee/app/assets/javascripts/vue_shared/security_reports/components/modal_footer.vue
+++ b/ee/app/assets/javascripts/vue_shared/security_reports/components/modal_footer.vue
@@ -122,6 +122,7 @@ export default {
      :label="actionButtons[0].name"
      container-class="btn btn-success btn-inverted"
      class="js-action-button"
+      data-qa-selector="create_issue_button"
      @click="$emit(actionButtons[0].action)"
    />
  </div>

--- a/qa/qa/ee/page/merge_request/show.rb
+++ b/qa/qa/ee/page/merge_request/show.rb
@@ -69,6 +69,7 @@ module QA
              view 'ee/app/assets/javascripts/vue_shared/security_reports/components/modal_footer.vue' do
                element :resolve_split_button
+                element :create_issue_button
              end
              view 'ee/app/assets/javascripts/vue_shared/security_reports/components/dismiss_button.vue' do
@@ -194,6 +195,18 @@ module QA
            end
          end
+          def create_vulnerability_issue(name)
+            expand_vulnerability_report
+            click_vulnerability(name)
+            previous_page = page.current_url
+            click_element(:create_issue_button)
+            wait(max: 15, reload: false) do
+              page.current_url != previous_page
+            end
+          end
          def has_vulnerability_report?(timeout: 60)
            wait(reload: true, max: timeout, interval: 1) do
              finished_loading?

--- a/qa/qa/specs/features/ee/browser_ui/secure/create_merge_request_with_secure_spec.rb
+++ b/qa/qa/specs/features/ee/browser_ui/secure/create_merge_request_with_secure_spec.rb
@@ -9,7 +9,8 @@ module QA
      let(:dependency_scan_vuln_count) { 4 }
      let(:container_scan_vuln_count) { 8 }
      let(:dast_vuln_count) { 4 }
-      let(:vuln_name) { "Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js" }
+      let(:vuln_name) { "Regular Expression Denial of Service in debug" }
+      let(:remediable_vuln_name) { "Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js" }
      after do
        Service::DockerRun::GitlabRunner.new(@executor).remove!
@@ -68,16 +69,16 @@ module QA
      end
      it 'displays the Security reports in the merge request' do
-        Page::MergeRequest::Show.perform do |mergerequest|
+        Page::MergeRequest::Show.perform do |merge_request|
-          expect(mergerequest).to have_vulnerability_report(timeout: 60)
+          expect(merge_request).to have_vulnerability_report
-          expect(mergerequest).to have_vulnerability_count
+          expect(merge_request).to have_vulnerability_count
-          mergerequest.expand_vulnerability_report
+          merge_request.expand_vulnerability_report
-          expect(mergerequest).to have_sast_vulnerability_count_of(sast_vuln_count)
+          expect(merge_request).to have_sast_vulnerability_count_of(sast_vuln_count)
-          expect(mergerequest).to have_dependency_vulnerability_count_of(dependency_scan_vuln_count)
+          expect(merge_request).to have_dependency_vulnerability_count_of(dependency_scan_vuln_count)
-          expect(mergerequest).to have_container_vulnerability_count_of(container_scan_vuln_count)
+          expect(merge_request).to have_container_vulnerability_count_of(container_scan_vuln_count)
-          expect(mergerequest).to have_dast_vulnerability_count_of(dast_vuln_count)
+          expect(merge_request).to have_dast_vulnerability_count_of(dast_vuln_count)
        end
      end
@@ -85,20 +86,32 @@ module QA
        dismiss_reason = "Vulnerability not applicable"
        Page::MergeRequest::Show.perform do |merge_request|
-          vuln_name = "Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js"
+          expect(merge_request).to have_vulnerability_report
-          expect(merge_request).to have_vulnerability_report(timeout: 60)
          merge_request.dismiss_vulnerability_with_reason(vuln_name, dismiss_reason)
          merge_request.click_vulnerability(vuln_name)
          expect(merge_request).to have_opened_dismissed_vulnerability(dismiss_reason)
        end
      end
+      it 'can create an issue from a vulnerability' do
+        Page::MergeRequest::Show.perform do |merge_request|
+          expect(merge_request).to have_vulnerability_report
+          merge_request.create_vulnerability_issue(vuln_name)
+        end
+        Page::Project::Issue::Show.perform do |issue|
+          expect(issue).to have_title("Investigate vulnerability: #{vuln_name}")
+        end
+      end
      it 'can create an auto-remediation MR' do
-        Page::MergeRequest::Show.perform do |mergerequest|
+        Page::MergeRequest::Show.perform do |merge_request|
-          expect(mergerequest).to have_vulnerability_report(timeout: 60)
+          expect(merge_request).to have_vulnerability_report
-          # Context changes as resolve method created new MR
+          merge_request.resolve_vulnerability_with_mr remediable_vuln_name
-          mergerequest.resolve_vulnerability_with_mr vuln_name
-          expect(mergerequest).to have_title vuln_name
+          # Context changes as resolve method creates new MR
+          expect(merge_request).to have_title remediable_vuln_name
        end
      end