From 05121c072372cab45615e9e1f3754b79816dae89 Mon Sep 17 00:00:00 2001 From: Cameron Swords <cswords@gitlab.com> Date: Fri, 16 Aug 2019 08:56:00 +0000 Subject: [PATCH] Move security fixtures to the ee directory Note these fixtures have also been removed from the CE codebase. --- db/fixtures/development/14_pipelines.rb | 75 +----------------- ee/spec/factories/ci/job_artifacts.rb | 20 ++--- .../gl-dependency-scanning-report.json | 0 .../gl-dependency-scanning-report.json | 0 .../deprecated/gl-sast-report.json | 0 .../security_reports}/feature-branch.zip | Bin .../gl-container-scanning-report.json | 0 .../feature-branch/gl-dast-report.json | 0 .../gl-dependency-scanning-report.json | 0 .../gl-license-management-report.json | 0 .../feature-branch/gl-sast-report.json | 0 .../fixtures/security_reports}/master.zip | Bin .../master/gl-container-scanning-report.json | 0 .../master/gl-dast-report.json | 0 .../master/gl-dependency-scanning-report.json | 0 .../master/gl-license-management-report.json | 0 .../master/gl-sast-report.json | 0 .../gl-dependency-scanning-report.json | 0 .../remediations/remediation.patch | 0 .../security_reports}/remediations/yarn.lock | 0 .../license_management_spec.rb | 2 +- .../security/container_scanning_spec.rb | 2 +- .../formatters/container_scanning_spec.rb | 2 +- .../parsers/security/formatters/dast_spec.rb | 2 +- .../formatters/dependency_list_spec.rb | 2 +- ...d_container_scanning_vulnerability_spec.rb | 2 +- ...te_from_vulnerability_data_service_spec.rb | 2 +- .../create_service_spec.rb | 2 +- 28 files changed, 19 insertions(+), 92 deletions(-) rename {spec/fixtures/security-reports => ee/spec/fixtures/security_reports}/dependency_list/gl-dependency-scanning-report.json (100%) rename {spec/fixtures/security-reports => ee/spec/fixtures/security_reports}/deprecated/gl-dependency-scanning-report.json (100%) rename {spec/fixtures/security-reports => ee/spec/fixtures/security_reports}/deprecated/gl-sast-report.json (100%) rename {spec/fixtures/security-reports => ee/spec/fixtures/security_reports}/feature-branch.zip (100%) rename {spec/fixtures/security-reports => ee/spec/fixtures/security_reports}/feature-branch/gl-container-scanning-report.json (100%) rename {spec/fixtures/security-reports => ee/spec/fixtures/security_reports}/feature-branch/gl-dast-report.json (100%) rename {spec/fixtures/security-reports => ee/spec/fixtures/security_reports}/feature-branch/gl-dependency-scanning-report.json (100%) rename {spec/fixtures/security-reports => ee/spec/fixtures/security_reports}/feature-branch/gl-license-management-report.json (100%) rename {spec/fixtures/security-reports => ee/spec/fixtures/security_reports}/feature-branch/gl-sast-report.json (100%) rename {spec/fixtures/security-reports => ee/spec/fixtures/security_reports}/master.zip (100%) rename {spec/fixtures/security-reports => ee/spec/fixtures/security_reports}/master/gl-container-scanning-report.json (100%) rename {spec/fixtures/security-reports => ee/spec/fixtures/security_reports}/master/gl-dast-report.json (100%) rename {spec/fixtures/security-reports => ee/spec/fixtures/security_reports}/master/gl-dependency-scanning-report.json (100%) rename {spec/fixtures/security-reports => ee/spec/fixtures/security_reports}/master/gl-license-management-report.json (100%) rename {spec/fixtures/security-reports => ee/spec/fixtures/security_reports}/master/gl-sast-report.json (100%) rename {spec/fixtures/security-reports => ee/spec/fixtures/security_reports}/remediations/gl-dependency-scanning-report.json (100%) rename {spec/fixtures/security-reports => ee/spec/fixtures/security_reports}/remediations/remediation.patch (100%) rename {spec/fixtures/security-reports => ee/spec/fixtures/security_reports}/remediations/yarn.lock (100%) diff --git a/db/fixtures/development/14_pipelines.rb b/db/fixtures/development/14_pipelines.rb index 05bda7d3672..5c8b681fa92 100644 --- a/db/fixtures/development/14_pipelines.rb +++ b/db/fixtures/development/14_pipelines.rb @@ -1,7 +1,7 @@ require './spec/support/sidekiq' class Gitlab::Seeder::Pipelines - STAGES = %w[build test security deploy notify] + STAGES = %w[build test deploy notify] BUILDS = [ # build stage { name: 'build:linux', stage: 'build', status: :success, @@ -31,16 +31,6 @@ class Gitlab::Seeder::Pipelines { name: 'spinach:osx', stage: 'test', status: :failed, allow_failure: true, queued_at: 8.hour.ago, started_at: 8.hour.ago, finished_at: 7.hour.ago }, - # security stage - { name: 'dast', stage: 'security', status: :success, - queued_at: 8.hour.ago, started_at: 8.hour.ago, finished_at: 7.hour.ago }, - { name: 'sast', stage: 'security', status: :success, - queued_at: 8.hour.ago, started_at: 8.hour.ago, finished_at: 7.hour.ago }, - { name: 'dependency_scanning', stage: 'security', status: :success, - queued_at: 8.hour.ago, started_at: 8.hour.ago, finished_at: 7.hour.ago }, - { name: 'container_scanning', stage: 'security', status: :success, - queued_at: 8.hour.ago, started_at: 8.hour.ago, finished_at: 7.hour.ago }, - # deploy stage { name: 'staging', stage: 'deploy', environment: 'staging', status_event: :success, options: { environment: { action: 'start', on_stop: 'stop staging' } }, @@ -127,11 +117,6 @@ class Gitlab::Seeder::Pipelines setup_artifacts(build) setup_test_reports(build) - if build.ref == build.project.default_branch - setup_security_reports_file(build) - else - setup_security_reports_legacy_archive(build) - end setup_build_log(build) build.project.environments. @@ -167,55 +152,6 @@ class Gitlab::Seeder::Pipelines end end - def setup_security_reports_file(build) - return unless build.stage == "security" - - # we have two sources: master and feature-branch - branch_name = build.ref == build.project.default_branch ? - 'master' : 'feature-branch' - - artifacts_cache_file(security_reports_path(branch_name, build.name)) do |file| - build.job_artifacts.build( - project: build.project, - file_type: build.name, - file_format: :raw, - file: file) - end - end - - def setup_security_reports_legacy_archive(build) - return unless build.stage == "security" - - # we have two sources: master and feature-branch - branch_name = build.ref == build.project.default_branch ? - 'master' : 'feature-branch' - - artifacts_cache_file(security_reports_archive_path(branch_name)) do |file| - build.job_artifacts.build( - project: build.project, - file_type: :archive, - file_format: :zip, - file: file) - end - - # assign dummy metadata - artifacts_cache_file(artifacts_metadata_path) do |file| - build.job_artifacts.build( - project: build.project, - file_type: :metadata, - file_format: :gzip, - file: file) - end - - build.options = { - artifacts: { - paths: [ - Ci::JobArtifact::DEFAULT_FILE_NAMES.fetch(build.name.to_sym) - ] - } - } - end - def setup_build_log(build) if %w(running success failed).include?(build.status) build.trace.set(FFaker::Lorem.paragraphs(6).join("\n\n")) @@ -267,15 +203,6 @@ class Gitlab::Seeder::Pipelines Rails.root + 'spec/fixtures/junit/junit.xml.gz' end - def security_reports_archive_path(branch) - Rails.root.join('spec', 'fixtures', 'security-reports', branch + '.zip') - end - - def security_reports_path(branch, name) - file_name = Ci::JobArtifact::DEFAULT_FILE_NAMES.fetch(name.to_sym) - Rails.root.join('spec', 'fixtures', 'security-reports', branch, file_name) - end - def artifacts_cache_file(file_path) file = Tempfile.new("artifacts") file.close diff --git a/ee/spec/factories/ci/job_artifacts.rb b/ee/spec/factories/ci/job_artifacts.rb index 6138a8caad0..6ae8010cb41 100644 --- a/ee/spec/factories/ci/job_artifacts.rb +++ b/ee/spec/factories/ci/job_artifacts.rb @@ -8,7 +8,7 @@ FactoryBot.define do after(:build) do |artifact, evaluator| artifact.file = fixture_file_upload( - Rails.root.join('spec/fixtures/security-reports/master/gl-sast-report.json'), 'text/plain') + Rails.root.join('ee/spec/fixtures/security_reports/master/gl-sast-report.json'), 'text/plain') end end @@ -18,7 +18,7 @@ FactoryBot.define do after(:build) do |artifact, evaluator| artifact.file = fixture_file_upload( - Rails.root.join('spec/fixtures/security-reports/deprecated/gl-sast-report.json'), 'text/plain') + Rails.root.join('ee/spec/fixtures/security_reports/deprecated/gl-sast-report.json'), 'text/plain') end end @@ -38,7 +38,7 @@ FactoryBot.define do after(:build) do |artifact, evaluator| artifact.file = fixture_file_upload( - Rails.root.join('spec/fixtures/security-reports/master/gl-license-management-report.json'), 'application/json') + Rails.root.join('ee/spec/fixtures/security_reports/master/gl-license-management-report.json'), 'application/json') end end @@ -48,7 +48,7 @@ FactoryBot.define do after(:build) do |artifact, evaluator| artifact.file = fixture_file_upload( - Rails.root.join('spec/fixtures/security-reports/feature-branch/gl-license-management-report.json'), 'application/json') + Rails.root.join('ee/spec/fixtures/security_reports/feature-branch/gl-license-management-report.json'), 'application/json') end end @@ -88,7 +88,7 @@ FactoryBot.define do after(:build) do |artifact, _| artifact.file = fixture_file_upload( - Rails.root.join('spec/fixtures/security-reports/master/gl-dependency-scanning-report.json'), 'text/plain') + Rails.root.join('ee/spec/fixtures/security_reports/master/gl-dependency-scanning-report.json'), 'text/plain') end end @@ -98,7 +98,7 @@ FactoryBot.define do after(:build) do |artifact, _| artifact.file = fixture_file_upload( - Rails.root.join('spec/fixtures/security-reports/remediations/gl-dependency-scanning-report.json'), 'text/plain') + Rails.root.join('ee/spec/fixtures/security_reports/remediations/gl-dependency-scanning-report.json'), 'text/plain') end end @@ -108,7 +108,7 @@ FactoryBot.define do after(:build) do |artifact, _| artifact.file = fixture_file_upload( - Rails.root.join('spec/fixtures/security-reports/deprecated/gl-dependency-scanning-report.json'), 'text/plain') + Rails.root.join('ee/spec/fixtures/security_reports/deprecated/gl-dependency-scanning-report.json'), 'text/plain') end end @@ -138,7 +138,7 @@ FactoryBot.define do after(:build) do |artifact, _| artifact.file = fixture_file_upload( - Rails.root.join('spec/fixtures/security-reports/master/gl-container-scanning-report.json'), 'text/plain') + Rails.root.join('ee/spec/fixtures/security_reports/master/gl-container-scanning-report.json'), 'text/plain') end end @@ -168,7 +168,7 @@ FactoryBot.define do after(:build) do |artifact, _| artifact.file = fixture_file_upload( - Rails.root.join('spec/fixtures/security-reports/master/gl-dast-report.json'), 'text/plain') + Rails.root.join('ee/spec/fixtures/security_reports/master/gl-dast-report.json'), 'text/plain') end end @@ -198,7 +198,7 @@ FactoryBot.define do after(:build) do |artifact, _| artifact.file = fixture_file_upload( - Rails.root.join('spec/fixtures/security-reports/dependency_list/gl-dependency-scanning-report.json'), 'text/plain') + Rails.root.join('ee/spec/fixtures/security_reports/dependency_list/gl-dependency-scanning-report.json'), 'text/plain') end end end diff --git a/spec/fixtures/security-reports/dependency_list/gl-dependency-scanning-report.json b/ee/spec/fixtures/security_reports/dependency_list/gl-dependency-scanning-report.json similarity index 100% rename from spec/fixtures/security-reports/dependency_list/gl-dependency-scanning-report.json rename to ee/spec/fixtures/security_reports/dependency_list/gl-dependency-scanning-report.json diff --git a/spec/fixtures/security-reports/deprecated/gl-dependency-scanning-report.json b/ee/spec/fixtures/security_reports/deprecated/gl-dependency-scanning-report.json similarity index 100% rename from spec/fixtures/security-reports/deprecated/gl-dependency-scanning-report.json rename to ee/spec/fixtures/security_reports/deprecated/gl-dependency-scanning-report.json diff --git a/spec/fixtures/security-reports/deprecated/gl-sast-report.json b/ee/spec/fixtures/security_reports/deprecated/gl-sast-report.json similarity index 100% rename from spec/fixtures/security-reports/deprecated/gl-sast-report.json rename to ee/spec/fixtures/security_reports/deprecated/gl-sast-report.json diff --git a/spec/fixtures/security-reports/feature-branch.zip b/ee/spec/fixtures/security_reports/feature-branch.zip similarity index 100% rename from spec/fixtures/security-reports/feature-branch.zip rename to ee/spec/fixtures/security_reports/feature-branch.zip diff --git a/spec/fixtures/security-reports/feature-branch/gl-container-scanning-report.json b/ee/spec/fixtures/security_reports/feature-branch/gl-container-scanning-report.json similarity index 100% rename from spec/fixtures/security-reports/feature-branch/gl-container-scanning-report.json rename to ee/spec/fixtures/security_reports/feature-branch/gl-container-scanning-report.json diff --git a/spec/fixtures/security-reports/feature-branch/gl-dast-report.json b/ee/spec/fixtures/security_reports/feature-branch/gl-dast-report.json similarity index 100% rename from spec/fixtures/security-reports/feature-branch/gl-dast-report.json rename to ee/spec/fixtures/security_reports/feature-branch/gl-dast-report.json diff --git a/spec/fixtures/security-reports/feature-branch/gl-dependency-scanning-report.json b/ee/spec/fixtures/security_reports/feature-branch/gl-dependency-scanning-report.json similarity index 100% rename from spec/fixtures/security-reports/feature-branch/gl-dependency-scanning-report.json rename to ee/spec/fixtures/security_reports/feature-branch/gl-dependency-scanning-report.json diff --git a/spec/fixtures/security-reports/feature-branch/gl-license-management-report.json b/ee/spec/fixtures/security_reports/feature-branch/gl-license-management-report.json similarity index 100% rename from spec/fixtures/security-reports/feature-branch/gl-license-management-report.json rename to ee/spec/fixtures/security_reports/feature-branch/gl-license-management-report.json diff --git a/spec/fixtures/security-reports/feature-branch/gl-sast-report.json b/ee/spec/fixtures/security_reports/feature-branch/gl-sast-report.json similarity index 100% rename from spec/fixtures/security-reports/feature-branch/gl-sast-report.json rename to ee/spec/fixtures/security_reports/feature-branch/gl-sast-report.json diff --git a/spec/fixtures/security-reports/master.zip b/ee/spec/fixtures/security_reports/master.zip similarity index 100% rename from spec/fixtures/security-reports/master.zip rename to ee/spec/fixtures/security_reports/master.zip diff --git a/spec/fixtures/security-reports/master/gl-container-scanning-report.json b/ee/spec/fixtures/security_reports/master/gl-container-scanning-report.json similarity index 100% rename from spec/fixtures/security-reports/master/gl-container-scanning-report.json rename to ee/spec/fixtures/security_reports/master/gl-container-scanning-report.json diff --git a/spec/fixtures/security-reports/master/gl-dast-report.json b/ee/spec/fixtures/security_reports/master/gl-dast-report.json similarity index 100% rename from spec/fixtures/security-reports/master/gl-dast-report.json rename to ee/spec/fixtures/security_reports/master/gl-dast-report.json diff --git a/spec/fixtures/security-reports/master/gl-dependency-scanning-report.json b/ee/spec/fixtures/security_reports/master/gl-dependency-scanning-report.json similarity index 100% rename from spec/fixtures/security-reports/master/gl-dependency-scanning-report.json rename to ee/spec/fixtures/security_reports/master/gl-dependency-scanning-report.json diff --git a/spec/fixtures/security-reports/master/gl-license-management-report.json b/ee/spec/fixtures/security_reports/master/gl-license-management-report.json similarity index 100% rename from spec/fixtures/security-reports/master/gl-license-management-report.json rename to ee/spec/fixtures/security_reports/master/gl-license-management-report.json diff --git a/spec/fixtures/security-reports/master/gl-sast-report.json b/ee/spec/fixtures/security_reports/master/gl-sast-report.json similarity index 100% rename from spec/fixtures/security-reports/master/gl-sast-report.json rename to ee/spec/fixtures/security_reports/master/gl-sast-report.json diff --git a/spec/fixtures/security-reports/remediations/gl-dependency-scanning-report.json b/ee/spec/fixtures/security_reports/remediations/gl-dependency-scanning-report.json similarity index 100% rename from spec/fixtures/security-reports/remediations/gl-dependency-scanning-report.json rename to ee/spec/fixtures/security_reports/remediations/gl-dependency-scanning-report.json diff --git a/spec/fixtures/security-reports/remediations/remediation.patch b/ee/spec/fixtures/security_reports/remediations/remediation.patch similarity index 100% rename from spec/fixtures/security-reports/remediations/remediation.patch rename to ee/spec/fixtures/security_reports/remediations/remediation.patch diff --git a/spec/fixtures/security-reports/remediations/yarn.lock b/ee/spec/fixtures/security_reports/remediations/yarn.lock similarity index 100% rename from spec/fixtures/security-reports/remediations/yarn.lock rename to ee/spec/fixtures/security_reports/remediations/yarn.lock diff --git a/ee/spec/lib/gitlab/ci/parsers/license_management/license_management_spec.rb b/ee/spec/lib/gitlab/ci/parsers/license_management/license_management_spec.rb index d813d525c85..869b7ce528a 100644 --- a/ee/spec/lib/gitlab/ci/parsers/license_management/license_management_spec.rb +++ b/ee/spec/lib/gitlab/ci/parsers/license_management/license_management_spec.rb @@ -9,7 +9,7 @@ describe Gitlab::Ci::Parsers::LicenseManagement::LicenseManagement do let(:report) { Gitlab::Ci::Reports::LicenseManagement::Report.new } context 'when data is a JSON license management report' do - let(:data) { File.read(Rails.root.join('spec/fixtures/security-reports/master/gl-license-management-report.json')) } + let(:data) { File.read(Rails.root.join('ee/spec/fixtures/security_reports/master/gl-license-management-report.json')) } it 'parses without error' do expect { subject }.not_to raise_error diff --git a/ee/spec/lib/gitlab/ci/parsers/security/container_scanning_spec.rb b/ee/spec/lib/gitlab/ci/parsers/security/container_scanning_spec.rb index 15c83270934..d0b243aee6f 100644 --- a/ee/spec/lib/gitlab/ci/parsers/security/container_scanning_spec.rb +++ b/ee/spec/lib/gitlab/ci/parsers/security/container_scanning_spec.rb @@ -8,7 +8,7 @@ describe Gitlab::Ci::Parsers::Security::ContainerScanning do let(:clair_vulnerabilities) do JSON.parse!( File.read( - Rails.root.join('spec/fixtures/security-reports/master/gl-container-scanning-report.json') + Rails.root.join('ee/spec/fixtures/security_reports/master/gl-container-scanning-report.json') ) )['vulnerabilities'] end diff --git a/ee/spec/lib/gitlab/ci/parsers/security/formatters/container_scanning_spec.rb b/ee/spec/lib/gitlab/ci/parsers/security/formatters/container_scanning_spec.rb index d1975bdb137..b2e65cb3d24 100644 --- a/ee/spec/lib/gitlab/ci/parsers/security/formatters/container_scanning_spec.rb +++ b/ee/spec/lib/gitlab/ci/parsers/security/formatters/container_scanning_spec.rb @@ -6,7 +6,7 @@ describe Gitlab::Ci::Parsers::Security::Formatters::ContainerScanning do let(:raw_report) do JSON.parse!( File.read( - Rails.root.join('spec/fixtures/security-reports/master/gl-container-scanning-report.json') + Rails.root.join('ee/spec/fixtures/security_reports/master/gl-container-scanning-report.json') ) ) end diff --git a/ee/spec/lib/gitlab/ci/parsers/security/formatters/dast_spec.rb b/ee/spec/lib/gitlab/ci/parsers/security/formatters/dast_spec.rb index a55def3e0c4..8901cc9fae7 100644 --- a/ee/spec/lib/gitlab/ci/parsers/security/formatters/dast_spec.rb +++ b/ee/spec/lib/gitlab/ci/parsers/security/formatters/dast_spec.rb @@ -9,7 +9,7 @@ describe Gitlab::Ci::Parsers::Security::Formatters::Dast do let(:parsed_report) do JSON.parse!( File.read( - Rails.root.join('spec/fixtures/security-reports/master/gl-dast-report.json') + Rails.root.join('ee/spec/fixtures/security_reports/master/gl-dast-report.json') ) ) end diff --git a/ee/spec/lib/gitlab/ci/parsers/security/formatters/dependency_list_spec.rb b/ee/spec/lib/gitlab/ci/parsers/security/formatters/dependency_list_spec.rb index b6bdfa02bd0..90dbbc9a745 100644 --- a/ee/spec/lib/gitlab/ci/parsers/security/formatters/dependency_list_spec.rb +++ b/ee/spec/lib/gitlab/ci/parsers/security/formatters/dependency_list_spec.rb @@ -10,7 +10,7 @@ describe Gitlab::Ci::Parsers::Security::Formatters::DependencyList do let(:parsed_report) do JSON.parse!( File.read( - Rails.root.join('spec/fixtures/security-reports/dependency_list/gl-dependency-scanning-report.json') + Rails.root.join('ee/spec/fixtures/security_reports/dependency_list/gl-dependency-scanning-report.json') ) ) end diff --git a/ee/spec/lib/gitlab/ci/parsers/security/formatters/formatted_container_scanning_vulnerability_spec.rb b/ee/spec/lib/gitlab/ci/parsers/security/formatters/formatted_container_scanning_vulnerability_spec.rb index 076854c67a7..b94d1692365 100644 --- a/ee/spec/lib/gitlab/ci/parsers/security/formatters/formatted_container_scanning_vulnerability_spec.rb +++ b/ee/spec/lib/gitlab/ci/parsers/security/formatters/formatted_container_scanning_vulnerability_spec.rb @@ -6,7 +6,7 @@ describe Gitlab::Ci::Parsers::Security::Formatters::FormattedContainerScanningVu let(:raw_report) do JSON.parse!( File.read( - Rails.root.join('spec/fixtures/security-reports/master/gl-container-scanning-report.json') + Rails.root.join('ee/spec/fixtures/security_reports/master/gl-container-scanning-report.json') ) ) end diff --git a/ee/spec/services/ee/merge_requests/create_from_vulnerability_data_service_spec.rb b/ee/spec/services/ee/merge_requests/create_from_vulnerability_data_service_spec.rb index 3d6892aafa0..4c7e739304e 100644 --- a/ee/spec/services/ee/merge_requests/create_from_vulnerability_data_service_spec.rb +++ b/ee/spec/services/ee/merge_requests/create_from_vulnerability_data_service_spec.rb @@ -3,7 +3,7 @@ require 'spec_helper' describe MergeRequests::CreateFromVulnerabilityDataService, '#execute' do - let(:remediations_folder) { Rails.root.join('spec/fixtures/security-reports/remediations') } + let(:remediations_folder) { Rails.root.join('ee/spec/fixtures/security_reports/remediations') } let(:yarn_lock_content) { File.read(File.join(remediations_folder, "yarn.lock")) } let(:remediation_patch_content) { File.read(File.join(remediations_folder, "remediation.patch")) } diff --git a/ee/spec/services/vulnerability_feedback/create_service_spec.rb b/ee/spec/services/vulnerability_feedback/create_service_spec.rb index 0e7e9a3a24b..a4fee1e728c 100644 --- a/ee/spec/services/vulnerability_feedback/create_service_spec.rb +++ b/ee/spec/services/vulnerability_feedback/create_service_spec.rb @@ -130,7 +130,7 @@ describe VulnerabilityFeedback::CreateService, '#execute' do end context 'when feedback_type is merge_request' do - let(:remediations_folder) { Rails.root.join('spec/fixtures/security-reports/remediations') } + let(:remediations_folder) { Rails.root.join('ee/spec/fixtures/security_reports/remediations') } let(:yarn_lock_content) do File.read( File.join(remediations_folder, "yarn.lock") -- 2.30.9