Merge branch '346316-catch-yaml-errors-when-parsing-security-policies' into 'master'

Catch YAML errors when parsing security policies See merge request gitlab-org/gitlab!75092

Merge branch '346316-catch-yaml-errors-when-parsing-security-policies' into 'master'
Catch YAML errors when parsing security policies See merge request gitlab-org/gitlab!75092
cd46dc8d · Matthias Käppler · b25d1190 · 19a5e915 · cd46dc8d · cd46dc8d
Commit cd46dc8d authored Nov 24, 2021 by Matthias Käppler
3 changed files
--- a/doc/user/application_security/policies/index.md
+++ b/doc/user/application_security/policies/index.md
@@ -357,7 +357,7 @@ scan_execution_policy:
  - type: schedule
    branches:
    - main
-    cadence: */10 * * * *
+    cadence: "*/10 * * * *"
  actions:
  - scan: dast
    scanner_profile: Scanner Profile C
@@ -378,7 +378,7 @@ scan_execution_policy:
  enabled: true
  rules:
  - type: schedule
-    cadence: '15 3 * * *'
+    cadence: "15 3 * * *
    clusters:
      production-cluster:
        containers:

--- a/ee/app/models/security/orchestration_policy_configuration.rb
+++ b/ee/app/models/security/orchestration_policy_configuration.rb
@@ -35,6 +35,8 @@ module Security
        Gitlab::Config::Loader::Yaml.new(policy_blob).load!
      end
+    rescue Gitlab::Config::Loader::FormatError
+      nil
    end
    def policy_configuration_exists?

--- a/ee/spec/models/security/orchestration_policy_configuration_spec.rb
+++ b/ee/spec/models/security/orchestration_policy_configuration_spec.rb
@@ -102,6 +102,14 @@ RSpec.describe Security::OrchestrationPolicyConfiguration do
      it { expect(subject.dig(:scan_execution_policy, 0, :name)).to eq('Run DAST in every pipeline') }
    end
+    context 'when policy has invalid YAML format' do
+      let(:policy_yaml) do
+        'cadence: * 1 2 3'
+      end
+      it { expect(subject).to be_nil }
+    end
    context 'when policy is nil' do
      let(:policy_yaml) { nil }