Commit 62ec35c5 authored by Heinrich Lee Yu's avatar Heinrich Lee Yu

Merge branch '323899-cache-fuzzing-api-profiles' into 'master'

Cache API fuzzing scan profiles in Redis

See merge request gitlab-org/gitlab!56528
parents d0e32a12 95bdac18
......@@ -7,13 +7,14 @@ module AppSec
PROFILES_DEFINITION_FILE = 'https://gitlab.com/gitlab-org/security-products/analyzers' \
'/api-fuzzing/-/raw/master/gitlab-api-fuzzing-config.yml'
SCAN_MODES = [:har, :openapi, :postman].freeze
SCAN_PROFILES_CACHE_KEY = 'app_sec:fuzzing:api:scan_profiles'
def initialize(project:)
@project = project
end
def scan_profiles
fetch_scan_profiles.map do |profile|
scan_profiles_data.map do |profile|
next unless ScanProfile::NAMES.include?(profile[:Name])
ScanProfile.new(
......@@ -28,6 +29,12 @@ module AppSec
attr_reader :project
def scan_profiles_data
Rails.cache.fetch(SCAN_PROFILES_CACHE_KEY, expires_in: 1.hour) do
fetch_scan_profiles
end
end
def fetch_scan_profiles
response = Gitlab::HTTP.try_get(PROFILES_DEFINITION_FILE)
......
......@@ -18,6 +18,17 @@ RSpec.describe AppSec::Fuzzing::Api::CiConfiguration do
expect(profiles.first.name).to eq('Quick-10')
end
it 'caches the response' do
profiles_yaml = [{ Name: 'Quick-10' }]
allow(Rails.cache).to receive(:fetch).and_return(profiles_yaml)
profiles = described_class.new(project: double(Project)).scan_profiles
expect(profiles.first.name).to eq('Quick-10')
expect(Rails.cache).to have_received(:fetch)
.with(described_class::SCAN_PROFILES_CACHE_KEY, expires_in: 1.hour)
end
context 'when the response includes unknown scan profiles' do
it 'excludes them from the returned profiles' do
profiles_yaml = YAML.dump(Profiles: [{ Name: 'UNKNOWN!' }])
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment