Commit e263bc04 authored by Max Woolf's avatar Max Woolf

Merge branch 'mc_rocha-add-passive-active-profiles-347384' into 'master'

Add passive and active profiles 347384

See merge request gitlab-org/gitlab!78492
parents 22f8f1a8 7907d2f7
...@@ -25,18 +25,22 @@ class DastScannerProfile < ApplicationRecord ...@@ -25,18 +25,22 @@ class DastScannerProfile < ApplicationRecord
[] []
end end
def ci_variables def ci_variables(dast_site_profile: nil)
::Gitlab::Ci::Variables::Collection.new.tap do |variables| ::Gitlab::Ci::Variables::Collection.new.tap do |variables|
variables.append(key: 'DAST_SPIDER_MINS', value: String(spider_timeout)) if spider_timeout variables.append(key: 'DAST_SPIDER_MINS', value: String(spider_timeout)) if spider_timeout
variables.append(key: 'DAST_TARGET_AVAILABILITY_TIMEOUT', value: String(target_timeout)) if target_timeout variables.append(key: 'DAST_TARGET_AVAILABILITY_TIMEOUT', value: String(target_timeout)) if target_timeout
variables.append(key: 'DAST_FULL_SCAN_ENABLED', value: String(full_scan_enabled?))
variables.append(key: 'DAST_USE_AJAX_SPIDER', value: String(use_ajax_spider)) variables.append(key: 'DAST_USE_AJAX_SPIDER', value: String(use_ajax_spider))
variables.append(key: 'DAST_DEBUG', value: String(show_debug_messages)) variables.append(key: 'DAST_DEBUG', value: String(show_debug_messages))
end variables.append(key: 'DAST_FULL_SCAN_ENABLED', value: String(active?))
end
def full_scan_enabled? next unless dast_site_profile&.api?
scan_type == 'active'
if active?
variables.append(key: 'DAST_API_PROFILE', value: 'Quick-Active')
else
variables.append(key: 'DAST_API_PROFILE', value: 'Quick')
end
end
end end
def referenced_in_security_policies def referenced_in_security_policies
......
...@@ -198,13 +198,13 @@ module EE ...@@ -198,13 +198,13 @@ module EE
::Gitlab::Ci::Variables::Collection.new.tap do |collection| ::Gitlab::Ci::Variables::Collection.new.tap do |collection|
break collection unless (dast_configuration = options[:dast_configuration]) break collection unless (dast_configuration = options[:dast_configuration])
if dast_configuration[:site_profile] && dast_site_profile if (site_profile = dast_configuration[:site_profile] && dast_site_profile)
collection.concat(dast_site_profile.ci_variables) collection.concat(dast_site_profile.ci_variables)
collection.concat(dast_site_profile.secret_ci_variables(user)) collection.concat(dast_site_profile.secret_ci_variables(user))
end end
if dast_configuration[:scanner_profile] && dast_scanner_profile if dast_configuration[:scanner_profile] && dast_scanner_profile
collection.concat(dast_scanner_profile.ci_variables) collection.concat(dast_scanner_profile.ci_variables(dast_site_profile: site_profile))
end end
end end
end end
......
...@@ -24,7 +24,7 @@ module AppSec ...@@ -24,7 +24,7 @@ module AppSec
private private
def active_scan_allowed? def active_scan_allowed?
return true unless dast_scanner_profile&.full_scan_enabled? return true unless dast_scanner_profile&.active?
url_base = DastSiteValidation.get_normalized_url_base(dast_site&.url) url_base = DastSiteValidation.get_normalized_url_base(dast_site&.url)
......
...@@ -207,6 +207,20 @@ RSpec.describe Ci::Build, :saas do ...@@ -207,6 +207,20 @@ RSpec.describe Ci::Build, :saas do
subject subject
end end
context 'when dast_site_profile target_type is website' do
it_behaves_like 'it includes variables' do
let(:expected_variables) { dast_scanner_profile.ci_variables(dast_site_profile: dast_site_profile) }
end
end
context 'when dast_site_profile target_type is api' do
let_it_be(:dast_site_profile) { create(:dast_site_profile, project: project, target_type: 'api') }
it_behaves_like 'it includes variables' do
let(:expected_variables) { dast_scanner_profile.ci_variables(dast_site_profile: dast_site_profile) }
end
end
end end
end end
end end
......
...@@ -55,13 +55,15 @@ RSpec.describe DastScannerProfile, type: :model do ...@@ -55,13 +55,15 @@ RSpec.describe DastScannerProfile, type: :model do
end end
describe '#ci_variables' do describe '#ci_variables' do
let(:collection) { subject.ci_variables } let(:target_type) { 'website' }
let(:dast_site_profile) { build(:dast_site_profile, target_type: target_type) }
let(:collection) { subject.ci_variables(dast_site_profile: dast_site_profile) }
it 'returns a collection of variables' do it 'returns a collection of variables' do
expected_variables = [ expected_variables = [
{ key: 'DAST_FULL_SCAN_ENABLED', value: 'false', public: true, masked: false },
{ key: 'DAST_USE_AJAX_SPIDER', value: 'false', public: true, masked: false }, { key: 'DAST_USE_AJAX_SPIDER', value: 'false', public: true, masked: false },
{ key: 'DAST_DEBUG', value: 'false', public: true, masked: false } { key: 'DAST_DEBUG', value: 'false', public: true, masked: false },
{ key: 'DAST_FULL_SCAN_ENABLED', value: 'false', public: true, masked: false }
] ]
expect(collection.to_runner_variables).to eq(expected_variables) expect(collection.to_runner_variables).to eq(expected_variables)
...@@ -75,19 +77,36 @@ RSpec.describe DastScannerProfile, type: :model do ...@@ -75,19 +77,36 @@ RSpec.describe DastScannerProfile, type: :model do
expect(collection).to include(key: 'DAST_TARGET_AVAILABILITY_TIMEOUT', value: String(subject.target_timeout), public: true) expect(collection).to include(key: 'DAST_TARGET_AVAILABILITY_TIMEOUT', value: String(subject.target_timeout), public: true)
end end
end end
end
describe 'full_scan_enabled?' do context 'when the scan_type is active' do
describe 'when is active scan' do let(:collection) { subject.ci_variables(dast_site_profile: dast_site_profile) }
subject { create(:dast_scanner_profile, scan_type: :active).full_scan_enabled? }
subject { build(:dast_scanner_profile, scan_type: :active) }
it { is_expected.to eq(true) } it 'returns a collection of variables with the passive profile', :aggregate_failures do
expect(collection).to include(key: 'DAST_FULL_SCAN_ENABLED', value: 'true')
end
end end
describe 'when is passive scan' do context 'when the target_type is api' do
subject { create(:dast_scanner_profile, scan_type: :passive).full_scan_enabled? } let(:target_type) { 'api' }
let(:collection) { subject.ci_variables(dast_site_profile: dast_site_profile) }
context 'when the scan_type is active' do
subject { build(:dast_scanner_profile, scan_type: :active) }
it { is_expected.to eq(false) } it 'returns a collection of variables with the passive profile', :aggregate_failures do
expect(collection).to include(key: 'DAST_API_PROFILE', value: 'Quick-Active')
end
end
context 'when the scan_type is passive' do
subject { build(:dast_scanner_profile, scan_type: :passive) }
it 'returns a collection of variables with the passive profile', :aggregate_failures do
expect(collection).to include(key: 'DAST_API_PROFILE', value: 'Quick')
end
end
end end
end end
......
...@@ -16,7 +16,7 @@ RSpec.describe AppSec::Dast::ScanConfigs::BuildService do ...@@ -16,7 +16,7 @@ RSpec.describe AppSec::Dast::ScanConfigs::BuildService do
let(:dast_password_field) { dast_site_profile.auth_password_field } let(:dast_password_field) { dast_site_profile.auth_password_field }
let(:dast_spider_mins) { dast_scanner_profile.spider_timeout } let(:dast_spider_mins) { dast_scanner_profile.spider_timeout }
let(:dast_target_availability_timeout) { dast_scanner_profile.target_timeout } let(:dast_target_availability_timeout) { dast_scanner_profile.target_timeout }
let(:dast_full_scan_enabled) { dast_scanner_profile.full_scan_enabled? } let(:dast_full_scan_enabled) { dast_scanner_profile.active? }
let(:dast_use_ajax_spider) { dast_scanner_profile.use_ajax_spider? } let(:dast_use_ajax_spider) { dast_scanner_profile.use_ajax_spider? }
let(:dast_debug) { dast_scanner_profile.show_debug_messages? } let(:dast_debug) { dast_scanner_profile.show_debug_messages? }
let(:on_demand_scan_template) { 'Security/DAST-On-Demand-Scan.gitlab-ci.yml' } let(:on_demand_scan_template) { 'Security/DAST-On-Demand-Scan.gitlab-ci.yml' }
......
...@@ -128,7 +128,7 @@ RSpec.describe AppSec::Dast::Scans::RunService do ...@@ -128,7 +128,7 @@ RSpec.describe AppSec::Dast::Scans::RunService do
masked: false masked: false
}, { }, {
key: 'DAST_FULL_SCAN_ENABLED', key: 'DAST_FULL_SCAN_ENABLED',
value: String(dast_scanner_profile.full_scan_enabled?), value: String(dast_scanner_profile.active?),
public: true, public: true,
masked: false masked: false
}, { }, {
......
...@@ -12,7 +12,7 @@ RSpec.describe Ci::CreatePipelineService do ...@@ -12,7 +12,7 @@ RSpec.describe Ci::CreatePipelineService do
let(:dast_variables) do let(:dast_variables) do
dast_site_profile.ci_variables dast_site_profile.ci_variables
.concat(dast_scanner_profile.ci_variables) .concat(dast_scanner_profile.ci_variables(dast_site_profile: dast_site_profile))
.to_runner_variables .to_runner_variables
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment