Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
1537a8a3
Commit
1537a8a3
authored
Jun 14, 2021
by
Michael Eddington
Committed by
charlie ablett
Jun 14, 2021
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Promote unstable API Fuzzing CI template to stable (breaking)
parent
6d4a2362
Changes
4
Expand all
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
302 additions
and
386 deletions
+302
-386
ee/spec/lib/ee/gitlab/ci/templates/templates_spec.rb
ee/spec/lib/ee/gitlab/ci/templates/templates_spec.rb
+110
-26
ee/spec/lib/gitlab/ci/templates/api_fuzzing_gitlab_ci_yaml_spec.rb
...ib/gitlab/ci/templates/api_fuzzing_gitlab_ci_yaml_spec.rb
+64
-65
lib/gitlab/ci/templates/Security/API-Fuzzing.gitlab-ci.yml
lib/gitlab/ci/templates/Security/API-Fuzzing.gitlab-ci.yml
+8
-253
spec/lib/gitlab/ci/templates/templates_spec.rb
spec/lib/gitlab/ci/templates/templates_spec.rb
+120
-42
No files found.
ee/spec/lib/ee/gitlab/ci/templates/templates_spec.rb
View file @
1537a8a3
...
@@ -4,12 +4,9 @@ require 'spec_helper'
...
@@ -4,12 +4,9 @@ require 'spec_helper'
RSpec
.
describe
"CI YML Templates"
do
RSpec
.
describe
"CI YML Templates"
do
using
RSpec
::
Parameterized
::
TableSyntax
using
RSpec
::
Parameterized
::
TableSyntax
subject
{
Gitlab
::
Ci
::
YamlProcessor
.
new
(
content
).
execute
}
subject
{
Gitlab
::
Ci
::
YamlProcessor
.
new
(
content
).
execute
}
where
(
:template_name
)
do
let
(
:all_templates
)
{
Gitlab
::
Template
::
GitlabCiYmlTemplate
.
all
.
map
(
&
:full_name
)
}
Gitlab
::
Template
::
GitlabCiYmlTemplate
.
all
.
map
(
&
:full_name
)
end
before
do
before
do
stub_feature_flags
(
stub_feature_flags
(
...
@@ -19,12 +16,66 @@ RSpec.describe "CI YML Templates" do
...
@@ -19,12 +16,66 @@ RSpec.describe "CI YML Templates" do
redirect_to_latest_template_jobs_browser_performance_testing:
false
)
redirect_to_latest_template_jobs_browser_performance_testing:
false
)
end
end
shared_examples
'require default stages to be included'
do
it
'require default stages to be included'
do
expect
(
subject
.
stages
).
to
include
(
*
Gitlab
::
Ci
::
Config
::
Entry
::
Stages
.
default
)
end
end
context
'that support autodevops'
do
non_autodevops_templates
=
[
'Security/DAST-API.gitlab-ci.yml'
,
'Security/API-Fuzzing.gitlab-ci.yml'
]
where
(
:template_name
)
do
all_templates
-
non_autodevops_templates
end
with_them
do
with_them
do
let
(
:content
)
do
let
(
:content
)
do
if
template_name
==
'Security/DAST-API.gitlab-ci.yml'
<<~
EOS
# The DAST-API template purposly excludes a stages
include:
- template:
#{
template_name
}
concrete_build_implemented_by_a_user:
stage: test
script: do something
EOS
end
it
'are valid with default stages'
do
expect
(
subject
).
to
be_valid
end
include_examples
'require default stages to be included'
end
end
context
'that do not support autodevops'
do
context
'when DAST API template'
do
# The DAST API template purposly excludes a stages
# definition.
# definition.
let
(
:template_name
)
{
'Security/DAST-API.gitlab-ci.yml'
}
context
'with default stages'
do
let
(
:content
)
do
<<~
EOS
include:
- template:
#{
template_name
}
concrete_build_implemented_by_a_user:
stage: test
script: do something
EOS
end
it
{
is_expected
.
not_to
be_valid
}
end
context
'with defined stages'
do
let
(
:content
)
do
<<~
EOS
<<~
EOS
include:
include:
- template:
#{
template_name
}
- template:
#{
template_name
}
...
@@ -39,7 +90,22 @@ RSpec.describe "CI YML Templates" do
...
@@ -39,7 +90,22 @@ RSpec.describe "CI YML Templates" do
stage: test
stage: test
script: do something
script: do something
EOS
EOS
else
end
it
{
is_expected
.
to
be_valid
}
include_examples
'require default stages to be included'
end
end
context
'when API Fuzzing template'
do
# The API Fuzzing template purposly excludes a stages
# definition.
let
(
:template_name
)
{
'Security/API-Fuzzing.gitlab-ci.yml'
}
context
'with default stages'
do
let
(
:content
)
do
<<~
EOS
<<~
EOS
include:
include:
- template:
#{
template_name
}
- template:
#{
template_name
}
...
@@ -49,14 +115,32 @@ RSpec.describe "CI YML Templates" do
...
@@ -49,14 +115,32 @@ RSpec.describe "CI YML Templates" do
script: do something
script: do something
EOS
EOS
end
end
it
{
is_expected
.
not_to
be_valid
}
end
end
it
'is valid'
do
context
'with defined stages'
do
expect
(
subject
).
to
be_valid
let
(
:content
)
do
<<~
EOS
include:
- template:
#{
template_name
}
stages:
- build
- test
- deploy
- fuzz
concrete_build_implemented_by_a_user:
stage: test
script: do something
EOS
end
end
it
'require default stages to be included'
do
it
{
is_expected
.
to
be_valid
}
expect
(
subject
.
stages
).
to
include
(
*
Gitlab
::
Ci
::
Config
::
Entry
::
Stages
.
default
)
include_examples
'require default stages to be included'
end
end
end
end
end
end
end
ee/spec/lib/gitlab/ci/templates/api_fuzzing_gitlab_ci_yaml_spec.rb
View file @
1537a8a3
...
@@ -5,6 +5,8 @@ require 'spec_helper'
...
@@ -5,6 +5,8 @@ require 'spec_helper'
RSpec
.
describe
'API-Fuzzing.gitlab-ci.yml'
do
RSpec
.
describe
'API-Fuzzing.gitlab-ci.yml'
do
subject
(
:template
)
{
Gitlab
::
Template
::
GitlabCiYmlTemplate
.
find
(
'API-Fuzzing'
)
}
subject
(
:template
)
{
Gitlab
::
Template
::
GitlabCiYmlTemplate
.
find
(
'API-Fuzzing'
)
}
specify
{
expect
(
template
).
not_to
be_nil
}
describe
'the template file'
do
describe
'the template file'
do
let
(
:template_filename
)
{
Rails
.
root
.
join
(
"lib/gitlab/ci/templates/"
+
template
.
full_name
)
}
let
(
:template_filename
)
{
Rails
.
root
.
join
(
"lib/gitlab/ci/templates/"
+
template
.
full_name
)
}
let
(
:contents
)
{
File
.
read
(
template_filename
)
}
let
(
:contents
)
{
File
.
read
(
template_filename
)
}
...
@@ -36,6 +38,7 @@ RSpec.describe 'API-Fuzzing.gitlab-ci.yml' do
...
@@ -36,6 +38,7 @@ RSpec.describe 'API-Fuzzing.gitlab-ci.yml' do
let
(
:pipeline
)
{
service
.
execute!
(
:push
)
}
let
(
:pipeline
)
{
service
.
execute!
(
:push
)
}
let
(
:build_names
)
{
pipeline
.
builds
.
pluck
(
:name
)
}
let
(
:build_names
)
{
pipeline
.
builds
.
pluck
(
:name
)
}
context
'when no stages'
do
before
do
before
do
stub_ci_pipeline_yaml_file
(
template
.
content
)
stub_ci_pipeline_yaml_file
(
template
.
content
)
allow_next_instance_of
(
Ci
::
BuildScheduleWorker
)
do
|
worker
|
allow_next_instance_of
(
Ci
::
BuildScheduleWorker
)
do
|
worker
|
...
@@ -44,6 +47,26 @@ RSpec.describe 'API-Fuzzing.gitlab-ci.yml' do
...
@@ -44,6 +47,26 @@ RSpec.describe 'API-Fuzzing.gitlab-ci.yml' do
allow
(
project
).
to
receive
(
:default_branch
).
and_return
(
default_branch
)
allow
(
project
).
to
receive
(
:default_branch
).
and_return
(
default_branch
)
end
end
context
'when project has no stages'
do
it
'includes no jobs'
do
expect
(
build_names
).
to
be_empty
end
end
end
context
'when stages includes fuzz'
do
let
(
:ci_pipeline_yaml
)
{
"stages: [
\"
fuzz
\"
]
\n
"
}
before
do
stub_ci_pipeline_yaml_file
(
ci_pipeline_yaml
+
template
.
content
)
allow_next_instance_of
(
Ci
::
BuildScheduleWorker
)
do
|
worker
|
allow
(
worker
).
to
receive
(
:perform
).
and_return
(
true
)
end
allow
(
project
).
to
receive
(
:default_branch
).
and_return
(
default_branch
)
end
context
'when project has no license'
do
context
'when project has no license'
do
before
do
before
do
create
(
:ci_variable
,
project:
project
,
key:
'FUZZAPI_HAR'
,
value:
'testing.har'
)
create
(
:ci_variable
,
project:
project
,
key:
'FUZZAPI_HAR'
,
value:
'testing.har'
)
...
@@ -51,7 +74,7 @@ RSpec.describe 'API-Fuzzing.gitlab-ci.yml' do
...
@@ -51,7 +74,7 @@ RSpec.describe 'API-Fuzzing.gitlab-ci.yml' do
end
end
it
'includes job to display error'
do
it
'includes job to display error'
do
expect
(
build_names
).
to
match_array
(
%w[apifuzzer_fuzz_unlicensed
]
)
expect
(
build_names
).
to
match_array
(
%w[apifuzzer_fuzz
]
)
end
end
end
end
...
@@ -101,19 +124,6 @@ RSpec.describe 'API-Fuzzing.gitlab-ci.yml' do
...
@@ -101,19 +124,6 @@ RSpec.describe 'API-Fuzzing.gitlab-ci.yml' do
end
end
end
end
context
'when FUZZAPI_D_TARGET_IMAGE is present'
do
before
do
create
(
:ci_variable
,
project:
project
,
key:
'FUZZAPI_D_TARGET_IMAGE'
,
value:
'imagename:latest'
)
create
(
:ci_variable
,
project:
project
,
key:
'FUZZAPI_HAR'
,
value:
'testing.har'
)
create
(
:ci_variable
,
project:
project
,
key:
'FUZZAPI_TARGET_URL'
,
value:
'http://example.com'
)
end
it
'includes dnd job'
do
expect
(
build_names
).
to
match_array
(
%w[apifuzzer_fuzz_dnd]
)
end
end
end
context
'when API_FUZZING_DISABLED=1'
do
context
'when API_FUZZING_DISABLED=1'
do
before
do
before
do
create
(
:ci_variable
,
project:
project
,
key:
'API_FUZZING_DISABLED'
,
value:
'1'
)
create
(
:ci_variable
,
project:
project
,
key:
'API_FUZZING_DISABLED'
,
value:
'1'
)
...
@@ -125,17 +135,6 @@ RSpec.describe 'API-Fuzzing.gitlab-ci.yml' do
...
@@ -125,17 +135,6 @@ RSpec.describe 'API-Fuzzing.gitlab-ci.yml' do
expect
{
pipeline
}.
to
raise_error
(
Ci
::
CreatePipelineService
::
CreateError
)
expect
{
pipeline
}.
to
raise_error
(
Ci
::
CreatePipelineService
::
CreateError
)
end
end
end
end
context
'when API_FUZZING_DISABLED=1 with DnD'
do
before
do
create
(
:ci_variable
,
project:
project
,
key:
'API_FUZZING_DISABLED'
,
value:
'1'
)
create
(
:ci_variable
,
project:
project
,
key:
'FUZZAPI_D_TARGET_IMAGE'
,
value:
'imagename:latest'
)
create
(
:ci_variable
,
project:
project
,
key:
'FUZZAPI_HAR'
,
value:
'testing.har'
)
create
(
:ci_variable
,
project:
project
,
key:
'FUZZAPI_TARGET_URL'
,
value:
'http://example.com'
)
end
it
'includes no jobs'
do
expect
{
pipeline
}.
to
raise_error
(
Ci
::
CreatePipelineService
::
CreateError
)
end
end
end
end
end
end
...
...
lib/gitlab/ci/templates/Security/API-Fuzzing.gitlab-ci.yml
View file @
1537a8a3
This diff is collapsed.
Click to expand it.
spec/lib/gitlab/ci/templates/templates_spec.rb
View file @
1537a8a3
...
@@ -6,33 +6,104 @@ RSpec.describe 'CI YML Templates' do
...
@@ -6,33 +6,104 @@ RSpec.describe 'CI YML Templates' do
subject
{
Gitlab
::
Ci
::
YamlProcessor
.
new
(
content
).
execute
}
subject
{
Gitlab
::
Ci
::
YamlProcessor
.
new
(
content
).
execute
}
let
(
:all_templates
)
{
Gitlab
::
Template
::
GitlabCiYmlTemplate
.
all
.
map
(
&
:full_name
)
}
let
(
:all_templates
)
{
Gitlab
::
Template
::
GitlabCiYmlTemplate
.
all
.
map
(
&
:full_name
)
}
let
(
:excluded_templates
)
do
let
(
:excluded_templates
)
do
all_templates
.
select
do
|
name
|
all_templates
.
select
do
|
name
|
Gitlab
::
Template
::
GitlabCiYmlTemplate
.
excluded_patterns
.
any?
{
|
pattern
|
pattern
.
match?
(
name
)
}
Gitlab
::
Template
::
GitlabCiYmlTemplate
.
excluded_patterns
.
any?
{
|
pattern
|
pattern
.
match?
(
name
)
}
end
end
end
end
before
do
stub_feature_flags
(
redirect_to_latest_template_terraform:
false
,
redirect_to_latest_template_security_api_fuzzing:
false
,
redirect_to_latest_template_security_dast:
false
)
end
shared_examples
'require default stages to be included'
do
it
'require default stages to be included'
do
expect
(
subject
.
stages
).
to
include
(
*
Gitlab
::
Ci
::
Config
::
Entry
::
Stages
.
default
)
end
end
context
'that support autodevops'
do
non_autodevops_templates
=
[
'Security/DAST-API.gitlab-ci.yml'
,
'Security/API-Fuzzing.gitlab-ci.yml'
]
context
'when including available templates in a CI YAML configuration'
do
context
'when including available templates in a CI YAML configuration'
do
using
RSpec
::
Parameterized
::
TableSyntax
using
RSpec
::
Parameterized
::
TableSyntax
where
(
:template_name
)
do
where
(
:template_name
)
do
all_templates
-
excluded
_templates
all_templates
-
excluded_templates
-
non_autodevops
_templates
end
end
before
do
with_them
do
stub_feature_flags
(
let
(
:content
)
do
redirect_to_latest_template_terraform:
false
,
<<~
EOS
redirect_to_latest_template_security_api_fuzzing:
false
,
include:
redirect_to_latest_template_security_dast:
false
)
- template:
#{
template_name
}
concrete_build_implemented_by_a_user:
stage: test
script: do something
EOS
end
it
{
is_expected
.
to
be_valid
}
include_examples
'require default stages to be included'
end
end
context
'when including unavailable templates in a CI YAML configuration'
do
using
RSpec
::
Parameterized
::
TableSyntax
where
(
:template_name
)
do
excluded_templates
end
end
with_them
do
with_them
do
let
(
:content
)
do
let
(
:content
)
do
if
template_name
==
'Security/DAST-API.gitlab-ci.yml'
<<~
EOS
# The DAST-API template purposly excludes a stages
include:
- template:
#{
template_name
}
concrete_build_implemented_by_a_user:
stage: test
script: do something
EOS
end
it
{
is_expected
.
not_to
be_valid
}
end
end
end
describe
'that do not support autodevops'
do
context
'when DAST API template'
do
# The DAST API template purposly excludes a stages
# definition.
# definition.
let
(
:template_name
)
{
'Security/DAST-API.gitlab-ci.yml'
}
context
'with default stages'
do
let
(
:content
)
do
<<~
EOS
include:
- template:
#{
template_name
}
concrete_build_implemented_by_a_user:
stage: test
script: do something
EOS
end
it
{
is_expected
.
not_to
be_valid
}
end
context
'with defined stages'
do
let
(
:content
)
do
<<~
EOS
<<~
EOS
include:
include:
- template:
#{
template_name
}
- template:
#{
template_name
}
...
@@ -47,7 +118,22 @@ RSpec.describe 'CI YML Templates' do
...
@@ -47,7 +118,22 @@ RSpec.describe 'CI YML Templates' do
stage: test
stage: test
script: do something
script: do something
EOS
EOS
else
end
it
{
is_expected
.
to
be_valid
}
include_examples
'require default stages to be included'
end
end
context
'when API Fuzzing template'
do
# The API Fuzzing template purposly excludes a stages
# definition.
let
(
:template_name
)
{
'Security/API-Fuzzing.gitlab-ci.yml'
}
context
'with default stages'
do
let
(
:content
)
do
<<~
EOS
<<~
EOS
include:
include:
- template:
#{
template_name
}
- template:
#{
template_name
}
...
@@ -57,39 +143,31 @@ RSpec.describe 'CI YML Templates' do
...
@@ -57,39 +143,31 @@ RSpec.describe 'CI YML Templates' do
script: do something
script: do something
EOS
EOS
end
end
end
it
'is valid'
do
it
{
is_expected
.
not_to
be_valid
}
expect
(
subject
).
to
be_valid
end
end
it
'require default stages to be included'
do
context
'with defined stages'
do
expect
(
subject
.
stages
).
to
include
(
*
Gitlab
::
Ci
::
Config
::
Entry
::
Stages
.
default
)
end
end
end
context
'when including unavailable templates in a CI YAML configuration'
do
using
RSpec
::
Parameterized
::
TableSyntax
where
(
:template_name
)
do
excluded_templates
end
with_them
do
let
(
:content
)
do
let
(
:content
)
do
<<~
EOS
<<~
EOS
include:
include:
- template:
#{
template_name
}
- template:
#{
template_name
}
stages:
- build
- test
- deploy
- fuzz
concrete_build_implemented_by_a_user:
concrete_build_implemented_by_a_user:
stage: test
stage: test
script: do something
script: do something
EOS
EOS
end
end
it
'is not valid'
do
it
{
is_expected
.
to
be_valid
}
expect
(
subject
).
not_to
be_valid
include_examples
'require default stages to be included'
end
end
end
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment