Commit fabfec53 authored by Aleksandr Soborov's avatar Aleksandr Soborov Committed by Mark Lapierre

Added E2E test to create an issue from a vuln

Also added data selectors and page object methods
parent 0ac44e6b
...@@ -122,6 +122,7 @@ export default { ...@@ -122,6 +122,7 @@ export default {
:label="actionButtons[0].name" :label="actionButtons[0].name"
container-class="btn btn-success btn-inverted" container-class="btn btn-success btn-inverted"
class="js-action-button" class="js-action-button"
data-qa-selector="create_issue_button"
@click="$emit(actionButtons[0].action)" @click="$emit(actionButtons[0].action)"
/> />
</div> </div>
......
...@@ -69,6 +69,7 @@ module QA ...@@ -69,6 +69,7 @@ module QA
view 'ee/app/assets/javascripts/vue_shared/security_reports/components/modal_footer.vue' do view 'ee/app/assets/javascripts/vue_shared/security_reports/components/modal_footer.vue' do
element :resolve_split_button element :resolve_split_button
element :create_issue_button
end end
view 'ee/app/assets/javascripts/vue_shared/security_reports/components/dismiss_button.vue' do view 'ee/app/assets/javascripts/vue_shared/security_reports/components/dismiss_button.vue' do
...@@ -194,6 +195,18 @@ module QA ...@@ -194,6 +195,18 @@ module QA
end end
end end
def create_vulnerability_issue(name)
expand_vulnerability_report
click_vulnerability(name)
previous_page = page.current_url
click_element(:create_issue_button)
wait(max: 15, reload: false) do
page.current_url != previous_page
end
end
def has_vulnerability_report?(timeout: 60) def has_vulnerability_report?(timeout: 60)
wait(reload: true, max: timeout, interval: 1) do wait(reload: true, max: timeout, interval: 1) do
finished_loading? finished_loading?
......
...@@ -9,7 +9,8 @@ module QA ...@@ -9,7 +9,8 @@ module QA
let(:dependency_scan_vuln_count) { 4 } let(:dependency_scan_vuln_count) { 4 }
let(:container_scan_vuln_count) { 8 } let(:container_scan_vuln_count) { 8 }
let(:dast_vuln_count) { 4 } let(:dast_vuln_count) { 4 }
let(:vuln_name) { "Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js" } let(:vuln_name) { "Regular Expression Denial of Service in debug" }
let(:remediable_vuln_name) { "Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js" }
after do after do
Service::DockerRun::GitlabRunner.new(@executor).remove! Service::DockerRun::GitlabRunner.new(@executor).remove!
...@@ -68,16 +69,16 @@ module QA ...@@ -68,16 +69,16 @@ module QA
end end
it 'displays the Security reports in the merge request' do it 'displays the Security reports in the merge request' do
Page::MergeRequest::Show.perform do |mergerequest| Page::MergeRequest::Show.perform do |merge_request|
expect(mergerequest).to have_vulnerability_report(timeout: 60) expect(merge_request).to have_vulnerability_report
expect(mergerequest).to have_vulnerability_count expect(merge_request).to have_vulnerability_count
mergerequest.expand_vulnerability_report merge_request.expand_vulnerability_report
expect(mergerequest).to have_sast_vulnerability_count_of(sast_vuln_count) expect(merge_request).to have_sast_vulnerability_count_of(sast_vuln_count)
expect(mergerequest).to have_dependency_vulnerability_count_of(dependency_scan_vuln_count) expect(merge_request).to have_dependency_vulnerability_count_of(dependency_scan_vuln_count)
expect(mergerequest).to have_container_vulnerability_count_of(container_scan_vuln_count) expect(merge_request).to have_container_vulnerability_count_of(container_scan_vuln_count)
expect(mergerequest).to have_dast_vulnerability_count_of(dast_vuln_count) expect(merge_request).to have_dast_vulnerability_count_of(dast_vuln_count)
end end
end end
...@@ -85,20 +86,32 @@ module QA ...@@ -85,20 +86,32 @@ module QA
dismiss_reason = "Vulnerability not applicable" dismiss_reason = "Vulnerability not applicable"
Page::MergeRequest::Show.perform do |merge_request| Page::MergeRequest::Show.perform do |merge_request|
vuln_name = "Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js" expect(merge_request).to have_vulnerability_report
expect(merge_request).to have_vulnerability_report(timeout: 60)
merge_request.dismiss_vulnerability_with_reason(vuln_name, dismiss_reason) merge_request.dismiss_vulnerability_with_reason(vuln_name, dismiss_reason)
merge_request.click_vulnerability(vuln_name) merge_request.click_vulnerability(vuln_name)
expect(merge_request).to have_opened_dismissed_vulnerability(dismiss_reason) expect(merge_request).to have_opened_dismissed_vulnerability(dismiss_reason)
end end
end end
it 'can create an issue from a vulnerability' do
Page::MergeRequest::Show.perform do |merge_request|
expect(merge_request).to have_vulnerability_report
merge_request.create_vulnerability_issue(vuln_name)
end
Page::Project::Issue::Show.perform do |issue|
expect(issue).to have_title("Investigate vulnerability: #{vuln_name}")
end
end
it 'can create an auto-remediation MR' do it 'can create an auto-remediation MR' do
Page::MergeRequest::Show.perform do |mergerequest| Page::MergeRequest::Show.perform do |merge_request|
expect(mergerequest).to have_vulnerability_report(timeout: 60) expect(merge_request).to have_vulnerability_report
# Context changes as resolve method created new MR merge_request.resolve_vulnerability_with_mr remediable_vuln_name
mergerequest.resolve_vulnerability_with_mr vuln_name
expect(mergerequest).to have_title vuln_name # Context changes as resolve method creates new MR
expect(merge_request).to have_title remediable_vuln_name
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment