Create DAST Configuration page [RUN ALL RSPEC] [RUN AS-IF-FOSS]

ee/app/controllers/ee/projects/security/configuration_controller.rb

@@ -16,6 +16,7 @@ module EE
             push_frontend_feature_flag(:security_auto_fix, project, default_enabled: false)
             push_frontend_feature_flag(:sec_dependency_scanning_ui_enable, project, default_enabled: :yaml)
             push_frontend_feature_flag(:sec_secret_detection_ui_enable, project, default_enabled: :yaml)
+            push_frontend_feature_flag(:dast_configuration_ui, project, default_enabled: :yaml)
           end
 
           before_action only: [:auto_fix] do

ee/app/controllers/projects/security/dast_configuration_controller.rb

+# frozen_string_literal: true
+
+module Projects
+  module Security
+    class DastConfigurationController < Projects::ApplicationController
+      include SecurityAndCompliancePermissions
+      include SecurityDashboardsPermissions
+
+      alias_method :vulnerable, :project
+
+      feature_category :dynamic_application_security_testing
+
+      def show
+        not_found unless Feature.enabled?(:dast_configuration_ui, @project, default_enabled: :yaml)
+      end
+    end
+  end
+end

ee/app/presenters/projects/security/configuration_presenter.rb

@@ -90,6 +90,7 @@ module Projects
       def configuration_path(type)
         {
           sast: project_security_configuration_sast_path(project),
+          dast: ::Feature.enabled?(:dast_configuration_ui, project, default_enabled: :yaml) ? project_security_configuration_dast_path(project) : nil,
           dast_profiles: project_security_configuration_dast_scans_path(project),
           api_fuzzing: project_security_configuration_api_fuzzing_path(project)
         }[type]

ee/app/views/projects/security/dast_configuration/show.html.haml

+- add_to_breadcrumbs _("Security Configuration"), project_security_configuration_path(@project)
+- breadcrumb_title _("DAST Configuration")
+- page_title _("DAST Configuration")
+
+%h1= _("DAST Settings")

ee/config/feature_flags/development/dast_configuration_ui.yml

+---
+name: dast_configuration_ui
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62014
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/330728
+milestone: '14.0'
+type: development
+group: group::dynamic analysis
+default_enabled: false

ee/config/routes/project.rb

@@ -77,6 +77,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
               resources :dast_site_profiles, only: [:new, :edit]
               resources :dast_scanner_profiles, only: [:new, :edit]
             end
+            resource :dast, only: :show, controller: :dast_configuration
           end
 
           resource :discover, only: [:show], controller: :discover

ee/lib/ee/sidebars/projects/menus/security_compliance_menu.rb

@@ -42,6 +42,7 @@ module EE
             super + %w[
               projects/security/sast_configuration#show
               projects/security/api_fuzzing_configuration#show
+              projects/security/dast_configuration#show
               projects/security/dast_profiles#show
               projects/security/dast_site_profiles#new
               projects/security/dast_site_profiles#edit

ee/spec/features/projects/security/user_views_security_configuration_spec.rb

@@ -5,6 +5,7 @@ require 'spec_helper'
 RSpec.describe 'User sees Security Configuration table', :js do
   let_it_be(:user) { create(:user) }
   let_it_be(:project) { create(:project, :repository) }
+  let_it_be(:pipeline) { create(:ci_pipeline, project: project) }
 
   before_all do
     project.add_developer(user)
@@ -33,7 +34,6 @@ RSpec.describe 'User sees Security Configuration table', :js do
 
     context 'with SAST report' do
       before do
-        pipeline = create(:ci_pipeline, project: project)
         create(:ci_build, :sast, pipeline: pipeline, status: 'success')
       end
 
@@ -47,6 +47,43 @@ RSpec.describe 'User sees Security Configuration table', :js do
         end
       end
     end
+
+    context 'with no DAST report' do
+      it 'shows DAST is not enabled' do
+        visit(project_security_configuration_path(project))
+
+        within_dast_row do
+          expect(page).to have_text('DAST')
+          expect(page).to have_text('Not enabled')
+          expect(page).to have_css('[data-testid="enable-button"]')
+        end
+      end
+    end
+
+    context 'with DAST report' do
+      before do
+        create(:ci_build, :dast, pipeline: pipeline, status: 'success')
+      end
+
+      it 'shows DAST is enabled' do
+        visit(project_security_configuration_path(project))
+
+        within_dast_row do
+          expect(page).to have_text('DAST')
+          expect(page).to have_text('Enabled')
+          expect(page).to have_css('[data-testid="configure-button"]')
+        end
+      end
+
+      it 'links to configuration page' do
+        visit(project_security_configuration_path(project))
+
+        within_dast_row do
+          click_link_or_button 'Configure'
+          expect(current_path).to eq(project_security_configuration_dast_path(project))
+        end
+      end
+    end
   end
 
   def within_sast_row
@@ -54,4 +91,10 @@ RSpec.describe 'User sees Security Configuration table', :js do
       yield
     end
   end
+
+  def within_dast_row
+    within '[data-testid="security-scanner-row"]:nth-of-type(2)' do
+      yield
+    end
+  end
 end

ee/spec/lib/ee/sidebars/projects/menus/security_compliance_menu_spec.rb

@@ -80,6 +80,7 @@ RSpec.describe Sidebars::Projects::Menus::SecurityComplianceMenu do
             projects/security/configuration#show
             projects/security/sast_configuration#show
             projects/security/api_fuzzing_configuration#show
+            projects/security/dast_configuration#show
             projects/security/dast_profiles#show
             projects/security/dast_site_profiles#new
             projects/security/dast_site_profiles#edit

ee/spec/presenters/projects/security/configuration_presenter_spec.rb

@@ -266,6 +266,7 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
 
   def configuration_path(type)
     {
+      dast: project_security_configuration_dast_path(project),
       dast_profiles: project_security_configuration_dast_scans_path(project),
       sast: project_security_configuration_sast_path(project),
       api_fuzzing: project_security_configuration_api_fuzzing_path(project)

ee/spec/requests/projects/security/dast_configuration_controller_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Projects::Security::DastConfigurationController, type: :request do
+  let_it_be(:project) { create(:project) }
+  let_it_be(:user) { create(:user) }
+
+  describe 'GET #show' do
+    before do
+      stub_licensed_features(security_dashboard: true)
+      stub_feature_flags(dast_configuration_ui: true)
+      login_as(user)
+    end
+
+    include_context '"Security & Compliance" permissions' do
+      let(:valid_request) { get project_security_configuration_dast_path(project) }
+
+      before_request do
+        project.add_developer(user)
+      end
+    end
+
+    context 'feature available' do
+      context 'user authorized' do
+        before do
+          project.add_developer(user)
+        end
+
+        it 'can access page' do
+          get project_security_configuration_dast_path(project)
+
+          expect(response).to have_gitlab_http_status(:ok)
+        end
+      end
+
+      context 'user not authorized' do
+        before do
+          project.add_guest(user)
+        end
+
+        it 'sees a 404 error' do
+          get project_security_configuration_dast_path(project)
+
+          expect(response).to have_gitlab_http_status(:forbidden)
+        end
+      end
+    end
+
+    context 'feature not available' do
+      context "license doesn't support the feature" do
+        before do
+          stub_licensed_features(security_dashboard: false)
+          project.add_developer(user)
+        end
+
+        it 'sees a 404 error' do
+          get project_security_configuration_dast_path(project)
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+
+      context 'feature flag is disabled' do
+        before do
+          stub_feature_flags(dast_configuration_ui: false)
+          project.add_developer(user)
+        end
+
+        it 'sees a 404 error' do
+          get project_security_configuration_dast_path(project)
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+    end
+  end
+end

locale/gitlab.pot

@@ -10060,9 +10060,15 @@ msgstr ""
 msgid "DAG visualization requires at least 3 dependent jobs."
 msgstr ""
 
+msgid "DAST Configuration"
+msgstr ""
+
 msgid "DAST Scans"
 msgstr ""
 
+msgid "DAST Settings"
+msgstr ""
+
 msgid "DNS"
 msgstr ""