Add ConfigureSecurityAnalyzer superclass [RUN AS-IF-FOSS]

8bc0ef86 · Adam Cohen · Jan Provaznik · 20659ba3 · 8bc0ef86 · 8bc0ef86
Commit 8bc0ef86 authored Jul 19, 2021 by Adam Cohen Committed by Jan Provaznik Jul 19, 2021
5 changed files
--- a/app/graphql/mutations/security/ci_configuration/base_security_analyzer.rb
+++ b/app/graphql/mutations/security/ci_configuration/base_security_analyzer.rb
+# frozen_string_literal: true
+module Mutations
+  module Security
+    module CiConfiguration
+      class BaseSecurityAnalyzer < BaseMutation
+        include FindsProject
+        argument :project_path, GraphQL::ID_TYPE,
+                 required: true,
+                 description: 'Full path of the project.'
+        field :success_path, GraphQL::STRING_TYPE, null: true,
+              description: 'Redirect path to use when the response is successful.'
+        field :branch, GraphQL::STRING_TYPE, null: true,
+              description: 'Branch that has the new/modified `.gitlab-ci.yml` file.'
+        authorize :push_code
+        def resolve(project_path:, **args)
+          project = authorized_find!(project_path)
+          result = configure_analyzer(project, **args)
+          prepare_response(result)
+        end
+        private
+        def configure_analyzer(project, **args)
+          raise NotImplementedError
+        end
+        def prepare_response(result)
+          {
+            branch: result.payload[:branch],
+            success_path: result.payload[:success_path],
+            errors: result.errors
+          }
+        end
+      end
+    end
+  end
+end
--- a/app/graphql/mutations/security/ci_configuration/configure_sast.rb
+++ b/app/graphql/mutations/security/ci_configuration/configure_sast.rb
@@ -3,9 +3,7 @@
 module Mutations
  module Security
    module CiConfiguration
-      class ConfigureSast < BaseMutation
+      class ConfigureSast < BaseSecurityAnalyzer
-        include FindsProject
        graphql_name 'ConfigureSast'
        description <<~DESC
          Configure SAST for a project by enabling SAST in a new or modified
@@ -13,37 +11,12 @@ module Mutations
          create a Merge Request are a part of the response.
        DESC
-        argument :project_path, GraphQL::ID_TYPE,
-          required: true,
-          description: 'Full path of the project.'
        argument :configuration, ::Types::CiConfiguration::Sast::InputType,
          required: true,
          description: 'SAST CI configuration for the project.'
-        field :success_path, GraphQL::STRING_TYPE, null: true,
+        def configure_analyzer(project, **args)
-          description: 'Redirect path to use when the response is successful.'
+          ::Security::CiConfiguration::SastCreateService.new(project, current_user, args[:configuration]).execute
-        field :branch, GraphQL::STRING_TYPE, null: true,
-          description: 'Branch that has the new/modified `.gitlab-ci.yml` file.'
-        authorize :push_code
-        def resolve(project_path:, configuration:)
-          project = authorized_find!(project_path)
-          result = ::Security::CiConfiguration::SastCreateService.new(project, current_user, configuration).execute
-          prepare_response(result)
-        end
-        private
-        def prepare_response(result)
-          {
-            branch: result.payload[:branch],
-            success_path: result.payload[:success_path],
-            errors: result.errors
-          }
        end
      end
    end

--- a/app/graphql/mutations/security/ci_configuration/configure_secret_detection.rb
+++ b/app/graphql/mutations/security/ci_configuration/configure_secret_detection.rb
@@ -3,9 +3,7 @@
 module Mutations
  module Security
    module CiConfiguration
-      class ConfigureSecretDetection < BaseMutation
+      class ConfigureSecretDetection < BaseSecurityAnalyzer
-        include FindsProject
        graphql_name 'ConfigureSecretDetection'
        description <<~DESC
          Configure Secret Detection for a project by enabling Secret Detection
@@ -14,33 +12,8 @@ module Mutations
          response.
        DESC
-        argument :project_path, GraphQL::ID_TYPE,
+        def configure_analyzer(project, **_args)
-          required: true,
+          ::Security::CiConfiguration::SecretDetectionCreateService.new(project, current_user).execute
-          description: 'Full path of the project.'
-        field :success_path, GraphQL::STRING_TYPE, null: true,
-          description: 'Redirect path to use when the response is successful.'
-        field :branch, GraphQL::STRING_TYPE, null: true,
-          description: 'Branch that has the new/modified `.gitlab-ci.yml` file.'
-        authorize :push_code
-        def resolve(project_path:)
-          project = authorized_find!(project_path)
-          result = ::Security::CiConfiguration::SecretDetectionCreateService.new(project, current_user).execute
-          prepare_response(result)
-        end
-        private
-        def prepare_response(result)
-          {
-            branch: result.payload[:branch],
-            success_path: result.payload[:success_path],
-            errors: result.errors
-          }
        end
      end
    end

--- a/ee/app/graphql/mutations/security/ci_configuration/configure_dependency_scanning.rb
+++ b/ee/app/graphql/mutations/security/ci_configuration/configure_dependency_scanning.rb
@@ -3,9 +3,7 @@
 module Mutations
  module Security
    module CiConfiguration
-      class ConfigureDependencyScanning < BaseMutation
+      class ConfigureDependencyScanning < BaseSecurityAnalyzer
-        include FindsProject
        graphql_name 'ConfigureDependencyScanning'
        description <<~DESC
          Configure Dependency Scanning for a project by enabling Dependency Scanning in a new or modified
@@ -13,33 +11,8 @@ module Mutations
          create a Merge Request are a part of the response.
        DESC
-        argument :project_path, GraphQL::ID_TYPE,
+        def configure_analyzer(project, **_args)
-          required: true,
+          ::Security::CiConfiguration::DependencyScanningCreateService.new(project, current_user).execute
-          description: 'Full path of the project.'
-        field :success_path, GraphQL::STRING_TYPE, null: true,
-          description: 'Redirect path to use when the response is successful.'
-        field :branch, GraphQL::STRING_TYPE, null: true,
-          description: 'Branch that has the new/modified `.gitlab-ci.yml` file.'
-        authorize :push_code
-        def resolve(project_path:)
-          project = authorized_find!(project_path)
-          result = ::Security::CiConfiguration::DependencyScanningCreateService.new(project, current_user).execute
-          prepare_response(result)
-        end
-        private
-        def prepare_response(result)
-          {
-            branch: result.payload[:branch],
-            success_path: result.payload[:success_path],
-            errors: result.errors
-          }
        end
      end
    end

--- a/spec/graphql/mutations/security/ci_configuration/base_security_analyzer_spec.rb
+++ b/spec/graphql/mutations/security/ci_configuration/base_security_analyzer_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+RSpec.describe Mutations::Security::CiConfiguration::BaseSecurityAnalyzer do
+  include GraphqlHelpers
+  it 'raises a NotImplementedError error if the resolve method is called on the base class' do
+    user = create(:user)
+    project = create(:project, :public, :repository)
+    project.add_developer(user)
+    expect { resolve(described_class, args: { project_path: project.full_path }, ctx: { current_user: user }) }.to raise_error(NotImplementedError)
+  end
+end