Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
6058cccd
Commit
6058cccd
authored
Nov 11, 2021
by
Philip Cunningham
Committed by
Dylan Griffith
Nov 11, 2021
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Move Dast::Profile association out of transaction
parent
1b3a4e6e
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
76 additions
and
8 deletions
+76
-8
config/sidekiq_queues.yml
config/sidekiq_queues.yml
+2
-0
ee/app/services/app_sec/dast/scans/run_service.rb
ee/app/services/app_sec/dast/scans/run_service.rb
+10
-4
ee/app/workers/all_queues.yml
ee/app/workers/all_queues.yml
+9
-0
ee/app/workers/app_sec/dast/scans/consistency_worker.rb
ee/app/workers/app_sec/dast/scans/consistency_worker.rb
+24
-0
ee/spec/services/app_sec/dast/scans/run_service_spec.rb
ee/spec/services/app_sec/dast/scans/run_service_spec.rb
+8
-0
ee/spec/workers/app_sec/dast/scans/consistency_worker_spec.rb
...pec/workers/app_sec/dast/scans/consistency_worker_spec.rb
+23
-0
spec/support/database/cross-database-modification-allowlist.yml
...upport/database/cross-database-modification-allowlist.yml
+0
-4
No files found.
config/sidekiq_queues.yml
View file @
6058cccd
...
...
@@ -35,6 +35,8 @@
-
1
-
-
analytics_usage_trends_counter_job
-
1
-
-
app_sec_dast_scans_consistency
-
1
-
-
approval_rules_external_approval_rule_payload
-
1
-
-
approve_blocked_pending_approval_users
...
...
ee/app/services/app_sec/dast/scans/run_service.rb
View file @
6058cccd
...
...
@@ -8,13 +8,13 @@ module AppSec
return
ServiceResponse
.
error
(
message:
'Insufficient permissions'
)
unless
allowed?
service
=
Ci
::
CreatePipelineService
.
new
(
project
,
current_user
,
ref:
branch
)
response
=
service
.
execute
(
:ondemand_dast_scan
,
content:
ci_configuration
)
do
|
pipeline
|
pipeline
.
dast_profile
=
dast_profile
end
response
=
service
.
execute
(
:ondemand_dast_scan
,
content:
ci_configuration
)
pipeline
=
response
.
payload
if
pipeline
.
created_successfully?
associate_dast_profile
(
pipeline
,
dast_profile
)
if
dast_profile
ServiceResponse
.
success
(
payload:
pipeline
)
else
ServiceResponse
.
error
(
message:
pipeline
.
full_error_messages
)
...
...
@@ -26,6 +26,12 @@ module AppSec
def
allowed?
Ability
.
allowed?
(
current_user
,
:create_on_demand_dast_scan
,
project
)
end
def
associate_dast_profile
(
pipeline
,
dast_profile
)
AppSec
::
Dast
::
Scans
::
ConsistencyWorker
.
perform_async
(
pipeline
.
id
,
dast_profile
.
id
)
pipeline
.
dast_profile
=
dast_profile
# this assignment performs an insert
end
end
end
end
...
...
ee/app/workers/all_queues.yml
View file @
6058cccd
...
...
@@ -876,6 +876,15 @@
:weight:
1
:idempotent:
true
:tags: []
-
:name: app_sec_dast_scans_consistency
:worker_name: AppSec::Dast::Scans::ConsistencyWorker
:feature_category: :dynamic_application_security_testing
:has_external_dependencies:
:urgency: :low
:resource_boundary: :unknown
:weight:
1
:idempotent:
true
:tags: []
-
:name: approval_rules_external_approval_rule_payload
:worker_name: ApprovalRules::ExternalApprovalRulePayloadWorker
:feature_category: :source_code_management
...
...
ee/app/workers/app_sec/dast/scans/consistency_worker.rb
0 → 100644
View file @
6058cccd
# frozen_string_literal: true
module
AppSec
module
Dast
module
Scans
class
ConsistencyWorker
include
ApplicationWorker
data_consistency
:always
deduplicate
:until_executed
idempotent!
feature_category
:dynamic_application_security_testing
def
perform
(
ci_pipeline_id
,
dast_profile_id
)
::
Dast
::
ProfilesPipeline
.
create!
(
ci_pipeline_id:
ci_pipeline_id
,
dast_profile_id:
dast_profile_id
)
rescue
ActiveRecord
::
RecordNotUnique
# assume record is already associated
end
end
end
end
end
ee/spec/services/app_sec/dast/scans/run_service_spec.rb
View file @
6058cccd
...
...
@@ -57,6 +57,14 @@ RSpec.describe AppSec::Dast::Scans::RunService do
expect
{
subject
}.
to
change
(
Ci
::
Pipeline
,
:count
).
by
(
1
)
end
it
'associates the dast profile'
,
:aggregate_failures
do
worker_class
=
AppSec
::
Dast
::
Scans
::
ConsistencyWorker
allow
(
worker_class
).
to
receive
(
:perform_async
).
and_call_original
expect
(
pipeline
.
dast_profile
).
to
eq
(
dast_profile
)
expect
(
worker_class
).
to
have_received
(
:perform_async
).
with
(
pipeline
.
id
,
dast_profile
.
id
)
end
it
'sets the pipeline ref to the branch'
do
expect
(
pipeline
.
ref
).
to
eq
(
project
.
default_branch
)
end
...
...
ee/spec/workers/app_sec/dast/scans/consistency_worker_spec.rb
0 → 100644
View file @
6058cccd
# frozen_string_literal: true
require
'spec_helper'
RSpec
.
describe
AppSec
::
Dast
::
Scans
::
ConsistencyWorker
do
let
(
:worker
)
{
described_class
.
new
}
describe
'#perform'
do
let_it_be
(
:project
)
{
create
(
:project
)
}
let_it_be
(
:pipeline
)
{
create
(
:ci_pipeline
,
project:
project
)
}
let_it_be
(
:profile
)
{
create
(
:dast_profile
,
project:
project
)
}
let
(
:job_args
)
{
[
pipeline
.
id
,
profile
.
id
]
}
it
'ensures cross database association is created'
,
:aggregate_failures
do
expect
{
worker
.
perform
(
*
job_args
)
}.
to
change
{
Dast
::
ProfilesPipeline
.
count
}.
by
(
1
)
expect
(
Dast
::
ProfilesPipeline
.
where
(
ci_pipeline_id:
pipeline
.
id
,
dast_profile_id:
profile
.
id
)).
to
exist
end
it_behaves_like
'an idempotent worker'
end
end
spec/support/database/cross-database-modification-allowlist.yml
View file @
6058cccd
-
"
./ee/spec/controllers/projects/settings/access_tokens_controller_spec.rb"
-
"
./ee/spec/graphql/mutations/dast/profiles/create_spec.rb"
-
"
./ee/spec/graphql/mutations/dast/profiles/run_spec.rb"
-
"
./ee/spec/graphql/mutations/dast/profiles/update_spec.rb"
-
"
./ee/spec/graphql/mutations/dast_on_demand_scans/create_spec.rb"
-
"
./ee/spec/lib/gitlab/ci/templates/Jobs/dast_default_branch_gitlab_ci_yaml_spec.rb"
-
"
./ee/spec/mailers/notify_spec.rb"
-
"
./ee/spec/models/ci/bridge_spec.rb"
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment