Skip to content

G
gitlab-ce
Commit e755ba70 authored by Aleksandr Soborov's avatar Aleksandr Soborov Committed by Walmyr Lima e Silva Filho
Browse files
Options

Add E2E test to dismiss vulnerability 

Also add data selectors where needed
parent 7bb490f0
Hide whitespace changes
Inline Side-by-side
Showing with 63 additions and 3 deletions
ee/app/assets/javascripts/vue_shared/security_reports/components/dismiss_button.vue
View file @ e755ba70
......@@ -65,6 +65,7 @@ export default {
:disabled="disabled"
:title="s__('vulnerability|Add comment & dismiss')"
variant="close"
data-qa-selector="dismiss_with_comment_button"
class="js-dismiss-with-comment "
@click="$emit('openDismissalCommentBox')"
>
......
ee/app/assets/javascripts/vue_shared/security_reports/components/dismissal_comment_box_toggle.vue
View file @ e755ba70
......@@ -57,6 +57,7 @@ export default {
<dismissal-comment-box
v-if="isActive"
v-model="localComment"
data-qa-selector="dismiss_comment_field"
:dismissal-comment="dismissalComment"
:error-message="errorMessage"
:placeholder="$options.PLACEHOLDER"
......
ee/app/assets/javascripts/vue_shared/security_reports/components/dismissal_comment_modal_footer.vue
View file @ e755ba70
......@@ -73,6 +73,7 @@ export default {
:loading="isDismissingVulnerability"
:disabled="isDismissingVulnerability"
:label="submitLabel"
data-qa-selector="add_and_dismiss_button"
class="js-loading-button"
container-class="btn btn-close"
@click="handleSubmit"
......
ee/app/assets/javascripts/vue_shared/security_reports/components/event_item.vue
View file @ e755ba70
......@@ -57,7 +57,7 @@ export default {
<div class="circle-icon-container" :class="iconStyle">
<icon :size="16" :name="iconName" />
</div>
<div class="ml-3">
<div class="ml-3" data-qa-selector="event_item_content">
<div class="note-header-info pb-0">
<a
:href="author.path"
......
ee/app/assets/javascripts/vue_shared/security_reports/components/modal.vue
View file @ e755ba70
......@@ -199,6 +199,7 @@ export default {
id="modal-mrwidget-security-issue"
:header-title-text="modal.title"
:class="{ 'modal-hide-footer': !shouldRenderFooterSection }"
data-qa-selector="vulnerability_modal_content"
class="modal-security-report-dast"
>
<slot>
......
qa/qa/ee/page/merge_request/show.rb
View file @ e755ba70
......@@ -59,9 +59,29 @@ module QA
element :approvals_summary_content
end
view 'ee/app/assets/javascripts/vue_shared/security_reports/components/modal.vue' do
element :vulnerability_modal_content
end
view 'ee/app/assets/javascripts/vue_shared/security_reports/components/event_item.vue' do
element :event_item_content
end
view 'ee/app/assets/javascripts/vue_shared/security_reports/components/modal_footer.vue' do
element :resolve_split_button
end
view 'ee/app/assets/javascripts/vue_shared/security_reports/components/dismiss_button.vue' do
element :dismiss_with_comment_button
end
view 'ee/app/assets/javascripts/vue_shared/security_reports/components/dismissal_comment_box_toggle.vue' do
element :dismiss_comment_field
end
view 'ee/app/assets/javascripts/vue_shared/security_reports/components/dismissal_comment_modal_footer.vue' do
element :add_and_dismiss_button
end
end
end
......@@ -140,7 +160,7 @@ module QA
def expand_vulnerability_report
within_element :vulnerability_report_grouped do
click_element :expand_report_button
click_element :expand_report_button unless has_content? 'Collapse'
end
end
......@@ -150,6 +170,18 @@ module QA
end
end
def dismiss_vulnerability_with_reason(name, reason)
expand_vulnerability_report
click_vulnerability(name)
click_element :dismiss_with_comment_button
find_element(:dismiss_comment_field).fill_in with: reason
click_element :add_and_dismiss_button
wait(reload: false) do
has_no_element?(:vulnerability_modal_content)
end
end
def resolve_vulnerability_with_mr(name)
expand_vulnerability_report
click_vulnerability(name)
......@@ -191,6 +223,18 @@ module QA
find_element(:dast_scan_report).has_content?(/DAST detected #{expected}( new)? vulnerabilit/)
end
def has_opened_dismissed_vulnerability?(reason = nil)
within_element(:vulnerability_modal_content) do
dismissal_found = has_element?(:event_item_content, text: /Dismissed on pipeline #\d+/)
if dismissal_found && reason
dismissal_found = has_element?(:event_item_content, text: reason)
end
dismissal_found
end
end
def num_approvals_required
approvals_content.match(/Requires (\d+) more approvals/)[1].to_i
end
......
qa/qa/specs/features/ee/browser_ui/secure/create_merge_request_with_secure_spec.rb
View file @ e755ba70
......@@ -9,6 +9,7 @@ module QA
let(:dependency_scan_vuln_count) { 4 }
let(:container_scan_vuln_count) { 8 }
let(:dast_vuln_count) { 4 }
let(:vuln_name) { "Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js" }
after do
Service::DockerRun::GitlabRunner.new(@executor).remove!
......@@ -80,9 +81,20 @@ module QA
end
end
it 'can dismiss a vulnerability with a reason' do
dismiss_reason = "Vulnerability not applicable"
Page::MergeRequest::Show.perform do |merge_request|
vuln_name = "Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js"
expect(merge_request).to have_vulnerability_report(timeout: 60)
merge_request.dismiss_vulnerability_with_reason(vuln_name, dismiss_reason)
merge_request.click_vulnerability(vuln_name)
expect(merge_request).to have_opened_dismissed_vulnerability(dismiss_reason)
end
end
it 'can create an auto-remediation MR' do
Page::MergeRequest::Show.perform do |mergerequest|
vuln_name = "Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js"
expect(mergerequest).to have_vulnerability_report(timeout: 60)
# Context changes as resolve method created new MR
mergerequest.resolve_vulnerability_with_mr vuln_name
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7