Skip to content

G
gitlab-ce
Commit 71eb7d06 authored by Philip Cunningham's avatar Philip Cunningham Committed by Heinrich Lee Yu
Browse files
Options

Generate DAST CI variables at the model layer

parent 7ff1e6f8
Hide whitespace changes
Inline Side-by-side
Showing with 118 additions and 7 deletions
ee/app/models/dast/profile.rb
View file @ 71eb7d06
......@@ -32,7 +32,7 @@ module Dast
Dast::Branch.new(self)
end
def ci_variables
def secret_ci_variables
::Gitlab::Ci::Variables::Collection.new(secret_variables)
end
......
ee/app/models/dast_scanner_profile.rb
View file @ 71eb7d06
......@@ -14,6 +14,16 @@ class DastScannerProfile < ApplicationRecord
active: 2
}
def ci_variables
::Gitlab::Ci::Variables::Collection.new.tap do |variables|
variables.append(key: 'DAST_SPIDER_MINS', value: String(spider_timeout)) if spider_timeout
variables.append(key: 'DAST_TARGET_AVAILABILITY_TIMEOUT', value: String(target_timeout)) if target_timeout
variables.append(key: 'DAST_FULL_SCAN_ENABLED', value: String(full_scan_enabled?))
variables.append(key: 'DAST_USE_AJAX_SPIDER', value: String(use_ajax_spider))
variables.append(key: 'DAST_DEBUG', value: String(show_debug_messages))
end
end
def full_scan_enabled?
scan_type == 'active'
end
......
ee/app/models/dast_site_profile.rb
View file @ 71eb7d06
......@@ -29,6 +29,30 @@ class DastSiteProfile < ApplicationRecord
delegate :dast_site_validation, to: :dast_site, allow_nil: true
def ci_variables
url = dast_site.url
collection = ::Gitlab::Ci::Variables::Collection.new.tap do |variables|
if target_type == 'website'
variables.append(key: 'DAST_WEBSITE', value: url)
else
variables.append(key: 'DAST_API_SPECIFICATION', value: url)
variables.append(key: 'DAST_API_HOST_OVERRIDE', value: URI(url).host)
end
variables.append(key: 'DAST_EXCLUDE_URLS', value: excluded_urls.join(',')) unless excluded_urls.empty?
if auth_enabled
variables.append(key: 'DAST_AUTH_URL', value: auth_url)
variables.append(key: 'DAST_USERNAME', value: auth_username)
variables.append(key: 'DAST_USERNAME_FIELD', value: auth_username_field)
variables.append(key: 'DAST_PASSWORD_FIELD', value: auth_password_field)
end
end
collection.compact
end
def secret_ci_variables
::Gitlab::Ci::Variables::Collection.new(secret_variables)
end
......
ee/app/models/ee/ci/build.rb
View file @ 71eb7d06
......@@ -52,7 +52,7 @@ module EE
# Subject to change. Please see gitlab-org/gitlab#330950 for more info.
profile = pipeline.dast_profile || pipeline.dast_site_profile
collection.concat(profile.ci_variables)
collection.concat(profile.secret_ci_variables)
end
end
end
......
ee/spec/models/dast/profile_spec.rb
View file @ 71eb7d06
......@@ -122,10 +122,10 @@ RSpec.describe Dast::Profile, type: :model do
end
end
describe '#ci_variables' do
describe '#secret_ci_variables' do
context 'when there are no secret_variables' do
it 'returns an empty collection' do
expect(subject.ci_variables.size).to be_zero
expect(subject.secret_ci_variables.size).to be_zero
end
end
......@@ -133,7 +133,7 @@ RSpec.describe Dast::Profile, type: :model do
it 'returns a collection containing that variable' do
variable = create(:dast_site_profile_secret_variable, dast_site_profile: subject.dast_site_profile)
expect(subject.ci_variables.to_runner_variables).to include(key: variable.key, value: variable.value, public: false, masked: true)
expect(subject.secret_ci_variables.to_runner_variables).to include(key: variable.key, value: variable.value, public: false, masked: true)
end
end
end
......
ee/spec/models/dast_scanner_profile_spec.rb
View file @ 71eb7d06
......@@ -33,6 +33,29 @@ RSpec.describe DastScannerProfile, type: :model do
end
end
describe '#ci_variables' do
let(:collection) { subject.ci_variables }
it 'returns a collection of variables' do
expected_variables = [
{ key: 'DAST_FULL_SCAN_ENABLED', value: 'false', public: true, masked: false },
{ key: 'DAST_USE_AJAX_SPIDER', value: 'false', public: true, masked: false },
{ key: 'DAST_DEBUG', value: 'false', public: true, masked: false }
]
expect(collection.to_runner_variables).to eq(expected_variables)
end
context 'when optional fields are set' do
subject { build(:dast_scanner_profile, spider_timeout: 1, target_timeout: 2) }
it 'returns a collection of variables including these', :aggregate_failures do
expect(collection).to include(key: 'DAST_SPIDER_MINS', value: String(subject.spider_timeout), public: true)
expect(collection).to include(key: 'DAST_TARGET_AVAILABILITY_TIMEOUT', value: String(subject.target_timeout), public: true)
end
end
end
describe 'full_scan_enabled?' do
describe 'when is active scan' do
subject { create(:dast_scanner_profile, scan_type: :active).full_scan_enabled? }
......
ee/spec/models/dast_site_profile_spec.rb
View file @ 71eb7d06
......@@ -195,9 +195,63 @@ RSpec.describe DastSiteProfile, type: :model do
end
describe '#ci_variables' do
let(:collection) { subject.ci_variables }
let(:keys) { subject.ci_variables.map { |variable| variable[:key] } }
let(:excluded_urls) { subject.excluded_urls.join(',') }
it 'returns a collection of variables' do
expected_variables = [
{ key: 'DAST_WEBSITE', value: subject.dast_site.url, public: true, masked: false },
{ key: 'DAST_EXCLUDE_URLS', value: excluded_urls, public: true, masked: false },
{ key: 'DAST_AUTH_URL', value: subject.auth_url, public: true, masked: false },
{ key: 'DAST_USERNAME', value: subject.auth_username, public: true, masked: false },
{ key: 'DAST_USERNAME_FIELD', value: subject.auth_username_field, public: true, masked: false },
{ key: 'DAST_PASSWORD_FIELD', value: subject.auth_password_field, public: true, masked: false }
]
expect(collection.to_runner_variables).to eq(expected_variables)
end
context 'when target_type=api' do
subject { build(:dast_site_profile, target_type: :api) }
it 'returns a collection of variables with api configuration only', :aggregate_failures do
expect(keys).not_to include('DAST_WEBSITE')
expect(collection).to include(key: 'DAST_API_SPECIFICATION', value: subject.dast_site.url, public: true)
expect(collection).to include(key: 'DAST_API_HOST_OVERRIDE', value: URI(subject.dast_site.url).host, public: true)
end
end
context 'when auth is disabled' do
subject { build(:dast_site_profile, auth_enabled: false) }
it 'returns a collection of variables excluding any auth variables', :aggregate_failures do
expect(keys).not_to include('DAST_AUTH_URL', 'DAST_USERNAME', 'DAST_USERNAME_FIELD', 'DAST_PASSWORD_FIELD')
end
end
context 'when excluded_urls is empty' do
subject { build(:dast_site_profile, excluded_urls: []) }
it 'is removed from the collection' do
expect(keys).not_to include('DAST_EXCLUDE_URLS')
end
end
context 'when a variable is set to nil' do
subject { build(:dast_site_profile, auth_enabled: true, auth_username_field: nil) }
it 'is removed from the collection' do
expect(keys).not_to include('DAST_USERNAME_FIELD')
end
end
end
describe '#secret_ci_variables' do
context 'when there are no secret_variables' do
it 'returns an empty collection' do
expect(subject.ci_variables.size).to be_zero
expect(subject.secret_ci_variables.size).to be_zero
end
end
......@@ -205,7 +259,7 @@ RSpec.describe DastSiteProfile, type: :model do
it 'returns a collection containing that variable' do
variable = create(:dast_site_profile_secret_variable, dast_site_profile: subject)
expect(subject.ci_variables.to_runner_variables).to include(key: variable.key, value: variable.value, public: false, masked: true)
expect(subject.secret_ci_variables.to_runner_variables).to include(key: variable.key, value: variable.value, public: false, masked: true)
end
end
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7