Commit 00d09aab authored by Walmyr Lima e Silva Filho's avatar Walmyr Lima e Silva Filho

Merge branch 'qa-e2e-secure-mr-runtime' into 'master'

Split Secure MR E2E files and reuse test setup

Closes gitlab-org/quality/team-tasks#266

See merge request gitlab-org/gitlab!22929
parents 4ab7ae86 96e663b0
...@@ -74,39 +74,6 @@ module QA ...@@ -74,39 +74,6 @@ module QA
expect(merge_request).to have_dast_vulnerability_count expect(merge_request).to have_dast_vulnerability_count
end end
end end
it 'can dismiss a vulnerability with a reason' do
dismiss_reason = "Vulnerability not applicable"
Page::MergeRequest::Show.perform do |merge_request|
expect(merge_request).to have_vulnerability_report
merge_request.dismiss_vulnerability_with_reason(vuln_name, dismiss_reason)
merge_request.click_vulnerability(vuln_name)
expect(merge_request).to have_opened_dismissed_vulnerability(dismiss_reason)
end
end
it 'can create an issue from a vulnerability' do
Page::MergeRequest::Show.perform do |merge_request|
expect(merge_request).to have_vulnerability_report
merge_request.create_vulnerability_issue(vuln_name)
end
Page::Project::Issue::Show.perform do |issue|
expect(issue).to have_title("Investigate vulnerability: #{vuln_name}")
end
end
it 'can create an auto-remediation MR' do
Page::MergeRequest::Show.perform do |merge_request|
expect(merge_request).to have_vulnerability_report
merge_request.resolve_vulnerability_with_mr remediable_vuln_name
# Context changes as resolve method creates new MR
expect(merge_request).to have_title remediable_vuln_name
end
end
end end
end end
end end
# frozen_string_literal: true
require 'pathname'
module QA
context 'Secure', :docker do
describe 'Security Reports in a Merge Request' do
let(:sast_vuln_count) { 5 }
let(:dependency_scan_vuln_count) { 4 }
let(:container_scan_vuln_count) { 8 }
let(:vuln_name) { "Regular Expression Denial of Service in debug" }
let(:remediable_vuln_name) { "Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js" }
after(:all) do
Service::DockerRun::GitlabRunner.new(@executor).remove!
Runtime::Feature.enable('job_log_json') if @job_log_json_flag_enabled
end
before(:all) do
@executor = "qa-runner-#{Time.now.to_i}"
Flow::Login.sign_in
@project = Resource::Project.fabricate_via_api! do |p|
p.name = Runtime::Env.auto_devops_project_name || 'project-with-secure'
p.description = 'Project with Secure'
p.auto_devops_enabled = false
p.initialize_with_readme = true
end
Resource::Runner.fabricate! do |runner|
runner.project = @project
runner.name = @executor
runner.tags = %w[qa test]
end
# Push fixture to generate Secure reports
@source = Resource::Repository::ProjectPush.fabricate! do |push|
push.project = @project
push.directory = Pathname
.new(__dir__)
.join('../../../../../ee/fixtures/secure_premade_reports')
push.commit_message = 'Create Secure compatible application to serve premade reports'
push.branch_name = 'secure-mr'
end
@merge_request = Resource::MergeRequest.fabricate_via_api! do |mr|
mr.project = @project
mr.source_branch = 'secure-mr'
mr.target_branch = 'master'
mr.source = @source
mr.target = 'master'
mr.target_new_branch = false
end
@project.visit!
Page::Project::Menu.perform(&:click_ci_cd_pipelines)
Page::Project::Pipeline::Index.perform(&:wait_for_latest_pipeline_success)
end
before do
Flow::Login.sign_in_unless_signed_in
@merge_request.visit!
end
it 'can dismiss a vulnerability with a reason' do
dismiss_reason = "Vulnerability not applicable"
Page::MergeRequest::Show.perform do |merge_request|
expect(merge_request).to have_vulnerability_report
merge_request.dismiss_vulnerability_with_reason(vuln_name, dismiss_reason)
merge_request.click_vulnerability(vuln_name)
expect(merge_request).to have_opened_dismissed_vulnerability(dismiss_reason)
end
end
it 'can create an issue from a vulnerability' do
Page::MergeRequest::Show.perform do |merge_request|
expect(merge_request).to have_vulnerability_report
merge_request.create_vulnerability_issue(vuln_name)
end
Page::Project::Issue::Show.perform do |issue|
expect(issue).to have_title("Investigate vulnerability: #{vuln_name}")
end
end
it 'can create an auto-remediation MR' do
Page::MergeRequest::Show.perform do |merge_request|
expect(merge_request).to have_vulnerability_report
merge_request.resolve_vulnerability_with_mr remediable_vuln_name
# Context changes as resolve method creates new MR
expect(merge_request).to have_title remediable_vuln_name
end
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment