Associate DastSiteProfile and validation on create

198fd9a1 · Philip Cunningham · Thong Kuah · 674f3cd5 · 198fd9a1 · 198fd9a1
Commit 198fd9a1 authored May 06, 2021 by Philip Cunningham Committed by Thong Kuah May 06, 2021
3 changed files
--- a/ee/app/services/app_sec/dast/site_profiles/create_service.rb
+++ b/ee/app/services/app_sec/dast/site_profiles/create_service.rb
@@ -12,15 +12,18 @@ module AppSec
          end
        end

-        attr_reader :dast_site_profile
+        attr_reader :dast_site, :dast_site_profile, :dast_site_validation

        def execute(name:, target_url:, **params)
          return ServiceResponse.error(message: _('Insufficient permissions')) unless allowed?

          ActiveRecord::Base.transaction do
-            dast_site = ::DastSites::FindOrCreateService.new(project, current_user).execute!(url: target_url)
+            @dast_site = ::DastSites::FindOrCreateService.new(project, current_user).execute!(url: target_url)
            params.merge!(project: project, dast_site: dast_site, name: name).compact!

+            @dast_site_validation = find_existing_dast_site_validation
+            associate_dast_site_validation! if dast_site_validation
+
            @dast_site_profile = DastSiteProfile.create!(params.except(:request_headers, :auth_password))
            create_secret_variable!(::Dast::SiteProfileSecretVariable::PASSWORD, params[:auth_password])
            create_secret_variable!(::Dast::SiteProfileSecretVariable::REQUEST_HEADERS, params[:request_headers])
@@ -39,6 +42,10 @@ module AppSec
          Ability.allowed?(current_user, :create_on_demand_dast_scan, project)
        end

+        def associate_dast_site_validation!
+          dast_site.update!(dast_site_validation_id: dast_site_validation.id)
+        end
+
        def create_secret_variable!(key, value)
          return ServiceResponse.success unless value

@@ -52,6 +59,15 @@ module AppSec

          response
        end
+
+        def find_existing_dast_site_validation
+          url_base = DastSiteValidation.get_normalized_url_base(dast_site.url)
+
+          DastSiteValidationsFinder.new(
+            project_id: project.id,
+            url_base: url_base
+          ).execute.first
+        end
      end
    end
  end

--- a/ee/changelogs/unreleased/philipcunningham-eagerly-associate-dast-site-profile-with-validation-i.yml
+++ b/ee/changelogs/unreleased/philipcunningham-eagerly-associate-dast-site-profile-with-validation-i.yml
+---
+title: Eagerly associate DastSiteProfile and DastSiteValidation on create
+merge_request: 53800
+author:
+type: fixed
--- a/ee/spec/services/app_sec/dast/site_profiles/create_service_spec.rb
+++ b/ee/spec/services/app_sec/dast/site_profiles/create_service_spec.rb
@@ -179,6 +179,25 @@ RSpec.describe AppSec::Dast::SiteProfiles::CreateService do
        it_behaves_like 'it handles secret variable creation failure'
      end

+      context 'when an existing dast_site_validation does not exist' do
+        it 'does not create a dast_site_validation association' do
+          dast_site = subject.payload.dast_site
+
+          expect(dast_site.dast_site_validation).to be_nil
+        end
+      end
+
+      context 'when an existing dast_site_validation exists' do
+        let(:dast_site_validation) { create(:dast_site_validation, dast_site_token: create(:dast_site_token, project: project)) }
+        let(:target_url) { dast_site_validation.dast_site_token.url }
+
+        it 'gets associated with the dast_site' do
+          dast_site = subject.payload.dast_site
+
+          expect(dast_site.dast_site_validation).to eq(dast_site_validation)
+        end
+      end
+
      context 'when on demand scan licensed feature is not available' do
        before do
          stub_licensed_features(security_on_demand_scans: false)