Merge branch '9192-secure-e2e-tests-auto-remediation' into 'master'

Added a Secure E2E test for auto-remediation

Closes #9192

See merge request gitlab-org/gitlab-ee!14945

ee/app/assets/javascripts/vue_shared/security_reports/components/modal_footer.vue

@@ -102,6 +102,7 @@ export default {
       v-if="actionButtons.length > 1"
       :buttons="actionButtons"
       class="js-split-button"
+      data-qa-selector="resolve_split_button"
       @createMergeRequest="$emit('createMergeRequest')"
       @createNewIssue="$emit('createNewIssue')"
       @downloadPatch="$emit('downloadPatch')"

qa/qa/ee/page/merge_request/show.rb

@@ -41,6 +41,14 @@ module QA
                 element :vulnerability_report_grouped
               end
 
+              view 'app/assets/javascripts/reports/components/report_section.vue' do
+                element :expand_report_button
+              end
+
+              view 'ee/app/assets/javascripts/vue_shared/security_reports/components/modal_footer.vue' do
+                element :resolve_split_button
+              end
+
               def start_review
                 click_element :start_review
               end
@@ -78,6 +86,22 @@ module QA
                 end
               end
 
+              def expand_vulnerability_report
+                click_element :expand_report_button
+              end
+
+              def click_vulnerability(name)
+                within_element :vulnerability_report_grouped do
+                  click_on name
+                end
+              end
+
+              def resolve_vulnerability_with_mr(name)
+                expand_vulnerability_report
+                click_vulnerability(name)
+                click_element :resolve_split_button
+              end
+
               def has_vulnerability_report?(timeout: 60)
                 wait(reload: true, max: timeout, interval: 1) do
                   finished_loading?

qa/qa/specs/features/ee/browser_ui/secure/create_merge_request_with_secure_spec.rb

@@ -51,7 +51,17 @@ module QA
       it 'displays the Security report in the merge request' do
         Page::MergeRequest::Show.perform do |mergerequest|
           expect(mergerequest).to have_vulnerability_report(timeout: 60)
-          expect(mergerequest).to have_detected_vulnerability_count_of "2"
+          expect(mergerequest).to have_detected_vulnerability_count_of "4"
+        end
+      end
+
+      it 'can create an auto-remediation MR' do
+        Page::MergeRequest::Show.perform do |mergerequest|
+          vuln_name = "Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js"
+
+          expect(mergerequest).to have_vulnerability_report(timeout: 60)
+          mergerequest.resolve_vulnerability_with_mr vuln_name
+          expect(mergerequest).to have_title vuln_name
         end
       end
     end

qa/qa/specs/features/ee/browser_ui/secure/security_reports_spec.rb

 # frozen_string_literal: true
 
 require 'pathname'
+NUMBER_OF_DEPENDENCIES_IN_FIXTURE = 1309
 
 module QA
   context 'Secure', :docker do
@@ -57,7 +58,7 @@ module QA
         Page::Project::Pipeline::Show.perform do |pipeline|
           pipeline.click_on_security
           expect(pipeline).to have_dependency_report
-          expect(pipeline).to have_content("Dependency scanning detected 2")
+          expect(pipeline).to have_content("Dependency scanning detected 4")
           pipeline.expand_dependency_report
           expect(pipeline).to have_content("jQuery before 3.4.0")
         end
@@ -87,7 +88,7 @@ module QA
         Page::Project::Menu.perform(&:click_on_dependency_list)
 
         EE::Page::Project::Secure::DependencyList.perform do |page|
-          expect(page).to have_dependency_count_of "1293"
+          expect(page).to have_dependency_count_of NUMBER_OF_DEPENDENCIES_IN_FIXTURE
         end
       end
     end