Bugfix: add route to coverage_fuzzing_reports

Update fuzzing feature category * Fix tipo in feature categeory name * Change - to _ Fix feature_category definition * Fix syntax error for fuzz_testing Switch feature_category to use fuzz-testing * Match naming concention in stages.yml

Bugfix: add route to coverage_fuzzing_reports
Update fuzzing feature category * Fix tipo in feature categeory name * Change - to _ Fix feature_category definition * Fix syntax error for fuzz_testing Switch feature_category to use fuzz-testing * Match naming concention in stages.yml
46c2faab · Yevgeny Pats · Dmytro Zaporozhets (DZ) · a1a963a0 · 46c2faab · 46c2faab
Commit 46c2faab authored Oct 15, 2020 by Yevgeny Pats Committed by Dmytro Zaporozhets (DZ) Oct 15, 2020
7 changed files
--- a/config/feature_categories.yml
+++ b/config/feature_categories.yml
@@ -49,7 +49,7 @@
 - error_tracking
 - feature_flags
 - foundations
- fuzz-testing
+- fuzz_testing
 - gdk
 - geo_replication
 - git_lfs

--- a/ee/app/controllers/ee/projects/merge_requests_controller.rb
+++ b/ee/app/controllers/ee/projects/merge_requests_controller.rb
@@ -23,6 +23,7 @@ module EE
        feature_category :code_review, [:delete_description_version, :description_diff]
        feature_category :container_scanning, [:container_scanning_reports]
        feature_category :dependency_scanning, [:dependency_scanning_reports]
+        feature_category :fuzz_testing, [:coverage_fuzzing_reports]
        feature_category :license_compliance, [:license_scanning_reports]
        feature_category :static_application_security_testing, [:sast_reports]
        feature_category :secret_detection, [:secret_detection_reports]

--- a/ee/changelogs/unreleased/bugfix_add_coverage_fuzzing_route.yml
+++ b/ee/changelogs/unreleased/bugfix_add_coverage_fuzzing_route.yml
+---
+title: Add route to coverage_fuzzing_reports
+merge_request: 43664
+author:
+type: fixed
--- a/ee/config/routes/merge_requests.rb
+++ b/ee/config/routes/merge_requests.rb
@@ -11,6 +11,7 @@ resources :merge_requests, only: [], constraints: { id: /\d+/ } do
    get :sast_reports
    get :secret_detection_reports
    get :dast_reports
+    get :coverage_fuzzing_reports

    post :rebase
  end

--- a/ee/spec/controllers/projects/merge_requests_controller_spec.rb
+++ b/ee/spec/controllers/projects/merge_requests_controller_spec.rb
@@ -586,6 +586,79 @@ RSpec.describe Projects::MergeRequestsController do
    it_behaves_like 'authorize read pipeline'
  end

+  describe 'GET #coverage_fuzzing_reports' do
+    let(:merge_request) { create(:ee_merge_request, :with_coverage_fuzzing_reports, source_project: project, author: create(:user)) }
+
+    let(:params) do
+      {
+        namespace_id: project.namespace.to_param,
+        project_id: project,
+        id: merge_request.iid
+      }
+    end
+
+    subject { get :coverage_fuzzing_reports, params: params, format: :json }
+
+    before do
+      allow_any_instance_of(::MergeRequest).to receive(:compare_reports)
+        .with(::Ci::CompareSecurityReportsService, viewer, 'coverage_fuzzing').and_return(comparison_status)
+    end
+
+    it_behaves_like 'pending pipeline response'
+
+    context 'when comparison is being processed' do
+      let(:comparison_status) { { status: :parsing } }
+
+      it 'sends polling interval' do
+        expect(::Gitlab::PollingInterval).to receive(:set_header)
+
+        subject
+      end
+
+      it 'returns 204 HTTP status' do
+        subject
+
+        expect(response).to have_gitlab_http_status(:no_content)
+      end
+    end
+
+    context 'when comparison is done' do
+      let(:comparison_status) { { status: :parsed, data: { added: [], fixed: [], existing: [] } } }
+
+      it 'does not send polling interval' do
+        expect(::Gitlab::PollingInterval).not_to receive(:set_header)
+
+        subject
+      end
+
+      it 'returns 200 HTTP status' do
+        subject
+
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(json_response).to eq({ "added" => [], "fixed" => [], "existing" => [] })
+      end
+    end
+
+    context 'when user created corrupted vulnerability reports' do
+      let(:comparison_status) { { status: :error, status_reason: 'Failed to parse coverage fuzzing reports' } }
+
+      it 'does not send polling interval' do
+        expect(::Gitlab::PollingInterval).not_to receive(:set_header)
+
+        subject
+      end
+
+      it 'returns 400 HTTP status' do
+        subject
+
+        expect(response).to have_gitlab_http_status(:bad_request)
+        expect(json_response).to eq({ 'status_reason' => 'Failed to parse coverage fuzzing reports' })
+      end
+    end
+
+    it_behaves_like 'authorize read pipeline'
+  end
+
  describe 'GET #secret_detection_reports' do
    let(:merge_request) { create(:ee_merge_request, :with_secret_detection_reports, source_project: project, author: create(:user)) }
    let(:params) do

--- a/ee/spec/factories/merge_requests.rb
+++ b/ee/spec/factories/merge_requests.rb
@@ -145,6 +145,18 @@ FactoryBot.define do
      end
    end

+    trait :with_coverage_fuzzing_reports do
+      after(:build) do |merge_request|
+        merge_request.head_pipeline = build(
+          :ee_ci_pipeline,
+          :success,
+          :with_coverage_fuzzing_report,
+          project: merge_request.source_project,
+          ref: merge_request.source_branch,
+          sha: merge_request.diff_head_sha)
+      end
+    end
+
    trait :with_dast_reports do
      after(:build) do |merge_request|
        merge_request.head_pipeline = build(

--- a/ee/spec/models/merge_request_spec.rb
+++ b/ee/spec/models/merge_request_spec.rb
@@ -240,6 +240,7 @@ RSpec.describe MergeRequest do
      :dependency_scanning | :with_dependency_scanning_reports | :dependency_scanning
      :license_scanning    | :with_license_management_reports  | :license_scanning
      :license_scanning    | :with_license_scanning_reports    | :license_scanning
+      :coverage_fuzzing    | :with_coverage_fuzzing_reports    | :coverage_fuzzing
    end

    with_them do
@@ -446,6 +447,28 @@ RSpec.describe MergeRequest do
    end
  end

+  describe '#has_coverage_fuzzing_reports?' do
+    subject { merge_request.has_coverage_fuzzing_reports? }
+
+    let_it_be(:project) { create(:project, :repository) }
+
+    before do
+      stub_licensed_features(coverage_fuzzing: true)
+    end
+
+    context 'when head pipeline has coverage fuzzing reports' do
+      let(:merge_request) { create(:ee_merge_request, :with_coverage_fuzzing_reports, source_project: project) }
+
+      it { is_expected.to be_truthy }
+    end
+
+    context 'when head pipeline does not have coverage fuzzing reports' do
+      let(:merge_request) { create(:ee_merge_request, source_project: project) }
+
+      it { is_expected.to be_falsey }
+    end
+  end
+
  describe '#calculate_reactive_cache with current_user' do
    let(:project) { create(:project, :repository) }
    let(:current_user) { project.users.take }
@@ -837,6 +860,66 @@ RSpec.describe MergeRequest do
    end
  end

+  describe '#compare_coverage_fuzzing_reports' do
+    subject { merge_request.compare_coverage_fuzzing_reports(current_user) }
+
+    let_it_be(:project) { create(:project, :repository) }
+    let(:current_user) { project.users.first }
+    let(:merge_request) { create(:merge_request, source_project: project) }
+
+    let!(:base_pipeline) do
+      create(:ee_ci_pipeline,
+             :with_coverage_fuzzing_report,
+             project: project,
+             ref: merge_request.target_branch,
+             sha: merge_request.diff_base_sha)
+    end
+
+    before do
+      merge_request.update!(head_pipeline_id: head_pipeline.id)
+    end
+
+    context 'when head pipeline has coverage fuzzing reports' do
+      let!(:head_pipeline) do
+        create(:ee_ci_pipeline,
+               :with_coverage_fuzzing_report,
+               project: project,
+               ref: merge_request.source_branch,
+               sha: merge_request.diff_head_sha)
+      end
+
+      context 'when reactive cache worker is parsing asynchronously' do
+        it 'returns status' do
+          expect(subject[:status]).to eq(:parsing)
+        end
+      end
+
+      context 'when reactive cache worker is inline' do
+        before do
+          synchronous_reactive_cache(merge_request)
+        end
+
+        it 'returns status and data' do
+          expect_any_instance_of(Ci::CompareSecurityReportsService)
+            .to receive(:execute).with(base_pipeline, head_pipeline).and_call_original
+
+          subject
+        end
+
+        context 'when cached results is not latest' do
+          before do
+            allow_any_instance_of(Ci::CompareSecurityReportsService)
+                .to receive(:latest?).and_return(false)
+          end
+
+          it 'raises and InvalidateReactiveCache error' do
+            expect { subject }.to raise_error(ReactiveCaching::InvalidateReactiveCache)
+          end
+        end
+      end
+    end
+  end
+
  describe '#mergeable_with_quick_action?' do
    def create_pipeline(status)
      pipeline = create(:ci_pipeline,