Commit 7491fc11 authored by Heinrich Lee Yu's avatar Heinrich Lee Yu

Merge branch...

Merge branch 'philipcunningham-add-dynamically-generated-ci-variables-for-dast-326953' into 'master'

Generate DAST CI variables at the model layer

See merge request gitlab-org/gitlab!62648
parents f42332fe 71eb7d06
......@@ -32,7 +32,7 @@ module Dast
Dast::Branch.new(self)
end
def ci_variables
def secret_ci_variables
::Gitlab::Ci::Variables::Collection.new(secret_variables)
end
......
......@@ -14,6 +14,16 @@ class DastScannerProfile < ApplicationRecord
active: 2
}
def ci_variables
::Gitlab::Ci::Variables::Collection.new.tap do |variables|
variables.append(key: 'DAST_SPIDER_MINS', value: String(spider_timeout)) if spider_timeout
variables.append(key: 'DAST_TARGET_AVAILABILITY_TIMEOUT', value: String(target_timeout)) if target_timeout
variables.append(key: 'DAST_FULL_SCAN_ENABLED', value: String(full_scan_enabled?))
variables.append(key: 'DAST_USE_AJAX_SPIDER', value: String(use_ajax_spider))
variables.append(key: 'DAST_DEBUG', value: String(show_debug_messages))
end
end
def full_scan_enabled?
scan_type == 'active'
end
......
......@@ -29,6 +29,30 @@ class DastSiteProfile < ApplicationRecord
delegate :dast_site_validation, to: :dast_site, allow_nil: true
def ci_variables
url = dast_site.url
collection = ::Gitlab::Ci::Variables::Collection.new.tap do |variables|
if target_type == 'website'
variables.append(key: 'DAST_WEBSITE', value: url)
else
variables.append(key: 'DAST_API_SPECIFICATION', value: url)
variables.append(key: 'DAST_API_HOST_OVERRIDE', value: URI(url).host)
end
variables.append(key: 'DAST_EXCLUDE_URLS', value: excluded_urls.join(',')) unless excluded_urls.empty?
if auth_enabled
variables.append(key: 'DAST_AUTH_URL', value: auth_url)
variables.append(key: 'DAST_USERNAME', value: auth_username)
variables.append(key: 'DAST_USERNAME_FIELD', value: auth_username_field)
variables.append(key: 'DAST_PASSWORD_FIELD', value: auth_password_field)
end
end
collection.compact
end
def secret_ci_variables
::Gitlab::Ci::Variables::Collection.new(secret_variables)
end
......
......@@ -52,7 +52,7 @@ module EE
# Subject to change. Please see gitlab-org/gitlab#330950 for more info.
profile = pipeline.dast_profile || pipeline.dast_site_profile
collection.concat(profile.ci_variables)
collection.concat(profile.secret_ci_variables)
end
end
end
......
......@@ -122,10 +122,10 @@ RSpec.describe Dast::Profile, type: :model do
end
end
describe '#ci_variables' do
describe '#secret_ci_variables' do
context 'when there are no secret_variables' do
it 'returns an empty collection' do
expect(subject.ci_variables.size).to be_zero
expect(subject.secret_ci_variables.size).to be_zero
end
end
......@@ -133,7 +133,7 @@ RSpec.describe Dast::Profile, type: :model do
it 'returns a collection containing that variable' do
variable = create(:dast_site_profile_secret_variable, dast_site_profile: subject.dast_site_profile)
expect(subject.ci_variables.to_runner_variables).to include(key: variable.key, value: variable.value, public: false, masked: true)
expect(subject.secret_ci_variables.to_runner_variables).to include(key: variable.key, value: variable.value, public: false, masked: true)
end
end
end
......
......@@ -33,6 +33,29 @@ RSpec.describe DastScannerProfile, type: :model do
end
end
describe '#ci_variables' do
let(:collection) { subject.ci_variables }
it 'returns a collection of variables' do
expected_variables = [
{ key: 'DAST_FULL_SCAN_ENABLED', value: 'false', public: true, masked: false },
{ key: 'DAST_USE_AJAX_SPIDER', value: 'false', public: true, masked: false },
{ key: 'DAST_DEBUG', value: 'false', public: true, masked: false }
]
expect(collection.to_runner_variables).to eq(expected_variables)
end
context 'when optional fields are set' do
subject { build(:dast_scanner_profile, spider_timeout: 1, target_timeout: 2) }
it 'returns a collection of variables including these', :aggregate_failures do
expect(collection).to include(key: 'DAST_SPIDER_MINS', value: String(subject.spider_timeout), public: true)
expect(collection).to include(key: 'DAST_TARGET_AVAILABILITY_TIMEOUT', value: String(subject.target_timeout), public: true)
end
end
end
describe 'full_scan_enabled?' do
describe 'when is active scan' do
subject { create(:dast_scanner_profile, scan_type: :active).full_scan_enabled? }
......
......@@ -195,9 +195,63 @@ RSpec.describe DastSiteProfile, type: :model do
end
describe '#ci_variables' do
let(:collection) { subject.ci_variables }
let(:keys) { subject.ci_variables.map { |variable| variable[:key] } }
let(:excluded_urls) { subject.excluded_urls.join(',') }
it 'returns a collection of variables' do
expected_variables = [
{ key: 'DAST_WEBSITE', value: subject.dast_site.url, public: true, masked: false },
{ key: 'DAST_EXCLUDE_URLS', value: excluded_urls, public: true, masked: false },
{ key: 'DAST_AUTH_URL', value: subject.auth_url, public: true, masked: false },
{ key: 'DAST_USERNAME', value: subject.auth_username, public: true, masked: false },
{ key: 'DAST_USERNAME_FIELD', value: subject.auth_username_field, public: true, masked: false },
{ key: 'DAST_PASSWORD_FIELD', value: subject.auth_password_field, public: true, masked: false }
]
expect(collection.to_runner_variables).to eq(expected_variables)
end
context 'when target_type=api' do
subject { build(:dast_site_profile, target_type: :api) }
it 'returns a collection of variables with api configuration only', :aggregate_failures do
expect(keys).not_to include('DAST_WEBSITE')
expect(collection).to include(key: 'DAST_API_SPECIFICATION', value: subject.dast_site.url, public: true)
expect(collection).to include(key: 'DAST_API_HOST_OVERRIDE', value: URI(subject.dast_site.url).host, public: true)
end
end
context 'when auth is disabled' do
subject { build(:dast_site_profile, auth_enabled: false) }
it 'returns a collection of variables excluding any auth variables', :aggregate_failures do
expect(keys).not_to include('DAST_AUTH_URL', 'DAST_USERNAME', 'DAST_USERNAME_FIELD', 'DAST_PASSWORD_FIELD')
end
end
context 'when excluded_urls is empty' do
subject { build(:dast_site_profile, excluded_urls: []) }
it 'is removed from the collection' do
expect(keys).not_to include('DAST_EXCLUDE_URLS')
end
end
context 'when a variable is set to nil' do
subject { build(:dast_site_profile, auth_enabled: true, auth_username_field: nil) }
it 'is removed from the collection' do
expect(keys).not_to include('DAST_USERNAME_FIELD')
end
end
end
describe '#secret_ci_variables' do
context 'when there are no secret_variables' do
it 'returns an empty collection' do
expect(subject.ci_variables.size).to be_zero
expect(subject.secret_ci_variables.size).to be_zero
end
end
......@@ -205,7 +259,7 @@ RSpec.describe DastSiteProfile, type: :model do
it 'returns a collection containing that variable' do
variable = create(:dast_site_profile_secret_variable, dast_site_profile: subject)
expect(subject.ci_variables.to_runner_variables).to include(key: variable.key, value: variable.value, public: false, masked: true)
expect(subject.secret_ci_variables.to_runner_variables).to include(key: variable.key, value: variable.value, public: false, masked: true)
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment