Merge branch '299125-create-api-fuzzing-configuration-page' into 'master'

API fuzz - configuration screen - Create configuration page

See merge request gitlab-org/gitlab!51940

ee/app/controllers/projects/security/api_fuzzing_configuration_controller.rb

+# frozen_string_literal: true
+
+module Projects
+  module Security
+    class ApiFuzzingConfigurationController < Projects::ApplicationController
+      include SecurityDashboardsPermissions
+
+      alias_method :vulnerable, :project
+
+      feature_category :fuzz_testing
+
+      def show
+        not_found unless Feature.enabled?(:api_fuzzing_configuration_ui, @project, default_enabled: :yaml)
+      end
+    end
+  end
+end

ee/app/controllers/projects/security/configuration_controller.rb

@@ -10,6 +10,7 @@ module Projects
       before_action only: [:show] do
         push_frontend_feature_flag(:security_auto_fix, project, default_enabled: false)
         push_frontend_feature_flag(:sast_configuration_ui, project, default_enabled: true)
+        push_frontend_feature_flag(:api_fuzzing_configuration_ui, project, default_enabled: :yaml)
       end
 
       before_action only: [:auto_fix] do

ee/app/helpers/ee/projects_helper.rb

@@ -162,6 +162,7 @@ module EE
       %w[
         projects/security/configuration#show
         projects/security/sast_configuration#show
+        projects/security/api_fuzzing_configuration#show
         projects/security/vulnerabilities#show
         projects/security/vulnerability_report#index
         projects/security/dashboard#index
@@ -200,6 +201,7 @@ module EE
       %w[
         projects/security/configuration#show
         projects/security/sast_configuration#show
+        projects/security/api_fuzzing_configuration#show
         projects/security/dast_profiles#show
         projects/security/dast_site_profiles#new
         projects/security/dast_site_profiles#edit

ee/app/presenters/projects/security/configuration_presenter.rb

@@ -183,7 +183,8 @@ module Projects
       def configuration_path(type)
         {
           sast: project_security_configuration_sast_path(project),
-          dast_profiles: project_security_configuration_dast_profiles_path(project)
+          dast_profiles: project_security_configuration_dast_profiles_path(project),
+          api_fuzzing: ::Feature.enabled?(:api_fuzzing_configuration_ui, project, default_enabled: :yaml) ? project_security_configuration_api_fuzzing_path(project) : nil
         }[type]
       end
     end

ee/app/views/projects/security/api_fuzzing_configuration/show.html.haml

+- add_to_breadcrumbs _("Security Configuration"), project_security_configuration_path(@project)
+- breadcrumb_title _("API Fuzzing Configuration")
+- page_title _("API Fuzzing Configuration")
+
+%h1= "API fuzzing configuration"

ee/config/feature_flags/development/api_fuzzing_configuration_ui.yml

+---
+name: api_fuzzing_configuration_ui
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51940
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/299234
+milestone: '13.9'
+type: development
+group: group::fuzz testing
+default_enabled: false

ee/config/routes/project.rb

@@ -67,6 +67,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
             post :auto_fix, on: :collection
             resource :corpus_management, only: [:show], controller: :corpus_management
             resource :sast, only: [:show, :create], controller: :sast_configuration
+            resource :api_fuzzing, only: :show, controller: :api_fuzzing_configuration
             resource :dast_profiles, only: [:show] do
               resources :dast_site_profiles, only: [:new, :edit]
               resources :dast_scanner_profiles, only: [:new, :edit]

ee/spec/controllers/projects/security/api_fuzzing_configuration_controller_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Projects::Security::ApiFuzzingConfigurationController do
+  let_it_be(:group) { create(:group) }
+  let_it_be(:project) { create(:project, namespace: group) }
+  let_it_be(:developer) { create(:user) }
+  let_it_be(:guest) { create(:user) }
+
+  before_all do
+    group.add_developer(developer)
+    group.add_guest(guest)
+  end
+
+  describe 'GET #show' do
+    subject(:request) { get :show, params: { namespace_id: project.namespace, project_id: project } }
+
+    render_views
+
+    it_behaves_like SecurityDashboardsPermissions do
+      let(:vulnerable) { project }
+      let(:security_dashboard_action) { request }
+    end
+
+    context 'with authorized user' do
+      before do
+        stub_licensed_features(security_dashboard: true)
+
+        sign_in(developer)
+      end
+
+      it 'renders the show template' do
+        request
+
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(response).to render_template(:show)
+      end
+
+      it 'renders the side navigation with the correct submenu set as active' do
+        request
+
+        expect(response.body).to have_active_sub_navigation('Configuration')
+      end
+
+      context 'with feature flag disabled' do
+        before do
+          stub_feature_flags(api_fuzzing_configuration_ui: false)
+        end
+
+        it 'returns a 404 for an HTML request' do
+          request
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+    end
+
+    context 'with unauthorized user' do
+      before do
+        stub_licensed_features(security_dashboard: true)
+
+        sign_in(guest)
+      end
+
+      it 'returns a 403' do
+        request
+
+        expect(response).to have_gitlab_http_status(:forbidden)
+      end
+    end
+  end
+end

ee/spec/helpers/projects_helper_spec.rb

@@ -204,6 +204,7 @@ RSpec.describe ProjectsHelper do
       %w[
         projects/security/configuration#show
         projects/security/sast_configuration#show
+        projects/security/api_fuzzing_configuration#show
         projects/security/vulnerabilities#show
         projects/security/vulnerability_report#index
         projects/security/dashboard#index
@@ -248,6 +249,7 @@ RSpec.describe ProjectsHelper do
       %w[
         projects/security/configuration#show
         projects/security/sast_configuration#show
+        projects/security/api_fuzzing_configuration#show
         projects/security/dast_profiles#show
         projects/security/dast_site_profiles#new
         projects/security/dast_site_profiles#edit

ee/spec/presenters/projects/security/configuration_presenter_spec.rb

@@ -274,13 +274,11 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
   end
 
   def configuration_path(type)
-    if type === :dast_profiles
-      project_security_configuration_dast_profiles_path(project)
-    elsif type === :sast
-      project_security_configuration_sast_path(project)
-    else
-      nil
-    end
+    {
+      dast_profiles: project_security_configuration_dast_profiles_path(project),
+      sast: project_security_configuration_sast_path(project),
+      api_fuzzing: project_security_configuration_api_fuzzing_path(project)
+    }[type]
   end
 
   def scan_status(type, configured, auto_dev_ops_enabled)

locale/gitlab.pot

@@ -1361,6 +1361,9 @@ msgstr ""
 msgid "API Fuzzing"
 msgstr ""
 
+msgid "API Fuzzing Configuration"
+msgstr ""
+
 msgid "API Help"
 msgstr ""