Merge branch 'qa-e2e-secure-dismiss-vuln' into 'master'

Add E2E test to dismiss vulnerability Closes gitlab-org/quality/testcases#134 See merge request gitlab-org/gitlab!19898

Merge branch 'qa-e2e-secure-dismiss-vuln' into 'master'
Add E2E test to dismiss vulnerability Closes gitlab-org/quality/testcases#134 See merge request gitlab-org/gitlab!19898
0d572c06 · Walmyr Lima e Silva Filho · 7bb490f0 · e755ba70 · 0d572c06 · 0d572c06
Commit 0d572c06 authored Nov 19, 2019 by Walmyr Lima e Silva Filho
7 changed files
--- a/ee/app/assets/javascripts/vue_shared/security_reports/components/dismiss_button.vue
+++ b/ee/app/assets/javascripts/vue_shared/security_reports/components/dismiss_button.vue
@@ -65,6 +65,7 @@ export default {
      :disabled="disabled"
      :title="s__('vulnerability|Add comment & dismiss')"
      variant="close"
+      data-qa-selector="dismiss_with_comment_button"
      class="js-dismiss-with-comment "
      @click="$emit('openDismissalCommentBox')"
    >

--- a/ee/app/assets/javascripts/vue_shared/security_reports/components/dismissal_comment_box_toggle.vue
+++ b/ee/app/assets/javascripts/vue_shared/security_reports/components/dismissal_comment_box_toggle.vue
@@ -57,6 +57,7 @@ export default {
    <dismissal-comment-box
      v-if="isActive"
      v-model="localComment"
+      data-qa-selector="dismiss_comment_field"
      :dismissal-comment="dismissalComment"
      :error-message="errorMessage"
      :placeholder="$options.PLACEHOLDER"

--- a/ee/app/assets/javascripts/vue_shared/security_reports/components/dismissal_comment_modal_footer.vue
+++ b/ee/app/assets/javascripts/vue_shared/security_reports/components/dismissal_comment_modal_footer.vue
@@ -73,6 +73,7 @@ export default {
      :loading="isDismissingVulnerability"
      :disabled="isDismissingVulnerability"
      :label="submitLabel"
+      data-qa-selector="add_and_dismiss_button"
      class="js-loading-button"
      container-class="btn btn-close"
      @click="handleSubmit"

--- a/ee/app/assets/javascripts/vue_shared/security_reports/components/event_item.vue
+++ b/ee/app/assets/javascripts/vue_shared/security_reports/components/event_item.vue
@@ -57,7 +57,7 @@ export default {
    <div class="circle-icon-container" :class="iconStyle">
      <icon :size="16" :name="iconName" />
    </div>
-    <div class="ml-3">
+    <div class="ml-3" data-qa-selector="event_item_content">
      <div class="note-header-info pb-0">
        <a
          :href="author.path"

--- a/ee/app/assets/javascripts/vue_shared/security_reports/components/modal.vue
+++ b/ee/app/assets/javascripts/vue_shared/security_reports/components/modal.vue
@@ -199,6 +199,7 @@ export default {
    id="modal-mrwidget-security-issue"
    :header-title-text="modal.title"
    :class="{ 'modal-hide-footer': !shouldRenderFooterSection }"
+    data-qa-selector="vulnerability_modal_content"
    class="modal-security-report-dast"
  >
    <slot>

--- a/qa/qa/ee/page/merge_request/show.rb
+++ b/qa/qa/ee/page/merge_request/show.rb
@@ -59,9 +59,29 @@ module QA
                element :approvals_summary_content
              end

+              view 'ee/app/assets/javascripts/vue_shared/security_reports/components/modal.vue' do
+                element :vulnerability_modal_content
+              end
+
+              view 'ee/app/assets/javascripts/vue_shared/security_reports/components/event_item.vue' do
+                element :event_item_content
+              end
+
              view 'ee/app/assets/javascripts/vue_shared/security_reports/components/modal_footer.vue' do
                element :resolve_split_button
              end
+
+              view 'ee/app/assets/javascripts/vue_shared/security_reports/components/dismiss_button.vue' do
+                element :dismiss_with_comment_button
+              end
+
+              view 'ee/app/assets/javascripts/vue_shared/security_reports/components/dismissal_comment_box_toggle.vue' do
+                element :dismiss_comment_field
+              end
+
+              view 'ee/app/assets/javascripts/vue_shared/security_reports/components/dismissal_comment_modal_footer.vue' do
+                element :add_and_dismiss_button
+              end
            end
          end

@@ -140,7 +160,7 @@ module QA

          def expand_vulnerability_report
            within_element :vulnerability_report_grouped do
-              click_element :expand_report_button
+              click_element :expand_report_button unless has_content? 'Collapse'
            end
          end

@@ -150,6 +170,18 @@ module QA
            end
          end

+          def dismiss_vulnerability_with_reason(name, reason)
+            expand_vulnerability_report
+            click_vulnerability(name)
+            click_element :dismiss_with_comment_button
+            find_element(:dismiss_comment_field).fill_in with: reason
+            click_element :add_and_dismiss_button
+
+            wait(reload: false) do
+              has_no_element?(:vulnerability_modal_content)
+            end
+          end
+
          def resolve_vulnerability_with_mr(name)
            expand_vulnerability_report
            click_vulnerability(name)
@@ -191,6 +223,18 @@ module QA
            find_element(:dast_scan_report).has_content?(/DAST detected #{expected}( new)? vulnerabilit/)
          end

+          def has_opened_dismissed_vulnerability?(reason = nil)
+            within_element(:vulnerability_modal_content) do
+              dismissal_found = has_element?(:event_item_content, text: /Dismissed on pipeline #\d+/)
+
+              if dismissal_found && reason
+                dismissal_found = has_element?(:event_item_content, text: reason)
+              end
+
+              dismissal_found
+            end
+          end
+
          def num_approvals_required
            approvals_content.match(/Requires (\d+) more approvals/)[1].to_i
          end

--- a/qa/qa/specs/features/ee/browser_ui/secure/create_merge_request_with_secure_spec.rb
+++ b/qa/qa/specs/features/ee/browser_ui/secure/create_merge_request_with_secure_spec.rb
@@ -9,6 +9,7 @@ module QA
      let(:dependency_scan_vuln_count) { 4 }
      let(:container_scan_vuln_count) { 8 }
      let(:dast_vuln_count) { 4 }
+      let(:vuln_name) { "Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js" }

      after do
        Service::DockerRun::GitlabRunner.new(@executor).remove!
@@ -80,9 +81,20 @@ module QA
        end
      end

+      it 'can dismiss a vulnerability with a reason' do
+        dismiss_reason = "Vulnerability not applicable"
+
+        Page::MergeRequest::Show.perform do |merge_request|
+          vuln_name = "Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js"
+          expect(merge_request).to have_vulnerability_report(timeout: 60)
+          merge_request.dismiss_vulnerability_with_reason(vuln_name, dismiss_reason)
+          merge_request.click_vulnerability(vuln_name)
+          expect(merge_request).to have_opened_dismissed_vulnerability(dismiss_reason)
+        end
+      end
+
      it 'can create an auto-remediation MR' do
        Page::MergeRequest::Show.perform do |mergerequest|
-          vuln_name = "Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js"
          expect(mergerequest).to have_vulnerability_report(timeout: 60)
          # Context changes as resolve method created new MR
          mergerequest.resolve_vulnerability_with_mr vuln_name