Commit e0d760a4 authored by rossfuhrman's avatar rossfuhrman Committed by Heinrich Lee Yu

Add placeholder SAST Configration page

Part of [New SAST Config UI Page - Basic SAST Wide Settings][1].

Behind feature flag `sast_configuration_ui` (disabled by default).

[1]: https://gitlab.com/gitlab-org/gitlab/-/issues/220577
parent 6fad1782
......@@ -3,20 +3,65 @@
module Projects
module Security
class SastConfigurationController < Projects::ApplicationController
include CreatesCommit
include SecurityDashboardsPermissions
alias_method :vulnerable, :project
before_action :ensure_sast_configuration_enabled!
before_action :authorize_edit_tree!, only: [:create]
def show
end
def create
@branch_name = project.repository.next_branch("add-sast-config")
@commit_params = {
commit_message: "Add .gitlab-ci.yml to enable SAST",
actions: [{ action: "create", file_path: ".gitlab-ci.yml", content: gitlab_ci_yml }]
}
project.repository.add_branch(current_user, @branch_name, project.default_branch)
create_commit(::Files::MultiService, success_notice: _("The .gitlab-ci.yml has been successfully created."),
success_path: successful_change_path, failure_path: '')
end
private
def ensure_sast_configuration_enabled!
not_found unless ::Feature.enabled?(:sast_configuration_ui, project)
end
def successful_change_path
description = "Add .gitlab-ci.yml to enable SAST security scan using the GitLab managed SAST template."
merge_request_params = { source_branch: @branch_name, description: description }
project_new_merge_request_url(@project, merge_request: merge_request_params)
end
def gitlab_ci_yml
return ado_yml if project.auto_devops_enabled?
sast_yml
end
def ado_yml
<<-CI_YML.strip_heredoc
include:
- template: Auto-DevOps.gitlab-ci.yml
CI_YML
end
def sast_yml
<<-CI_YML.strip_heredoc
stages:
- test
include:
- template: SAST.gitlab-ci.yml
CI_YML
end
end
end
end
......@@ -48,6 +48,7 @@ module Projects
{
auto_devops_enabled: auto_devops_source?,
auto_devops_help_page_path: help_page_path('topics/autodevops/index'),
create_sast_merge_request_path: project_security_configuration_sast_path(project),
features: features.to_json,
help_page_path: help_page_path('user/application_security/index'),
latest_pipeline_path: latest_pipeline_path,
......
......@@ -67,7 +67,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
resource :configuration, only: [:show], controller: :configuration do
post :auto_fix, on: :collection
resource :sast, only: [:show], controller: :sast_configuration
resource :sast, only: [:show, :create], controller: :sast_configuration
end
resource :discover, only: [:show], controller: :discover
......
......@@ -70,4 +70,34 @@ RSpec.describe Projects::Security::SastConfigurationController do
end
end
end
describe 'POST #create' do
let_it_be(:project) { create(:project, :repository, namespace: group) }
before do
stub_licensed_features(security_dashboard: true)
sign_in(developer)
end
context 'with valid params' do
it 'returns the new merge request url' do
create_sast_configuration user: developer, project: project, params: {}
expect(json_response["message"]).to eq("success")
expect(json_response["filePath"]).to match(/#{project_new_merge_request_url(project, {})}(.*)description(.*)source_branch/)
end
end
end
def create_sast_configuration(user:, project:, params:)
post_params = {
namespace_id: project.namespace.to_param,
project_id: project.to_param,
sast_configuration: params,
format: :json
}
post :create, params: post_params, as: :json
end
end
......@@ -28,6 +28,10 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
expect(auto_fix['container_scanning']).to be_truthy
end
it 'includes the path to create a SAST merge request' do
expect(subject[:create_sast_merge_request_path]).to eq(project_security_configuration_sast_path(project))
end
context "when the latest default branch pipeline's source is auto devops" do
before do
create(
......
......@@ -22928,6 +22928,9 @@ msgid_plural "The %{type} contains the following errors:"
msgstr[0] ""
msgstr[1] ""
msgid "The .gitlab-ci.yml has been successfully created."
msgstr ""
msgid "The Advanced Global Search in GitLab is a powerful search service that saves you time. Instead of creating duplicate code and wasting time, you can now search for code within other teams that can help your own project."
msgstr ""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment