Commit 1c88c9da authored by Paul Gascou-Vaillancourt's avatar Paul Gascou-Vaillancourt Committed by Shinya Maeda

Create API fuzzing configuration page

Adds the basic boilerplate for the new API fuzzing configuration page
parent f25d75b6
# frozen_string_literal: true
module Projects
module Security
class ApiFuzzingConfigurationController < Projects::ApplicationController
include SecurityDashboardsPermissions
alias_method :vulnerable, :project
feature_category :fuzz_testing
def show
not_found unless Feature.enabled?(:api_fuzzing_configuration_ui, @project, default_enabled: :yaml)
end
end
end
end
......@@ -10,6 +10,7 @@ module Projects
before_action only: [:show] do
push_frontend_feature_flag(:security_auto_fix, project, default_enabled: false)
push_frontend_feature_flag(:sast_configuration_ui, project, default_enabled: true)
push_frontend_feature_flag(:api_fuzzing_configuration_ui, project, default_enabled: :yaml)
end
before_action only: [:auto_fix] do
......
......@@ -162,6 +162,7 @@ module EE
%w[
projects/security/configuration#show
projects/security/sast_configuration#show
projects/security/api_fuzzing_configuration#show
projects/security/vulnerabilities#show
projects/security/vulnerability_report#index
projects/security/dashboard#index
......@@ -200,6 +201,7 @@ module EE
%w[
projects/security/configuration#show
projects/security/sast_configuration#show
projects/security/api_fuzzing_configuration#show
projects/security/dast_profiles#show
projects/security/dast_site_profiles#new
projects/security/dast_site_profiles#edit
......
......@@ -183,7 +183,8 @@ module Projects
def configuration_path(type)
{
sast: project_security_configuration_sast_path(project),
dast_profiles: project_security_configuration_dast_profiles_path(project)
dast_profiles: project_security_configuration_dast_profiles_path(project),
api_fuzzing: ::Feature.enabled?(:api_fuzzing_configuration_ui, project, default_enabled: :yaml) ? project_security_configuration_api_fuzzing_path(project) : nil
}[type]
end
end
......
- add_to_breadcrumbs _("Security Configuration"), project_security_configuration_path(@project)
- breadcrumb_title _("API Fuzzing Configuration")
- page_title _("API Fuzzing Configuration")
%h1= "API fuzzing configuration"
---
name: api_fuzzing_configuration_ui
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51940
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/299234
milestone: '13.9'
type: development
group: group::fuzz testing
default_enabled: false
......@@ -67,6 +67,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
post :auto_fix, on: :collection
resource :corpus_management, only: [:show], controller: :corpus_management
resource :sast, only: [:show, :create], controller: :sast_configuration
resource :api_fuzzing, only: :show, controller: :api_fuzzing_configuration
resource :dast_profiles, only: [:show] do
resources :dast_site_profiles, only: [:new, :edit]
resources :dast_scanner_profiles, only: [:new, :edit]
......
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Projects::Security::ApiFuzzingConfigurationController do
let_it_be(:group) { create(:group) }
let_it_be(:project) { create(:project, namespace: group) }
let_it_be(:developer) { create(:user) }
let_it_be(:guest) { create(:user) }
before_all do
group.add_developer(developer)
group.add_guest(guest)
end
describe 'GET #show' do
subject(:request) { get :show, params: { namespace_id: project.namespace, project_id: project } }
render_views
it_behaves_like SecurityDashboardsPermissions do
let(:vulnerable) { project }
let(:security_dashboard_action) { request }
end
context 'with authorized user' do
before do
stub_licensed_features(security_dashboard: true)
sign_in(developer)
end
it 'renders the show template' do
request
expect(response).to have_gitlab_http_status(:ok)
expect(response).to render_template(:show)
end
it 'renders the side navigation with the correct submenu set as active' do
request
expect(response.body).to have_active_sub_navigation('Configuration')
end
context 'with feature flag disabled' do
before do
stub_feature_flags(api_fuzzing_configuration_ui: false)
end
it 'returns a 404 for an HTML request' do
request
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
context 'with unauthorized user' do
before do
stub_licensed_features(security_dashboard: true)
sign_in(guest)
end
it 'returns a 403' do
request
expect(response).to have_gitlab_http_status(:forbidden)
end
end
end
end
......@@ -204,6 +204,7 @@ RSpec.describe ProjectsHelper do
%w[
projects/security/configuration#show
projects/security/sast_configuration#show
projects/security/api_fuzzing_configuration#show
projects/security/vulnerabilities#show
projects/security/vulnerability_report#index
projects/security/dashboard#index
......@@ -248,6 +249,7 @@ RSpec.describe ProjectsHelper do
%w[
projects/security/configuration#show
projects/security/sast_configuration#show
projects/security/api_fuzzing_configuration#show
projects/security/dast_profiles#show
projects/security/dast_site_profiles#new
projects/security/dast_site_profiles#edit
......
......@@ -274,13 +274,11 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
end
def configuration_path(type)
if type === :dast_profiles
project_security_configuration_dast_profiles_path(project)
elsif type === :sast
project_security_configuration_sast_path(project)
else
nil
end
{
dast_profiles: project_security_configuration_dast_profiles_path(project),
sast: project_security_configuration_sast_path(project),
api_fuzzing: project_security_configuration_api_fuzzing_path(project)
}[type]
end
def scan_status(type, configured, auto_dev_ops_enabled)
......
......@@ -1361,6 +1361,9 @@ msgstr ""
msgid "API Fuzzing"
msgstr ""
msgid "API Fuzzing Configuration"
msgstr ""
msgid "API Help"
msgstr ""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment