Commit 1d75b058 authored by Lucas Charles's avatar Lucas Charles

Use environment.external_id for fetching WAF anomalies

By using the external_id we reduce duplication and prevent
bugs with deriving the server_name manually

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/211615
parent 38f46ea8
---
title: Scope WAF Statistics anomalies to environment.external_url
merge_request: 27466
author:
type: fixed
...@@ -14,6 +14,7 @@ module Security ...@@ -14,6 +14,7 @@ module Security
def execute def execute
return if elasticsearch_client.nil? return if elasticsearch_client.nil?
return unless @environment.external_url
# Use multi-search with single query as we'll be adding nginx later # Use multi-search with single query as we'll be adding nginx later
# with https://gitlab.com/gitlab-org/gitlab/issues/14707 # with https://gitlab.com/gitlab-org/gitlab/issues/14707
...@@ -177,7 +178,7 @@ module Security ...@@ -177,7 +178,7 @@ module Security
# Derive server_name to filter modsec audit log by environment # Derive server_name to filter modsec audit log by environment
def application_server_name def application_server_name
"#{@environment.project.full_path_slug}.#{@environment.deployment_platform.cluster.base_domain}" @environment.formatted_external_url
end end
# Derive proxy upstream name to filter nginx log by environment # Derive proxy upstream name to filter nginx log by environment
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
require 'spec_helper' require 'spec_helper'
describe Security::WafAnomalySummaryService do describe Security::WafAnomalySummaryService do
let(:environment) { create(:environment, :with_review_app) } let(:environment) { create(:environment, :with_review_app, environment_type: 'review') }
let!(:cluster) do let!(:cluster) do
create(:cluster, :provided_by_gcp, environment_scope: '*', projects: [environment.project]) create(:cluster, :provided_by_gcp, environment_scope: '*', projects: [environment.project])
end end
...@@ -76,6 +76,20 @@ describe Security::WafAnomalySummaryService do ...@@ -76,6 +76,20 @@ describe Security::WafAnomalySummaryService do
end end
end end
context 'with environment missing external_url' do
before do
allow(environment.deployment_platform.cluster).to receive_message_chain(
:application_elastic_stack, :elasticsearch_client
) { es_client }
allow(environment).to receive(:external_url) { nil }
end
it 'returns nil' do
expect(subject.execute).to be_nil
end
end
context 'with default histogram' do context 'with default histogram' do
before do before do
allow(es_client).to receive(:msearch) do allow(es_client).to receive(:msearch) do
...@@ -130,6 +144,32 @@ describe Security::WafAnomalySummaryService do ...@@ -130,6 +144,32 @@ describe Security::WafAnomalySummaryService do
end end
end end
context 'with review app' do
it 'resolves transaction_id from external_url' do
allow(subject).to receive(:elasticsearch_client) { es_client }
expect(es_client).to receive(:msearch).with(
body: array_including(
hash_including(
query: hash_including(
bool: hash_including(
must: array_including(
hash_including(
prefix: hash_including(
'transaction.unique_id': environment.formatted_external_url
)
)
)
)
)
)
)
).and_return({ 'responses' => [{}, {}] })
subject.execute
end
end
context 'with time window' do context 'with time window' do
it 'passes time frame to ElasticSearch' do it 'passes time frame to ElasticSearch' do
from = 1.day.ago from = 1.day.ago
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment