Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
36408e3e
Commit
36408e3e
authored
Sep 08, 2021
by
Philip Cunningham
Committed by
Stan Hu
Sep 08, 2021
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Amend DAST shared examples to use let_it_be
parent
8551f067
Changes
16
Hide whitespace changes
Inline
Side-by-side
Showing
16 changed files
with
132 additions
and
131 deletions
+132
-131
ee/spec/requests/api/graphql/mutations/dast/profiles/create_spec.rb
...quests/api/graphql/mutations/dast/profiles/create_spec.rb
+13
-12
ee/spec/requests/api/graphql/mutations/dast/profiles/delete_spec.rb
...quests/api/graphql/mutations/dast/profiles/delete_spec.rb
+3
-2
ee/spec/requests/api/graphql/mutations/dast/profiles/run_spec.rb
.../requests/api/graphql/mutations/dast/profiles/run_spec.rb
+3
-1
ee/spec/requests/api/graphql/mutations/dast/profiles/update_spec.rb
...quests/api/graphql/mutations/dast/profiles/update_spec.rb
+3
-1
ee/spec/requests/api/graphql/mutations/dast_on_demand_scans/create_spec.rb
...api/graphql/mutations/dast_on_demand_scans/create_spec.rb
+14
-10
ee/spec/requests/api/graphql/mutations/dast_scanner_profiles/create_spec.rb
...pi/graphql/mutations/dast_scanner_profiles/create_spec.rb
+6
-2
ee/spec/requests/api/graphql/mutations/dast_scanner_profiles/delete_spec.rb
...pi/graphql/mutations/dast_scanner_profiles/delete_spec.rb
+10
-5
ee/spec/requests/api/graphql/mutations/dast_scanner_profiles/update_spec.rb
...pi/graphql/mutations/dast_scanner_profiles/update_spec.rb
+13
-22
ee/spec/requests/api/graphql/mutations/dast_site_profiles/create_spec.rb
...s/api/graphql/mutations/dast_site_profiles/create_spec.rb
+9
-3
ee/spec/requests/api/graphql/mutations/dast_site_profiles/delete_spec.rb
...s/api/graphql/mutations/dast_site_profiles/delete_spec.rb
+11
-20
ee/spec/requests/api/graphql/mutations/dast_site_profiles/update_spec.rb
...s/api/graphql/mutations/dast_site_profiles/update_spec.rb
+13
-28
ee/spec/requests/api/graphql/mutations/dast_site_tokens/create_spec.rb
...sts/api/graphql/mutations/dast_site_tokens/create_spec.rb
+9
-5
ee/spec/requests/api/graphql/mutations/dast_site_validations/create_spec.rb
...pi/graphql/mutations/dast_site_validations/create_spec.rb
+11
-6
ee/spec/requests/api/graphql/mutations/dast_site_validations/revoke_spec.rb
...pi/graphql/mutations/dast_site_validations/revoke_spec.rb
+4
-2
ee/spec/support/shared_examples/graphql/mutations/dast_on_demand_scan_with_user_abilities_shared_examples.rb
...ast_on_demand_scan_with_user_abilities_shared_examples.rb
+5
-6
ee/spec/support/shared_examples/graphql/mutations/dast_on_demand_scan_without_user_abilities_shared_examples.rb
..._on_demand_scan_without_user_abilities_shared_examples.rb
+5
-6
No files found.
ee/spec/requests/api/graphql/mutations/dast/profiles/create_spec.rb
View file @
36408e3e
...
@@ -5,18 +5,21 @@ require 'spec_helper'
...
@@ -5,18 +5,21 @@ require 'spec_helper'
RSpec
.
describe
'Creating a DAST Profile'
do
RSpec
.
describe
'Creating a DAST Profile'
do
include
GraphqlHelpers
include
GraphqlHelpers
let
(
:name
)
{
SecureRandom
.
hex
}
let_it_be
(
:project
)
{
create
(
:project
,
:repository
)
}
let
(
:dast_site_profile
)
{
create
(
:dast_site_profile
,
project:
project
)
}
let_it_be
(
:current_user
)
{
create
(
:user
)
}
let
(
:dast_scanner_profile
)
{
create
(
:dast_scanner_profile
,
project:
project
)
}
let_it_be
(
:dast_site_profile
)
{
create
(
:dast_site_profile
,
project:
project
)
}
let_it_be
(
:dast_scanner_profile
)
{
create
(
:dast_scanner_profile
,
project:
project
)
}
let_it_be
(
:dast_profile_name
)
{
SecureRandom
.
hex
}
let
(
:dast_profile
)
{
Dast
::
Profile
.
find_by
(
project:
project
,
name:
name
)
}
let
(
:dast_profile
)
{
Dast
::
Profile
.
find_by
(
project:
project
,
name:
dast_profile_
name
)
}
let
(
:mutation_name
)
{
:dast_profile_create
}
let
(
:mutation_name
)
{
:dast_profile_create
}
let
(
:mutation
)
do
let
(
:mutation
)
do
graphql_mutation
(
graphql_mutation
(
mutation_name
,
mutation_name
,
full_path:
full_path
,
full_path:
full_path
,
name:
name
,
name:
dast_profile_
name
,
branch_name:
project
.
default_branch
,
branch_name:
project
.
default_branch
,
dast_site_profile_id:
global_id_of
(
dast_site_profile
),
dast_site_profile_id:
global_id_of
(
dast_site_profile
),
dast_scanner_profile_id:
global_id_of
(
dast_scanner_profile
),
dast_scanner_profile_id:
global_id_of
(
dast_scanner_profile
),
...
@@ -25,6 +28,7 @@ RSpec.describe 'Creating a DAST Profile' do
...
@@ -25,6 +28,7 @@ RSpec.describe 'Creating a DAST Profile' do
end
end
it_behaves_like
'an on-demand scan mutation when user cannot run an on-demand scan'
it_behaves_like
'an on-demand scan mutation when user cannot run an on-demand scan'
it_behaves_like
'an on-demand scan mutation when user can run an on-demand scan'
do
it_behaves_like
'an on-demand scan mutation when user can run an on-demand scan'
do
it
'returns dastProfile.id'
do
it
'returns dastProfile.id'
do
subject
subject
...
@@ -49,7 +53,7 @@ RSpec.describe 'Creating a DAST Profile' do
...
@@ -49,7 +53,7 @@ RSpec.describe 'Creating a DAST Profile' do
graphql_mutation
(
graphql_mutation
(
mutation_name
,
mutation_name
,
full_path:
full_path
,
full_path:
full_path
,
name:
name
,
name:
dast_profile_
name
,
branch_name:
project
.
default_branch
,
branch_name:
project
.
default_branch
,
dast_site_profile_id:
global_id_of
(
dast_site_profile
),
dast_site_profile_id:
global_id_of
(
dast_site_profile
),
dast_scanner_profile_id:
global_id_of
(
dast_scanner_profile
),
dast_scanner_profile_id:
global_id_of
(
dast_scanner_profile
),
...
@@ -57,16 +61,13 @@ RSpec.describe 'Creating a DAST Profile' do
...
@@ -57,16 +61,13 @@ RSpec.describe 'Creating a DAST Profile' do
dast_profile_schedule:
{
dast_profile_schedule:
{
starts_at:
Time
.
zone
.
now
,
starts_at:
Time
.
zone
.
now
,
active:
true
,
active:
true
,
cadence:
{
cadence:
{
duration:
1
,
unit:
'DAY'
},
duration:
1
,
timezone:
'America/New_York'
unit:
"DAY"
},
timezone:
"America/New_York"
}
}
)
)
end
end
it
'creates
dastProfileSchedule when passed
'
do
it
'creates
a Dast::ProfileSchedule
'
do
expect
{
subject
}.
to
change
{
Dast
::
ProfileSchedule
.
count
}.
by
(
1
)
expect
{
subject
}.
to
change
{
Dast
::
ProfileSchedule
.
count
}.
by
(
1
)
end
end
end
end
...
...
ee/spec/requests/api/graphql/mutations/dast/profiles/delete_spec.rb
View file @
36408e3e
...
@@ -5,10 +5,11 @@ require 'spec_helper'
...
@@ -5,10 +5,11 @@ require 'spec_helper'
RSpec
.
describe
'Deleting a DAST Profile'
do
RSpec
.
describe
'Deleting a DAST Profile'
do
include
GraphqlHelpers
include
GraphqlHelpers
let!
(
:dast_profile
)
{
create
(
:dast_profile
,
project:
project
)
}
let_it_be
(
:project
)
{
create
(
:project
)
}
let_it_be
(
:current_user
)
{
create
(
:user
)
}
let_it_be
(
:dast_profile
)
{
create
(
:dast_profile
,
project:
project
)
}
let
(
:mutation_name
)
{
:dast_profile_delete
}
let
(
:mutation_name
)
{
:dast_profile_delete
}
let
(
:mutation
)
{
graphql_mutation
(
mutation_name
,
id:
global_id_of
(
dast_profile
))
}
let
(
:mutation
)
{
graphql_mutation
(
mutation_name
,
id:
global_id_of
(
dast_profile
))
}
it_behaves_like
'an on-demand scan mutation when user cannot run an on-demand scan'
it_behaves_like
'an on-demand scan mutation when user cannot run an on-demand scan'
...
...
ee/spec/requests/api/graphql/mutations/dast/profiles/run_spec.rb
View file @
36408e3e
...
@@ -5,7 +5,9 @@ require 'spec_helper'
...
@@ -5,7 +5,9 @@ require 'spec_helper'
RSpec
.
describe
'Running a DAST Profile'
do
RSpec
.
describe
'Running a DAST Profile'
do
include
GraphqlHelpers
include
GraphqlHelpers
let!
(
:dast_profile
)
{
create
(
:dast_profile
,
project:
project
)
}
let_it_be
(
:project
)
{
create
(
:project
,
:repository
)
}
let_it_be
(
:current_user
)
{
create
(
:user
)
}
let_it_be
(
:dast_profile
)
{
create
(
:dast_profile
,
project:
project
)
}
let
(
:mutation_name
)
{
:dast_profile_run
}
let
(
:mutation_name
)
{
:dast_profile_run
}
...
...
ee/spec/requests/api/graphql/mutations/dast/profiles/update_spec.rb
View file @
36408e3e
...
@@ -5,7 +5,9 @@ require 'spec_helper'
...
@@ -5,7 +5,9 @@ require 'spec_helper'
RSpec
.
describe
'Updating a DAST Profile'
do
RSpec
.
describe
'Updating a DAST Profile'
do
include
GraphqlHelpers
include
GraphqlHelpers
let!
(
:dast_profile
)
{
create
(
:dast_profile
,
project:
project
)
}
let_it_be
(
:project
)
{
create
(
:project
,
:repository
)
}
let_it_be
(
:current_user
)
{
create
(
:user
)
}
let_it_be
(
:dast_profile
)
{
create
(
:dast_profile
,
project:
project
)
}
let
(
:mutation_name
)
{
:dast_profile_update
}
let
(
:mutation_name
)
{
:dast_profile_update
}
...
...
ee/spec/requests/api/graphql/mutations/dast_on_demand_scans/create_spec.rb
View file @
36408e3e
...
@@ -5,11 +5,15 @@ require 'spec_helper'
...
@@ -5,11 +5,15 @@ require 'spec_helper'
RSpec
.
describe
'Running a DAST Scan'
do
RSpec
.
describe
'Running a DAST Scan'
do
include
GraphqlHelpers
include
GraphqlHelpers
let
(
:dast_site_profile
)
{
create
(
:dast_site_profile
,
project:
project
)
}
let_it_be
(
:project
)
{
create
(
:project
,
:repository
)
}
let
(
:dast_site_profile_id
)
{
dast_site_profile
.
to_global_id
.
to_s
}
let_it_be
(
:current_user
)
{
create
(
:user
)
}
let
(
:dast_scanner_profile_id
)
{
nil
}
let_it_be
(
:dast_site_profile
)
{
create
(
:dast_site_profile
,
project:
project
)
}
let_it_be
(
:dast_site_profile_id
)
{
global_id_of
(
dast_site_profile
)
}
let_it_be
(
:dast_scanner_profile_id
)
{
nil
}
let
(
:mutation_name
)
{
:dast_on_demand_scan_create
}
let
(
:mutation_name
)
{
:dast_on_demand_scan_create
}
let
(
:mutation
)
do
let
(
:mutation
)
do
graphql_mutation
(
graphql_mutation
(
mutation_name
,
mutation_name
,
...
@@ -20,6 +24,7 @@ RSpec.describe 'Running a DAST Scan' do
...
@@ -20,6 +24,7 @@ RSpec.describe 'Running a DAST Scan' do
end
end
it_behaves_like
'an on-demand scan mutation when user cannot run an on-demand scan'
it_behaves_like
'an on-demand scan mutation when user cannot run an on-demand scan'
it_behaves_like
'an on-demand scan mutation when user can run an on-demand scan'
do
it_behaves_like
'an on-demand scan mutation when user can run an on-demand scan'
do
it
'returns a pipeline_url containing the correct path'
do
it
'returns a pipeline_url containing the correct path'
do
post_graphql_mutation
(
mutation
,
current_user:
current_user
)
post_graphql_mutation
(
mutation
,
current_user:
current_user
)
...
@@ -32,8 +37,8 @@ RSpec.describe 'Running a DAST Scan' do
...
@@ -32,8 +37,8 @@ RSpec.describe 'Running a DAST Scan' do
end
end
context
'when dast_scanner_profile_id is provided'
do
context
'when dast_scanner_profile_id is provided'
do
let
(
:dast_scanner_profile
)
{
create
(
:dast_scanner_profile
,
project:
project
,
target_timeout:
200
,
spider_timeout:
5000
)
}
let
_it_be
(
:dast_scanner_profile
)
{
create
(
:dast_scanner_profile
,
project:
project
,
target_timeout:
200
,
spider_timeout:
5000
)
}
let
(
:dast_scanner_profile_id
)
{
dast_scanner_profile
.
to_global_id
.
to_s
}
let
_it_be
(
:dast_scanner_profile_id
)
{
global_id_of
(
dast_scanner_profile
)
}
it
'returns an empty errors array'
do
it
'returns an empty errors array'
do
subject
subject
...
@@ -47,17 +52,16 @@ RSpec.describe 'Running a DAST Scan' do
...
@@ -47,17 +52,16 @@ RSpec.describe 'Running a DAST Scan' do
graphql_mutation
(
graphql_mutation
(
mutation_name
,
mutation_name
,
full_path:
full_path
,
full_path:
full_path
,
dast_site_profile_id:
dast_site_profile
.
dast_site
.
to_global_id
.
to_s
dast_site_profile_id:
global_id_of
(
dast_site_profile
),
dast_scanner_profile_id:
global_id_of
(
dast_site_profile
)
)
)
end
end
it_behaves_like
'a mutation that returns top-level errors'
do
it_behaves_like
'a mutation that returns top-level errors'
do
let
(
:match_errors
)
do
let
(
:match_errors
)
do
gid
=
dast_site_profile
.
dast_site
.
to_global_id
eq
([
"Variable $dastOnDemandScanCreateInput of type DastOnDemandScanCreateInput! "
\
eq
([
"Variable $dastOnDemandScanCreateInput of type DastOnDemandScanCreateInput! "
\
"was provided invalid value for dastS
iteProfileId (
\"
#{
g
id
}
\"
does not "
\
"was provided invalid value for dastS
cannerProfileId (
\"
#{
dast_site_profile_
id
}
\"
does not "
\
"represent an instance of DastS
ite
Profile)"
])
"represent an instance of DastS
canner
Profile)"
])
end
end
end
end
end
end
...
...
ee/spec/requests/api/graphql/mutations/dast_scanner_profiles/create_spec.rb
View file @
36408e3e
...
@@ -5,7 +5,10 @@ require 'spec_helper'
...
@@ -5,7 +5,10 @@ require 'spec_helper'
RSpec
.
describe
'Creating a DAST Scanner Profile'
do
RSpec
.
describe
'Creating a DAST Scanner Profile'
do
include
GraphqlHelpers
include
GraphqlHelpers
let
(
:profile_name
)
{
FFaker
::
Company
.
catch_phrase
}
let_it_be
(
:project
)
{
create
(
:project
)
}
let_it_be
(
:current_user
)
{
create
(
:user
)
}
let_it_be
(
:profile_name
)
{
FFaker
::
Company
.
catch_phrase
}
let
(
:dast_scanner_profile
)
{
DastScannerProfile
.
find_by
(
project:
project
,
name:
profile_name
)
}
let
(
:dast_scanner_profile
)
{
DastScannerProfile
.
find_by
(
project:
project
,
name:
profile_name
)
}
let
(
:mutation_name
)
{
:dast_scanner_profile_create
}
let
(
:mutation_name
)
{
:dast_scanner_profile_create
}
...
@@ -18,11 +21,12 @@ RSpec.describe 'Creating a DAST Scanner Profile' do
...
@@ -18,11 +21,12 @@ RSpec.describe 'Creating a DAST Scanner Profile' do
end
end
it_behaves_like
'an on-demand scan mutation when user cannot run an on-demand scan'
it_behaves_like
'an on-demand scan mutation when user cannot run an on-demand scan'
it_behaves_like
'an on-demand scan mutation when user can run an on-demand scan'
do
it_behaves_like
'an on-demand scan mutation when user can run an on-demand scan'
do
it
'returns the dast_scanner_profile id'
do
it
'returns the dast_scanner_profile id'
do
post_graphql_mutation
(
mutation
,
current_user:
current_user
)
post_graphql_mutation
(
mutation
,
current_user:
current_user
)
expect
(
mutation_response
[
'id'
]).
to
eq
(
dast_scanner_profile
.
to_global_id
.
to_s
)
expect
(
mutation_response
[
'id'
]).
to
eq
(
global_id_of
(
dast_scanner_profile
)
)
end
end
it
'sets default values of omitted properties'
do
it
'sets default values of omitted properties'
do
...
...
ee/spec/requests/api/graphql/mutations/dast_scanner_profiles/delete_spec.rb
View file @
36408e3e
...
@@ -4,10 +4,15 @@ require 'spec_helper'
...
@@ -4,10 +4,15 @@ require 'spec_helper'
RSpec
.
describe
'Delete a DAST Scanner Profile'
do
RSpec
.
describe
'Delete a DAST Scanner Profile'
do
include
GraphqlHelpers
include
GraphqlHelpers
let!
(
:dast_scanner_profile
)
{
create
(
:dast_scanner_profile
,
project:
project
,
target_timeout:
200
,
spider_timeout:
5000
)
}
let
(
:dast_scanner_profile_id
)
{
dast_scanner_profile
.
to_global_id
.
to_s
}
let_it_be
(
:project
)
{
create
(
:project
)
}
let_it_be
(
:current_user
)
{
create
(
:user
)
}
let_it_be
(
:dast_scanner_profile
)
{
create
(
:dast_scanner_profile
,
project:
project
)
}
let_it_be
(
:dast_scanner_profile_id
)
{
global_id_of
(
dast_scanner_profile
)
}
let
(
:mutation_name
)
{
:dast_scanner_profile_delete
}
let
(
:mutation_name
)
{
:dast_scanner_profile_delete
}
let
(
:mutation
)
do
let
(
:mutation
)
do
graphql_mutation
(
graphql_mutation
(
mutation_name
,
mutation_name
,
...
@@ -23,14 +28,14 @@ RSpec.describe 'Delete a DAST Scanner Profile' do
...
@@ -23,14 +28,14 @@ RSpec.describe 'Delete a DAST Scanner Profile' do
end
end
context
'when the dast_scanner_profile belongs to another project'
do
context
'when the dast_scanner_profile belongs to another project'
do
let
(
:project_1
)
{
create
(
:project
,
:repository
,
creator:
current_user
)
}
let
_it_be
(
:other_project
)
{
create
(
:project
,
creator:
current_user
)
}
let
(
:full_path
)
{
project_1
.
full_path
}
let
_it_be
(
:full_path
)
{
other_project
.
full_path
}
it_behaves_like
'a mutation that returns a top-level access error'
it_behaves_like
'a mutation that returns a top-level access error'
end
end
context
'when the dast_scanner_profile does not exist'
do
context
'when the dast_scanner_profile does not exist'
do
let
(
:dast_scanner_profile_id
)
{
Gitlab
::
GlobalId
.
build
(
nil
,
model_name:
'DastScannerProfile'
,
id:
'does_not_exist'
)
}
let
(
:dast_scanner_profile_id
)
{
Gitlab
::
GlobalId
.
build
(
nil
,
model_name:
'DastScannerProfile'
,
id:
non_existing_record_id
)
}
it_behaves_like
'a mutation that returns errors in the response'
,
errors:
[
'Scanner profile not found for given parameters'
]
it_behaves_like
'a mutation that returns errors in the response'
,
errors:
[
'Scanner profile not found for given parameters'
]
end
end
...
...
ee/spec/requests/api/graphql/mutations/dast_scanner_profiles/update_spec.rb
View file @
36408e3e
...
@@ -5,11 +5,12 @@ require 'spec_helper'
...
@@ -5,11 +5,12 @@ require 'spec_helper'
RSpec
.
describe
'Update a DAST Scanner Profile'
do
RSpec
.
describe
'Update a DAST Scanner Profile'
do
include
GraphqlHelpers
include
GraphqlHelpers
let
!
(
:dast_scanner_profile
)
{
create
(
:dast_scanner_profile
,
project:
project
,
target_timeout:
200
,
spider_timeout:
5000
)
}
let
_it_be
(
:project
)
{
create
(
:project
)
}
let
!
(
:dast_scanner_profile_1
)
{
create
(
:dast_scanner_profile
,
project:
project
)
}
let
_it_be
(
:current_user
)
{
create
(
:user
)
}
let_it_be
(
:dast_scanner_profile
)
{
create
(
:dast_scanner_profile
,
project:
project
,
target_timeout:
200
,
spider_timeout:
5000
)
}
let_it_be
(
:
new_profile_name
)
{
SecureRandom
.
hex
}
let_it_be
(
:
dast_scanner_profile_id
)
{
global_id_of
(
dast_scanner_profile
)
}
let
(
:new_profile_name
)
{
SecureRandom
.
hex
}
let
(
:new_target_timeout
)
{
dast_scanner_profile
.
target_timeout
+
1
}
let
(
:new_target_timeout
)
{
dast_scanner_profile
.
target_timeout
+
1
}
let
(
:new_spider_timeout
)
{
dast_scanner_profile
.
spider_timeout
+
1
}
let
(
:new_spider_timeout
)
{
dast_scanner_profile
.
spider_timeout
+
1
}
let
(
:new_scan_type
)
{
(
DastScannerProfile
.
scan_types
.
keys
-
[
DastScannerProfile
.
last
.
scan_type
]).
first
}
let
(
:new_scan_type
)
{
(
DastScannerProfile
.
scan_types
.
keys
-
[
DastScannerProfile
.
last
.
scan_type
]).
first
}
...
@@ -17,11 +18,12 @@ RSpec.describe 'Update a DAST Scanner Profile' do
...
@@ -17,11 +18,12 @@ RSpec.describe 'Update a DAST Scanner Profile' do
let
(
:new_show_debug_messages
)
{
!
dast_scanner_profile
.
show_debug_messages
}
let
(
:new_show_debug_messages
)
{
!
dast_scanner_profile
.
show_debug_messages
}
let
(
:mutation_name
)
{
:dast_scanner_profile_update
}
let
(
:mutation_name
)
{
:dast_scanner_profile_update
}
let
(
:mutation
)
do
let
(
:mutation
)
do
graphql_mutation
(
graphql_mutation
(
mutation_name
,
mutation_name
,
full_path:
full_path
,
full_path:
full_path
,
id:
dast_scanner_profile
.
to_global_id
.
to_s
,
id:
dast_scanner_profile
_id
,
profile_name:
new_profile_name
,
profile_name:
new_profile_name
,
target_timeout:
new_target_timeout
,
target_timeout:
new_target_timeout
,
spider_timeout:
new_spider_timeout
,
spider_timeout:
new_spider_timeout
,
...
@@ -54,33 +56,22 @@ RSpec.describe 'Update a DAST Scanner Profile' do
...
@@ -54,33 +56,22 @@ RSpec.describe 'Update a DAST Scanner Profile' do
end
end
context
'when there is an issue updating the dast_scanner_profile'
do
context
'when there is an issue updating the dast_scanner_profile'
do
let
(
:new_profile_name
)
{
dast_scanner_profile_1
.
name
}
let_it_be
(
:other_dast_scanner_profile
)
{
create
(
:dast_scanner_profile
,
project:
project
)
}
let
(
:new_profile_name
)
{
other_dast_scanner_profile
.
name
}
it_behaves_like
'a mutation that returns errors in the response'
,
errors:
[
'Name has already been taken'
]
it_behaves_like
'a mutation that returns errors in the response'
,
errors:
[
'Name has already been taken'
]
end
end
context
'when the dast_scanner_profile does not exist'
do
context
'when the dast_scanner_profile does not exist'
do
before
do
let
(
:dast_scanner_profile_id
)
{
Gitlab
::
GlobalId
.
build
(
nil
,
model_name:
'DastScannerProfile'
,
id:
non_existing_record_id
)
}
dast_scanner_profile
.
destroy!
end
it_behaves_like
'a mutation that returns errors in the response'
,
errors:
[
'Scanner profile not found for given parameters'
]
it_behaves_like
'a mutation that returns errors in the response'
,
errors:
[
'Scanner profile not found for given parameters'
]
end
end
context
'when the dast_scanner_profile belongs to a different project'
do
context
'when the dast_scanner_profile belongs to a different project'
do
let
(
:mutation
)
do
let_it_be
(
:other_project
)
{
create
(
:project
,
creator:
current_user
)
}
graphql_mutation
(
let_it_be
(
:full_path
)
{
other_project
.
full_path
}
mutation_name
,
full_path:
create
(
:project
).
full_path
,
id:
dast_scanner_profile
.
to_global_id
.
to_s
,
profile_name:
new_profile_name
,
target_timeout:
new_target_timeout
,
spider_timeout:
new_spider_timeout
,
scan_type:
new_scan_type
.
upcase
,
use_ajax_spider:
new_use_ajax_spider
,
show_debug_messages:
new_show_debug_messages
)
end
it_behaves_like
'a mutation that returns a top-level access error'
it_behaves_like
'a mutation that returns a top-level access error'
end
end
...
...
ee/spec/requests/api/graphql/mutations/dast_site_profiles/create_spec.rb
View file @
36408e3e
...
@@ -5,11 +5,14 @@ require 'spec_helper'
...
@@ -5,11 +5,14 @@ require 'spec_helper'
RSpec
.
describe
'Creating a DAST Site Profile'
do
RSpec
.
describe
'Creating a DAST Site Profile'
do
include
GraphqlHelpers
include
GraphqlHelpers
let
(
:profile_name
)
{
FFaker
::
Company
.
catch_phrase
}
let_it_be
(
:project
)
{
create
(
:project
)
}
let
(
:target_url
)
{
generate
(
:url
)
}
let_it_be
(
:current_user
)
{
create
(
:user
)
}
let
(
:dast_site_profile
)
{
DastSiteProfile
.
find_by
(
project:
project
,
name:
profile_name
)
}
let_it_be
(
:profile_name
)
{
FFaker
::
Company
.
catch_phrase
}
let_it_be
(
:target_url
)
{
generate
(
:url
)
}
let
(
:mutation_name
)
{
:dast_site_profile_create
}
let
(
:mutation_name
)
{
:dast_site_profile_create
}
let
(
:mutation
)
do
let
(
:mutation
)
do
graphql_mutation
(
graphql_mutation
(
mutation_name
,
mutation_name
,
...
@@ -31,10 +34,13 @@ RSpec.describe 'Creating a DAST Site Profile' do
...
@@ -31,10 +34,13 @@ RSpec.describe 'Creating a DAST Site Profile' do
end
end
it_behaves_like
'an on-demand scan mutation when user cannot run an on-demand scan'
it_behaves_like
'an on-demand scan mutation when user cannot run an on-demand scan'
it_behaves_like
'an on-demand scan mutation when user can run an on-demand scan'
do
it_behaves_like
'an on-demand scan mutation when user can run an on-demand scan'
do
it
'returns the dast_site_profile id'
do
it
'returns the dast_site_profile id'
do
subject
subject
dast_site_profile
=
DastSiteProfile
.
find_by
(
project:
project
,
name:
profile_name
)
expect
(
mutation_response
).
to
include
(
'id'
=>
global_id_of
(
dast_site_profile
))
expect
(
mutation_response
).
to
include
(
'id'
=>
global_id_of
(
dast_site_profile
))
end
end
end
end
...
...
ee/spec/requests/api/graphql/mutations/dast_site_profiles/delete_spec.rb
View file @
36408e3e
...
@@ -5,10 +5,13 @@ require 'spec_helper'
...
@@ -5,10 +5,13 @@ require 'spec_helper'
RSpec
.
describe
'Creating a DAST Site Profile'
do
RSpec
.
describe
'Creating a DAST Site Profile'
do
include
GraphqlHelpers
include
GraphqlHelpers
let!
(
:dast_site_profile
)
{
create
(
:dast_site_profile
,
project:
project
)
}
let_it_be
(
:project
)
{
create
(
:project
)
}
let_it_be
(
:current_user
)
{
create
(
:user
)
}
let_it_be
(
:dast_site_profile
)
{
create
(
:dast_site_profile
,
project:
project
)
}
let_it_be
(
:dast_site_profile_id
)
{
global_id_of
(
dast_site_profile
)
}
let
(
:mutation_name
)
{
:dast_site_profile_delete
}
let
(
:mutation_name
)
{
:dast_site_profile_delete
}
let
(
:dast_site_profile_id
)
{
dast_site_profile
.
to_global_id
.
to_s
}
let
(
:mutation
)
do
let
(
:mutation
)
do
graphql_mutation
(
graphql_mutation
(
mutation_name
,
mutation_name
,
...
@@ -18,6 +21,7 @@ RSpec.describe 'Creating a DAST Site Profile' do
...
@@ -18,6 +21,7 @@ RSpec.describe 'Creating a DAST Site Profile' do
end
end
it_behaves_like
'an on-demand scan mutation when user cannot run an on-demand scan'
it_behaves_like
'an on-demand scan mutation when user cannot run an on-demand scan'
it_behaves_like
'an on-demand scan mutation when user can run an on-demand scan'
do
it_behaves_like
'an on-demand scan mutation when user can run an on-demand scan'
do
it
'deletes the dast_site_profile'
do
it
'deletes the dast_site_profile'
do
expect
{
subject
}.
to
change
{
DastSiteProfile
.
count
}.
by
(
-
1
)
expect
{
subject
}.
to
change
{
DastSiteProfile
.
count
}.
by
(
-
1
)
...
@@ -34,39 +38,26 @@ RSpec.describe 'Creating a DAST Site Profile' do
...
@@ -34,39 +38,26 @@ RSpec.describe 'Creating a DAST Site Profile' do
end
end
context
'when the dast_site_profile does not exist'
do
context
'when the dast_site_profile does not exist'
do
let
(
:dast_site_profile_id
)
{
Gitlab
::
GlobalId
.
build
(
nil
,
model_name:
'DastSiteProfile'
,
id:
'does_not_exist'
)
}
let
_it_be
(
:dast_site_profile_id
)
{
Gitlab
::
GlobalId
.
build
(
nil
,
model_name:
'DastSiteProfile'
,
id:
non_existing_record_id
)
}
it_behaves_like
'a mutation that returns errors in the response'
,
errors:
[
'Site profile not found for given parameters'
]
it_behaves_like
'a mutation that returns errors in the response'
,
errors:
[
'Site profile not found for given parameters'
]
end
end
context
'when wrong type of global id is passed'
do
context
'when wrong type of global id is passed'
do
let
(
:mutation
)
do
let_it_be
(
:dast_site_profile_id
)
{
global_id_of
(
dast_site_profile
.
dast_site
)
}
graphql_mutation
(
mutation_name
,
full_path:
full_path
,
id:
dast_site_profile
.
dast_site
.
to_global_id
.
to_s
)
end
it_behaves_like
'a mutation that returns top-level errors'
do
it_behaves_like
'a mutation that returns top-level errors'
do
let
(
:match_errors
)
do
let
(
:match_errors
)
do
gid
=
dast_site_profile
.
dast_site
.
to_global_id
eq
([
"Variable $dastSiteProfileDeleteInput of type DastSiteProfileDeleteInput! "
\
eq
([
"Variable $dastSiteProfileDeleteInput of type DastSiteProfileDeleteInput! "
\
"was provided invalid value for id (
\"
#{
g
id
}
\"
does not represent an instance "
\
"was provided invalid value for id (
\"
#{
dast_site_profile_
id
}
\"
does not represent an instance "
\
"of DastSiteProfile)"
])
"of DastSiteProfile)"
])
end
end
end
end
end
end
context
'when the dast_site_profile belongs to a different project'
do
context
'when the dast_site_profile belongs to a different project'
do
let
(
:mutation
)
do
let_it_be
(
:other_project
)
{
create
(
:project
)
}
graphql_mutation
(
let_it_be
(
:full_path
)
{
other_project
.
full_path
}
mutation_name
,
full_path:
create
(
:project
).
full_path
,
id:
dast_site_profile
.
to_global_id
.
to_s
)
end
it_behaves_like
'a mutation that returns a top-level access error'
it_behaves_like
'a mutation that returns a top-level access error'
end
end
...
...
ee/spec/requests/api/graphql/mutations/dast_site_profiles/update_spec.rb
View file @
36408e3e
...
@@ -5,17 +5,21 @@ require 'spec_helper'
...
@@ -5,17 +5,21 @@ require 'spec_helper'
RSpec
.
describe
'Creating a DAST Site Profile'
do
RSpec
.
describe
'Creating a DAST Site Profile'
do
include
GraphqlHelpers
include
GraphqlHelpers
let!
(
:dast_site_profile
)
{
create
(
:dast_site_profile
,
project:
project
)
}
let_it_be
(
:project
)
{
create
(
:project
)
}
let_it_be
(
:current_user
)
{
create
(
:user
)
}
let_it_be
(
:dast_site_profile
)
{
create
(
:dast_site_profile
,
project:
project
)
}
let_it_be
(
:dast_site_profile_id
)
{
global_id_of
(
dast_site_profile
)
}
let
(
:new_profile_name
)
{
SecureRandom
.
hex
}
let
_it_be
(
:new_profile_name
)
{
SecureRandom
.
hex
}
let
(
:new_target_url
)
{
generate
(
:url
)
}
let
_it_be
(
:new_target_url
)
{
generate
(
:url
)
}
let
(
:mutation_name
)
{
:dast_site_profile_update
}
let
(
:mutation_name
)
{
:dast_site_profile_update
}
let
(
:mutation
)
do
let
(
:mutation
)
do
graphql_mutation
(
graphql_mutation
(
mutation_name
,
mutation_name
,
full_path:
full_path
,
full_path:
full_path
,
id:
dast_site_profile
.
to_global_id
.
to_s
,
id:
dast_site_profile
_id
,
profile_name:
new_profile_name
,
profile_name:
new_profile_name
,
target_url:
new_target_url
,
target_url:
new_target_url
,
target_type:
'API'
,
target_type:
'API'
,
...
@@ -64,45 +68,26 @@ RSpec.describe 'Creating a DAST Site Profile' do
...
@@ -64,45 +68,26 @@ RSpec.describe 'Creating a DAST Site Profile' do
end
end
context
'when the dast_site_profile does not exist'
do
context
'when the dast_site_profile does not exist'
do
before
do
let_it_be
(
:dast_site_profile_id
)
{
Gitlab
::
GlobalId
.
build
(
nil
,
model_name:
'DastSiteProfile'
,
id:
non_existing_record_id
)
}
dast_site_profile
.
destroy!
end
it_behaves_like
'a mutation that returns errors in the response'
,
errors:
[
'DastSiteProfile not found'
]
it_behaves_like
'a mutation that returns errors in the response'
,
errors:
[
'DastSiteProfile not found'
]
end
end
context
'when wrong type of global id is passed'
do
context
'when wrong type of global id is passed'
do
let
(
:mutation
)
do
let_it_be
(
:dast_site_profile_id
)
{
global_id_of
(
project
)
}
graphql_mutation
(
mutation_name
,
full_path:
full_path
,
id:
dast_site_profile
.
dast_site
.
to_global_id
.
to_s
,
profile_name:
new_profile_name
,
target_url:
new_target_url
)
end
it_behaves_like
'a mutation that returns top-level errors'
do
it_behaves_like
'a mutation that returns top-level errors'
do
let
(
:match_errors
)
do
let
(
:match_errors
)
do
gid
=
dast_site_profile
.
dast_site
.
to_global_id
eq
([
"Variable $dastSiteProfileUpdateInput of type DastSiteProfileUpdateInput! "
\
eq
([
"Variable $dastSiteProfileUpdateInput of type DastSiteProfileUpdateInput! "
\
"was provided invalid value for id (
\"
#{
g
id
}
\"
does not represent an instance "
\
"was provided invalid value for id (
\"
#{
dast_site_profile_
id
}
\"
does not represent an instance "
\
"of DastSiteProfile)"
])
"of DastSiteProfile)"
])
end
end
end
end
end
end
context
'when the dast_site_profile belongs to a different project'
do
context
'when the dast_site_profile belongs to a different project'
do
let
(
:mutation
)
do
let_it_be
(
:other_project
)
{
create
(
:project
,
creator:
current_user
)
}
graphql_mutation
(
let_it_be
(
:full_path
)
{
other_project
.
full_path
}
mutation_name
,
full_path:
create
(
:project
).
full_path
,
id:
dast_site_profile
.
to_global_id
.
to_s
,
profile_name:
new_profile_name
,
target_url:
new_target_url
)
end
it_behaves_like
'a mutation that returns a top-level access error'
it_behaves_like
'a mutation that returns a top-level access error'
end
end
...
...
ee/spec/requests/api/graphql/mutations/dast_site_tokens/create_spec.rb
View file @
36408e3e
...
@@ -5,16 +5,17 @@ require 'spec_helper'
...
@@ -5,16 +5,17 @@ require 'spec_helper'
RSpec
.
describe
'Creating a DAST Site Token'
do
RSpec
.
describe
'Creating a DAST Site Token'
do
include
GraphqlHelpers
include
GraphqlHelpers
let
(
:target_url
)
{
generate
(
:url
)
}
let
_it_be
(
:project
)
{
create
(
:project
)
}
let
(
:dast_site_token
)
{
DastSiteToken
.
find_by!
(
project:
project
,
token:
uuid
)
}
let
_it_be
(
:current_user
)
{
create
(
:user
)
}
let
(
:uuid
)
{
'0000-0000-0000-0000'
}
let
_it_be
(
:uuid
)
{
'0000-0000-0000-0000'
}
let
(
:mutation_name
)
{
:dast_site_token_create
}
let
(
:mutation_name
)
{
:dast_site_token_create
}
let
(
:mutation
)
do
let
(
:mutation
)
do
graphql_mutation
(
graphql_mutation
(
mutation_name
,
mutation_name
,
full_path:
full_path
,
full_path:
full_path
,
target_url:
target_url
target_url:
generate
(
:url
)
)
)
end
end
...
@@ -23,11 +24,14 @@ RSpec.describe 'Creating a DAST Site Token' do
...
@@ -23,11 +24,14 @@ RSpec.describe 'Creating a DAST Site Token' do
end
end
it_behaves_like
'an on-demand scan mutation when user cannot run an on-demand scan'
it_behaves_like
'an on-demand scan mutation when user cannot run an on-demand scan'
it_behaves_like
'an on-demand scan mutation when user can run an on-demand scan'
do
it_behaves_like
'an on-demand scan mutation when user can run an on-demand scan'
do
it
'returns the dast_site_token id'
do
it
'returns the dast_site_token id'
do
subject
subject
expect
(
mutation_response
[
"id"
]).
to
eq
(
dast_site_token
.
to_global_id
.
to_s
)
dast_site_token
=
DastSiteToken
.
find_by!
(
project:
project
,
token:
uuid
)
expect
(
mutation_response
[
"id"
]).
to
eq
(
global_id_of
(
dast_site_token
))
end
end
it
'creates a new dast_site_token'
do
it
'creates a new dast_site_token'
do
...
...
ee/spec/requests/api/graphql/mutations/dast_site_validations/create_spec.rb
View file @
36408e3e
...
@@ -5,28 +5,33 @@ require 'spec_helper'
...
@@ -5,28 +5,33 @@ require 'spec_helper'
RSpec
.
describe
'Creating a DAST Site Token'
do
RSpec
.
describe
'Creating a DAST Site Token'
do
include
GraphqlHelpers
include
GraphqlHelpers
let
(
:dast_site
)
{
create
(
:dast_site
,
project:
project
)
}
let_it_be
(
:project
)
{
create
(
:project
,
:repository
)
}
let
(
:dast_site_token
)
{
create
(
:dast_site_token
,
project:
project
,
url:
dast_site
.
url
)
}
let_it_be
(
:current_user
)
{
create
(
:user
)
}
let
(
:validation_path
)
{
SecureRandom
.
hex
}
let_it_be
(
:dast_site
)
{
create
(
:dast_site
,
project:
project
)
}
let
(
:dast_site_validation
)
{
DastSiteValidation
.
find_by!
(
url_path:
validation_path
)
}
let_it_be
(
:dast_site_token
)
{
create
(
:dast_site_token
,
project:
project
,
url:
dast_site
.
url
)
}
let_it_be
(
:validation_path
)
{
SecureRandom
.
hex
}
let
(
:mutation_name
)
{
:dast_site_validation_create
}
let
(
:mutation_name
)
{
:dast_site_validation_create
}
let
(
:mutation
)
do
let
(
:mutation
)
do
graphql_mutation
(
graphql_mutation
(
mutation_name
,
mutation_name
,
full_path:
full_path
,
full_path:
full_path
,
dast_site_token_id:
dast_site_token
.
to_global_id
.
to_s
,
dast_site_token_id:
global_id_of
(
dast_site_token
)
,
validation_path:
validation_path
,
validation_path:
validation_path
,
strategy:
Types
::
DastSiteValidationStrategyEnum
.
values
[
'TEXT_FILE'
].
graphql_name
strategy:
Types
::
DastSiteValidationStrategyEnum
.
values
[
'TEXT_FILE'
].
graphql_name
)
)
end
end
it_behaves_like
'an on-demand scan mutation when user cannot run an on-demand scan'
it_behaves_like
'an on-demand scan mutation when user cannot run an on-demand scan'
it_behaves_like
'an on-demand scan mutation when user can run an on-demand scan'
do
it_behaves_like
'an on-demand scan mutation when user can run an on-demand scan'
do
it
'returns the dast_site_validation id'
do
it
'returns the dast_site_validation id'
do
subject
subject
expect
(
mutation_response
[
"id"
]).
to
eq
(
dast_site_validation
.
to_global_id
.
to_s
)
dast_site_validation
=
DastSiteValidation
.
find_by!
(
url_path:
validation_path
)
expect
(
mutation_response
[
"id"
]).
to
eq
(
global_id_of
(
dast_site_validation
))
end
end
it
'creates a new dast_site_validation'
do
it
'creates a new dast_site_validation'
do
...
...
ee/spec/requests/api/graphql/mutations/dast_site_validations/revoke_spec.rb
View file @
36408e3e
...
@@ -5,8 +5,10 @@ require 'spec_helper'
...
@@ -5,8 +5,10 @@ require 'spec_helper'
RSpec
.
describe
'Creating a DAST Site Token'
do
RSpec
.
describe
'Creating a DAST Site Token'
do
include
GraphqlHelpers
include
GraphqlHelpers
let
(
:dast_site_token
)
{
create
(
:dast_site_token
,
project:
project
)}
let_it_be
(
:project
)
{
create
(
:project
)
}
let!
(
:dast_site_validation
)
{
create
(
:dast_site_validation
,
state: :passed
,
dast_site_token:
dast_site_token
)}
let_it_be
(
:current_user
)
{
create
(
:user
)
}
let_it_be
(
:dast_site_token
)
{
create
(
:dast_site_token
,
project:
project
)}
let_it_be
(
:dast_site_validation
)
{
create
(
:dast_site_validation
,
state: :passed
,
dast_site_token:
dast_site_token
)}
let
(
:mutation_name
)
{
:dast_site_validation_revoke
}
let
(
:mutation_name
)
{
:dast_site_validation_revoke
}
...
...
ee/spec/support/shared_examples/graphql/mutations/dast_on_demand_scan_with_user_abilities_shared_examples.rb
View file @
36408e3e
...
@@ -2,13 +2,12 @@
...
@@ -2,13 +2,12 @@
require
'spec_helper'
require
'spec_helper'
# There must be a method or let called `mutation` defined that executes
# There must be a method or let named `mutation` defined that executes the
# the mutation and one called `mutation_name` that is the name of the
# mutation and one named `mutation_name` that is the name of the mutation being
# mutation being executed.
# executed. There must also be method or let named `project` and one named
# `current_user.`
RSpec
.
shared_examples
'an on-demand scan mutation when user can run an on-demand scan'
do
RSpec
.
shared_examples
'an on-demand scan mutation when user can run an on-demand scan'
do
let
(
:project
)
{
create
(
:project
,
:repository
,
creator:
current_user
)
}
let_it_be
(
:full_path
)
{
project
.
full_path
}
let
(
:current_user
)
{
create
(
:user
)
}
let
(
:full_path
)
{
project
.
full_path
}
def
mutation_response
def
mutation_response
graphql_mutation_response
(
mutation_name
)
graphql_mutation_response
(
mutation_name
)
...
...
ee/spec/support/shared_examples/graphql/mutations/dast_on_demand_scan_without_user_abilities_shared_examples.rb
View file @
36408e3e
...
@@ -2,13 +2,12 @@
...
@@ -2,13 +2,12 @@
require
'spec_helper'
require
'spec_helper'
# There must be a method or let called `mutation` defined that executes
# There must be a method or let named `mutation` defined that executes the
# the mutation and one called `mutation_name` that is the name of the
# mutation and one named `mutation_name` that is the name of the mutation being
# mutation being executed.
# executed. There must also be method or let named `project` and one named
# `current_user.`
RSpec
.
shared_examples
'an on-demand scan mutation when user cannot run an on-demand scan'
do
RSpec
.
shared_examples
'an on-demand scan mutation when user cannot run an on-demand scan'
do
let
(
:project
)
{
create
(
:project
,
:repository
,
creator:
current_user
)
}
let_it_be
(
:full_path
)
{
project
.
full_path
}
let
(
:current_user
)
{
create
(
:user
)
}
let
(
:full_path
)
{
project
.
full_path
}
before
do
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
stub_licensed_features
(
security_on_demand_scans:
true
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment