Merge branch '355526-dast-submit-field-db' into 'master'

Add dast_submit_field to DAST site profile See merge request gitlab-org/gitlab!84245

Merge branch '355526-dast-submit-field-db' into 'master'
Add dast_submit_field to DAST site profile See merge request gitlab-org/gitlab!84245
cbcfbee7 · Alex Pooley · ab8d9688 · ae5c2556 · cbcfbee7 · cbcfbee7
Commit cbcfbee7 authored Apr 06, 2022 by Alex Pooley
8 changed files
--- a/db/migrate/20220331174026_add_submit_field_to_dast_site_profiles.rb
+++ b/db/migrate/20220331174026_add_submit_field_to_dast_site_profiles.rb
+# frozen_string_literal: true
+class AddSubmitFieldToDastSiteProfiles < Gitlab::Database::Migration[1.0]
+  # rubocop:disable Migration/AddLimitToTextColumns
+  # limit is added in 20220331174459_add_text_limit_to_submit_field_dast_site_profiles
+  def change
+    add_column :dast_site_profiles, :auth_submit_field, :text
+  end
+  # rubocop:enable Migration/AddLimitToTextColumns
+end
--- a/db/migrate/20220331174459_add_text_limit_to_submit_field_dast_site_profiles.rb
+++ b/db/migrate/20220331174459_add_text_limit_to_submit_field_dast_site_profiles.rb
+# frozen_string_literal: true
+class AddTextLimitToSubmitFieldDastSiteProfiles < Gitlab::Database::Migration[1.0]
+  disable_ddl_transaction!
+  def up
+    add_text_limit :dast_site_profiles, :auth_submit_field, 255
+  end
+  def down
+    remove_text_limit :dast_site_profiles, :auth_submit_field
+  end
+end
--- a/db/schema_migrations/20220331174026
+++ b/db/schema_migrations/20220331174026
+b4f2c1c90447a41d69f08ca2c5cbb5fb0baf1fe04e43d5dc86323d01be9e28ef
\ No newline at end of file
--- a/db/schema_migrations/20220331174459
+++ b/db/schema_migrations/20220331174459
+cc7da5bba5fd42a0c443290791eeee76491a29ab37a06f0a70806dc09ec1ceab
\ No newline at end of file
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -14054,8 +14054,10 @@ CREATE TABLE dast_site_profiles (
    auth_username text,
    target_type smallint DEFAULT 0 NOT NULL,
    scan_method smallint DEFAULT 0 NOT NULL,
+    auth_submit_field text,
    CONSTRAINT check_5203110fee CHECK ((char_length(auth_username_field) <= 255)),
    CONSTRAINT check_6cfab17b48 CHECK ((char_length(name) <= 255)),
+    CONSTRAINT check_af44f54c96 CHECK ((char_length(auth_submit_field) <= 255)),
    CONSTRAINT check_c329dffdba CHECK ((char_length(auth_password_field) <= 255)),
    CONSTRAINT check_d446f7047b CHECK ((char_length(auth_url) <= 1024)),
    CONSTRAINT check_f22f18002a CHECK ((char_length(auth_username) <= 255))
--- a/ee/app/models/dast_site_profile.rb
+++ b/ee/app/models/dast_site_profile.rb
@@ -10,7 +10,7 @@ class DastSiteProfile < ApplicationRecord
  validates :excluded_urls, length: { maximum: 25 }
  validates :auth_url, addressable_url: true, length: { maximum: 1024 }, allow_nil: true
-  validates :auth_username_field, :auth_password_field, :auth_username, length: { maximum: 255 }
+  validates :auth_username_field, :auth_password_field, :auth_username, :auth_submit_field, length: { maximum: 255 }
  validates :name, length: { maximum: 255 }, uniqueness: { scope: :project_id }, presence: true
  validates :project_id, :dast_site_id, presence: true
@@ -59,6 +59,7 @@ class DastSiteProfile < ApplicationRecord
        variables.append(key: 'DAST_USERNAME', value: auth_username)
        variables.append(key: 'DAST_USERNAME_FIELD', value: auth_username_field)
        variables.append(key: 'DAST_PASSWORD_FIELD', value: auth_password_field)
+        variables.append(key: 'DAST_SUBMIT_FIELD', value: auth_submit_field)
      end
    end

--- a/ee/spec/factories/dast_site_profiles.rb
+++ b/ee/spec/factories/dast_site_profiles.rb
@@ -21,5 +21,9 @@ FactoryBot.define do
    trait :with_dast_site_validation do
      dast_site { association :dast_site, :with_dast_site_validation, project: project }
    end
+    trait :with_dast_submit_field do
+      auth_submit_field { 'css:button[type="submit"]' }
+    end
  end
 end
--- a/ee/spec/models/dast_site_profile_spec.rb
+++ b/ee/spec/models/dast_site_profile_spec.rb
@@ -23,6 +23,7 @@ RSpec.describe DastSiteProfile, type: :model do
    it { is_expected.to validate_length_of(:auth_url).is_at_most(1024).allow_nil }
    it { is_expected.to validate_length_of(:auth_username).is_at_most(255) }
    it { is_expected.to validate_length_of(:auth_username_field).is_at_most(255) }
+    it { is_expected.to validate_length_of(:auth_submit_field).is_at_most(255) }
    it { is_expected.to validate_length_of(:name).is_at_most(255) }
    it { is_expected.to validate_presence_of(:dast_site_id) }
    it { is_expected.to validate_presence_of(:name) }
@@ -226,17 +227,38 @@ RSpec.describe DastSiteProfile, type: :model do
      let(:keys) { subject.ci_variables.map { |variable| variable[:key] } }
      let(:excluded_urls) { subject.excluded_urls.join(',') }
-      it 'returns a collection of variables' do
+      context 'without_dast_submit_field' do
-        expected_variables = [
+        it 'returns a collection of variables' do
-          { key: 'DAST_WEBSITE', value: subject.dast_site.url, public: true, masked: false },
+          expected_variables = [
-          { key: 'DAST_EXCLUDE_URLS', value: excluded_urls, public: true, masked: false },
+            { key: 'DAST_WEBSITE', value: subject.dast_site.url, public: true, masked: false },
-          { key: 'DAST_AUTH_URL', value: subject.auth_url, public: true, masked: false },
+            { key: 'DAST_EXCLUDE_URLS', value: excluded_urls, public: true, masked: false },
-          { key: 'DAST_USERNAME', value: subject.auth_username, public: true, masked: false },
+            { key: 'DAST_AUTH_URL', value: subject.auth_url, public: true, masked: false },
-          { key: 'DAST_USERNAME_FIELD', value: subject.auth_username_field, public: true, masked: false },
+            { key: 'DAST_USERNAME', value: subject.auth_username, public: true, masked: false },
-          { key: 'DAST_PASSWORD_FIELD', value: subject.auth_password_field, public: true, masked: false }
+            { key: 'DAST_USERNAME_FIELD', value: subject.auth_username_field, public: true, masked: false },
-        ]
+            { key: 'DAST_PASSWORD_FIELD', value: subject.auth_password_field, public: true, masked: false }
-        expect(collection.to_runner_variables).to eq(expected_variables)
+          ]
+          expect(collection.to_runner_variables).to eq(expected_variables)
+        end
+      end
+      context 'with_dast_submit_field' do
+        subject { create(:dast_site_profile, :with_dast_site_validation, :with_dast_submit_field, project: project) }
+        it 'returns a collection of variables' do
+          expected_variables = [
+            { key: 'DAST_WEBSITE', value: subject.dast_site.url, public: true, masked: false },
+            { key: 'DAST_EXCLUDE_URLS', value: excluded_urls, public: true, masked: false },
+            { key: 'DAST_AUTH_URL', value: subject.auth_url, public: true, masked: false },
+            { key: 'DAST_USERNAME', value: subject.auth_username, public: true, masked: false },
+            { key: 'DAST_USERNAME_FIELD', value: subject.auth_username_field, public: true, masked: false },
+            { key: 'DAST_PASSWORD_FIELD', value: subject.auth_password_field, public: true, masked: false },
+            { key: 'DAST_SUBMIT_FIELD', value: subject.auth_submit_field, public: true, masked: false }
+          ]
+          expect(collection.to_runner_variables).to eq(expected_variables)
+        end
      end
      context 'when target_type=api' do
@@ -254,7 +276,7 @@ RSpec.describe DastSiteProfile, type: :model do
        subject { build(:dast_site_profile, auth_enabled: false) }
        it 'returns a collection of variables excluding any auth variables', :aggregate_failures do
-          expect(keys).not_to include('DAST_AUTH_URL', 'DAST_USERNAME', 'DAST_USERNAME_FIELD', 'DAST_PASSWORD_FIELD')
+          expect(keys).not_to include('DAST_AUTH_URL', 'DAST_USERNAME', 'DAST_USERNAME_FIELD', 'DAST_PASSWORD_FIELD', 'DAST_SUBMIT_FIELD')
        end
      end