Commit 817065db authored by Tetiana Chupryna's avatar Tetiana Chupryna Committed by Matthias Käppler

Fix multiple issues for FOSS

- Secret detection is always available in FOSS
- SAST can be configured only in Ultimate
- Changed condition for configuration path (now only for Ultimate)
parent dbb52509
...@@ -80,7 +80,8 @@ module Projects ...@@ -80,7 +80,8 @@ module Projects
type: scan.type, type: scan.type,
configured: scan.configured?, configured: scan.configured?,
configuration_path: scan.configuration_path, configuration_path: scan.configuration_path,
available: scan.available? available: scan.available?,
can_enable_in_merge_request: scan.can_enable_in_merge_request?
} }
end end
......
...@@ -193,6 +193,7 @@ class License < ApplicationRecord ...@@ -193,6 +193,7 @@ class License < ApplicationRecord
sast_custom_rulesets sast_custom_rulesets
sast_fp_reduction sast_fp_reduction
secret_detection secret_detection
security_configuration_in_ui
security_dashboard security_dashboard
security_on_demand_scans security_on_demand_scans
security_orchestration_policies security_orchestration_policies
......
...@@ -13,25 +13,30 @@ module EE ...@@ -13,25 +13,30 @@ module EE
override :configuration_path override :configuration_path
def configuration_path def configuration_path
super if available? || always_available? configurable_scans[type] if can_configure_scan_in_ui?
end end
private private
override :configurable_scans def can_configure_scan_in_ui?
project.licensed_feature_available?(:security_configuration_in_ui)
end
def configurable_scans def configurable_scans
strong_memoize(:configurable_scans) do strong_memoize(:configurable_scans) do
{ {
sast: project_security_configuration_sast_path(project),
dast: project_security_configuration_dast_path(project), dast: project_security_configuration_dast_path(project),
dast_profiles: project_security_configuration_dast_scans_path(project), dast_profiles: project_security_configuration_dast_scans_path(project),
api_fuzzing: project_security_configuration_api_fuzzing_path(project), api_fuzzing: project_security_configuration_api_fuzzing_path(project),
corpus_management: (project_security_configuration_corpus_management_path(project) if ::Feature.enabled?(:corpus_management_ui, project, default_enabled: :yaml)) corpus_management: (project_security_configuration_corpus_management_path(project) if ::Feature.enabled?(:corpus_management_ui, project, default_enabled: :yaml))
}.merge(super) }
end end
end end
def always_available? override :scans_configurable_in_merge_request
[:corpus_management, :dast_profiles].include?(type) def scans_configurable_in_merge_request
super.concat(%i[dependency_scanning container_scanning])
end end
end end
end end
......
...@@ -19,7 +19,7 @@ RSpec.describe 'User sees Security Configuration table', :js do ...@@ -19,7 +19,7 @@ RSpec.describe 'User sees Security Configuration table', :js do
before do before do
stub_licensed_features(security_dashboard: true, sast: true, sast_iac: true, dast: true, stub_licensed_features(security_dashboard: true, sast: true, sast_iac: true, dast: true,
dependency_scanning: true, container_scanning: true, coverage_fuzzing: true, dependency_scanning: true, container_scanning: true, coverage_fuzzing: true,
cluster_image_scanning: true, api_fuzzing: true) cluster_image_scanning: true, api_fuzzing: true, security_configuration_in_ui: true)
end end
context 'with no SAST report' do context 'with no SAST report' do
......
...@@ -3,15 +3,15 @@ ...@@ -3,15 +3,15 @@
require 'spec_helper' require 'spec_helper'
RSpec.describe ::Gitlab::Security::ScanConfiguration do RSpec.describe ::Gitlab::Security::ScanConfiguration do
using RSpec::Parameterized::TableSyntax
let_it_be(:project) { create(:project, :repository) } let_it_be(:project) { create(:project, :repository) }
let(:scan) { described_class.new(project: project, type: type, configured: configured) } let(:scan) { described_class.new(project: project, type: type) }
describe '#available?' do describe '#available?' do
subject { scan.available? } subject { scan.available? }
let(:configured) { true }
context 'with a core scanner' do context 'with a core scanner' do
let(:type) { :sast } let(:type) { :sast }
...@@ -54,24 +54,25 @@ RSpec.describe ::Gitlab::Security::ScanConfiguration do ...@@ -54,24 +54,25 @@ RSpec.describe ::Gitlab::Security::ScanConfiguration do
describe '#configuration_path' do describe '#configuration_path' do
subject { scan.configuration_path } subject { scan.configuration_path }
let(:configured) { true } context 'when configuration in UI is available' do
before do
stub_licensed_features(security_configuration_in_ui: true)
end
context 'with licensed scanner' do context 'with licensed scanner' do
let(:type) { :dast } let(:path) { "/#{project.namespace.path}/#{project.name}/-/security/configuration" }
let(:configuration_path) { "/#{project.namespace.path}/#{project.name}/-/security/configuration/dast" }
before do where(:type, :configuration_path) do
stub_licensed_features(dast: true) :sast | lazy { "#{path}/sast" }
:dast | lazy { "#{path}/dast" }
:dast_profiles | lazy { "#{path}/dast_scans" }
:api_fuzzing | lazy { "#{path}/api_fuzzing" }
:corpus_management | lazy { "#{path}/corpus_management" }
end end
with_them do
it { is_expected.to eq(configuration_path) } it { is_expected.to eq(configuration_path) }
end end
context 'with always available scanner' do
let(:type) { :dast_profiles }
let(:configuration_path) { "/#{project.namespace.path}/#{project.name}/-/security/configuration/dast_scans" }
it { is_expected.to eq(configuration_path) }
end end
context 'with a scanner under feature flag' do context 'with a scanner under feature flag' do
...@@ -89,4 +90,29 @@ RSpec.describe ::Gitlab::Security::ScanConfiguration do ...@@ -89,4 +90,29 @@ RSpec.describe ::Gitlab::Security::ScanConfiguration do
end end
end end
end end
context 'when configuration in UI is not available' do
let(:type) { :sast }
it { is_expected.to be_nil }
end
end
describe '#can_enable_in_merge_request?' do
subject { scan.can_enable_in_merge_request? }
context 'with a scanner that can be enabled in merge request' do
where(type: %i(sast sast_iac secret_detection dependency_scanning container_scanning))
with_them do
it { is_expected.to be_truthy }
end
end
context 'with a scanner that can not be enabled in merge request' do
let(:type) { :dast }
it { is_expected.to be_falsey }
end
end
end end
...@@ -18,27 +18,25 @@ module Gitlab ...@@ -18,27 +18,25 @@ module Gitlab
# SAST and Secret Detection are always available, but this isn't # SAST and Secret Detection are always available, but this isn't
# reflected by our license model yet. # reflected by our license model yet.
# TODO: https://gitlab.com/gitlab-org/gitlab/-/issues/333113 # TODO: https://gitlab.com/gitlab-org/gitlab/-/issues/333113
%i[sast secret_detection].include?(type) %i[sast sast_iac secret_detection].include?(type)
end
def can_enable_in_merge_request?
scans_configurable_in_merge_request.include?(type)
end end
def configured? def configured?
configured configured
end end
def configuration_path def configuration_path; end
configurable_scans[type]
end
private private
attr_reader :project, :configured attr_reader :project, :configured
def configurable_scans def scans_configurable_in_merge_request
strong_memoize(:configurable_scans) do %i[sast sast_iac secret_detection]
{
sast: project_security_configuration_sast_path(project)
}
end
end end
end end
end end
......
...@@ -3,6 +3,8 @@ ...@@ -3,6 +3,8 @@
require 'spec_helper' require 'spec_helper'
RSpec.describe ::Gitlab::Security::ScanConfiguration do RSpec.describe ::Gitlab::Security::ScanConfiguration do
using RSpec::Parameterized::TableSyntax
let_it_be(:project) { create(:project, :repository) } let_it_be(:project) { create(:project, :repository) }
let(:scan) { described_class.new(project: project, type: type, configured: configured) } let(:scan) { described_class.new(project: project, type: type, configured: configured) }
...@@ -13,10 +15,12 @@ RSpec.describe ::Gitlab::Security::ScanConfiguration do ...@@ -13,10 +15,12 @@ RSpec.describe ::Gitlab::Security::ScanConfiguration do
let(:configured) { true } let(:configured) { true }
context 'with a core scanner' do context 'with a core scanner' do
let(:type) { :sast } where(type: %i(sast sast_iac secret_detection))
with_them do
it { is_expected.to be_truthy } it { is_expected.to be_truthy }
end end
end
context 'with custom scanner' do context 'with custom scanner' do
let(:type) { :my_scanner } let(:type) { :my_scanner }
...@@ -38,27 +42,28 @@ RSpec.describe ::Gitlab::Security::ScanConfiguration do ...@@ -38,27 +42,28 @@ RSpec.describe ::Gitlab::Security::ScanConfiguration do
subject { scan.configuration_path } subject { scan.configuration_path }
let(:configured) { true } let(:configured) { true }
let(:type) { :sast }
context 'with a non configurable scanner' do
let(:type) { :secret_detection }
it { is_expected.to be_nil } it { is_expected.to be_nil }
end end
context 'with licensed scanner for FOSS environment' do describe '#can_enable_in_merge_request?' do
let(:type) { :dast } subject { scan.can_enable_in_merge_request? }
before do let(:configured) { true }
stub_env('FOSS_ONLY', '1')
end
it { is_expected.to be_nil } context 'with a core scanner' do
where(type: %i(sast sast_iac secret_detection))
with_them do
it { is_expected.to be_truthy }
end
end end
context 'with custom scanner' do context 'with a custom scanner' do
let(:type) { :my_scanner } let(:type) { :my_scanner }
it { is_expected.to be_nil } it { is_expected.to be_falsey }
end end
end end
end end
...@@ -86,8 +86,9 @@ RSpec.describe Projects::Security::ConfigurationPresenter do ...@@ -86,8 +86,9 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
expect(feature['type']).to eq('sast') expect(feature['type']).to eq('sast')
expect(feature['configured']).to eq(true) expect(feature['configured']).to eq(true)
expect(feature['configuration_path']).to eq(project_security_configuration_sast_path(project)) expect(feature['configuration_path']).to be_nil
expect(feature['available']).to eq(true) expect(feature['available']).to eq(true)
expect(feature['can_enable_in_merge_request']).to eq(true)
end end
context 'when checking features configured status' do context 'when checking features configured status' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment