Commit 693c2fc9 authored by Will Meek's avatar Will Meek

Add an End to End test to configure Dependency Scanning from UI

As per https://gitlab.com/gitlab-org/quality/testcases/-/issues/1666
The functionality was introduced, this MR
adds an End to End test to test this
parent 1c68c271
......@@ -128,6 +128,7 @@ export default {
variant="confirm"
category="primary"
class="gl-mt-5"
:data-qa-selector="`${feature.type}_mr_button`"
/>
<gl-button
......
......@@ -100,6 +100,7 @@ export default {
:loading="isLoading"
:variant="variant"
:category="category"
:data-qa-selector="`${feature.type}_mr_button`"
@click="mutate"
>{{ $options.i18n.buttonLabel }}</gl-button
>
......
......@@ -2,15 +2,20 @@ include:
template: License-Scanning.gitlab-ci.yml
.sast-analyzer:
tags: [secure_sast]
script:
- echo "Skipped"
artifacts:
reports:
sast: gl-sast-report.json
.ds-analyzer:
script:
- echo "Skipped"
artifacts:
reports:
dependency_scanning: gl-dependency-scanning-report.json
license_scanning:
tags: [secure_sast]
script:
- echo "Skipped"
artifacts:
......
......@@ -20,6 +20,13 @@ module QA
element :file_name_content
end
def has_secure_description?(scanner_name)
scanner_url_name = scanner_name.downcase.tr('_', '-')
"Configure #{scanner_name} in `.gitlab-ci.yml` using the GitLab managed template. You can " \
"[add variable overrides](https://docs.gitlab.com/ee/user/application_security/#{scanner_url_name}/#customizing-the-#{scanner_url_name}-settings) " \
"to customize #{scanner_name} settings."
end
def create_merge_request
click_element(:issuable_create_button, Page::MergeRequest::Show)
end
......
......@@ -288,13 +288,11 @@ module QA
end
def merge_immediately!
merge_moment_dropdown_found = has_element?(:merge_moment_dropdown, wait: 0)
if merge_moment_dropdown_found
click_element(:merge_moment_dropdown)
click_element(:merge_immediately_menu_item)
if has_element?(:merge_moment_dropdown)
click_element(:merge_moment_dropdown, skip_finished_loading_check: true)
click_element(:merge_immediately_menu_item, skip_finished_loading_check: true)
else
click_element(:merge_button)
click_element(:merge_button, skip_finished_loading_check: true)
end
end
......
......@@ -9,19 +9,31 @@ module QA
include QA::Page::Settings::Common
view 'app/assets/javascripts/security_configuration/components/feature_card.vue' do
element :dependency_scanning_status, "`${feature.type}_status`" # rubocop:disable QA/ElementWithPattern
element :sast_status, "`${feature.type}_status`" # rubocop:disable QA/ElementWithPattern
element :sast_enable_button, "`${feature.type}_enable_button`" # rubocop:disable QA/ElementWithPattern
element :dependency_scanning_mr_button, "`${feature.type}_mr_button`" # rubocop:disable QA/ElementWithPattern
end
def click_sast_enable_button
click_element(:sast_enable_button)
end
def click_dependency_scanning_mr_button
click_element(:dependency_scanning_mr_button)
end
def has_sast_status?(status_text)
within_element(:sast_status) do
has_text?(status_text)
end
end
def has_dependency_scanning_status?(status_text)
within_element(:dependency_scanning_status) do
has_text?(status_text)
end
end
end
end
end
......
# frozen_string_literal: true
module QA
RSpec.describe 'Secure', :runner do
describe 'Enable SAST from UI' do
let(:merge_request_description) do
<<~DESCRIPTION.tr("\n", ' ').strip
Configure SAST in `.gitlab-ci.yml` using the GitLab managed template. You can
[add variable overrides](https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings)
to customize SAST settings.
DESCRIPTION
end
let(:test_data_string_fields_array) do
[
%w(SECURE_ANALYZERS_PREFIX registry.example.com),
%w(SAST_EXCLUDED_PATHS foo,\ bar),
%w(SAST_BANDIT_EXCLUDED_PATHS exclude_path_a,\ exclude_path_b)
]
end
let(:test_data_int_fields_array) do
[
%w(SEARCH_MAX_DEPTH 42),
%w(SAST_BRAKEMAN_LEVEL 43),
%w(SAST_GOSEC_LEVEL 7)
]
end
let(:test_data_checkbox_exclude_array) do
%w(eslint kubesec nodejs-scan phpcs-security-audit)
end
let(:test_stage_name) do
'test_all_the_things'
end
let(:project) do
Resource::Project.fabricate_via_api! do |project|
project.name = 'project-with-secure'
project.description = 'Project with Secure'
end
end
let!(:runner) do
Resource::Runner.fabricate! do |runner|
runner.project = project
runner.name = "runner-for-#{project.name}"
runner.tags = ['secure_sast']
end
end
after do
runner&.remove_via_api!
end
before do
# Push fixture to generate Secure reports
Resource::Repository::ProjectPush.fabricate! do |project_push|
project_push.project = project
project_push.directory = Pathname
.new(__dir__)
.join('../../../../../ee/fixtures/secure_sast_enable_from_ui_files')
project_push.commit_message = 'Create Secure compatible application to serve premade reports'
end
Flow::Login.sign_in_unless_signed_in
project.visit!
end
it 'runs sast job when enabled from configuration', testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/quality/test_cases/1835' do
Flow::Pipeline.visit_latest_pipeline
# Baseline that we do not initially have a sast job
Page::Project::Pipeline::Show.perform do |pipeline|
expect(pipeline).to have_no_job('brakeman-sast')
end
Page::Project::Menu.perform(&:click_on_security_configuration_link)
Page::Project::Secure::ConfigurationForm.perform do |config_form|
expect(config_form).to have_sast_status('Not enabled')
config_form.click_sast_enable_button
config_form.click_expand_button
test_data_string_fields_array.each do |test_data_string_array|
config_form.fill_dynamic_field(test_data_string_array.first, test_data_string_array[1])
end
test_data_int_fields_array.each do |test_data_int_array|
config_form.fill_dynamic_field(test_data_int_array.first, test_data_int_array[1])
end
test_data_checkbox_exclude_array.each do |test_data_checkbox|
config_form.unselect_dynamic_checkbox(test_data_checkbox)
end
config_form.fill_dynamic_field('stage', test_stage_name)
config_form.click_submit_button
end
Page::MergeRequest::New.perform do |new_merge_request|
expect(new_merge_request).to have_description(merge_request_description)
new_merge_request.click_diffs_tab
aggregate_failures "test Merge Request contents" do
expect(new_merge_request).to have_file('.gitlab-ci.yml')
test_data_string_fields_array.each do |test_data_string_array|
expect(new_merge_request).to have_content("#{test_data_string_array.first}: #{test_data_string_array[1]}")
end
test_data_int_fields_array.each do |test_data_int_array|
expect(new_merge_request).to have_content("#{test_data_int_array.first}: '#{test_data_int_array[1]}'")
end
expect(new_merge_request).to have_content("stages: - test - #{test_stage_name}")
expect(new_merge_request).to have_content("SAST_EXCLUDED_ANALYZERS: #{test_data_checkbox_exclude_array.join(', ')}")
end
new_merge_request.create_merge_request
end
Page::MergeRequest::Show.perform do |merge_request|
merge_request.merge_immediately!
end
Flow::Pipeline.visit_latest_pipeline
Page::Project::Pipeline::Show.perform do |pipeline|
expect(pipeline).to have_job('brakeman-sast')
end
Page::Project::Menu.perform(&:click_on_security_configuration_link)
Page::Project::Secure::ConfigurationForm.perform do |config_form|
aggregate_failures "test SAST status is Enabled" do
expect(config_form).to have_sast_status('Enabled')
expect(config_form).not_to have_sast_status('Not enabled')
end
end
end
end
end
end
# frozen_string_literal: true
module QA
RSpec.describe 'Secure' do
context 'Enable Scanning from UI' do
let(:test_data_sast_string_fields_array) do
[
%w(SECURE_ANALYZERS_PREFIX registry.example.com),
%w(SAST_EXCLUDED_PATHS foo,\ bar),
%w(SAST_BANDIT_EXCLUDED_PATHS exclude_path_a,\ exclude_path_b)
]
end
let(:test_data_int_fields_array) do
[
%w(SEARCH_MAX_DEPTH 42),
%w(SAST_BRAKEMAN_LEVEL 43),
%w(SAST_GOSEC_LEVEL 7)
]
end
let(:test_data_checkbox_exclude_array) do
%w(eslint kubesec nodejs-scan phpcs-security-audit)
end
let(:test_stage_name) do
'test_all_the_things'
end
let(:project) do
Resource::Project.fabricate_via_api! do |project|
project.name = 'project-with-secure'
project.description = 'Project with Secure'
end
end
before do
Resource::Repository::ProjectPush.fabricate! do |project_push|
project_push.project = project
project_push.directory = Pathname
.new(__dir__)
.join('../../../../../ee/fixtures/secure_scanning_enable_from_ui_files')
project_push.commit_message = 'Create Secure compatible application to serve premade reports'
end
Flow::Login.sign_in_unless_signed_in
project.visit!
end
after do
project.remove_via_api! if project
end
describe 'enable dependency scanning from configuration' do
it 'runs dependency scanning job when enabled from configuration', testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/quality/test_cases/2261' do
Flow::Pipeline.visit_latest_pipeline
# Baseline that we do not initially have a Dependency Scanning job
Page::Project::Pipeline::Show.perform do |pipeline|
aggregate_failures "test Dependency Scanning jobs are not present in pipeline" do
expect(pipeline).to have_no_job('gemnasium-dependency_scanning')
expect(pipeline).to have_no_job('bundler-audit-dependency_scanning')
end
end
Page::Project::Menu.perform(&:click_on_security_configuration_link)
Page::Project::Secure::ConfigurationForm.perform do |config_form|
expect(config_form).to have_dependency_scanning_status('Not enabled')
config_form.click_dependency_scanning_mr_button
end
Page::MergeRequest::New.perform do |new_merge_request|
expect(new_merge_request).to have_secure_description('Dependency Scanning')
new_merge_request.create_merge_request
end
Page::MergeRequest::Show.perform do |merge_request|
merge_request.merge_immediately!
end
Flow::Pipeline.visit_latest_pipeline
Page::Project::Pipeline::Show.perform do |pipeline|
aggregate_failures "test Dependency Scanning jobs are present in pipeline" do
expect(pipeline).to have_job('gemnasium-dependency_scanning')
expect(pipeline).to have_job('bundler-audit-dependency_scanning')
end
end
Page::Project::Menu.perform(&:click_on_security_configuration_link)
Page::Project::Secure::ConfigurationForm.perform do |config_form|
aggregate_failures "test Dependency Scanning status is Enabled" do
expect(config_form).to have_dependency_scanning_status('Enabled')
expect(config_form).not_to have_dependency_scanning_status('Not enabled')
end
end
end
end
describe 'enable sast from configuration' do
it 'runs sast job when enabled from configuration', testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/quality/test_cases/1835' do
Flow::Pipeline.visit_latest_pipeline
# Baseline that we do not initially have a sast job
Page::Project::Pipeline::Show.perform do |pipeline|
expect(pipeline).to have_no_job('brakeman-sast')
end
Page::Project::Menu.perform(&:click_on_security_configuration_link)
Page::Project::Secure::ConfigurationForm.perform do |config_form|
expect(config_form).to have_sast_status('Not enabled')
config_form.click_sast_enable_button
config_form.click_expand_button
test_data_sast_string_fields_array.each do |test_data_string_array|
config_form.fill_dynamic_field(test_data_string_array.first, test_data_string_array[1])
end
test_data_int_fields_array.each do |test_data_int_array|
config_form.fill_dynamic_field(test_data_int_array.first, test_data_int_array[1])
end
test_data_checkbox_exclude_array.each do |test_data_checkbox|
config_form.unselect_dynamic_checkbox(test_data_checkbox)
end
config_form.fill_dynamic_field('stage', test_stage_name)
config_form.click_submit_button
end
Page::MergeRequest::New.perform do |new_merge_request|
expect(new_merge_request).to have_secure_description('SAST')
new_merge_request.click_diffs_tab
aggregate_failures "test Merge Request contents" do
expect(new_merge_request).to have_file('.gitlab-ci.yml')
test_data_sast_string_fields_array.each do |test_data_string_array|
expect(new_merge_request).to have_content("#{test_data_string_array.first}: #{test_data_string_array[1]}")
end
test_data_int_fields_array.each do |test_data_int_array|
expect(new_merge_request).to have_content("#{test_data_int_array.first}: '#{test_data_int_array[1]}'")
end
expect(new_merge_request).to have_content("stage: #{test_stage_name}")
expect(new_merge_request).to have_content("SAST_EXCLUDED_ANALYZERS: #{test_data_checkbox_exclude_array.join(', ')}")
end
new_merge_request.create_merge_request
end
Page::MergeRequest::Show.perform do |merge_request|
merge_request.merge_immediately!
end
Flow::Pipeline.visit_latest_pipeline
Page::Project::Pipeline::Show.perform do |pipeline|
expect(pipeline).to have_job('brakeman-sast')
end
Page::Project::Menu.perform(&:click_on_security_configuration_link)
Page::Project::Secure::ConfigurationForm.perform do |config_form|
aggregate_failures "test SAST status is Enabled" do
expect(config_form).to have_sast_status('Enabled')
expect(config_form).not_to have_sast_status('Not enabled')
end
end
end
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment