Commit 3c024aa0 authored by Bob Van Landuyt's avatar Bob Van Landuyt

Merge branch 'djadmin-dast-configuration' into 'master'

Create DAST Configuration page [RUN ALL RSPEC] [RUN AS-IF-FOSS]

See merge request gitlab-org/gitlab!62014
parents 06f0f9e9 ca787205
...@@ -16,6 +16,7 @@ module EE ...@@ -16,6 +16,7 @@ module EE
push_frontend_feature_flag(:security_auto_fix, project, default_enabled: false) push_frontend_feature_flag(:security_auto_fix, project, default_enabled: false)
push_frontend_feature_flag(:sec_dependency_scanning_ui_enable, project, default_enabled: :yaml) push_frontend_feature_flag(:sec_dependency_scanning_ui_enable, project, default_enabled: :yaml)
push_frontend_feature_flag(:sec_secret_detection_ui_enable, project, default_enabled: :yaml) push_frontend_feature_flag(:sec_secret_detection_ui_enable, project, default_enabled: :yaml)
push_frontend_feature_flag(:dast_configuration_ui, project, default_enabled: :yaml)
end end
before_action only: [:auto_fix] do before_action only: [:auto_fix] do
......
# frozen_string_literal: true
module Projects
module Security
class DastConfigurationController < Projects::ApplicationController
include SecurityAndCompliancePermissions
include SecurityDashboardsPermissions
alias_method :vulnerable, :project
feature_category :dynamic_application_security_testing
def show
not_found unless Feature.enabled?(:dast_configuration_ui, @project, default_enabled: :yaml)
end
end
end
end
...@@ -90,6 +90,7 @@ module Projects ...@@ -90,6 +90,7 @@ module Projects
def configuration_path(type) def configuration_path(type)
{ {
sast: project_security_configuration_sast_path(project), sast: project_security_configuration_sast_path(project),
dast: ::Feature.enabled?(:dast_configuration_ui, project, default_enabled: :yaml) ? project_security_configuration_dast_path(project) : nil,
dast_profiles: project_security_configuration_dast_scans_path(project), dast_profiles: project_security_configuration_dast_scans_path(project),
api_fuzzing: project_security_configuration_api_fuzzing_path(project) api_fuzzing: project_security_configuration_api_fuzzing_path(project)
}[type] }[type]
......
- add_to_breadcrumbs _("Security Configuration"), project_security_configuration_path(@project)
- breadcrumb_title _("DAST Configuration")
- page_title _("DAST Configuration")
%h1= _("DAST Settings")
---
name: dast_configuration_ui
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62014
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/330728
milestone: '14.0'
type: development
group: group::dynamic analysis
default_enabled: false
...@@ -77,6 +77,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do ...@@ -77,6 +77,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
resources :dast_site_profiles, only: [:new, :edit] resources :dast_site_profiles, only: [:new, :edit]
resources :dast_scanner_profiles, only: [:new, :edit] resources :dast_scanner_profiles, only: [:new, :edit]
end end
resource :dast, only: :show, controller: :dast_configuration
end end
resource :discover, only: [:show], controller: :discover resource :discover, only: [:show], controller: :discover
......
...@@ -42,6 +42,7 @@ module EE ...@@ -42,6 +42,7 @@ module EE
super + %w[ super + %w[
projects/security/sast_configuration#show projects/security/sast_configuration#show
projects/security/api_fuzzing_configuration#show projects/security/api_fuzzing_configuration#show
projects/security/dast_configuration#show
projects/security/dast_profiles#show projects/security/dast_profiles#show
projects/security/dast_site_profiles#new projects/security/dast_site_profiles#new
projects/security/dast_site_profiles#edit projects/security/dast_site_profiles#edit
......
...@@ -5,6 +5,7 @@ require 'spec_helper' ...@@ -5,6 +5,7 @@ require 'spec_helper'
RSpec.describe 'User sees Security Configuration table', :js do RSpec.describe 'User sees Security Configuration table', :js do
let_it_be(:user) { create(:user) } let_it_be(:user) { create(:user) }
let_it_be(:project) { create(:project, :repository) } let_it_be(:project) { create(:project, :repository) }
let_it_be(:pipeline) { create(:ci_pipeline, project: project) }
before_all do before_all do
project.add_developer(user) project.add_developer(user)
...@@ -33,7 +34,6 @@ RSpec.describe 'User sees Security Configuration table', :js do ...@@ -33,7 +34,6 @@ RSpec.describe 'User sees Security Configuration table', :js do
context 'with SAST report' do context 'with SAST report' do
before do before do
pipeline = create(:ci_pipeline, project: project)
create(:ci_build, :sast, pipeline: pipeline, status: 'success') create(:ci_build, :sast, pipeline: pipeline, status: 'success')
end end
...@@ -47,6 +47,43 @@ RSpec.describe 'User sees Security Configuration table', :js do ...@@ -47,6 +47,43 @@ RSpec.describe 'User sees Security Configuration table', :js do
end end
end end
end end
context 'with no DAST report' do
it 'shows DAST is not enabled' do
visit(project_security_configuration_path(project))
within_dast_row do
expect(page).to have_text('DAST')
expect(page).to have_text('Not enabled')
expect(page).to have_css('[data-testid="enable-button"]')
end
end
end
context 'with DAST report' do
before do
create(:ci_build, :dast, pipeline: pipeline, status: 'success')
end
it 'shows DAST is enabled' do
visit(project_security_configuration_path(project))
within_dast_row do
expect(page).to have_text('DAST')
expect(page).to have_text('Enabled')
expect(page).to have_css('[data-testid="configure-button"]')
end
end
it 'links to configuration page' do
visit(project_security_configuration_path(project))
within_dast_row do
click_link_or_button 'Configure'
expect(current_path).to eq(project_security_configuration_dast_path(project))
end
end
end
end end
def within_sast_row def within_sast_row
...@@ -54,4 +91,10 @@ RSpec.describe 'User sees Security Configuration table', :js do ...@@ -54,4 +91,10 @@ RSpec.describe 'User sees Security Configuration table', :js do
yield yield
end end
end end
def within_dast_row
within '[data-testid="security-scanner-row"]:nth-of-type(2)' do
yield
end
end
end end
...@@ -80,6 +80,7 @@ RSpec.describe Sidebars::Projects::Menus::SecurityComplianceMenu do ...@@ -80,6 +80,7 @@ RSpec.describe Sidebars::Projects::Menus::SecurityComplianceMenu do
projects/security/configuration#show projects/security/configuration#show
projects/security/sast_configuration#show projects/security/sast_configuration#show
projects/security/api_fuzzing_configuration#show projects/security/api_fuzzing_configuration#show
projects/security/dast_configuration#show
projects/security/dast_profiles#show projects/security/dast_profiles#show
projects/security/dast_site_profiles#new projects/security/dast_site_profiles#new
projects/security/dast_site_profiles#edit projects/security/dast_site_profiles#edit
......
...@@ -266,6 +266,7 @@ RSpec.describe Projects::Security::ConfigurationPresenter do ...@@ -266,6 +266,7 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
def configuration_path(type) def configuration_path(type)
{ {
dast: project_security_configuration_dast_path(project),
dast_profiles: project_security_configuration_dast_scans_path(project), dast_profiles: project_security_configuration_dast_scans_path(project),
sast: project_security_configuration_sast_path(project), sast: project_security_configuration_sast_path(project),
api_fuzzing: project_security_configuration_api_fuzzing_path(project) api_fuzzing: project_security_configuration_api_fuzzing_path(project)
......
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Projects::Security::DastConfigurationController, type: :request do
let_it_be(:project) { create(:project) }
let_it_be(:user) { create(:user) }
describe 'GET #show' do
before do
stub_licensed_features(security_dashboard: true)
stub_feature_flags(dast_configuration_ui: true)
login_as(user)
end
include_context '"Security & Compliance" permissions' do
let(:valid_request) { get project_security_configuration_dast_path(project) }
before_request do
project.add_developer(user)
end
end
context 'feature available' do
context 'user authorized' do
before do
project.add_developer(user)
end
it 'can access page' do
get project_security_configuration_dast_path(project)
expect(response).to have_gitlab_http_status(:ok)
end
end
context 'user not authorized' do
before do
project.add_guest(user)
end
it 'sees a 404 error' do
get project_security_configuration_dast_path(project)
expect(response).to have_gitlab_http_status(:forbidden)
end
end
end
context 'feature not available' do
context "license doesn't support the feature" do
before do
stub_licensed_features(security_dashboard: false)
project.add_developer(user)
end
it 'sees a 404 error' do
get project_security_configuration_dast_path(project)
expect(response).to have_gitlab_http_status(:not_found)
end
end
context 'feature flag is disabled' do
before do
stub_feature_flags(dast_configuration_ui: false)
project.add_developer(user)
end
it 'sees a 404 error' do
get project_security_configuration_dast_path(project)
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
end
end
...@@ -10051,9 +10051,15 @@ msgstr "" ...@@ -10051,9 +10051,15 @@ msgstr ""
msgid "DAG visualization requires at least 3 dependent jobs." msgid "DAG visualization requires at least 3 dependent jobs."
msgstr "" msgstr ""
msgid "DAST Configuration"
msgstr ""
msgid "DAST Scans" msgid "DAST Scans"
msgstr "" msgstr ""
msgid "DAST Settings"
msgstr ""
msgid "DNS" msgid "DNS"
msgstr "" msgstr ""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment