Move DAST scans services to AppSec namespace

- Renames services for scans - Updates specs and cleans up usages

Move DAST scans services to AppSec namespace
- Renames services for scans - Updates specs and cleans up usages
2cf572e7 · Philip Cunningham · 8ac59c7d · 2cf572e7 · 2cf572e7 · 2cf572e7
Commit 2cf572e7 authored Sep 28, 2021 by Philip Cunningham
17 changed files
--- a/.gitlab/CODEOWNERS
+++ b/.gitlab/CODEOWNERS
@@ -241,7 +241,7 @@ Dangerfile @gl-quality/eng-prod
 /ee/lib/gitlab/ci/reports/dependency_list/ @gitlab-org/secure/composition-analysis-be
 /ee/lib/gitlab/ci/reports/license_scanning/ @gitlab-org/secure/composition-analysis-be
 /ee/lib/gitlab/ci/reports/security/ @gitlab-org/secure/composition-analysis-be @gitlab-org/secure/dynamic-analysis-be @gitlab-org/secure/static-analysis-be @gitlab-org/secure/fuzzing-be
-/ee/app/services/ci/run_dast_scan_service.rb @gitlab-org/secure/dynamic-analysis-be
+/ee/app/services/app_sec/dast/ @gitlab-org/secure/dynamic-analysis-be

 [Container Security]
 /ee/app/views/projects/threat_monitoring/** @gitlab-org/protect/container-security-frontend

--- a/ee/app/graphql/mutations/dast/profiles/run.rb
+++ b/ee/app/graphql/mutations/dast/profiles/run.rb
@@ -55,7 +55,7 @@ module Mutations
        end

        def create_on_demand_dast_scan(project, dast_profile)
-          ::DastOnDemandScans::CreateService.new(
+          ::AppSec::Dast::Scans::CreateService.new(
            container: project,
            current_user: current_user,
            params: { dast_profile: dast_profile }

--- a/ee/app/graphql/mutations/dast_on_demand_scans/create.rb
+++ b/ee/app/graphql/mutations/dast_on_demand_scans/create.rb
@@ -71,7 +71,7 @@ module Mutations
      # rubocop: enable CodeReuse/ActiveRecord

      def create_on_demand_dast_scan(project, dast_site_profile, dast_scanner_profile)
-        ::DastOnDemandScans::CreateService.new(
+        ::AppSec::Dast::Scans::CreateService.new(
          container: project,
          current_user: current_user,
          params: {

--- a/ee/app/services/app_sec/dast/profiles/create_service.rb
+++ b/ee/app/services/app_sec/dast/profiles/create_service.rb
@@ -60,7 +60,7 @@ module AppSec
        end

        def create_on_demand_scan(dast_profile)
-          ::DastOnDemandScans::CreateService.new(
+          ::AppSec::Dast::Scans::CreateService.new(
            container: container,
            current_user: current_user,
            params: { dast_profile: dast_profile }

--- a/ee/app/services/app_sec/dast/profiles/update_service.rb
+++ b/ee/app/services/app_sec/dast/profiles/update_service.rb
@@ -130,7 +130,7 @@ module AppSec
        end

        def create_scan(dast_profile)
-          ::DastOnDemandScans::CreateService.new(
+          ::AppSec::Dast::Scans::CreateService.new(
            container: container,
            current_user: current_user,
            params: { dast_profile: dast_profile }

--- a/ee/app/services/app_sec/dast/scans/create_service.rb
+++ b/ee/app/services/app_sec/dast/scans/create_service.rb
+# frozen_string_literal: true
+
+module AppSec
+  module Dast
+    module Scans
+      class CreateService < BaseContainerService
+        def execute
+          return ServiceResponse.error(message: 'Insufficient permissions') unless allowed?
+
+          create_pipeline
+        rescue KeyError => err
+          ServiceResponse.error(message: err.message.capitalize)
+        end
+
+        private
+
+        def allowed?
+          container.licensed_feature_available?(:security_on_demand_scans)
+        end
+
+        def success_response(pipeline)
+          pipeline_url = Rails.application.routes.url_helpers.project_pipeline_url(
+            container,
+            pipeline
+          )
+
+          ServiceResponse.success(
+            payload: {
+              pipeline: pipeline,
+              pipeline_url: pipeline_url
+            }
+          )
+        end
+
+        def create_pipeline
+          config_result = AppSec::Dast::ScanConfigs::BuildService.new(container: container, current_user: current_user, params: params).execute
+
+          return config_result unless config_result.success?
+
+          result = ::AppSec::Dast::Scans::RunService.new(container, current_user).execute(**config_result.payload)
+
+          return success_response(result.payload) if result.success?
+
+          result
+        end
+      end
+    end
+  end
+end
--- a/ee/app/services/app_sec/dast/scans/run_service.rb
+++ b/ee/app/services/app_sec/dast/scans/run_service.rb
+# frozen_string_literal: true
+
+module AppSec
+  module Dast
+    module Scans
+      class RunService < BaseService
+        def execute(branch:, ci_configuration:, dast_profile: nil, dast_site_profile: nil, dast_scanner_profile: nil)
+          return ServiceResponse.error(message: 'Insufficient permissions') unless allowed?
+
+          service = Ci::CreatePipelineService.new(project, current_user, ref: branch)
+
+          response = service.execute(:ondemand_dast_scan, content: ci_configuration) do |pipeline|
+            pipeline.dast_profile = dast_profile
+          end
+
+          pipeline = response.payload
+          if pipeline.created_successfully?
+            ServiceResponse.success(payload: pipeline)
+          else
+            ServiceResponse.error(message: pipeline.full_error_messages)
+          end
+        end
+
+        private
+
+        def allowed?
+          Ability.allowed?(current_user, :create_on_demand_dast_scan, project)
+        end
+      end
+    end
+  end
+end
--- a/ee/app/services/ci/run_dast_scan_service.rb
+++ b/ee/app/services/ci/run_dast_scan_service.rb
-# frozen_string_literal: true
-
-module Ci
-  class RunDastScanService < BaseService
-    def execute(branch:, ci_configuration:, dast_profile: nil, dast_site_profile: nil, dast_scanner_profile: nil)
-      return ServiceResponse.error(message: 'Insufficient permissions') unless allowed?
-
-      service = Ci::CreatePipelineService.new(project, current_user, ref: branch)
-
-      response = service.execute(:ondemand_dast_scan, content: ci_configuration) do |pipeline|
-        pipeline.dast_profile = dast_profile
-      end
-
-      pipeline = response.payload
-      if pipeline.created_successfully?
-        ServiceResponse.success(payload: pipeline)
-      else
-        ServiceResponse.error(message: pipeline.full_error_messages)
-      end
-    end
-
-    private
-
-    def allowed?
-      Ability.allowed?(current_user, :create_on_demand_dast_scan, project)
-    end
-  end
-end
--- a/ee/app/services/dast_on_demand_scans/create_service.rb
+++ b/ee/app/services/dast_on_demand_scans/create_service.rb
-# frozen_string_literal: true
-
-module DastOnDemandScans
-  class CreateService < BaseContainerService
-    def execute
-      return ServiceResponse.error(message: 'Insufficient permissions') unless allowed?
-
-      create_pipeline
-    rescue KeyError => err
-      ServiceResponse.error(message: err.message.capitalize)
-    end
-
-    private
-
-    def allowed?
-      container.feature_available?(:security_on_demand_scans)
-    end
-
-    def success_response(pipeline)
-      pipeline_url = Rails.application.routes.url_helpers.project_pipeline_url(
-        container,
-        pipeline
-      )
-
-      ServiceResponse.success(
-        payload: {
-          pipeline: pipeline,
-          pipeline_url: pipeline_url
-        }
-      )
-    end
-
-    def create_pipeline
-      config_result = AppSec::Dast::ScanConfigs::BuildService.new(container: container, current_user: current_user, params: params).execute
-
-      return config_result unless config_result.success?
-
-      result = ::Ci::RunDastScanService.new(container, current_user).execute(**config_result.payload)
-
-      return success_response(result.payload) if result.success?
-
-      result
-    end
-  end
-end
--- a/ee/app/services/security/security_orchestration_policies/rule_schedule_service.rb
+++ b/ee/app/services/security/security_orchestration_policies/rule_schedule_service.rb
@@ -53,7 +53,7 @@ module Security
        dast_scanner_profile = find_dast_scanner_profile(container, action[:scanner_profile])

        branches.each do |branch|
-          ::DastOnDemandScans::CreateService.new(
+          ::AppSec::Dast::Scans::CreateService.new(
            container: container,
            current_user: current_user,
            params: {

--- a/ee/app/workers/app_sec/dast/profile_schedule_worker.rb
+++ b/ee/app/workers/app_sec/dast/profile_schedule_worker.rb
@@ -37,7 +37,7 @@ module AppSec
      end

      def service(schedule)
-        ::DastOnDemandScans::CreateService.new(
+        ::AppSec::Dast::Scans::CreateService.new(
          container: schedule.project,
          current_user: schedule.owner,
          params: {

--- a/ee/spec/graphql/mutations/dast_on_demand_scans/create_spec.rb
+++ b/ee/spec/graphql/mutations/dast_on_demand_scans/create_spec.rb
@@ -83,7 +83,7 @@ RSpec.describe Mutations::DastOnDemandScans::Create do
              ci_configuration: kind_of(String)
            )

-            expect_any_instance_of(::Ci::RunDastScanService).to receive(:execute).with(args).and_call_original
+            expect_any_instance_of(::AppSec::Dast::Scans::RunService).to receive(:execute).with(args).and_call_original

            subject
          end

--- a/ee/spec/services/dast_on_demand_scans/create_service_spec.rb
+++ b/ee/spec/services/dast_on_demand_scans/create_service_spec.rb
@@ -2,7 +2,7 @@

 require 'spec_helper'

-RSpec.describe DastOnDemandScans::CreateService do
+RSpec.describe AppSec::Dast::Scans::CreateService do
  let_it_be(:project) { create(:project, :repository) }
  let_it_be(:user) { create(:user) }
  let_it_be(:dast_site_profile) { create(:dast_site_profile, project: project) }
@@ -18,12 +18,12 @@ RSpec.describe DastOnDemandScans::CreateService do
    ).execute
  end

-  shared_examples 'a service that calls Ci::RunDastScanService' do
-    it 'delegates pipeline creation to Ci::RunDastScanService', :aggregate_failures do
-      service = double(Ci::RunDastScanService)
+  shared_examples 'a service that calls AppSec::Dast::Scans::RunService' do
+    it 'delegates pipeline creation to AppSec::Dast::Scans::RunService', :aggregate_failures do
+      service = double(AppSec::Dast::Scans::RunService)
      response = ServiceResponse.error(message: 'Stubbed response')

-      expect(Ci::RunDastScanService).to receive(:new).and_return(service)
+      expect(AppSec::Dast::Scans::RunService).to receive(:new).and_return(service)
      expect(service).to receive(:execute).with(expected_params).and_return(response)

      subject
@@ -61,7 +61,7 @@ RSpec.describe DastOnDemandScans::CreateService do
          expect(subject.payload[:pipeline_url]).to be_a(String)
        end

-        it_behaves_like 'a service that calls Ci::RunDastScanService' do
+        it_behaves_like 'a service that calls AppSec::Dast::Scans::RunService' do
          let(:expected_params) do
            hash_including(
              dast_profile: nil,
@@ -107,7 +107,7 @@ RSpec.describe DastOnDemandScans::CreateService do
            expect(subject.status).to eq(:success)
          end

-          it_behaves_like 'a service that calls Ci::RunDastScanService' do
+          it_behaves_like 'a service that calls AppSec::Dast::Scans::RunService' do
            let(:expected_params) { hash_including(dast_profile: dast_profile) }
          end
        end

--- a/ee/spec/services/ci/run_dast_scan_service_spec.rb
+++ b/ee/spec/services/ci/run_dast_scan_service_spec.rb
@@ -2,7 +2,7 @@

 require 'spec_helper'

-RSpec.describe Ci::RunDastScanService do
+RSpec.describe AppSec::Dast::Scans::RunService do
  include Ci::TemplateHelpers

  let_it_be(:user) { create(:user) }

--- a/ee/spec/services/security/security_orchestration_policies/rule_schedule_service_spec.rb
+++ b/ee/spec/services/security/security_orchestration_policies/rule_schedule_service_spec.rb
@@ -34,8 +34,8 @@ RSpec.describe Security::SecurityOrchestrationPolicies::RuleScheduleService do
    end

    context 'when scan type is dast' do
-      it 'invokes DastOnDemandScans::CreateService' do
-        expect(::DastOnDemandScans::CreateService).to receive(:new).twice.and_call_original
+      it 'invokes AppSec::Dast::Scans::CreateService' do
+        expect(::AppSec::Dast::Scans::CreateService).to receive(:new).twice.and_call_original

        service.execute(schedule)
      end

--- a/ee/spec/support/shared_examples/services/dast_on_demand_scans_shared_examples.rb
+++ b/ee/spec/support/shared_examples/services/dast_on_demand_scans_shared_examples.rb
@@ -3,8 +3,8 @@
 require 'spec_helper'

 RSpec.shared_examples 'it delegates scan creation to another service' do
-  it 'calls DastOnDemandScans::CreateService' do
-    expect(DastOnDemandScans::CreateService).to receive(:new).with(hash_including(params: delegated_params)).and_call_original
+  it 'calls AppSec::Dast::Scans::CreateService' do
+    expect(AppSec::Dast::Scans::CreateService).to receive(:new).with(hash_including(params: delegated_params)).and_call_original

    subject
  end

--- a/ee/spec/workers/app_sec/dast/profile_schedule_worker_spec.rb
+++ b/ee/spec/workers/app_sec/dast/profile_schedule_worker_spec.rb
@@ -9,11 +9,11 @@ RSpec.describe AppSec::Dast::ProfileScheduleWorker do

  let(:worker) { described_class.new }
  let(:logger) { worker.send(:logger) }
-  let(:service) { instance_double(::DastOnDemandScans::CreateService) }
+  let(:service) { instance_double(::AppSec::Dast::Scans::CreateService) }
  let(:service_result) { ServiceResponse.success }

  before do
-    allow(::DastOnDemandScans::CreateService)
+    allow(::AppSec::Dast::Scans::CreateService)
      .to receive(:new)
      .and_return(service)
    allow(service).to receive(:execute)
@@ -97,7 +97,7 @@ RSpec.describe AppSec::Dast::ProfileScheduleWorker do
      end

      it 'executes the rule schedule service' do
-        expect(::DastOnDemandScans::CreateService).not_to receive(:new)
+        expect(::AppSec::Dast::Scans::CreateService).not_to receive(:new)

        subject
      end