Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
ca787205
Commit
ca787205
authored
May 25, 2021
by
Dheeraj Joshi
Committed by
Bob Van Landuyt
May 25, 2021
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Create DAST Configuration page [RUN ALL RSPEC] [RUN AS-IF-FOSS]
parent
091fa932
Changes
12
Show whitespace changes
Inline
Side-by-side
Showing
12 changed files
with
165 additions
and
1 deletion
+165
-1
ee/app/controllers/ee/projects/security/configuration_controller.rb
...trollers/ee/projects/security/configuration_controller.rb
+1
-0
ee/app/controllers/projects/security/dast_configuration_controller.rb
...ollers/projects/security/dast_configuration_controller.rb
+18
-0
ee/app/presenters/projects/security/configuration_presenter.rb
...p/presenters/projects/security/configuration_presenter.rb
+1
-0
ee/app/views/projects/security/dast_configuration/show.html.haml
...views/projects/security/dast_configuration/show.html.haml
+5
-0
ee/config/feature_flags/development/dast_configuration_ui.yml
...onfig/feature_flags/development/dast_configuration_ui.yml
+8
-0
ee/config/routes/project.rb
ee/config/routes/project.rb
+1
-0
ee/lib/ee/sidebars/projects/menus/security_compliance_menu.rb
...ib/ee/sidebars/projects/menus/security_compliance_menu.rb
+1
-0
ee/spec/features/projects/security/user_views_security_configuration_spec.rb
...ojects/security/user_views_security_configuration_spec.rb
+44
-1
ee/spec/lib/ee/sidebars/projects/menus/security_compliance_menu_spec.rb
.../sidebars/projects/menus/security_compliance_menu_spec.rb
+1
-0
ee/spec/presenters/projects/security/configuration_presenter_spec.rb
...senters/projects/security/configuration_presenter_spec.rb
+1
-0
ee/spec/requests/projects/security/dast_configuration_controller_spec.rb
...s/projects/security/dast_configuration_controller_spec.rb
+78
-0
locale/gitlab.pot
locale/gitlab.pot
+6
-0
No files found.
ee/app/controllers/ee/projects/security/configuration_controller.rb
View file @
ca787205
...
...
@@ -16,6 +16,7 @@ module EE
push_frontend_feature_flag
(
:security_auto_fix
,
project
,
default_enabled:
false
)
push_frontend_feature_flag
(
:sec_dependency_scanning_ui_enable
,
project
,
default_enabled: :yaml
)
push_frontend_feature_flag
(
:sec_secret_detection_ui_enable
,
project
,
default_enabled: :yaml
)
push_frontend_feature_flag
(
:dast_configuration_ui
,
project
,
default_enabled: :yaml
)
end
before_action
only:
[
:auto_fix
]
do
...
...
ee/app/controllers/projects/security/dast_configuration_controller.rb
0 → 100644
View file @
ca787205
# frozen_string_literal: true
module
Projects
module
Security
class
DastConfigurationController
<
Projects
::
ApplicationController
include
SecurityAndCompliancePermissions
include
SecurityDashboardsPermissions
alias_method
:vulnerable
,
:project
feature_category
:dynamic_application_security_testing
def
show
not_found
unless
Feature
.
enabled?
(
:dast_configuration_ui
,
@project
,
default_enabled: :yaml
)
end
end
end
end
ee/app/presenters/projects/security/configuration_presenter.rb
View file @
ca787205
...
...
@@ -90,6 +90,7 @@ module Projects
def
configuration_path
(
type
)
{
sast:
project_security_configuration_sast_path
(
project
),
dast:
::
Feature
.
enabled?
(
:dast_configuration_ui
,
project
,
default_enabled: :yaml
)
?
project_security_configuration_dast_path
(
project
)
:
nil
,
dast_profiles:
project_security_configuration_dast_scans_path
(
project
),
api_fuzzing:
project_security_configuration_api_fuzzing_path
(
project
)
}[
type
]
...
...
ee/app/views/projects/security/dast_configuration/show.html.haml
0 → 100644
View file @
ca787205
-
add_to_breadcrumbs
_
(
"Security Configuration"
),
project_security_configuration_path
(
@project
)
-
breadcrumb_title
_
(
"DAST Configuration"
)
-
page_title
_
(
"DAST Configuration"
)
%h1
=
_
(
"DAST Settings"
)
ee/config/feature_flags/development/dast_configuration_ui.yml
0 → 100644
View file @
ca787205
---
name
:
dast_configuration_ui
introduced_by_url
:
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62014
rollout_issue_url
:
https://gitlab.com/gitlab-org/gitlab/-/issues/330728
milestone
:
'
14.0'
type
:
development
group
:
group::dynamic analysis
default_enabled
:
false
ee/config/routes/project.rb
View file @
ca787205
...
...
@@ -77,6 +77,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
resources
:dast_site_profiles
,
only:
[
:new
,
:edit
]
resources
:dast_scanner_profiles
,
only:
[
:new
,
:edit
]
end
resource
:dast
,
only: :show
,
controller: :dast_configuration
end
resource
:discover
,
only:
[
:show
],
controller: :discover
...
...
ee/lib/ee/sidebars/projects/menus/security_compliance_menu.rb
View file @
ca787205
...
...
@@ -42,6 +42,7 @@ module EE
super
+
%w[
projects/security/sast_configuration#show
projects/security/api_fuzzing_configuration#show
projects/security/dast_configuration#show
projects/security/dast_profiles#show
projects/security/dast_site_profiles#new
projects/security/dast_site_profiles#edit
...
...
ee/spec/features/projects/security/user_views_security_configuration_spec.rb
View file @
ca787205
...
...
@@ -5,6 +5,7 @@ require 'spec_helper'
RSpec
.
describe
'User sees Security Configuration table'
,
:js
do
let_it_be
(
:user
)
{
create
(
:user
)
}
let_it_be
(
:project
)
{
create
(
:project
,
:repository
)
}
let_it_be
(
:pipeline
)
{
create
(
:ci_pipeline
,
project:
project
)
}
before_all
do
project
.
add_developer
(
user
)
...
...
@@ -33,7 +34,6 @@ RSpec.describe 'User sees Security Configuration table', :js do
context
'with SAST report'
do
before
do
pipeline
=
create
(
:ci_pipeline
,
project:
project
)
create
(
:ci_build
,
:sast
,
pipeline:
pipeline
,
status:
'success'
)
end
...
...
@@ -47,6 +47,43 @@ RSpec.describe 'User sees Security Configuration table', :js do
end
end
end
context
'with no DAST report'
do
it
'shows DAST is not enabled'
do
visit
(
project_security_configuration_path
(
project
))
within_dast_row
do
expect
(
page
).
to
have_text
(
'DAST'
)
expect
(
page
).
to
have_text
(
'Not enabled'
)
expect
(
page
).
to
have_css
(
'[data-testid="enable-button"]'
)
end
end
end
context
'with DAST report'
do
before
do
create
(
:ci_build
,
:dast
,
pipeline:
pipeline
,
status:
'success'
)
end
it
'shows DAST is enabled'
do
visit
(
project_security_configuration_path
(
project
))
within_dast_row
do
expect
(
page
).
to
have_text
(
'DAST'
)
expect
(
page
).
to
have_text
(
'Enabled'
)
expect
(
page
).
to
have_css
(
'[data-testid="configure-button"]'
)
end
end
it
'links to configuration page'
do
visit
(
project_security_configuration_path
(
project
))
within_dast_row
do
click_link_or_button
'Configure'
expect
(
current_path
).
to
eq
(
project_security_configuration_dast_path
(
project
))
end
end
end
end
def
within_sast_row
...
...
@@ -54,4 +91,10 @@ RSpec.describe 'User sees Security Configuration table', :js do
yield
end
end
def
within_dast_row
within
'[data-testid="security-scanner-row"]:nth-of-type(2)'
do
yield
end
end
end
ee/spec/lib/ee/sidebars/projects/menus/security_compliance_menu_spec.rb
View file @
ca787205
...
...
@@ -80,6 +80,7 @@ RSpec.describe Sidebars::Projects::Menus::SecurityComplianceMenu do
projects/security/configuration#show
projects/security/sast_configuration#show
projects/security/api_fuzzing_configuration#show
projects/security/dast_configuration#show
projects/security/dast_profiles#show
projects/security/dast_site_profiles#new
projects/security/dast_site_profiles#edit
...
...
ee/spec/presenters/projects/security/configuration_presenter_spec.rb
View file @
ca787205
...
...
@@ -266,6 +266,7 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
def
configuration_path
(
type
)
{
dast:
project_security_configuration_dast_path
(
project
),
dast_profiles:
project_security_configuration_dast_scans_path
(
project
),
sast:
project_security_configuration_sast_path
(
project
),
api_fuzzing:
project_security_configuration_api_fuzzing_path
(
project
)
...
...
ee/spec/requests/projects/security/dast_configuration_controller_spec.rb
0 → 100644
View file @
ca787205
# frozen_string_literal: true
require
'spec_helper'
RSpec
.
describe
Projects
::
Security
::
DastConfigurationController
,
type: :request
do
let_it_be
(
:project
)
{
create
(
:project
)
}
let_it_be
(
:user
)
{
create
(
:user
)
}
describe
'GET #show'
do
before
do
stub_licensed_features
(
security_dashboard:
true
)
stub_feature_flags
(
dast_configuration_ui:
true
)
login_as
(
user
)
end
include_context
'"Security & Compliance" permissions'
do
let
(
:valid_request
)
{
get
project_security_configuration_dast_path
(
project
)
}
before_request
do
project
.
add_developer
(
user
)
end
end
context
'feature available'
do
context
'user authorized'
do
before
do
project
.
add_developer
(
user
)
end
it
'can access page'
do
get
project_security_configuration_dast_path
(
project
)
expect
(
response
).
to
have_gitlab_http_status
(
:ok
)
end
end
context
'user not authorized'
do
before
do
project
.
add_guest
(
user
)
end
it
'sees a 404 error'
do
get
project_security_configuration_dast_path
(
project
)
expect
(
response
).
to
have_gitlab_http_status
(
:forbidden
)
end
end
end
context
'feature not available'
do
context
"license doesn't support the feature"
do
before
do
stub_licensed_features
(
security_dashboard:
false
)
project
.
add_developer
(
user
)
end
it
'sees a 404 error'
do
get
project_security_configuration_dast_path
(
project
)
expect
(
response
).
to
have_gitlab_http_status
(
:not_found
)
end
end
context
'feature flag is disabled'
do
before
do
stub_feature_flags
(
dast_configuration_ui:
false
)
project
.
add_developer
(
user
)
end
it
'sees a 404 error'
do
get
project_security_configuration_dast_path
(
project
)
expect
(
response
).
to
have_gitlab_http_status
(
:not_found
)
end
end
end
end
end
locale/gitlab.pot
View file @
ca787205
...
...
@@ -10060,9 +10060,15 @@ msgstr ""
msgid "DAG visualization requires at least 3 dependent jobs."
msgstr ""
msgid "DAST Configuration"
msgstr ""
msgid "DAST Scans"
msgstr ""
msgid "DAST Settings"
msgstr ""
msgid "DNS"
msgstr ""
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment