Added E2E tests for SAST reports

Additionally updated fixture to provide SAST report

Added E2E tests for SAST reports
Additionally updated fixture to provide SAST report
a62dc11a · Aleksandr Soborov · Walmyr Lima e Silva Filho · 96313e86 · a62dc11a · a62dc11a
Commit a62dc11a authored Sep 12, 2019 by Aleksandr Soborov Committed by Walmyr Lima e Silva Filho Sep 12, 2019
4 changed files
--- a/qa/qa/ee/fixtures/secure_premade_reports/.gitlab-ci.yml
+++ b/qa/qa/ee/fixtures/secure_premade_reports/.gitlab-ci.yml
@@ -24,3 +24,13 @@ container_scanning:
  artifacts:
    reports:
      container_scanning: gl-container-scanning-report.json
+
+sast:
+  tags:
+    - qa
+    - test
+  script:
+    - echo "Skipped"
+  artifacts:
+    reports:
+      sast: gl-sast-report.json
--- a/qa/qa/ee/fixtures/secure_premade_reports/gl-sast-report.json
+++ b/qa/qa/ee/fixtures/secure_premade_reports/gl-sast-report.json
--- a/qa/qa/specs/features/ee/browser_ui/secure/create_merge_request_with_secure_spec.rb
+++ b/qa/qa/specs/features/ee/browser_ui/secure/create_merge_request_with_secure_spec.rb
@@ -5,7 +5,7 @@ require 'pathname'
 module QA
  context 'Secure', :docker do
    describe 'Security Reports in a Merge Request' do
-      let(:total_vuln_count) { 12 }
+      let(:total_vuln_count) { 45 }

      after do
        Service::Runner.new(@executor).remove!

--- a/qa/qa/specs/features/ee/browser_ui/secure/security_reports_spec.rb
+++ b/qa/qa/specs/features/ee/browser_ui/secure/security_reports_spec.rb
@@ -10,6 +10,8 @@ module QA
    let(:dependency_scan_example_vuln) { 'jQuery before 3.4.0' }
    let(:container_scan_vuln_count) { 8 }
    let(:container_scan_example_vuln) { 'CVE-2017-18269 in glibc' }
+    let(:sast_scan_vuln_count) { 33 }
+    let(:sast_scan_example_vuln) { 'Cipher with no integrity' }

    describe 'Security Reports' do
      after do
@@ -64,6 +66,11 @@ module QA
            expect(pipeline).to have_vulnerability_count_of container_scan_vuln_count
            expect(pipeline).to have_content container_scan_example_vuln
          end
+
+          filter_report_and_perform(pipeline, "SAST") do
+            expect(pipeline).to have_vulnerability_count_of sast_scan_vuln_count
+            expect(pipeline).to have_content sast_scan_example_vuln
+          end
        end
      end

@@ -79,6 +86,10 @@ module QA
          filter_report_and_perform(dashboard, "Container Scanning") do
            expect(dashboard).to have_low_vulnerability_count_of 2
          end
+
+          filter_report_and_perform(dashboard, "SAST") do
+            expect(dashboard).to have_low_vulnerability_count_of 17
+          end
        end
      end

@@ -99,6 +110,10 @@ module QA
          filter_report_and_perform(dashboard, "Container Scanning") do
            expect(dashboard).to have_content container_scan_example_vuln
          end
+
+          filter_report_and_perform(dashboard, "SAST") do
+            expect(dashboard).to have_content sast_scan_example_vuln
+          end
        end
      end