Commit 766aaaf3 authored by Fernando Arias's avatar Fernando Arias Committed by Mark Florian

First pass at bootstraping corpus management

Addresses https://gitlab.com/gitlab-org/gitlab/-/issues/294425.
parent e35cc79a
<script>
export default {
props: {
projectFullPath: {
type: String,
required: true,
},
},
};
</script>
<template>
<span></span>
</template>
import Vue from 'vue';
import CorpusManagement from './components/corpus_management.vue';
export default () => {
const el = document.querySelector('.js-corpus-management');
if (!el) {
return undefined;
}
const {
dataset: { projectFullPath },
} = el;
const props = {
projectFullPath,
};
return new Vue({
el,
render(h) {
return h(CorpusManagement, {
props,
});
},
});
};
# frozen_string_literal: true
module Projects
module Security
class CorpusManagementController < Projects::ApplicationController
before_action do
render_404 unless Feature.enabled?(:corpus_management, @project, default_enabled: :yaml)
authorize_read_coverage_fuzzing!
end
feature_category :fuzz_testing
def show
end
end
end
end
......@@ -116,6 +116,11 @@ module EE
@subject.feature_available?(:security_dashboard)
end
with_scope :subject
condition(:coverage_fuzzing_enabled) do
@subject.feature_available?(:coverage_fuzzing)
end
with_scope :subject
condition(:on_demand_scans_enabled) do
@subject.feature_available?(:security_on_demand_scans)
......@@ -214,6 +219,10 @@ module EE
enable :read_vulnerability_scanner
end
rule { coverage_fuzzing_enabled & can?(:developer_access) }.policy do
enable :read_coverage_fuzzing
end
rule { on_demand_scans_enabled & can?(:developer_access) }.policy do
enable :read_on_demand_scans
enable :create_on_demand_dast_scan
......
- add_to_breadcrumbs _('Security Configuration'), project_security_configuration_path(@project)
- breadcrumb_title s_('CorpusManagement|Fuzz testing corpus management')
- page_title s_('CorpusManagement|Fuzz testing corpus management')
.js-corpus-management{ data: { project_full_path: @project.full_path } }
---
name: corpus_management
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51589
rollout_issue_url:
milestone: '13.9'
type: development
group: group::fuzz testing
default_enabled: false
......@@ -65,6 +65,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
resource :configuration, only: [:show], controller: :configuration do
post :auto_fix, on: :collection
resource :corpus_management, only: [:show], controller: :corpus_management
resource :sast, only: [:show, :create], controller: :sast_configuration
resource :dast_profiles, only: [:show] do
resources :dast_site_profiles, only: [:new, :edit]
......
import { shallowMount } from '@vue/test-utils';
import CorpusManagement from 'ee/security_configuration/corpus_management/components/corpus_management.vue';
const TEST_PROJECT_FULL_PATH = '/namespace/project';
describe('EE - CorpusManagement', () => {
let wrapper;
const createComponentFactory = (mountFn = shallowMount) => (options = {}) => {
const defaultProps = {
projectFullPath: TEST_PROJECT_FULL_PATH,
};
wrapper = mountFn(CorpusManagement, {
propsData: defaultProps,
...options,
});
};
const createComponent = createComponentFactory();
afterEach(() => {
wrapper.destroy();
});
describe('corpus management', () => {
it('bootstraps and renders the component', () => {
createComponent();
expect(wrapper.find(CorpusManagement).exists()).toBe(true);
});
});
});
......@@ -673,6 +673,68 @@ RSpec.describe ProjectPolicy do
end
end
describe 'read_corpus_management' do
context 'when corpus_management feature is available' do
before do
stub_licensed_features(coverage_fuzzing: true)
end
context 'with developer or higher role' do
where(role: %w[owner maintainer developer])
with_them do
let(:current_user) { public_send(role) }
it { is_expected.to be_allowed(:read_coverage_fuzzing) }
end
end
context 'with admin' do
let(:current_user) { admin }
context 'when admin mode enabled', :enable_admin_mode do
it { is_expected.to be_allowed(:read_coverage_fuzzing) }
end
context 'when admin mode disabled' do
it { is_expected.to be_disallowed(:read_coverage_fuzzing) }
end
end
context 'with less than developer role' do
where(role: %w[reporter guest])
with_them do
let(:current_user) { public_send(role) }
it { is_expected.to be_disallowed(:read_coverage_fuzzing) }
end
end
context 'with non member' do
let(:current_user) { non_member }
it { is_expected.to be_disallowed(:read_coverage_fuzzing) }
end
context 'with anonymous' do
let(:current_user) { anonymous }
it { is_expected.to be_disallowed(:read_coverage_fuzzing) }
end
end
context 'when coverage fuzzing feature is not available' do
let(:current_user) { admin }
before do
stub_licensed_features(coverage_fuzzing: true)
end
it { is_expected.to be_disallowed(:read_coverage_fuzzing) }
end
end
describe 'remove_project when default_project_deletion_protection is set to true' do
before do
allow(Gitlab::CurrentSettings.current_application_settings)
......
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Projects::Security::CorpusManagementController, type: :request do
let(:project) { create(:project) }
let(:user) { create(:user) }
describe 'GET #show' do
context 'feature available' do
before do
stub_licensed_features(coverage_fuzzing: true)
end
context 'user authorized' do
before do
project.add_developer(user)
login_as(user)
end
it 'can access page' do
get project_security_configuration_corpus_management_path(project)
expect(response).to have_gitlab_http_status(:ok)
end
end
context 'user not authorized' do
before do
project.add_guest(user)
login_as(user)
end
it 'sees a 404 error' do
get project_security_configuration_corpus_management_path(project)
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
context 'feature not available' do
before do
project.add_developer(user)
login_as(user)
end
context 'license doesnt\'t support the feature' do
it 'sees a 404 error' do
stub_licensed_features(coverage_fuzzing: false)
get project_security_configuration_corpus_management_path(project)
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
end
end
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe "projects/security/corpus_management/show", type: :view do
before do
@project = create(:project)
render
end
it 'renders Vue app root' do
expect(rendered).to have_selector('.js-corpus-management')
end
it 'passes project\'s full path' do
expect(rendered).to include @project.full_path
end
end
......@@ -7989,6 +7989,9 @@ msgstr ""
msgid "Copy value"
msgstr ""
msgid "CorpusManagement|Fuzz testing corpus management"
msgstr ""
msgid "Could not add admins as members"
msgstr ""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment