Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
861ca1df
Commit
861ca1df
authored
Sep 04, 2020
by
Neil McCorrison
Committed by
Mark Florian
Sep 04, 2020
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add DAST Profiles to Security Configuration page
Addresses
https://gitlab.com/gitlab-org/gitlab/-/issues/241263
.
parent
270576b8
Changes
10
Show whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
113 additions
and
27 deletions
+113
-27
ee/app/assets/javascripts/security_configuration/components/app.vue
...ets/javascripts/security_configuration/components/app.vue
+1
-11
ee/app/assets/javascripts/security_configuration/components/manage_feature.vue
...ipts/security_configuration/components/manage_feature.vue
+13
-1
ee/app/presenters/projects/security/configuration_presenter.rb
...p/presenters/projects/security/configuration_presenter.rb
+23
-4
ee/changelogs/unreleased/241263-dast-ondemand-configure-link.yml
...gelogs/unreleased/241263-dast-ondemand-configure-link.yml
+5
-0
ee/spec/controllers/projects/security/configuration_controller_spec.rb
...ollers/projects/security/configuration_controller_spec.rb
+1
-1
ee/spec/frontend/security_configuration/components/app_spec.js
...ec/frontend/security_configuration/components/app_spec.js
+4
-1
ee/spec/frontend/security_configuration/components/helpers.js
...pec/frontend/security_configuration/components/helpers.js
+1
-0
ee/spec/frontend/security_configuration/components/manage_feature_spec.js
.../security_configuration/components/manage_feature_spec.js
+16
-0
ee/spec/presenters/projects/security/configuration_presenter_spec.rb
...senters/projects/security/configuration_presenter_spec.rb
+40
-9
locale/gitlab.pot
locale/gitlab.pot
+9
-0
No files found.
ee/app/assets/javascripts/security_configuration/components/app.vue
View file @
861ca1df
...
...
@@ -93,10 +93,9 @@ export default {
thClass
,
},
{
key
:
'
configured
'
,
key
:
'
status
'
,
label
:
s__
(
'
SecurityConfiguration|Status
'
),
thClass
,
formatter
:
this
.
getStatusText
,
},
{
key
:
'
manage
'
,
...
...
@@ -115,15 +114,6 @@ export default {
},
},
methods
:
{
getStatusText
(
value
)
{
if
(
value
)
{
return
this
.
autoDevopsEnabled
?
s__
(
'
SecurityConfiguration|Enabled with Auto DevOps
'
)
:
s__
(
'
SecurityConfiguration|Enabled
'
);
}
return
s__
(
'
SecurityConfiguration|Not enabled
'
);
},
dismissAutoDevopsAlert
()
{
this
.
autoDevopsAlertDismissed
=
'
true
'
;
},
...
...
ee/app/assets/javascripts/security_configuration/components/manage_feature.vue
View file @
861ca1df
...
...
@@ -33,6 +33,9 @@ export default {
canCreateSASTMergeRequest
()
{
return
Boolean
(
this
.
feature
.
type
===
'
sast
'
&&
this
.
createSastMergeRequestPath
);
},
canManageProfiles
()
{
return
this
.
feature
.
type
===
'
dast_profiles
'
;
},
getFeatureDocumentationLinkLabel
()
{
return
sprintf
(
s__
(
'
SecurityConfiguration|Feature documentation for %{featureName}
'
),
{
featureName
:
this
.
feature
.
name
,
...
...
@@ -44,7 +47,16 @@ export default {
<
template
>
<gl-button
v-if=
"canConfigureFeature && feature.configured"
v-if=
"canManageProfiles"
variant=
"success"
category=
"primary"
:href=
"feature.configuration_path"
data-testid=
"manageButton"
>
{{
s__
(
'
SecurityConfiguration|Manage
'
)
}}
</gl-button
>
<gl-button
v-else-if=
"canConfigureFeature && feature.configured"
:href=
"feature.configuration_path"
data-testid=
"configureButton"
>
{{
s__
(
'
SecurityConfiguration|Configure
'
)
}}
</gl-button
...
...
ee/app/presenters/projects/security/configuration_presenter.rb
View file @
861ca1df
...
...
@@ -12,6 +12,7 @@ module Projects
SCAN_DOCS
=
{
container_scanning:
'user/application_security/container_scanning/index'
,
dast:
'user/application_security/dast/index'
,
dast_profiles:
'user/application_security/dast/index'
,
dependency_scanning:
'user/application_security/dependency_scanning/index'
,
license_management:
'user/compliance/license_compliance/index'
,
license_scanning:
'user/compliance/license_compliance/index'
,
...
...
@@ -24,6 +25,7 @@ module Projects
{
container_scanning:
_
(
'Check your Docker images for known vulnerabilities.'
),
dast:
_
(
'Analyze a review version of your web application.'
),
dast_profiles:
_
(
'Saved scan settings and target site settings which are reusable.'
),
dependency_scanning:
_
(
'Analyze your dependencies for known vulnerabilities.'
),
license_management:
_
(
'Search your project dependencies for their licenses and apply policies.'
),
license_scanning:
_
(
'Search your project dependencies for their licenses and apply policies.'
),
...
...
@@ -37,6 +39,7 @@ module Projects
{
container_scanning:
_
(
'Container Scanning'
),
dast:
_
(
'Dynamic Application Security Testing (DAST)'
),
dast_profiles:
_
(
'DAST Profiles'
),
dependency_scanning:
_
(
'Dependency Scanning'
),
license_management:
'License Management'
,
license_scanning:
_
(
'License Compliance'
),
...
...
@@ -93,14 +96,16 @@ module Projects
def
features
scans
=
scan_types
.
map
do
|
scan_type
|
if
scanner_enabled?
(
scan_type
)
scan
(
scan_type
,
configured:
true
)
scan
(
scan_type
,
configured:
true
,
status:
auto_devops_source?
?
s_
(
'SecurityConfiguration|Enabled with Auto DevOps'
)
:
s_
(
'SecurityConfiguration|Enabled'
)
)
else
scan
(
scan_type
,
configured:
false
)
scan
(
scan_type
,
configured:
false
,
status:
s_
(
'SecurityConfiguration|Not enabled'
)
)
end
end
# TODO: remove this line with #8912
license_compliance_substitute
(
scans
)
dast_profiles_insert
(
scans
)
end
def
latest_pipeline_path
...
...
@@ -122,16 +127,29 @@ module Projects
if
license_compliance_config
scans
.
map
do
|
scan_type
|
scan_type
[
:configured
]
=
true
if
scan_type
[
:name
]
==
_
(
'License Compliance'
)
scan_type
[
:status
]
=
s_
(
'SecurityConfiguration|Enabled'
)
if
scan_type
[
:name
]
==
_
(
'License Compliance'
)
end
end
scans
end
# DAST On-demand scans is a static (non job) entry. Add it manually following DAST
def
dast_profiles_insert
(
scans
)
index
=
scans
.
index
{
|
scan
|
scan
[
:name
]
==
localized_scan_names
[
:dast
]
}
unless
index
.
nil?
scans
.
insert
(
index
+
1
,
scan
(
:dast_profiles
,
configured:
true
,
status:
s_
(
'SecurityConfiguration|Available for on-demand DAST'
)))
end
scans
end
def
scan
(
type
,
configured:
false
)
def
scan
(
type
,
configured:
false
,
status
:
)
{
type:
type
,
configured:
configured
,
status:
status
,
description:
self
.
class
.
localized_scan_descriptions
[
type
],
link:
help_page_path
(
SCAN_DOCS
[
type
]),
configuration_path:
configuration_path
(
type
),
...
...
@@ -153,7 +171,8 @@ module Projects
def
configuration_path
(
type
)
{
sast:
project_security_configuration_sast_path
(
project
)
sast:
project_security_configuration_sast_path
(
project
),
dast_profiles:
project_profiles_path
(
project
)
}[
type
]
end
end
...
...
ee/changelogs/unreleased/241263-dast-ondemand-configure-link.yml
0 → 100644
View file @
861ca1df
---
title
:
On-demand scans item on Security & Compliance configuration page
merge_request
:
40474
author
:
type
:
added
ee/spec/controllers/projects/security/configuration_controller_spec.rb
View file @
861ca1df
...
...
@@ -29,7 +29,7 @@ RSpec.describe Projects::Security::ConfigurationController do
it
'responds in json format when requested'
do
get
:show
,
params:
{
namespace_id:
project
.
namespace
,
project_id:
project
,
format: :json
}
types
=
%w(sast dast dependency_scanning container_scanning secret_detection coverage_fuzzing license_scanning)
types
=
%w(sast dast d
ast_profiles d
ependency_scanning container_scanning secret_detection coverage_fuzzing license_scanning)
expect
(
response
).
to
have_gitlab_http_status
(
:ok
)
expect
(
json_response
[
'features'
].
map
{
|
f
|
f
[
'type'
]
}).
to
match_array
(
types
)
...
...
ee/spec/frontend/security_configuration/components/app_spec.js
View file @
861ca1df
...
...
@@ -184,7 +184,10 @@ describe('Security Configuration App', () => {
describe
(
'
given a feature enabled by Auto DevOps
'
,
()
=>
{
it
(
'
displays the expected status text
'
,
()
=>
{
const
features
=
generateFeatures
(
1
,
{
configured
:
true
});
const
features
=
generateFeatures
(
1
,
{
configured
:
true
,
status
:
'
Enabled with Auto DevOps
'
,
});
createComponent
({
propsData
:
{
features
,
autoDevopsEnabled
:
true
}
});
...
...
ee/spec/frontend/security_configuration/components/helpers.js
View file @
861ca1df
...
...
@@ -6,6 +6,7 @@ export const generateFeatures = (n, overrides = {}) => {
link
:
`link-feature-
${
i
}
`
,
configuration_path
:
i
%
2
?
`configuration_path-
${
i
}
`
:
null
,
configured
:
i
%
2
===
0
,
status
:
i
%
2
===
0
?
'
Enabled
'
:
'
Not enabled
'
,
...
overrides
,
}));
};
ee/spec/frontend/security_configuration/components/manage_feature_spec.js
View file @
861ca1df
...
...
@@ -86,6 +86,22 @@ describe('ManageFeature component', () => {
});
});
describe
(
'
given a feature with type "dast-profiles"
'
,
()
=>
{
beforeEach
(()
=>
{
[
feature
]
=
generateFeatures
(
1
,
{
type
:
'
dast_profiles
'
,
configuration_path
:
'
foo
'
});
createComponent
({
propsData
:
{
feature
,
autoDevopsEnabled
:
true
},
});
});
it
(
'
shows the DAST Profiles manage button
'
,
()
=>
{
const
button
=
findTestId
(
'
manageButton
'
);
expect
(
button
.
exists
()).
toBe
(
true
);
expect
(
button
.
attributes
(
'
href
'
)).
toBe
(
feature
.
configuration_path
);
});
});
describe
(
'
given a feature type that is not "sast"
'
,
()
=>
{
beforeEach
(()
=>
{
[
feature
]
=
generateFeatures
(
1
,
{
type
:
'
something_that_is_not_sast
'
});
...
...
ee/spec/presenters/projects/security/configuration_presenter_spec.rb
View file @
861ca1df
...
...
@@ -61,13 +61,14 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
it
'reports that all scanners are configured for which latest pipeline has builds'
do
expect
(
Gitlab
::
Json
.
parse
(
subject
[
:features
])).
to
contain_exactly
(
security_scan
(
:dast
,
configured:
true
),
security_scan
(
:sast
,
configured:
true
),
security_scan
(
:container_scanning
,
configured:
false
),
security_scan
(
:dependency_scanning
,
configured:
false
),
security_scan
(
:license_scanning
,
configured:
false
),
security_scan
(
:secret_detection
,
configured:
true
),
security_scan
(
:coverage_fuzzing
,
configured:
false
)
security_scan
(
:dast
,
configured:
true
,
auto_dev_ops_enabled:
true
),
security_scan
(
:dast_profiles
,
configured:
true
,
auto_dev_ops_enabled:
true
),
security_scan
(
:sast
,
configured:
true
,
auto_dev_ops_enabled:
true
),
security_scan
(
:container_scanning
,
configured:
false
,
auto_dev_ops_enabled:
true
),
security_scan
(
:dependency_scanning
,
configured:
false
,
auto_dev_ops_enabled:
true
),
security_scan
(
:license_scanning
,
configured:
false
,
auto_dev_ops_enabled:
true
),
security_scan
(
:secret_detection
,
configured:
true
,
auto_dev_ops_enabled:
true
),
security_scan
(
:coverage_fuzzing
,
configured:
false
,
auto_dev_ops_enabled:
true
)
)
end
end
...
...
@@ -84,6 +85,7 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
it
'reports all security jobs as unconfigured'
do
expect
(
Gitlab
::
Json
.
parse
(
subject
[
:features
])).
to
contain_exactly
(
security_scan
(
:dast
,
configured:
false
),
security_scan
(
:dast_profiles
,
configured:
true
),
security_scan
(
:sast
,
configured:
false
),
security_scan
(
:container_scanning
,
configured:
false
),
security_scan
(
:dependency_scanning
,
configured:
false
),
...
...
@@ -113,6 +115,7 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
it
'uses the latest default branch pipeline to determine whether a security job is configured'
do
expect
(
Gitlab
::
Json
.
parse
(
subject
[
:features
])).
to
contain_exactly
(
security_scan
(
:dast
,
configured:
true
),
security_scan
(
:dast_profiles
,
configured:
true
),
security_scan
(
:sast
,
configured:
true
),
security_scan
(
:container_scanning
,
configured:
false
),
security_scan
(
:dependency_scanning
,
configured:
false
),
...
...
@@ -129,6 +132,7 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
expect
(
Gitlab
::
Json
.
parse
(
subject
[
:features
])).
to
contain_exactly
(
security_scan
(
:dast
,
configured:
false
),
security_scan
(
:dast_profiles
,
configured:
true
),
security_scan
(
:sast
,
configured:
true
),
security_scan
(
:container_scanning
,
configured:
false
),
security_scan
(
:dependency_scanning
,
configured:
false
),
...
...
@@ -151,6 +155,7 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
expect
(
Gitlab
::
Json
.
parse
(
subject
[
:features
])).
to
contain_exactly
(
security_scan
(
:dast
,
configured:
false
),
security_scan
(
:dast_profiles
,
configured:
true
),
security_scan
(
:sast
,
configured:
true
),
security_scan
(
:container_scanning
,
configured:
false
),
security_scan
(
:dependency_scanning
,
configured:
false
),
...
...
@@ -165,6 +170,7 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
expect
(
Gitlab
::
Json
.
parse
(
subject
[
:features
])).
to
contain_exactly
(
security_scan
(
:dast
,
configured:
true
),
security_scan
(
:dast_profiles
,
configured:
true
),
security_scan
(
:sast
,
configured:
true
),
security_scan
(
:container_scanning
,
configured:
false
),
security_scan
(
:dependency_scanning
,
configured:
false
),
...
...
@@ -222,16 +228,41 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
end
end
def
security_scan
(
type
,
configured
:)
configuration_path
=
project_security_configuration_sast_path
(
project
)
if
type
==
:sast
def
security_scan
(
type
,
configured
:,
auto_dev_ops_enabled:
false
)
configuration_path
=
configuration_path
(
type
)
status_str
=
scan_status
(
type
,
configured
,
auto_dev_ops_enabled
)
{
"type"
=>
type
.
to_s
,
"configured"
=>
configured
,
"status"
=>
status_str
,
"description"
=>
described_class
.
localized_scan_descriptions
[
type
],
"link"
=>
help_page_path
(
described_class
::
SCAN_DOCS
[
type
]),
"configuration_path"
=>
configuration_path
,
"name"
=>
described_class
.
localized_scan_names
[
type
]
}
end
def
configuration_path
(
type
)
if
type
===
:dast_profiles
project_profiles_path
(
project
)
elsif
type
===
:sast
project_security_configuration_sast_path
(
project
)
else
nil
end
end
def
scan_status
(
type
,
configured
,
auto_dev_ops_enabled
)
if
type
==
:dast_profiles
"Available for on-demand DAST"
elsif
configured
&&
auto_dev_ops_enabled
"Enabled with Auto DevOps"
elsif
configured
"Enabled"
else
"Not enabled"
end
end
end
locale/gitlab.pot
View file @
861ca1df
...
...
@@ -7707,6 +7707,9 @@ msgstr ""
msgid "DAG visualization requires at least 3 dependent jobs."
msgstr ""
msgid "DAST Profiles"
msgstr ""
msgid "DNS"
msgstr ""
...
...
@@ -21487,6 +21490,9 @@ msgstr ""
msgid "Save variables"
msgstr ""
msgid "Saved scan settings and target site settings which are reusable."
msgstr ""
msgid "Saving"
msgstr ""
...
...
@@ -21822,6 +21828,9 @@ msgstr ""
msgid "SecurityConfiguration|An error occurred while creating the merge request."
msgstr ""
msgid "SecurityConfiguration|Available for on-demand DAST"
msgstr ""
msgid "SecurityConfiguration|Configure"
msgstr ""
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment