Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
12cc3fee
Commit
12cc3fee
authored
Aug 21, 2020
by
Philip Cunningham
Committed by
Dylan Griffith
Aug 21, 2020
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Centralise feature flag checking of on-demand DAST
Switches feature flag over to new policy with additional checks.
parent
2bd832e5
Changes
35
Show whitespace changes
Inline
Side-by-side
Showing
35 changed files
with
376 additions
and
260 deletions
+376
-260
ee/app/graphql/mutations/dast_on_demand_scans/create.rb
ee/app/graphql/mutations/dast_on_demand_scans/create.rb
+1
-2
ee/app/graphql/mutations/dast_scanner_profiles/create.rb
ee/app/graphql/mutations/dast_scanner_profiles/create.rb
+1
-2
ee/app/graphql/mutations/dast_site_profiles/create.rb
ee/app/graphql/mutations/dast_site_profiles/create.rb
+1
-2
ee/app/graphql/mutations/dast_site_profiles/delete.rb
ee/app/graphql/mutations/dast_site_profiles/delete.rb
+2
-3
ee/app/graphql/mutations/dast_site_profiles/update.rb
ee/app/graphql/mutations/dast_site_profiles/update.rb
+1
-2
ee/app/graphql/mutations/pipelines/run_dast_scan.rb
ee/app/graphql/mutations/pipelines/run_dast_scan.rb
+1
-2
ee/app/graphql/types/dast_scanner_profile_type.rb
ee/app/graphql/types/dast_scanner_profile_type.rb
+1
-1
ee/app/policies/ee/project_policy.rb
ee/app/policies/ee/project_policy.rb
+0
-1
ee/app/services/ci/run_dast_scan_service.rb
ee/app/services/ci/run_dast_scan_service.rb
+1
-1
ee/app/services/dast_scanner_profiles/create_service.rb
ee/app/services/dast_scanner_profiles/create_service.rb
+1
-1
ee/app/services/dast_site_profiles/create_service.rb
ee/app/services/dast_site_profiles/create_service.rb
+1
-1
ee/app/services/dast_site_profiles/update_service.rb
ee/app/services/dast_site_profiles/update_service.rb
+1
-1
ee/app/services/dast_sites/find_or_create_service.rb
ee/app/services/dast_sites/find_or_create_service.rb
+1
-1
ee/spec/graphql/mutations/dast_on_demand_scans/create_spec.rb
...pec/graphql/mutations/dast_on_demand_scans/create_spec.rb
+12
-0
ee/spec/graphql/mutations/dast_scanner_profiles/create_spec.rb
...ec/graphql/mutations/dast_scanner_profiles/create_spec.rb
+12
-0
ee/spec/graphql/mutations/dast_site_profiles/create_spec.rb
ee/spec/graphql/mutations/dast_site_profiles/create_spec.rb
+21
-11
ee/spec/graphql/mutations/dast_site_profiles/delete_spec.rb
ee/spec/graphql/mutations/dast_site_profiles/delete_spec.rb
+12
-0
ee/spec/graphql/mutations/dast_site_profiles/update_spec.rb
ee/spec/graphql/mutations/dast_site_profiles/update_spec.rb
+12
-0
ee/spec/graphql/mutations/pipelines/run_dast_scan_spec.rb
ee/spec/graphql/mutations/pipelines/run_dast_scan_spec.rb
+4
-0
ee/spec/graphql/types/dast_scanner_profile_type_spec.rb
ee/spec/graphql/types/dast_scanner_profile_type_spec.rb
+1
-1
ee/spec/requests/api/graphql/mutations/dast_on_demand_scans/create_spec.rb
...api/graphql/mutations/dast_on_demand_scans/create_spec.rb
+5
-40
ee/spec/requests/api/graphql/mutations/dast_scanner_profiles/create_spec.rb
...pi/graphql/mutations/dast_scanner_profiles/create_spec.rb
+4
-39
ee/spec/requests/api/graphql/mutations/dast_site_profiles/create_spec.rb
...s/api/graphql/mutations/dast_site_profiles/create_spec.rb
+10
-37
ee/spec/requests/api/graphql/mutations/dast_site_profiles/delete_spec.rb
...s/api/graphql/mutations/dast_site_profiles/delete_spec.rb
+14
-55
ee/spec/requests/api/graphql/mutations/dast_site_profiles/update_spec.rb
...s/api/graphql/mutations/dast_site_profiles/update_spec.rb
+15
-52
ee/spec/requests/api/graphql/mutations/pipelines/run_dast_scan_spec.rb
...sts/api/graphql/mutations/pipelines/run_dast_scan_spec.rb
+4
-0
ee/spec/requests/api/graphql/project/dast_scanner_profiles_spec.rb
...equests/api/graphql/project/dast_scanner_profiles_spec.rb
+1
-1
ee/spec/services/ci/run_dast_scan_service_spec.rb
ee/spec/services/ci/run_dast_scan_service_spec.rb
+33
-1
ee/spec/services/dast_scanner_profiles/create_service_spec.rb
...pec/services/dast_scanner_profiles/create_service_spec.rb
+32
-0
ee/spec/services/dast_site_profiles/create_service_spec.rb
ee/spec/services/dast_site_profiles/create_service_spec.rb
+33
-1
ee/spec/services/dast_site_profiles/update_service_spec.rb
ee/spec/services/dast_site_profiles/update_service_spec.rb
+33
-1
ee/spec/services/dast_sites/find_or_create_service_spec.rb
ee/spec/services/dast_sites/find_or_create_service_spec.rb
+25
-1
ee/spec/support/shared_examples/graphql/mutations/on_demand_scan_with_user_abilities_shared_examples.rb
...ons/on_demand_scan_with_user_abilities_shared_examples.rb
+45
-0
ee/spec/support/shared_examples/graphql/mutations/on_demand_scan_without_user_abilities_shared_examples.rb
.../on_demand_scan_without_user_abilities_shared_examples.rb
+28
-0
spec/support/shared_examples/graphql/mutation_shared_examples.rb
...pport/shared_examples/graphql/mutation_shared_examples.rb
+7
-0
No files found.
ee/app/graphql/mutations/dast_on_demand_scans/create.rb
View file @
12cc3fee
...
@@ -21,11 +21,10 @@ module Mutations
...
@@ -21,11 +21,10 @@ module Mutations
required:
true
,
required:
true
,
description:
'ID of the site profile to be used for the scan.'
description:
'ID of the site profile to be used for the scan.'
authorize
:
run_on
demand_dast_scan
authorize
:
create_on_
demand_dast_scan
def
resolve
(
full_path
:,
dast_site_profile_id
:)
def
resolve
(
full_path
:,
dast_site_profile_id
:)
project
=
authorized_find!
(
full_path:
full_path
)
project
=
authorized_find!
(
full_path:
full_path
)
raise_resource_not_available_error!
unless
Feature
.
enabled?
(
:security_on_demand_scans_feature_flag
,
project
,
default_enabled:
true
)
dast_site_profile
=
find_dast_site_profile
(
project:
project
,
dast_site_profile_id:
dast_site_profile_id
)
dast_site_profile
=
find_dast_site_profile
(
project:
project
,
dast_site_profile_id:
dast_site_profile_id
)
dast_site
=
dast_site_profile
.
dast_site
dast_site
=
dast_site_profile
.
dast_site
...
...
ee/app/graphql/mutations/dast_scanner_profiles/create.rb
View file @
12cc3fee
...
@@ -27,11 +27,10 @@ module Mutations
...
@@ -27,11 +27,10 @@ module Mutations
required:
false
,
required:
false
,
description:
'The maximum number of seconds allowed for the site under test to respond to a request.'
description:
'The maximum number of seconds allowed for the site under test to respond to a request.'
authorize
:
run_on
demand_dast_scan
authorize
:
create_on_
demand_dast_scan
def
resolve
(
full_path
:,
profile_name
:,
spider_timeout:
nil
,
target_timeout:
nil
)
def
resolve
(
full_path
:,
profile_name
:,
spider_timeout:
nil
,
target_timeout:
nil
)
project
=
authorized_find!
(
full_path:
full_path
)
project
=
authorized_find!
(
full_path:
full_path
)
raise_resource_not_available_error!
unless
Feature
.
enabled?
(
:security_on_demand_scans_feature_flag
,
project
,
default_enabled:
true
)
service
=
::
DastScannerProfiles
::
CreateService
.
new
(
project
,
current_user
)
service
=
::
DastScannerProfiles
::
CreateService
.
new
(
project
,
current_user
)
result
=
service
.
execute
(
name:
profile_name
,
spider_timeout:
spider_timeout
,
target_timeout:
target_timeout
)
result
=
service
.
execute
(
name:
profile_name
,
spider_timeout:
spider_timeout
,
target_timeout:
target_timeout
)
...
...
ee/app/graphql/mutations/dast_site_profiles/create.rb
View file @
12cc3fee
...
@@ -23,11 +23,10 @@ module Mutations
...
@@ -23,11 +23,10 @@ module Mutations
required:
false
,
required:
false
,
description:
'The URL of the target to be scanned.'
description:
'The URL of the target to be scanned.'
authorize
:
run_on
demand_dast_scan
authorize
:
create_on_
demand_dast_scan
def
resolve
(
full_path
:,
profile_name
:,
target_url:
nil
)
def
resolve
(
full_path
:,
profile_name
:,
target_url:
nil
)
project
=
authorized_find!
(
full_path:
full_path
)
project
=
authorized_find!
(
full_path:
full_path
)
raise_resource_not_available_error!
unless
Feature
.
enabled?
(
:security_on_demand_scans_feature_flag
,
project
,
default_enabled:
true
)
service
=
::
DastSiteProfiles
::
CreateService
.
new
(
project
,
current_user
)
service
=
::
DastSiteProfiles
::
CreateService
.
new
(
project
,
current_user
)
result
=
service
.
execute
(
name:
profile_name
,
target_url:
target_url
)
result
=
service
.
execute
(
name:
profile_name
,
target_url:
target_url
)
...
...
ee/app/graphql/mutations/dast_site_profiles/delete.rb
View file @
12cc3fee
...
@@ -15,13 +15,12 @@ module Mutations
...
@@ -15,13 +15,12 @@ module Mutations
required:
true
,
required:
true
,
description:
'ID of the site profile to be deleted.'
description:
'ID of the site profile to be deleted.'
authorize
:
run_on
demand_dast_scan
authorize
:
create_on_
demand_dast_scan
def
resolve
(
full_path
:,
id
:)
def
resolve
(
full_path
:,
id
:)
project
=
authorized_find!
(
full_path:
full_path
)
project
=
authorized_find!
(
full_path:
full_path
)
raise_resource_not_available_error!
unless
Feature
.
enabled?
(
:security_on_demand_scans_feature_flag
,
project
,
default_enabled:
true
)
dast_site_profile
=
find_dast_site_profile
(
project:
project
,
global_id:
id
)
dast_site_profile
=
find_dast_site_profile
(
project:
project
,
global_id:
id
)
return
{
errors:
dast_site_profile
.
errors
.
full_messages
}
unless
dast_site_profile
.
destroy
return
{
errors:
dast_site_profile
.
errors
.
full_messages
}
unless
dast_site_profile
.
destroy
{
errors:
[]
}
{
errors:
[]
}
...
...
ee/app/graphql/mutations/dast_site_profiles/update.rb
View file @
12cc3fee
...
@@ -27,11 +27,10 @@ module Mutations
...
@@ -27,11 +27,10 @@ module Mutations
required:
false
,
required:
false
,
description:
'The URL of the target to be scanned.'
description:
'The URL of the target to be scanned.'
authorize
:
run_on
demand_dast_scan
authorize
:
create_on_
demand_dast_scan
def
resolve
(
full_path
:,
**
service_args
)
def
resolve
(
full_path
:,
**
service_args
)
project
=
authorized_find!
(
full_path:
full_path
)
project
=
authorized_find!
(
full_path:
full_path
)
raise_resource_not_available_error!
unless
Feature
.
enabled?
(
:security_on_demand_scans_feature_flag
,
project
,
default_enabled:
true
)
service
=
::
DastSiteProfiles
::
UpdateService
.
new
(
project
,
current_user
)
service
=
::
DastSiteProfiles
::
UpdateService
.
new
(
project
,
current_user
)
result
=
service
.
execute
(
service_args
)
result
=
service
.
execute
(
service_args
)
...
...
ee/app/graphql/mutations/pipelines/run_dast_scan.rb
View file @
12cc3fee
...
@@ -27,11 +27,10 @@ module Mutations
...
@@ -27,11 +27,10 @@ module Mutations
required:
true
,
required:
true
,
description:
'The type of scan to be run.'
description:
'The type of scan to be run.'
authorize
:
run_on
demand_dast_scan
authorize
:
create_on_
demand_dast_scan
def
resolve
(
project_path
:,
target_url
:,
branch
:,
scan_type
:)
def
resolve
(
project_path
:,
target_url
:,
branch
:,
scan_type
:)
project
=
authorized_find!
(
full_path:
project_path
)
project
=
authorized_find!
(
full_path:
project_path
)
raise_resource_not_available_error!
unless
Feature
.
enabled?
(
:security_on_demand_scans_feature_flag
,
project
,
default_enabled:
true
)
service
=
Ci
::
RunDastScanService
.
new
(
project
,
current_user
)
service
=
Ci
::
RunDastScanService
.
new
(
project
,
current_user
)
result
=
service
.
execute
(
branch:
branch
,
target_url:
target_url
)
result
=
service
.
execute
(
branch:
branch
,
target_url:
target_url
)
...
...
ee/app/graphql/types/dast_scanner_profile_type.rb
View file @
12cc3fee
...
@@ -5,7 +5,7 @@ module Types
...
@@ -5,7 +5,7 @@ module Types
graphql_name
'DastScannerProfile'
graphql_name
'DastScannerProfile'
description
'Represents a DAST scanner profile.'
description
'Represents a DAST scanner profile.'
authorize
:
run_on
demand_dast_scan
authorize
:
create_on_
demand_dast_scan
field
:id
,
GraphQL
::
ID_TYPE
,
null:
false
,
field
:id
,
GraphQL
::
ID_TYPE
,
null:
false
,
description:
'ID of the DAST scanner profile'
description:
'ID of the DAST scanner profile'
...
...
ee/app/policies/ee/project_policy.rb
View file @
12cc3fee
...
@@ -219,7 +219,6 @@ module EE
...
@@ -219,7 +219,6 @@ module EE
enable
:admin_feature_flag
enable
:admin_feature_flag
enable
:admin_feature_flags_user_lists
enable
:admin_feature_flags_user_lists
enable
:read_ci_minutes_quota
enable
:read_ci_minutes_quota
enable
:run_ondemand_dast_scan
end
end
rule
{
can?
(
:developer_access
)
&
iterations_available
}.
policy
do
rule
{
can?
(
:developer_access
)
&
iterations_available
}.
policy
do
...
...
ee/app/services/ci/run_dast_scan_service.rb
View file @
12cc3fee
...
@@ -29,7 +29,7 @@ module Ci
...
@@ -29,7 +29,7 @@ module Ci
private
private
def
allowed?
def
allowed?
Ability
.
allowed?
(
current_user
,
:
run_on
demand_dast_scan
,
project
)
Ability
.
allowed?
(
current_user
,
:
create_on_
demand_dast_scan
,
project
)
end
end
def
ci_yaml
(
target_url
)
def
ci_yaml
(
target_url
)
...
...
ee/app/services/dast_scanner_profiles/create_service.rb
View file @
12cc3fee
...
@@ -19,7 +19,7 @@ module DastScannerProfiles
...
@@ -19,7 +19,7 @@ module DastScannerProfiles
private
private
def
allowed?
def
allowed?
Ability
.
allowed?
(
current_user
,
:
run_on
demand_dast_scan
,
project
)
Ability
.
allowed?
(
current_user
,
:
create_on_
demand_dast_scan
,
project
)
end
end
end
end
end
end
ee/app/services/dast_site_profiles/create_service.rb
View file @
12cc3fee
...
@@ -20,7 +20,7 @@ module DastSiteProfiles
...
@@ -20,7 +20,7 @@ module DastSiteProfiles
private
private
def
allowed?
def
allowed?
Ability
.
allowed?
(
current_user
,
:
run_on
demand_dast_scan
,
project
)
Ability
.
allowed?
(
current_user
,
:
create_on_
demand_dast_scan
,
project
)
end
end
end
end
end
end
ee/app/services/dast_site_profiles/update_service.rb
View file @
12cc3fee
...
@@ -25,7 +25,7 @@ module DastSiteProfiles
...
@@ -25,7 +25,7 @@ module DastSiteProfiles
private
private
def
allowed?
def
allowed?
Ability
.
allowed?
(
current_user
,
:
run_on
demand_dast_scan
,
project
)
Ability
.
allowed?
(
current_user
,
:
create_on_
demand_dast_scan
,
project
)
end
end
# rubocop: disable CodeReuse/ActiveRecord
# rubocop: disable CodeReuse/ActiveRecord
...
...
ee/app/services/dast_sites/find_or_create_service.rb
View file @
12cc3fee
...
@@ -13,7 +13,7 @@ module DastSites
...
@@ -13,7 +13,7 @@ module DastSites
private
private
def
allowed?
def
allowed?
Ability
.
allowed?
(
current_user
,
:
run_on
demand_dast_scan
,
project
)
Ability
.
allowed?
(
current_user
,
:
create_on_
demand_dast_scan
,
project
)
end
end
def
find_or_create_by!
(
url
)
def
find_or_create_by!
(
url
)
...
...
ee/spec/graphql/mutations/dast_on_demand_scans/create_spec.rb
View file @
12cc3fee
...
@@ -12,6 +12,10 @@ RSpec.describe Mutations::DastOnDemandScans::Create do
...
@@ -12,6 +12,10 @@ RSpec.describe Mutations::DastOnDemandScans::Create do
subject
(
:mutation
)
{
described_class
.
new
(
object:
nil
,
context:
{
current_user:
user
},
field:
nil
)
}
subject
(
:mutation
)
{
described_class
.
new
(
object:
nil
,
context:
{
current_user:
user
},
field:
nil
)
}
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
end
describe
'#resolve'
do
describe
'#resolve'
do
subject
do
subject
do
mutation
.
resolve
(
mutation
.
resolve
(
...
@@ -105,6 +109,14 @@ RSpec.describe Mutations::DastOnDemandScans::Create do
...
@@ -105,6 +109,14 @@ RSpec.describe Mutations::DastOnDemandScans::Create do
expect
{
subject
}.
to
raise_error
(
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
)
expect
{
subject
}.
to
raise_error
(
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
)
end
end
end
end
context
'when on demand scan licensed feature is not available'
do
it
'raises an exception'
do
stub_licensed_features
(
security_on_demand_scans:
false
)
expect
{
subject
}.
to
raise_error
(
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
)
end
end
end
end
end
end
end
end
...
...
ee/spec/graphql/mutations/dast_scanner_profiles/create_spec.rb
View file @
12cc3fee
...
@@ -12,6 +12,10 @@ RSpec.describe Mutations::DastScannerProfiles::Create do
...
@@ -12,6 +12,10 @@ RSpec.describe Mutations::DastScannerProfiles::Create do
subject
(
:mutation
)
{
described_class
.
new
(
object:
nil
,
context:
{
current_user:
user
},
field:
nil
)
}
subject
(
:mutation
)
{
described_class
.
new
(
object:
nil
,
context:
{
current_user:
user
},
field:
nil
)
}
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
end
describe
'#resolve'
do
describe
'#resolve'
do
subject
do
subject
do
mutation
.
resolve
(
mutation
.
resolve
(
...
@@ -75,6 +79,14 @@ RSpec.describe Mutations::DastScannerProfiles::Create do
...
@@ -75,6 +79,14 @@ RSpec.describe Mutations::DastScannerProfiles::Create do
expect
{
subject
}.
to
raise_error
(
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
)
expect
{
subject
}.
to
raise_error
(
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
)
end
end
end
end
context
'when on demand scan licensed feature is not available'
do
it
'raises an exception'
do
stub_licensed_features
(
security_on_demand_scans:
false
)
expect
{
subject
}.
to
raise_error
(
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
)
end
end
end
end
end
end
end
end
ee/spec/graphql/mutations/dast_site_profiles/create_spec.rb
View file @
12cc3fee
...
@@ -13,6 +13,10 @@ RSpec.describe Mutations::DastSiteProfiles::Create do
...
@@ -13,6 +13,10 @@ RSpec.describe Mutations::DastSiteProfiles::Create do
subject
(
:mutation
)
{
described_class
.
new
(
object:
nil
,
context:
{
current_user:
user
},
field:
nil
)
}
subject
(
:mutation
)
{
described_class
.
new
(
object:
nil
,
context:
{
current_user:
user
},
field:
nil
)
}
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
end
describe
'#resolve'
do
describe
'#resolve'
do
subject
do
subject
do
mutation
.
resolve
(
mutation
.
resolve
(
...
@@ -22,17 +26,7 @@ RSpec.describe Mutations::DastSiteProfiles::Create do
...
@@ -22,17 +26,7 @@ RSpec.describe Mutations::DastSiteProfiles::Create do
)
)
end
end
context
'when on demand scan feature is not enabled'
do
it
'raises an exception'
do
expect
{
subject
}.
to
raise_error
(
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
)
end
end
context
'when on demand scan feature is enabled'
do
context
'when on demand scan feature is enabled'
do
before
do
stub_feature_flags
(
security_on_demand_scans_feature_flag:
true
)
end
context
'when the project does not exist'
do
context
'when the project does not exist'
do
let
(
:full_path
)
{
SecureRandom
.
hex
}
let
(
:full_path
)
{
SecureRandom
.
hex
}
...
@@ -63,7 +57,7 @@ RSpec.describe Mutations::DastSiteProfiles::Create do
...
@@ -63,7 +57,7 @@ RSpec.describe Mutations::DastSiteProfiles::Create do
end
end
end
end
context
'when the user
is a developer
'
do
context
'when the user
can run a dast scan
'
do
before
do
before
do
project
.
add_developer
(
user
)
project
.
add_developer
(
user
)
end
end
...
@@ -95,6 +89,22 @@ RSpec.describe Mutations::DastSiteProfiles::Create do
...
@@ -95,6 +89,22 @@ RSpec.describe Mutations::DastSiteProfiles::Create do
expect
(
response
[
:errors
]).
to
include
(
'Name has already been taken'
)
expect
(
response
[
:errors
]).
to
include
(
'Name has already been taken'
)
end
end
end
end
context
'when on demand scan feature is not enabled'
do
it
'raises an exception'
do
stub_feature_flags
(
security_on_demand_scans_feature_flag:
false
)
expect
{
subject
}.
to
raise_error
(
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
)
end
end
context
'when on demand scan licensed feature is not available'
do
it
'raises an exception'
do
stub_licensed_features
(
security_on_demand_scans:
false
)
expect
{
subject
}.
to
raise_error
(
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
)
end
end
end
end
end
end
end
end
...
...
ee/spec/graphql/mutations/dast_site_profiles/delete_spec.rb
View file @
12cc3fee
...
@@ -11,6 +11,10 @@ RSpec.describe Mutations::DastSiteProfiles::Delete do
...
@@ -11,6 +11,10 @@ RSpec.describe Mutations::DastSiteProfiles::Delete do
subject
(
:mutation
)
{
described_class
.
new
(
object:
nil
,
context:
{
current_user:
user
},
field:
nil
)
}
subject
(
:mutation
)
{
described_class
.
new
(
object:
nil
,
context:
{
current_user:
user
},
field:
nil
)
}
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
end
describe
'#resolve'
do
describe
'#resolve'
do
subject
do
subject
do
mutation
.
resolve
(
mutation
.
resolve
(
...
@@ -100,6 +104,14 @@ RSpec.describe Mutations::DastSiteProfiles::Delete do
...
@@ -100,6 +104,14 @@ RSpec.describe Mutations::DastSiteProfiles::Delete do
expect
{
subject
}.
to
raise_error
(
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
)
expect
{
subject
}.
to
raise_error
(
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
)
end
end
end
end
context
'when on demand scan licensed feature is not available'
do
it
'raises an exception'
do
stub_licensed_features
(
security_on_demand_scans:
false
)
expect
{
subject
}.
to
raise_error
(
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
)
end
end
end
end
end
end
end
end
...
...
ee/spec/graphql/mutations/dast_site_profiles/update_spec.rb
View file @
12cc3fee
...
@@ -14,6 +14,10 @@ RSpec.describe Mutations::DastSiteProfiles::Update do
...
@@ -14,6 +14,10 @@ RSpec.describe Mutations::DastSiteProfiles::Update do
subject
(
:mutation
)
{
described_class
.
new
(
object:
nil
,
context:
{
current_user:
user
},
field:
nil
)
}
subject
(
:mutation
)
{
described_class
.
new
(
object:
nil
,
context:
{
current_user:
user
},
field:
nil
)
}
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
end
describe
'#resolve'
do
describe
'#resolve'
do
subject
do
subject
do
mutation
.
resolve
(
mutation
.
resolve
(
...
@@ -100,6 +104,14 @@ RSpec.describe Mutations::DastSiteProfiles::Update do
...
@@ -100,6 +104,14 @@ RSpec.describe Mutations::DastSiteProfiles::Update do
expect
{
subject
}.
to
raise_error
(
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
)
expect
{
subject
}.
to
raise_error
(
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
)
end
end
end
end
context
'when on demand scan licensed feature is not available'
do
it
'raises an exception'
do
stub_licensed_features
(
security_on_demand_scans:
false
)
expect
{
subject
}.
to
raise_error
(
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
)
end
end
end
end
end
end
end
end
...
...
ee/spec/graphql/mutations/pipelines/run_dast_scan_spec.rb
View file @
12cc3fee
...
@@ -13,6 +13,10 @@ RSpec.describe Mutations::Pipelines::RunDastScan do
...
@@ -13,6 +13,10 @@ RSpec.describe Mutations::Pipelines::RunDastScan do
subject
(
:mutation
)
{
described_class
.
new
(
object:
nil
,
context:
{
current_user:
user
},
field:
nil
)
}
subject
(
:mutation
)
{
described_class
.
new
(
object:
nil
,
context:
{
current_user:
user
},
field:
nil
)
}
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
end
describe
'#resolve'
do
describe
'#resolve'
do
subject
do
subject
do
mutation
.
resolve
(
mutation
.
resolve
(
...
...
ee/spec/graphql/types/dast_scanner_profile_type_spec.rb
View file @
12cc3fee
...
@@ -27,7 +27,7 @@ RSpec.describe GitlabSchema.types['DastScannerProfile'] do
...
@@ -27,7 +27,7 @@ RSpec.describe GitlabSchema.types['DastScannerProfile'] do
end
end
specify
{
expect
(
described_class
.
graphql_name
).
to
eq
(
'DastScannerProfile'
)
}
specify
{
expect
(
described_class
.
graphql_name
).
to
eq
(
'DastScannerProfile'
)
}
specify
{
expect
(
described_class
).
to
require_graphql_authorizations
(
:
run_on
demand_dast_scan
)
}
specify
{
expect
(
described_class
).
to
require_graphql_authorizations
(
:
create_on_
demand_dast_scan
)
}
it
{
expect
(
described_class
).
to
have_graphql_fields
(
fields
)
}
it
{
expect
(
described_class
).
to
have_graphql_fields
(
fields
)
}
...
...
ee/spec/requests/api/graphql/mutations/dast_on_demand_scans/create_spec.rb
View file @
12cc3fee
...
@@ -5,44 +5,19 @@ require 'spec_helper'
...
@@ -5,44 +5,19 @@ require 'spec_helper'
RSpec
.
describe
'Running a DAST Scan'
do
RSpec
.
describe
'Running a DAST Scan'
do
include
GraphqlHelpers
include
GraphqlHelpers
let
(
:project
)
{
create
(
:project
,
:repository
,
creator:
current_user
)
}
let
(
:current_user
)
{
create
(
:user
)
}
let
(
:full_path
)
{
project
.
full_path
}
let
(
:dast_site_profile
)
{
create
(
:dast_site_profile
,
project:
project
)
}
let
(
:dast_site_profile
)
{
create
(
:dast_site_profile
,
project:
project
)
}
let
(
:mutation_name
)
{
:dast_on_demand_scan_create
}
let
(
:mutation
)
do
let
(
:mutation
)
do
graphql_mutation
(
graphql_mutation
(
:dast_on_demand_scan_creat
e
,
mutation_nam
e
,
full_path:
full_path
,
full_path:
full_path
,
dast_site_profile_id:
dast_site_profile
.
to_global_id
.
to_s
dast_site_profile_id:
dast_site_profile
.
to_global_id
.
to_s
)
)
end
end
def
mutation_response
it_behaves_like
'an on-demand scan mutation when user cannot run an on-demand scan'
graphql_mutation_response
(
:dast_on_demand_scan_create
)
it_behaves_like
'an on-demand scan mutation when user can run an on-demand scan'
do
end
context
'when a user does not have access to the project'
do
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
'exist or you don\'t have permission to perform this action'
]
end
context
'when a user does not have access to run a dast scan on the project'
do
before
do
project
.
add_guest
(
current_user
)
end
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
"exist or you don't have permission to perform this action"
]
end
context
'when a user has access to run a dast scan on the project'
do
before
do
project
.
add_developer
(
current_user
)
end
it
'returns a pipeline_url containing the correct path'
do
it
'returns a pipeline_url containing the correct path'
do
post_graphql_mutation
(
mutation
,
current_user:
current_user
)
post_graphql_mutation
(
mutation
,
current_user:
current_user
)
pipeline
=
Ci
::
Pipeline
.
last
pipeline
=
Ci
::
Pipeline
.
last
...
@@ -56,7 +31,7 @@ RSpec.describe 'Running a DAST Scan' do
...
@@ -56,7 +31,7 @@ RSpec.describe 'Running a DAST Scan' do
context
'when wrong type of global id is passed'
do
context
'when wrong type of global id is passed'
do
let
(
:mutation
)
do
let
(
:mutation
)
do
graphql_mutation
(
graphql_mutation
(
:dast_on_demand_scan_creat
e
,
mutation_nam
e
,
full_path:
full_path
,
full_path:
full_path
,
dast_site_profile_id:
dast_site_profile
.
dast_site
.
to_global_id
.
to_s
dast_site_profile_id:
dast_site_profile
.
dast_site
.
to_global_id
.
to_s
)
)
...
@@ -81,15 +56,5 @@ RSpec.describe 'Running a DAST Scan' do
...
@@ -81,15 +56,5 @@ RSpec.describe 'Running a DAST Scan' do
it_behaves_like
'a mutation that returns errors in the response'
,
errors:
[
'error message'
]
it_behaves_like
'a mutation that returns errors in the response'
,
errors:
[
'error message'
]
end
end
context
'when on demand scan feature is disabled'
do
before
do
stub_feature_flags
(
security_on_demand_scans_feature_flag:
false
)
end
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
"exist or you don't have permission to perform this action"
]
end
end
end
end
end
ee/spec/requests/api/graphql/mutations/dast_scanner_profiles/create_spec.rb
View file @
12cc3fee
...
@@ -5,45 +5,20 @@ require 'spec_helper'
...
@@ -5,45 +5,20 @@ require 'spec_helper'
RSpec
.
describe
'Creating a DAST Scanner Profile'
do
RSpec
.
describe
'Creating a DAST Scanner Profile'
do
include
GraphqlHelpers
include
GraphqlHelpers
let
(
:project
)
{
create
(
:project
,
:repository
,
creator:
current_user
)
}
let
(
:current_user
)
{
create
(
:user
)
}
let
(
:full_path
)
{
project
.
full_path
}
let
(
:profile_name
)
{
FFaker
::
Company
.
catch_phrase
}
let
(
:profile_name
)
{
FFaker
::
Company
.
catch_phrase
}
let
(
:dast_scanner_profile
)
{
DastScannerProfile
.
find_by
(
project:
project
,
name:
profile_name
)
}
let
(
:dast_scanner_profile
)
{
DastScannerProfile
.
find_by
(
project:
project
,
name:
profile_name
)
}
let
(
:mutation_name
)
{
:dast_scanner_profile_create
}
let
(
:mutation
)
do
let
(
:mutation
)
do
graphql_mutation
(
graphql_mutation
(
:dast_scanner_profile_creat
e
,
mutation_nam
e
,
full_path:
full_path
,
full_path:
full_path
,
profile_name:
profile_name
profile_name:
profile_name
)
)
end
end
def
mutation_response
it_behaves_like
'an on-demand scan mutation when user cannot run an on-demand scan'
graphql_mutation_response
(
:dast_scanner_profile_create
)
it_behaves_like
'an on-demand scan mutation when user can run an on-demand scan'
do
end
context
'when a user does not have access to the project'
do
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
"exist or you don't have permission to perform this action"
]
end
context
'when a user does not have access to run a dast scan on the project'
do
before
do
project
.
add_guest
(
current_user
)
end
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
"exist or you don't have permission to perform this action"
]
end
context
'when a user has access to run a DAST scan on the project'
do
before
do
project
.
add_developer
(
current_user
)
end
it
'returns the dast_scanner_profile id'
do
it
'returns the dast_scanner_profile id'
do
post_graphql_mutation
(
mutation
,
current_user:
current_user
)
post_graphql_mutation
(
mutation
,
current_user:
current_user
)
...
@@ -61,15 +36,5 @@ RSpec.describe 'Creating a DAST Scanner Profile' do
...
@@ -61,15 +36,5 @@ RSpec.describe 'Creating a DAST Scanner Profile' do
expect
(
mutation_response
[
"errors"
]).
to
include
(
'Name has already been taken'
)
expect
(
mutation_response
[
"errors"
]).
to
include
(
'Name has already been taken'
)
end
end
end
end
context
'when on demand scan feature is disabled'
do
before
do
stub_feature_flags
(
security_on_demand_scans_feature_flag:
false
)
end
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
"exist or you don't have permission to perform this action"
]
end
end
end
end
end
ee/spec/requests/api/graphql/mutations/dast_site_profiles/create_spec.rb
View file @
12cc3fee
...
@@ -5,50 +5,24 @@ require 'spec_helper'
...
@@ -5,50 +5,24 @@ require 'spec_helper'
RSpec
.
describe
'Creating a DAST Site Profile'
do
RSpec
.
describe
'Creating a DAST Site Profile'
do
include
GraphqlHelpers
include
GraphqlHelpers
let
(
:project
)
{
create
(
:project
,
:repository
,
creator:
current_user
)
}
let
(
:current_user
)
{
create
(
:user
)
}
let
(
:full_path
)
{
project
.
full_path
}
let
(
:profile_name
)
{
FFaker
::
Company
.
catch_phrase
}
let
(
:profile_name
)
{
FFaker
::
Company
.
catch_phrase
}
let
(
:target_url
)
{
FFaker
::
Internet
.
uri
(
:https
)
}
let
(
:target_url
)
{
FFaker
::
Internet
.
uri
(
:https
)
}
let
(
:dast_site_profile
)
{
DastSiteProfile
.
find_by
(
project:
project
,
name:
profile_name
)
}
let
(
:dast_site_profile
)
{
DastSiteProfile
.
find_by
(
project:
project
,
name:
profile_name
)
}
let
(
:mutation_name
)
{
:dast_site_profile_create
}
let
(
:mutation
)
do
let
(
:mutation
)
do
graphql_mutation
(
graphql_mutation
(
:dast_site_profile_creat
e
,
mutation_nam
e
,
full_path:
full_path
,
full_path:
full_path
,
profile_name:
profile_name
,
profile_name:
profile_name
,
target_url:
target_url
target_url:
target_url
)
)
end
end
def
mutation_response
it_behaves_like
'an on-demand scan mutation when user cannot run an on-demand scan'
graphql_mutation_response
(
:dast_site_profile_create
)
it_behaves_like
'an on-demand scan mutation when user can run an on-demand scan'
do
end
context
'when on demand scan feature is not enabled'
do
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
'exist or you don\'t have permission to perform this action'
]
end
context
'when on demand scan feature is enabled'
do
before
do
stub_feature_flags
(
security_on_demand_scans_feature_flag:
true
)
end
context
'when the user does not have permission to run a dast scan'
do
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
'exist or you don\'t have permission to perform this action'
]
end
context
'when the user can run a dast scan'
do
before
do
project
.
add_developer
(
current_user
)
end
it
'returns the dast_site_profile id'
do
it
'returns the dast_site_profile id'
do
post_graphql_mutation
(
mutation
,
current_user:
current_user
)
subject
expect
(
mutation_response
[
"id"
]).
to
eq
(
dast_site_profile
.
to_global_id
.
to_s
)
expect
(
mutation_response
[
"id"
]).
to
eq
(
dast_site_profile
.
to_global_id
.
to_s
)
end
end
...
@@ -61,5 +35,4 @@ RSpec.describe 'Creating a DAST Site Profile' do
...
@@ -61,5 +35,4 @@ RSpec.describe 'Creating a DAST Site Profile' do
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'Internal server error'
]
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'Internal server error'
]
end
end
end
end
end
end
end
ee/spec/requests/api/graphql/mutations/dast_site_profiles/delete_spec.rb
View file @
12cc3fee
...
@@ -5,52 +5,19 @@ require 'spec_helper'
...
@@ -5,52 +5,19 @@ require 'spec_helper'
RSpec
.
describe
'Creating a DAST Site Profile'
do
RSpec
.
describe
'Creating a DAST Site Profile'
do
include
GraphqlHelpers
include
GraphqlHelpers
let
(
:project
)
{
create
(
:project
)
}
let
(
:current_user
)
{
create
(
:user
)
}
let
(
:full_path
)
{
project
.
full_path
}
let!
(
:dast_site_profile
)
{
create
(
:dast_site_profile
,
project:
project
)
}
let!
(
:dast_site_profile
)
{
create
(
:dast_site_profile
,
project:
project
)
}
let
(
:mutation_name
)
{
:dast_site_profile_delete
}
let
(
:mutation
)
do
let
(
:mutation
)
do
graphql_mutation
(
graphql_mutation
(
:dast_site_profile_delet
e
,
mutation_nam
e
,
full_path:
full_path
,
full_path:
full_path
,
id:
dast_site_profile
.
to_global_id
.
to_s
id:
dast_site_profile
.
to_global_id
.
to_s
)
)
end
end
def
mutation_response
it_behaves_like
'an on-demand scan mutation when user cannot run an on-demand scan'
graphql_mutation_response
(
:dast_site_profile_delete
)
it_behaves_like
'an on-demand scan mutation when user can run an on-demand scan'
do
end
subject
{
post_graphql_mutation
(
mutation
,
current_user:
current_user
)
}
context
'when a user does not have access to the project'
do
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
'exist or you don\'t have permission to perform this action'
]
end
context
'when a user does not have access to run a dast scan on the project'
do
before
do
project
.
add_guest
(
current_user
)
end
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
'exist or you don\'t have permission to perform this action'
]
end
context
'when a user has access to run a dast scan on the project'
do
before
do
project
.
add_developer
(
current_user
)
end
it
'returns an empty errors array'
do
subject
expect
(
mutation_response
[
"errors"
]).
to
be_empty
end
it
'deletes the dast_site_profile'
do
it
'deletes the dast_site_profile'
do
expect
{
subject
}.
to
change
{
DastSiteProfile
.
count
}.
by
(
-
1
)
expect
{
subject
}.
to
change
{
DastSiteProfile
.
count
}.
by
(
-
1
)
end
end
...
@@ -77,41 +44,33 @@ RSpec.describe 'Creating a DAST Site Profile' do
...
@@ -77,41 +44,33 @@ RSpec.describe 'Creating a DAST Site Profile' do
context
'when wrong type of global id is passed'
do
context
'when wrong type of global id is passed'
do
let
(
:mutation
)
do
let
(
:mutation
)
do
graphql_mutation
(
graphql_mutation
(
:dast_site_profile_delet
e
,
mutation_nam
e
,
full_path:
full_path
,
full_path:
full_path
,
id:
dast_site_profile
.
dast_site
.
to_global_id
.
to_s
id:
dast_site_profile
.
dast_site
.
to_global_id
.
to_s
)
)
end
end
it
'returns a top-level error'
do
it_behaves_like
'a mutation that returns top-level errors'
do
subject
let
(
:match_errors
)
do
gid
=
dast_site_profile
.
dast_site
.
to_global_id
expect
(
graphql_errors
.
dig
(
0
,
'message'
)).
to
include
(
'does not represent an instance of DastSiteProfile'
)
eq
([
"Variable $dastSiteProfileDeleteInput of type DastSiteProfileDeleteInput! "
\
"was provided invalid value for id (
\"
#{
gid
}
\"
does not represent an instance "
\
"of DastSiteProfile)"
])
end
end
end
end
end
context
'when the dast_site_profile belongs to a different project'
do
context
'when the dast_site_profile belongs to a different project'
do
let
(
:mutation
)
do
let
(
:mutation
)
do
graphql_mutation
(
graphql_mutation
(
:dast_site_profile_delet
e
,
mutation_nam
e
,
full_path:
create
(
:project
).
full_path
,
full_path:
create
(
:project
).
full_path
,
id:
dast_site_profile
.
to_global_id
.
to_s
id:
dast_site_profile
.
to_global_id
.
to_s
)
)
end
end
it_behaves_like
'a mutation that returns top-level errors'
,
it_behaves_like
'a mutation that returns a top-level access error'
errors:
[
'The resource that you are attempting to access does not '
\
'exist or you don\'t have permission to perform this action'
]
end
end
end
end
context
'when on demand scan feature is disabled'
do
before
do
stub_feature_flags
(
security_on_demand_scans_feature_flag:
false
)
end
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
'exist or you don\'t have permission to perform this action'
]
end
end
end
ee/spec/requests/api/graphql/mutations/dast_site_profiles/update_spec.rb
View file @
12cc3fee
...
@@ -5,17 +5,15 @@ require 'spec_helper'
...
@@ -5,17 +5,15 @@ require 'spec_helper'
RSpec
.
describe
'Creating a DAST Site Profile'
do
RSpec
.
describe
'Creating a DAST Site Profile'
do
include
GraphqlHelpers
include
GraphqlHelpers
let
(
:project
)
{
create
(
:project
)
}
let
(
:current_user
)
{
create
(
:user
)
}
let
(
:full_path
)
{
project
.
full_path
}
let!
(
:dast_site_profile
)
{
create
(
:dast_site_profile
,
project:
project
)
}
let!
(
:dast_site_profile
)
{
create
(
:dast_site_profile
,
project:
project
)
}
let
(
:new_profile_name
)
{
SecureRandom
.
hex
}
let
(
:new_profile_name
)
{
SecureRandom
.
hex
}
let
(
:new_target_url
)
{
FFaker
::
Internet
.
uri
(
:https
)
}
let
(
:new_target_url
)
{
FFaker
::
Internet
.
uri
(
:https
)
}
let
(
:mutation_name
)
{
:dast_site_profile_update
}
let
(
:mutation
)
do
let
(
:mutation
)
do
graphql_mutation
(
graphql_mutation
(
:dast_site_profile_updat
e
,
mutation_nam
e
,
full_path:
full_path
,
full_path:
full_path
,
id:
dast_site_profile
.
to_global_id
.
to_s
,
id:
dast_site_profile
.
to_global_id
.
to_s
,
profile_name:
new_profile_name
,
profile_name:
new_profile_name
,
...
@@ -24,38 +22,11 @@ RSpec.describe 'Creating a DAST Site Profile' do
...
@@ -24,38 +22,11 @@ RSpec.describe 'Creating a DAST Site Profile' do
end
end
def
mutation_response
def
mutation_response
graphql_mutation_response
(
:dast_site_profile_update
)
graphql_mutation_response
(
mutation_name
)
end
subject
{
post_graphql_mutation
(
mutation
,
current_user:
current_user
)
}
context
'when a user does not have access to the project'
do
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
'exist or you don\'t have permission to perform this action'
]
end
context
'when a user does not have access to run a dast scan on the project'
do
before
do
project
.
add_guest
(
current_user
)
end
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
'exist or you don\'t have permission to perform this action'
]
end
context
'when a user has access to run a dast scan on the project'
do
before
do
project
.
add_developer
(
current_user
)
end
it
'returns an empty errors array'
do
subject
expect
(
mutation_response
[
"errors"
]).
to
be_empty
end
end
it_behaves_like
'an on-demand scan mutation when user cannot run an on-demand scan'
it_behaves_like
'an on-demand scan mutation when user can run an on-demand scan'
do
it
'updates the dast_site_profile'
do
it
'updates the dast_site_profile'
do
subject
subject
...
@@ -84,7 +55,7 @@ RSpec.describe 'Creating a DAST Site Profile' do
...
@@ -84,7 +55,7 @@ RSpec.describe 'Creating a DAST Site Profile' do
context
'when wrong type of global id is passed'
do
context
'when wrong type of global id is passed'
do
let
(
:mutation
)
do
let
(
:mutation
)
do
graphql_mutation
(
graphql_mutation
(
:dast_site_profile_updat
e
,
mutation_nam
e
,
full_path:
full_path
,
full_path:
full_path
,
id:
dast_site_profile
.
dast_site
.
to_global_id
.
to_s
,
id:
dast_site_profile
.
dast_site
.
to_global_id
.
to_s
,
profile_name:
new_profile_name
,
profile_name:
new_profile_name
,
...
@@ -92,17 +63,21 @@ RSpec.describe 'Creating a DAST Site Profile' do
...
@@ -92,17 +63,21 @@ RSpec.describe 'Creating a DAST Site Profile' do
)
)
end
end
it
'returns a top-level error'
do
it_behaves_like
'a mutation that returns top-level errors'
do
subject
let
(
:match_errors
)
do
gid
=
dast_site_profile
.
dast_site
.
to_global_id
expect
(
graphql_errors
.
dig
(
0
,
'message'
)).
to
include
(
'does not represent an instance of DastSiteProfile'
)
eq
([
"Variable $dastSiteProfileUpdateInput of type DastSiteProfileUpdateInput! "
\
"was provided invalid value for id (
\"
#{
gid
}
\"
does not represent an instance "
\
"of DastSiteProfile)"
])
end
end
end
end
end
context
'when the dast_site_profile belongs to a different project'
do
context
'when the dast_site_profile belongs to a different project'
do
let
(
:mutation
)
do
let
(
:mutation
)
do
graphql_mutation
(
graphql_mutation
(
:dast_site_profile_updat
e
,
mutation_nam
e
,
full_path:
create
(
:project
).
full_path
,
full_path:
create
(
:project
).
full_path
,
id:
dast_site_profile
.
to_global_id
.
to_s
,
id:
dast_site_profile
.
to_global_id
.
to_s
,
profile_name:
new_profile_name
,
profile_name:
new_profile_name
,
...
@@ -110,19 +85,7 @@ RSpec.describe 'Creating a DAST Site Profile' do
...
@@ -110,19 +85,7 @@ RSpec.describe 'Creating a DAST Site Profile' do
)
)
end
end
it_behaves_like
'a mutation that returns top-level errors'
,
it_behaves_like
'a mutation that returns a top-level access error'
errors:
[
'The resource that you are attempting to access does not '
\
'exist or you don\'t have permission to perform this action'
]
end
end
end
end
context
'when on demand scan feature is disabled'
do
before
do
stub_feature_flags
(
security_on_demand_scans_feature_flag:
false
)
end
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
'exist or you don\'t have permission to perform this action'
]
end
end
end
ee/spec/requests/api/graphql/mutations/pipelines/run_dast_scan_spec.rb
View file @
12cc3fee
...
@@ -26,6 +26,10 @@ RSpec.describe 'Running a DAST Scan' do
...
@@ -26,6 +26,10 @@ RSpec.describe 'Running a DAST Scan' do
graphql_mutation_response
(
:run_dast_scan
)
graphql_mutation_response
(
:run_dast_scan
)
end
end
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
end
context
'when on demand scan feature is not enabled'
do
context
'when on demand scan feature is not enabled'
do
it_behaves_like
'a mutation that returns top-level errors'
,
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
errors:
[
'The resource that you are attempting to access does not '
\
...
...
ee/spec/requests/api/graphql/project/dast_scanner_profiles_spec.rb
View file @
12cc3fee
...
@@ -40,7 +40,7 @@ RSpec.describe 'Query.project(fullPath).dastScannerProfiles' do
...
@@ -40,7 +40,7 @@ RSpec.describe 'Query.project(fullPath).dastScannerProfiles' do
end
end
end
end
context
'when
a user does not have access to run_ondemand_dast_
scan'
do
context
'when
the user can run a dast
scan'
do
before
do
before
do
project
.
add_guest
(
current_user
)
project
.
add_guest
(
current_user
)
end
end
...
...
ee/spec/services/ci/run_dast_scan_service_spec.rb
View file @
12cc3fee
...
@@ -8,6 +8,10 @@ RSpec.describe Ci::RunDastScanService do
...
@@ -8,6 +8,10 @@ RSpec.describe Ci::RunDastScanService do
let
(
:branch
)
{
project
.
default_branch
}
let
(
:branch
)
{
project
.
default_branch
}
let
(
:target_url
)
{
FFaker
::
Internet
.
uri
(
:http
)
}
let
(
:target_url
)
{
FFaker
::
Internet
.
uri
(
:http
)
}
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
end
describe
'.ci_template'
do
describe
'.ci_template'
do
it
'builds a hash'
do
it
'builds a hash'
do
expect
(
described_class
.
ci_template
).
to
be_a
(
Hash
)
expect
(
described_class
.
ci_template
).
to
be_a
(
Hash
)
...
@@ -29,7 +33,7 @@ RSpec.describe Ci::RunDastScanService do
...
@@ -29,7 +33,7 @@ RSpec.describe Ci::RunDastScanService do
let
(
:pipeline
)
{
subject
.
payload
}
let
(
:pipeline
)
{
subject
.
payload
}
let
(
:message
)
{
subject
.
message
}
let
(
:message
)
{
subject
.
message
}
context
'when
the user does not have permission to run a dast scan
'
do
context
'when
a user does not have access to the project
'
do
it
'returns an error status'
do
it
'returns an error status'
do
expect
(
status
).
to
eq
(
:error
)
expect
(
status
).
to
eq
(
:error
)
end
end
...
@@ -142,6 +146,34 @@ RSpec.describe Ci::RunDastScanService do
...
@@ -142,6 +146,34 @@ RSpec.describe Ci::RunDastScanService do
expect
(
message
).
to
eq
(
full_error_messages
)
expect
(
message
).
to
eq
(
full_error_messages
)
end
end
end
end
context
'when on demand scan feature is disabled'
do
before
do
stub_feature_flags
(
security_on_demand_scans_feature_flag:
false
)
end
it
'returns an error status'
do
expect
(
status
).
to
eq
(
:error
)
end
it
'populates message'
do
expect
(
message
).
to
eq
(
'Insufficient permissions'
)
end
end
context
'when on demand scan licensed feature is not available'
do
before
do
stub_licensed_features
(
security_on_demand_scans:
false
)
end
it
'returns an error status'
do
expect
(
status
).
to
eq
(
:error
)
end
it
'populates message'
do
expect
(
message
).
to
eq
(
'Insufficient permissions'
)
end
end
end
end
end
end
end
end
ee/spec/services/dast_scanner_profiles/create_service_spec.rb
View file @
12cc3fee
...
@@ -9,6 +9,10 @@ RSpec.describe DastScannerProfiles::CreateService do
...
@@ -9,6 +9,10 @@ RSpec.describe DastScannerProfiles::CreateService do
let
(
:target_timeout
)
{
60
}
let
(
:target_timeout
)
{
60
}
let
(
:spider_timeout
)
{
600
}
let
(
:spider_timeout
)
{
600
}
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
end
describe
'#execute'
do
describe
'#execute'
do
subject
do
subject
do
described_class
.
new
(
project
,
user
).
execute
(
described_class
.
new
(
project
,
user
).
execute
(
...
@@ -83,6 +87,34 @@ RSpec.describe DastScannerProfiles::CreateService do
...
@@ -83,6 +87,34 @@ RSpec.describe DastScannerProfiles::CreateService do
expect
(
message
).
to
eq
([
'Name has already been taken'
])
expect
(
message
).
to
eq
([
'Name has already been taken'
])
end
end
end
end
context
'when on demand scan feature is disabled'
do
before
do
stub_feature_flags
(
security_on_demand_scans_feature_flag:
false
)
end
it
'returns an error status'
do
expect
(
status
).
to
eq
(
:error
)
end
it
'populates message'
do
expect
(
message
).
to
eq
(
'Insufficient permissions'
)
end
end
context
'when on demand scan licensed feature is not available'
do
before
do
stub_licensed_features
(
security_on_demand_scans:
false
)
end
it
'returns an error status'
do
expect
(
status
).
to
eq
(
:error
)
end
it
'populates message'
do
expect
(
message
).
to
eq
(
'Insufficient permissions'
)
end
end
end
end
end
end
end
end
ee/spec/services/dast_site_profiles/create_service_spec.rb
View file @
12cc3fee
...
@@ -8,6 +8,10 @@ RSpec.describe DastSiteProfiles::CreateService do
...
@@ -8,6 +8,10 @@ RSpec.describe DastSiteProfiles::CreateService do
let
(
:name
)
{
FFaker
::
Company
.
catch_phrase
}
let
(
:name
)
{
FFaker
::
Company
.
catch_phrase
}
let
(
:target_url
)
{
FFaker
::
Internet
.
uri
(
:http
)
}
let
(
:target_url
)
{
FFaker
::
Internet
.
uri
(
:http
)
}
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
end
describe
'#execute'
do
describe
'#execute'
do
subject
{
described_class
.
new
(
project
,
user
).
execute
(
name:
name
,
target_url:
target_url
)
}
subject
{
described_class
.
new
(
project
,
user
).
execute
(
name:
name
,
target_url:
target_url
)
}
...
@@ -16,7 +20,7 @@ RSpec.describe DastSiteProfiles::CreateService do
...
@@ -16,7 +20,7 @@ RSpec.describe DastSiteProfiles::CreateService do
let
(
:errors
)
{
subject
.
errors
}
let
(
:errors
)
{
subject
.
errors
}
let
(
:payload
)
{
subject
.
payload
}
let
(
:payload
)
{
subject
.
payload
}
context
'when
the user does not have permission to run a dast scan
'
do
context
'when
a user does not have access to the project
'
do
it
'returns an error status'
do
it
'returns an error status'
do
expect
(
status
).
to
eq
(
:error
)
expect
(
status
).
to
eq
(
:error
)
end
end
...
@@ -72,6 +76,34 @@ RSpec.describe DastSiteProfiles::CreateService do
...
@@ -72,6 +76,34 @@ RSpec.describe DastSiteProfiles::CreateService do
expect
(
errors
).
to
include
(
'Url is blocked: Requests to localhost are not allowed'
)
expect
(
errors
).
to
include
(
'Url is blocked: Requests to localhost are not allowed'
)
end
end
end
end
context
'when on demand scan feature is disabled'
do
before
do
stub_feature_flags
(
security_on_demand_scans_feature_flag:
false
)
end
it
'returns an error status'
do
expect
(
status
).
to
eq
(
:error
)
end
it
'populates message'
do
expect
(
message
).
to
eq
(
'Insufficient permissions'
)
end
end
context
'when on demand scan licensed feature is not available'
do
before
do
stub_licensed_features
(
security_on_demand_scans:
false
)
end
it
'returns an error status'
do
expect
(
status
).
to
eq
(
:error
)
end
it
'populates message'
do
expect
(
message
).
to
eq
(
'Insufficient permissions'
)
end
end
end
end
end
end
end
end
ee/spec/services/dast_site_profiles/update_service_spec.rb
View file @
12cc3fee
...
@@ -10,6 +10,10 @@ RSpec.describe DastSiteProfiles::UpdateService do
...
@@ -10,6 +10,10 @@ RSpec.describe DastSiteProfiles::UpdateService do
let
(
:new_profile_name
)
{
SecureRandom
.
hex
}
let
(
:new_profile_name
)
{
SecureRandom
.
hex
}
let
(
:new_target_url
)
{
FFaker
::
Internet
.
uri
(
:https
)
}
let
(
:new_target_url
)
{
FFaker
::
Internet
.
uri
(
:https
)
}
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
end
describe
'#execute'
do
describe
'#execute'
do
subject
do
subject
do
described_class
.
new
(
project
,
user
).
execute
(
described_class
.
new
(
project
,
user
).
execute
(
...
@@ -24,7 +28,7 @@ RSpec.describe DastSiteProfiles::UpdateService do
...
@@ -24,7 +28,7 @@ RSpec.describe DastSiteProfiles::UpdateService do
let
(
:errors
)
{
subject
.
errors
}
let
(
:errors
)
{
subject
.
errors
}
let
(
:payload
)
{
subject
.
payload
}
let
(
:payload
)
{
subject
.
payload
}
context
'when
the user does not have permission to run a dast scan
'
do
context
'when
a user does not have access to the project
'
do
it
'returns an error status'
do
it
'returns an error status'
do
expect
(
status
).
to
eq
(
:error
)
expect
(
status
).
to
eq
(
:error
)
end
end
...
@@ -81,6 +85,34 @@ RSpec.describe DastSiteProfiles::UpdateService do
...
@@ -81,6 +85,34 @@ RSpec.describe DastSiteProfiles::UpdateService do
expect
(
message
).
to
eq
(
'DastSiteProfile not found'
)
expect
(
message
).
to
eq
(
'DastSiteProfile not found'
)
end
end
end
end
context
'when on demand scan feature is disabled'
do
before
do
stub_feature_flags
(
security_on_demand_scans_feature_flag:
false
)
end
it
'returns an error status'
do
expect
(
status
).
to
eq
(
:error
)
end
it
'populates message'
do
expect
(
message
).
to
eq
(
'Insufficient permissions'
)
end
end
context
'when on demand scan licensed feature is not available'
do
before
do
stub_licensed_features
(
security_on_demand_scans:
false
)
end
it
'returns an error status'
do
expect
(
status
).
to
eq
(
:error
)
end
it
'populates message'
do
expect
(
message
).
to
eq
(
'Insufficient permissions'
)
end
end
end
end
end
end
end
end
ee/spec/services/dast_sites/find_or_create_service_spec.rb
View file @
12cc3fee
...
@@ -7,10 +7,14 @@ RSpec.describe DastSites::FindOrCreateService do
...
@@ -7,10 +7,14 @@ RSpec.describe DastSites::FindOrCreateService do
let
(
:project
)
{
create
(
:project
,
:repository
,
creator:
user
)
}
let
(
:project
)
{
create
(
:project
,
:repository
,
creator:
user
)
}
let
(
:url
)
{
FFaker
::
Internet
.
uri
(
:http
)
}
let
(
:url
)
{
FFaker
::
Internet
.
uri
(
:http
)
}
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
end
describe
'#execute!'
do
describe
'#execute!'
do
subject
{
described_class
.
new
(
project
,
user
).
execute!
(
url:
url
)
}
subject
{
described_class
.
new
(
project
,
user
).
execute!
(
url:
url
)
}
context
'when
the user does not have permission to run a dast scan
'
do
context
'when
a user does not have access to the project
'
do
it
'raises an exception'
do
it
'raises an exception'
do
expect
{
subject
}.
to
raise_error
(
DastSites
::
FindOrCreateService
::
PermissionsError
)
do
|
err
|
expect
{
subject
}.
to
raise_error
(
DastSites
::
FindOrCreateService
::
PermissionsError
)
do
|
err
|
expect
(
err
.
message
).
to
include
(
'Insufficient permissions'
)
expect
(
err
.
message
).
to
include
(
'Insufficient permissions'
)
...
@@ -54,6 +58,26 @@ RSpec.describe DastSites::FindOrCreateService do
...
@@ -54,6 +58,26 @@ RSpec.describe DastSites::FindOrCreateService do
end
end
end
end
end
end
context
'when on demand scan feature is disabled'
do
it
'raises an exception'
do
stub_feature_flags
(
security_on_demand_scans_feature_flag:
false
)
expect
{
subject
}.
to
raise_error
(
DastSites
::
FindOrCreateService
::
PermissionsError
)
do
|
err
|
expect
(
err
.
message
).
to
include
(
'Insufficient permissions'
)
end
end
end
context
'when on demand scan licensed feature is not available'
do
it
'raises an exception'
do
stub_licensed_features
(
security_on_demand_scans:
false
)
expect
{
subject
}.
to
raise_error
(
DastSites
::
FindOrCreateService
::
PermissionsError
)
do
|
err
|
expect
(
err
.
message
).
to
include
(
'Insufficient permissions'
)
end
end
end
end
end
end
end
end
end
ee/spec/support/shared_examples/graphql/mutations/on_demand_scan_with_user_abilities_shared_examples.rb
0 → 100644
View file @
12cc3fee
# frozen_string_literal: true
require
'spec_helper'
# There must be a method or let called `mutation` defined that executes
# the mutation and one called `mutation_name` that is the name of the
# mutation being executed.
RSpec
.
shared_examples
'an on-demand scan mutation when user can run an on-demand scan'
do
let
(
:project
)
{
create
(
:project
,
:repository
,
creator:
current_user
)
}
let
(
:current_user
)
{
create
(
:user
)
}
let
(
:full_path
)
{
project
.
full_path
}
def
mutation_response
graphql_mutation_response
(
mutation_name
)
end
subject
{
post_graphql_mutation
(
mutation
,
current_user:
current_user
)
}
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
project
.
add_developer
(
current_user
)
end
it
'returns an empty errors array'
do
subject
expect
(
mutation_response
[
"errors"
]).
to
be_empty
end
context
'when on demand scan feature is disabled'
do
before
do
stub_feature_flags
(
security_on_demand_scans_feature_flag:
false
)
end
it_behaves_like
'a mutation that returns a top-level access error'
end
context
'when on demand scan licensed feature is not available'
do
before
do
stub_licensed_features
(
security_on_demand_scans:
false
)
end
it_behaves_like
'a mutation that returns a top-level access error'
end
end
ee/spec/support/shared_examples/graphql/mutations/on_demand_scan_without_user_abilities_shared_examples.rb
0 → 100644
View file @
12cc3fee
# frozen_string_literal: true
require
'spec_helper'
# There must be a method or let called `mutation` defined that executes
# the mutation and one called `mutation_name` that is the name of the
# mutation being executed.
RSpec
.
shared_examples
'an on-demand scan mutation when user cannot run an on-demand scan'
do
let
(
:project
)
{
create
(
:project
,
:repository
,
creator:
current_user
)
}
let
(
:current_user
)
{
create
(
:user
)
}
let
(
:full_path
)
{
project
.
full_path
}
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
end
context
'when a user does not have access to the project'
do
it_behaves_like
'a mutation that returns a top-level access error'
end
context
'when a user does not have access to run a dast scan on the project'
do
before
do
project
.
add_guest
(
current_user
)
end
it_behaves_like
'a mutation that returns a top-level access error'
end
end
spec/support/shared_examples/graphql/mutation_shared_examples.rb
View file @
12cc3fee
...
@@ -19,6 +19,13 @@ RSpec.shared_examples 'a mutation that returns top-level errors' do |errors: []|
...
@@ -19,6 +19,13 @@ RSpec.shared_examples 'a mutation that returns top-level errors' do |errors: []|
end
end
end
end
# There must be a method or let called `mutation` defined that executes
# the mutation.
RSpec
.
shared_examples
'a mutation that returns a top-level access error'
do
include_examples
'a mutation that returns top-level errors'
,
errors:
[
Gitlab
::
Graphql
::
Authorize
::
AuthorizeResource
::
RESOURCE_ACCESS_ERROR
]
end
RSpec
.
shared_examples
'an invalid argument to the mutation'
do
|
argument_name
:|
RSpec
.
shared_examples
'an invalid argument to the mutation'
do
|
argument_name
:|
it_behaves_like
'a mutation that returns top-level errors'
do
it_behaves_like
'a mutation that returns top-level errors'
do
let
(
:match_errors
)
do
let
(
:match_errors
)
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment