First pass at bootstraping corpus management

Addresses https://gitlab.com/gitlab-org/gitlab/-/issues/294425.

First pass at bootstraping corpus management
Addresses https://gitlab.com/gitlab-org/gitlab/-/issues/294425.
766aaaf3 · Fernando Arias · Mark Florian · e35cc79a · 766aaaf3 · 766aaaf3
Commit 766aaaf3 authored Jan 22, 2021 by Fernando Arias Committed by Mark Florian Jan 22, 2021
12 changed files
--- a/ee/app/assets/javascripts/security_configuration/corpus_management/components/corpus_management.vue
+++ b/ee/app/assets/javascripts/security_configuration/corpus_management/components/corpus_management.vue
+<script>
+export default {
+  props: {
+    projectFullPath: {
+      type: String,
+      required: true,
+    },
+  },
+};
+</script>
+
+<template>
+  <span></span>
+</template>
--- a/ee/app/assets/javascripts/security_configuration/corpus_management/corpus_management_bundle.js
+++ b/ee/app/assets/javascripts/security_configuration/corpus_management/corpus_management_bundle.js
+import Vue from 'vue';
+import CorpusManagement from './components/corpus_management.vue';
+
+export default () => {
+  const el = document.querySelector('.js-corpus-management');
+
+  if (!el) {
+    return undefined;
+  }
+
+  const {
+    dataset: { projectFullPath },
+  } = el;
+
+  const props = {
+    projectFullPath,
+  };
+
+  return new Vue({
+    el,
+    render(h) {
+      return h(CorpusManagement, {
+        props,
+      });
+    },
+  });
+};
--- a/ee/app/controllers/projects/security/corpus_management_controller.rb
+++ b/ee/app/controllers/projects/security/corpus_management_controller.rb
+# frozen_string_literal: true
+
+module Projects
+  module Security
+    class CorpusManagementController < Projects::ApplicationController
+      before_action do
+        render_404 unless Feature.enabled?(:corpus_management, @project, default_enabled: :yaml)
+        authorize_read_coverage_fuzzing!
+      end
+
+      feature_category :fuzz_testing
+
+      def show
+      end
+    end
+  end
+end
--- a/ee/app/policies/ee/project_policy.rb
+++ b/ee/app/policies/ee/project_policy.rb
@@ -116,6 +116,11 @@ module EE
        @subject.feature_available?(:security_dashboard)
      end

+      with_scope :subject
+      condition(:coverage_fuzzing_enabled) do
+        @subject.feature_available?(:coverage_fuzzing)
+      end
+
      with_scope :subject
      condition(:on_demand_scans_enabled) do
        @subject.feature_available?(:security_on_demand_scans)
@@ -214,6 +219,10 @@ module EE
        enable :read_vulnerability_scanner
      end

+      rule { coverage_fuzzing_enabled & can?(:developer_access) }.policy do
+        enable :read_coverage_fuzzing
+      end
+
      rule { on_demand_scans_enabled & can?(:developer_access) }.policy do
        enable :read_on_demand_scans
        enable :create_on_demand_dast_scan

--- a/ee/app/views/projects/security/corpus_management/show.html.haml
+++ b/ee/app/views/projects/security/corpus_management/show.html.haml
+- add_to_breadcrumbs _('Security Configuration'), project_security_configuration_path(@project)
+- breadcrumb_title s_('CorpusManagement|Fuzz testing corpus management')
+- page_title s_('CorpusManagement|Fuzz testing corpus management')
+
+.js-corpus-management{ data: { project_full_path: @project.full_path } }
--- a/ee/config/feature_flags/development/corpus_management.yml
+++ b/ee/config/feature_flags/development/corpus_management.yml
+---
+name: corpus_management
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51589
+rollout_issue_url:
+milestone: '13.9'
+type: development
+group: group::fuzz testing
+default_enabled: false
--- a/ee/config/routes/project.rb
+++ b/ee/config/routes/project.rb
@@ -65,6 +65,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do

          resource :configuration, only: [:show], controller: :configuration do
            post :auto_fix, on: :collection
+            resource :corpus_management, only: [:show], controller: :corpus_management
            resource :sast, only: [:show, :create], controller: :sast_configuration
            resource :dast_profiles, only: [:show] do
              resources :dast_site_profiles, only: [:new, :edit]

--- a/ee/spec/frontend/security_configuration/corpus_management/corpus_management_spec.js
+++ b/ee/spec/frontend/security_configuration/corpus_management/corpus_management_spec.js
+import { shallowMount } from '@vue/test-utils';
+import CorpusManagement from 'ee/security_configuration/corpus_management/components/corpus_management.vue';
+
+const TEST_PROJECT_FULL_PATH = '/namespace/project';
+
+describe('EE - CorpusManagement', () => {
+  let wrapper;
+
+  const createComponentFactory = (mountFn = shallowMount) => (options = {}) => {
+    const defaultProps = {
+      projectFullPath: TEST_PROJECT_FULL_PATH,
+    };
+    wrapper = mountFn(CorpusManagement, {
+      propsData: defaultProps,
+      ...options,
+    });
+  };
+
+  const createComponent = createComponentFactory();
+
+  afterEach(() => {
+    wrapper.destroy();
+  });
+
+  describe('corpus management', () => {
+    it('bootstraps and renders the component', () => {
+      createComponent();
+      expect(wrapper.find(CorpusManagement).exists()).toBe(true);
+    });
+  });
+});
--- a/ee/spec/policies/project_policy_spec.rb
+++ b/ee/spec/policies/project_policy_spec.rb
@@ -673,6 +673,68 @@ RSpec.describe ProjectPolicy do
    end
  end

+  describe 'read_corpus_management' do
+    context 'when corpus_management feature is available' do
+      before do
+        stub_licensed_features(coverage_fuzzing: true)
+      end
+
+      context 'with developer or higher role' do
+        where(role: %w[owner maintainer developer])
+
+        with_them do
+          let(:current_user) { public_send(role) }
+
+          it { is_expected.to be_allowed(:read_coverage_fuzzing) }
+        end
+      end
+
+      context 'with admin' do
+        let(:current_user) { admin }
+
+        context 'when admin mode enabled', :enable_admin_mode do
+          it { is_expected.to be_allowed(:read_coverage_fuzzing) }
+        end
+
+        context 'when admin mode disabled' do
+          it { is_expected.to be_disallowed(:read_coverage_fuzzing) }
+        end
+      end
+
+      context 'with less than developer role' do
+        where(role: %w[reporter guest])
+
+        with_them do
+          let(:current_user) { public_send(role) }
+
+          it { is_expected.to be_disallowed(:read_coverage_fuzzing) }
+        end
+      end
+
+      context 'with non member' do
+        let(:current_user) { non_member }
+
+        it { is_expected.to be_disallowed(:read_coverage_fuzzing) }
+      end
+
+      context 'with anonymous' do
+        let(:current_user) { anonymous }
+
+        it { is_expected.to be_disallowed(:read_coverage_fuzzing) }
+      end
+    end
+
+    context 'when coverage fuzzing feature is not available' do
+      let(:current_user) { admin }
+
+      before do
+        stub_licensed_features(coverage_fuzzing: true)
+      end
+
+      it { is_expected.to be_disallowed(:read_coverage_fuzzing) }
+    end
+  end
+
  describe 'remove_project when default_project_deletion_protection is set to true' do
    before do
      allow(Gitlab::CurrentSettings.current_application_settings)

--- a/ee/spec/requests/projects/security/corpus_management_controller_spec.rb
+++ b/ee/spec/requests/projects/security/corpus_management_controller_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Projects::Security::CorpusManagementController, type: :request do
+  let(:project) { create(:project) }
+  let(:user) { create(:user) }
+
+  describe 'GET #show' do
+    context 'feature available' do
+      before do
+        stub_licensed_features(coverage_fuzzing: true)
+      end
+
+      context 'user authorized' do
+        before do
+          project.add_developer(user)
+
+          login_as(user)
+        end
+
+        it 'can access page' do
+          get project_security_configuration_corpus_management_path(project)
+
+          expect(response).to have_gitlab_http_status(:ok)
+        end
+      end
+
+      context 'user not authorized' do
+        before do
+          project.add_guest(user)
+
+          login_as(user)
+        end
+
+        it 'sees a 404 error' do
+          get project_security_configuration_corpus_management_path(project)
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+    end
+
+    context 'feature not available' do
+      before do
+        project.add_developer(user)
+
+        login_as(user)
+      end
+
+      context 'license doesnt\'t support the feature' do
+        it 'sees a 404 error' do
+          stub_licensed_features(coverage_fuzzing: false)
+          get project_security_configuration_corpus_management_path(project)
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+    end
+  end
+end
--- a/ee/spec/views/projects/security/corpus_management/show.html.haml_spec.rb
+++ b/ee/spec/views/projects/security/corpus_management/show.html.haml_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe "projects/security/corpus_management/show", type: :view do
+  before do
+    @project = create(:project)
+    render
+  end
+
+  it 'renders Vue app root' do
+    expect(rendered).to have_selector('.js-corpus-management')
+  end
+
+  it 'passes project\'s full path' do
+    expect(rendered).to include @project.full_path
+  end
+end
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -7989,6 +7989,9 @@ msgstr ""
 msgid "Copy value"
 msgstr ""

+msgid "CorpusManagement|Fuzz testing corpus management"
+msgstr ""
+
 msgid "Could not add admins as members"
 msgstr ""