Commit aebdf815 authored by Savas Vedova's avatar Savas Vedova Committed by Bob Van Landuyt

Add manual vulnerability creation page

parent 01dca126
import initNewVulnerability from 'ee/vulnerabilities/new_vulnerability_init';
initNewVulnerability(document.getElementById('js-vulnerability-new'));
<script>
import { s__ } from '~/locale';
export default {
i18n: {
title: s__('VulnerabilityManagement|Add vulnerability finding'),
description: s__(
'VulnerabilityManagement|Manually add a vulnerability entry into the vulnerability report.',
),
},
};
</script>
<template>
<div>
<header class="gl-my-4 gl-border-b-gray-100 gl-border-b-solid gl-border-b-1">
<h2 class="gl-mt-0 gl-mb-3">
{{ $options.i18n.title }}
</h2>
<p data-testid="page-description">
{{ $options.i18n.description }}
</p>
</header>
</div>
</template>
import Vue from 'vue';
import apolloProvider from 'ee/security_dashboard/graphql/provider';
import App from 'ee/vulnerabilities/components/new_vulnerability/new_vulnerability.vue';
export default (el) => {
if (!el) {
return null;
}
return new Vue({
el,
apolloProvider,
render: (h) =>
h(App, {
props: {},
}),
});
};
...@@ -12,7 +12,8 @@ module Projects ...@@ -12,7 +12,8 @@ module Projects
push_frontend_feature_flag(:create_vulnerability_jira_issue_via_graphql, @project, default_enabled: :yaml) push_frontend_feature_flag(:create_vulnerability_jira_issue_via_graphql, @project, default_enabled: :yaml)
end end
before_action :vulnerability, except: :index before_action :vulnerability, except: [:index, :new]
before_action :authorize_create_vulnerability!, only: :new
alias_method :vulnerable, :project alias_method :vulnerable, :project
......
- @content_class = "limit-container-width" unless fluid_layout
- add_to_breadcrumbs _("Vulnerability Report"), project_security_vulnerability_report_index_path(@project)
- breadcrumb_title _("Add vulnerability finding")
- page_title _("Add vulnerability finding")
- add_page_specific_style 'page_bundles/security_dashboard'
#js-vulnerability-new
...@@ -76,7 +76,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do ...@@ -76,7 +76,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
resources :scanned_resources, only: [:index] resources :scanned_resources, only: [:index]
resources :vulnerabilities, only: [:show] do resources :vulnerabilities, only: [:show, :new] do
member do member do
get :discussions, format: :json get :discussions, format: :json
end end
......
...@@ -15,6 +15,34 @@ RSpec.describe Projects::Security::VulnerabilitiesController do ...@@ -15,6 +15,34 @@ RSpec.describe Projects::Security::VulnerabilitiesController do
sign_in(user) sign_in(user)
end end
describe 'GET #new' do
let(:request_new_vulnerability_page) { get :new, params: { namespace_id: project.namespace, project_id: project } }
include_context '"Security & Compliance" permissions' do
let(:valid_request) { request_new_vulnerability_page }
end
it 'renders the add new finding page' do
request_new_vulnerability_page
expect(response).to have_gitlab_http_status(:ok)
end
context 'when user can not create vulnerability' do
before do
guest = create(:user)
project.add_guest(guest)
sign_in(guest)
end
it 'renders a 403' do
request_new_vulnerability_page
expect(response).to have_gitlab_http_status(:forbidden)
end
end
end
describe 'GET #show' do describe 'GET #show' do
let_it_be(:pipeline) { create(:ci_pipeline, sha: project.commit.id, project: project, user: user) } let_it_be(:pipeline) { create(:ci_pipeline, sha: project.commit.id, project: project, user: user) }
let_it_be(:vulnerability) { create(:vulnerability, project: project) } let_it_be(:vulnerability) { create(:vulnerability, project: project) }
......
import { shallowMountExtended } from 'helpers/vue_test_utils_helper';
import NewVulnerability from 'ee/vulnerabilities/components/new_vulnerability/new_vulnerability.vue';
describe('New vulnerability component', () => {
let wrapper;
const createWrapper = () => {
return shallowMountExtended(NewVulnerability, {});
};
beforeEach(() => {
wrapper = createWrapper();
});
afterEach(() => {
wrapper.destroy();
});
it('should render the page title and description', () => {
expect(wrapper.findByRole('heading', { name: 'Add vulnerability finding' }).exists()).toBe(
true,
);
expect(wrapper.findByTestId('page-description').text()).toBe(
'Manually add a vulnerability entry into the vulnerability report.',
);
});
});
...@@ -2133,6 +2133,9 @@ msgstr "" ...@@ -2133,6 +2133,9 @@ msgstr ""
msgid "Add variable" msgid "Add variable"
msgstr "" msgstr ""
msgid "Add vulnerability finding"
msgstr ""
msgid "Add webhook" msgid "Add webhook"
msgstr "" msgstr ""
...@@ -38397,6 +38400,9 @@ msgstr "" ...@@ -38397,6 +38400,9 @@ msgstr ""
msgid "VulnerabilityManagement|A true-positive and will fix" msgid "VulnerabilityManagement|A true-positive and will fix"
msgstr "" msgstr ""
msgid "VulnerabilityManagement|Add vulnerability finding"
msgstr ""
msgid "VulnerabilityManagement|Change status" msgid "VulnerabilityManagement|Change status"
msgstr "" msgstr ""
...@@ -38412,6 +38418,9 @@ msgstr "" ...@@ -38412,6 +38418,9 @@ msgstr ""
msgid "VulnerabilityManagement|Fetching linked Jira issues" msgid "VulnerabilityManagement|Fetching linked Jira issues"
msgstr "" msgstr ""
msgid "VulnerabilityManagement|Manually add a vulnerability entry into the vulnerability report."
msgstr ""
msgid "VulnerabilityManagement|Needs triage" msgid "VulnerabilityManagement|Needs triage"
msgstr "" msgstr ""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment