Commit 7926b9de authored by Matija Čupić's avatar Matija Čupić

Use full template names in on demand scans

Not using full template names for on demand scans causes problems with
template inclusion tracking.
parent e9122bfd
...@@ -15,20 +15,148 @@ instrumentation_class: RedisHLLMetric ...@@ -15,20 +15,148 @@ instrumentation_class: RedisHLLMetric
options: options:
events: events:
- p_ci_templates_implicit_auto_devops - p_ci_templates_implicit_auto_devops
- p_ci_templates_implicit_auto_devops_build
- p_ci_templates_implicit_auto_devops_deploy
- p_ci_templates_implicit_security_sast
- p_ci_templates_implicit_security_secret_detection
- p_ci_templates_5_min_production_app - p_ci_templates_5_min_production_app
- p_ci_templates_auto_devops
- p_ci_templates_aws_cf_deploy_ec2 - p_ci_templates_aws_cf_deploy_ec2
- p_ci_templates_aws_deploy_ecs
- p_ci_templates_auto_devops_build - p_ci_templates_auto_devops_build
- p_ci_templates_auto_devops_deploy - p_ci_templates_auto_devops_deploy
- p_ci_templates_auto_devops_deploy_latest - p_ci_templates_auto_devops_deploy_latest
- p_ci_templates_terraform_base_latest
- p_ci_templates_terraform_base
- p_ci_templates_dotnet
- p_ci_templates_nodejs
- p_ci_templates_openshift
- p_ci_templates_auto_devops
- p_ci_templates_bash
- p_ci_templates_rust
- p_ci_templates_elixir
- p_ci_templates_clojure
- p_ci_templates_crystal
- p_ci_templates_getting_started
- p_ci_templates_code_quality
- p_ci_templates_verify_load_performance_testing
- p_ci_templates_verify_accessibility
- p_ci_templates_verify_failfast
- p_ci_templates_verify_browser_performance
- p_ci_templates_verify_browser_performance_latest
- p_ci_templates_grails
- p_ci_templates_security_sast - p_ci_templates_security_sast
- p_ci_templates_security_dast_runner_validation
- p_ci_templates_security_dast_on_demand_scan
- p_ci_templates_security_secret_detection - p_ci_templates_security_secret_detection
- p_ci_templates_terraform_base_latest - p_ci_templates_security_license_scanning
- p_ci_templates_security_coverage_fuzzing
- p_ci_templates_security_api_fuzzing_latest
- p_ci_templates_security_secure_binaries
- p_ci_templates_security_dast_api
- p_ci_templates_security_container_scanning
- p_ci_templates_security_dast_latest
- p_ci_templates_security_dependency_scanning
- p_ci_templates_security_api_fuzzing
- p_ci_templates_security_dast
- p_ci_templates_security_cluster_image_scanning
- p_ci_templates_ios_fastlane
- p_ci_templates_composer
- p_ci_templates_c
- p_ci_templates_python
- p_ci_templates_android_fastlane
- p_ci_templates_django
- p_ci_templates_maven
- p_ci_templates_flutter
- p_ci_templates_workflows_branch_pipelines
- p_ci_templates_workflows_mergerequest_pipelines
- p_ci_templates_laravel
- p_ci_templates_managed_cluster_applications
- p_ci_templates_php
- p_ci_templates_packer
- p_ci_templates_terraform
- p_ci_templates_mono
- p_ci_templates_serverless
- p_ci_templates_go
- p_ci_templates_scala
- p_ci_templates_latex
- p_ci_templates_android
- p_ci_templates_indeni_cloudrail
- p_ci_templates_deploy_ecs
- p_ci_templates_aws_cf_provision_and_deploy_ec2
- p_ci_templates_aws_deploy_ecs
- p_ci_templates_gradle
- p_ci_templates_chef
- p_ci_templates_jobs_dast_default_branch_deploy
- p_ci_templates_jobs_load_performance_testing
- p_ci_templates_jobs_helm_2to3
- p_ci_templates_jobs_sast
- p_ci_templates_jobs_secret_detection
- p_ci_templates_jobs_code_intelligence
- p_ci_templates_jobs_code_quality
- p_ci_templates_jobs_deploy_ecs
- p_ci_templates_jobs_deploy_ec2
- p_ci_templates_jobs_deploy
- p_ci_templates_jobs_build
- p_ci_templates_jobs_browser_performance_testing
- p_ci_templates_jobs_test
- p_ci_templates_jobs_deploy_latest
- p_ci_templates_jobs_browser_performance_testing_latest
- p_ci_templates_jobs_cf_provision
- p_ci_templates_jobs_build_latest
- p_ci_templates_terraform_latest
- p_ci_templates_swift
- p_ci_templates_pages_jekyll
- p_ci_templates_pages_harp
- p_ci_templates_pages_octopress
- p_ci_templates_pages_brunch
- p_ci_templates_pages_doxygen
- p_ci_templates_pages_hyde
- p_ci_templates_pages_lektor
- p_ci_templates_pages_jbake
- p_ci_templates_pages_hexo
- p_ci_templates_pages_middleman
- p_ci_templates_pages_hugo
- p_ci_templates_pages_pelican
- p_ci_templates_pages_nanoc
- p_ci_templates_pages_swaggerui
- p_ci_templates_pages_jigsaw
- p_ci_templates_pages_metalsmith
- p_ci_templates_pages_gatsby
- p_ci_templates_pages_html
- p_ci_templates_dart
- p_ci_templates_docker
- p_ci_templates_julia
- p_ci_templates_npm
- p_ci_templates_dotnet_core
- p_ci_templates_5_minute_production_app
- p_ci_templates_ruby
- p_ci_templates_implicit_jobs_dast_default_branch_deploy
- p_ci_templates_implicit_jobs_load_performance_testing
- p_ci_templates_implicit_jobs_helm_2to3
- p_ci_templates_implicit_jobs_sast
- p_ci_templates_implicit_jobs_secret_detection
- p_ci_templates_implicit_jobs_code_intelligence
- p_ci_templates_implicit_jobs_code_quality
- p_ci_templates_implicit_jobs_deploy_ecs
- p_ci_templates_implicit_jobs_deploy_ec2
- p_ci_templates_implicit_auto_devops_deploy
- p_ci_templates_implicit_auto_devops_build
- p_ci_templates_implicit_jobs_browser_performance_testing
- p_ci_templates_implicit_jobs_test
- p_ci_templates_implicit_auto_devops_deploy_latest
- p_ci_templates_implicit_jobs_browser_performance_testing_latest
- p_ci_templates_implicit_jobs_cf_provision
- p_ci_templates_implicit_jobs_build_latest
- p_ci_templates_implicit_security_sast
- p_ci_templates_implicit_security_dast_runner_validation
- p_ci_templates_implicit_security_dast_on_demand_scan
- p_ci_templates_implicit_security_secret_detection
- p_ci_templates_implicit_security_license_scanning
- p_ci_templates_implicit_security_coverage_fuzzing
- p_ci_templates_implicit_security_api_fuzzing_latest
- p_ci_templates_implicit_security_secure_binaries
- p_ci_templates_implicit_security_dast_api
- p_ci_templates_implicit_security_container_scanning
- p_ci_templates_implicit_security_dast_latest
- p_ci_templates_implicit_security_dependency_scanning
- p_ci_templates_implicit_security_api_fuzzing
- p_ci_templates_implicit_security_dast
- p_ci_templates_implicit_security_cluster_image_scanning
distribution: distribution:
- ce - ce
- ee - ee
......
...@@ -15,20 +15,148 @@ instrumentation_class: RedisHLLMetric ...@@ -15,20 +15,148 @@ instrumentation_class: RedisHLLMetric
options: options:
events: events:
- p_ci_templates_implicit_auto_devops - p_ci_templates_implicit_auto_devops
- p_ci_templates_implicit_auto_devops_build
- p_ci_templates_implicit_auto_devops_deploy
- p_ci_templates_implicit_security_sast
- p_ci_templates_implicit_security_secret_detection
- p_ci_templates_5_min_production_app - p_ci_templates_5_min_production_app
- p_ci_templates_auto_devops
- p_ci_templates_aws_cf_deploy_ec2 - p_ci_templates_aws_cf_deploy_ec2
- p_ci_templates_aws_deploy_ecs
- p_ci_templates_auto_devops_build - p_ci_templates_auto_devops_build
- p_ci_templates_auto_devops_deploy - p_ci_templates_auto_devops_deploy
- p_ci_templates_auto_devops_deploy_latest - p_ci_templates_auto_devops_deploy_latest
- p_ci_templates_terraform_base_latest
- p_ci_templates_terraform_base
- p_ci_templates_dotnet
- p_ci_templates_nodejs
- p_ci_templates_openshift
- p_ci_templates_auto_devops
- p_ci_templates_bash
- p_ci_templates_rust
- p_ci_templates_elixir
- p_ci_templates_clojure
- p_ci_templates_crystal
- p_ci_templates_getting_started
- p_ci_templates_code_quality
- p_ci_templates_verify_load_performance_testing
- p_ci_templates_verify_accessibility
- p_ci_templates_verify_failfast
- p_ci_templates_verify_browser_performance
- p_ci_templates_verify_browser_performance_latest
- p_ci_templates_grails
- p_ci_templates_security_sast - p_ci_templates_security_sast
- p_ci_templates_security_dast_runner_validation
- p_ci_templates_security_dast_on_demand_scan
- p_ci_templates_security_secret_detection - p_ci_templates_security_secret_detection
- p_ci_templates_terraform_base_latest - p_ci_templates_security_license_scanning
- p_ci_templates_security_coverage_fuzzing
- p_ci_templates_security_api_fuzzing_latest
- p_ci_templates_security_secure_binaries
- p_ci_templates_security_dast_api
- p_ci_templates_security_container_scanning
- p_ci_templates_security_dast_latest
- p_ci_templates_security_dependency_scanning
- p_ci_templates_security_api_fuzzing
- p_ci_templates_security_dast
- p_ci_templates_security_cluster_image_scanning
- p_ci_templates_ios_fastlane
- p_ci_templates_composer
- p_ci_templates_c
- p_ci_templates_python
- p_ci_templates_android_fastlane
- p_ci_templates_django
- p_ci_templates_maven
- p_ci_templates_flutter
- p_ci_templates_workflows_branch_pipelines
- p_ci_templates_workflows_mergerequest_pipelines
- p_ci_templates_laravel
- p_ci_templates_managed_cluster_applications
- p_ci_templates_php
- p_ci_templates_packer
- p_ci_templates_terraform
- p_ci_templates_mono
- p_ci_templates_serverless
- p_ci_templates_go
- p_ci_templates_scala
- p_ci_templates_latex
- p_ci_templates_android
- p_ci_templates_indeni_cloudrail
- p_ci_templates_deploy_ecs
- p_ci_templates_aws_cf_provision_and_deploy_ec2
- p_ci_templates_aws_deploy_ecs
- p_ci_templates_gradle
- p_ci_templates_chef
- p_ci_templates_jobs_dast_default_branch_deploy
- p_ci_templates_jobs_load_performance_testing
- p_ci_templates_jobs_helm_2to3
- p_ci_templates_jobs_sast
- p_ci_templates_jobs_secret_detection
- p_ci_templates_jobs_code_intelligence
- p_ci_templates_jobs_code_quality
- p_ci_templates_jobs_deploy_ecs
- p_ci_templates_jobs_deploy_ec2
- p_ci_templates_jobs_deploy
- p_ci_templates_jobs_build
- p_ci_templates_jobs_browser_performance_testing
- p_ci_templates_jobs_test
- p_ci_templates_jobs_deploy_latest
- p_ci_templates_jobs_browser_performance_testing_latest
- p_ci_templates_jobs_cf_provision
- p_ci_templates_jobs_build_latest
- p_ci_templates_terraform_latest
- p_ci_templates_swift
- p_ci_templates_pages_jekyll
- p_ci_templates_pages_harp
- p_ci_templates_pages_octopress
- p_ci_templates_pages_brunch
- p_ci_templates_pages_doxygen
- p_ci_templates_pages_hyde
- p_ci_templates_pages_lektor
- p_ci_templates_pages_jbake
- p_ci_templates_pages_hexo
- p_ci_templates_pages_middleman
- p_ci_templates_pages_hugo
- p_ci_templates_pages_pelican
- p_ci_templates_pages_nanoc
- p_ci_templates_pages_swaggerui
- p_ci_templates_pages_jigsaw
- p_ci_templates_pages_metalsmith
- p_ci_templates_pages_gatsby
- p_ci_templates_pages_html
- p_ci_templates_dart
- p_ci_templates_docker
- p_ci_templates_julia
- p_ci_templates_npm
- p_ci_templates_dotnet_core
- p_ci_templates_5_minute_production_app
- p_ci_templates_ruby
- p_ci_templates_implicit_jobs_dast_default_branch_deploy
- p_ci_templates_implicit_jobs_load_performance_testing
- p_ci_templates_implicit_jobs_helm_2to3
- p_ci_templates_implicit_jobs_sast
- p_ci_templates_implicit_jobs_secret_detection
- p_ci_templates_implicit_jobs_code_intelligence
- p_ci_templates_implicit_jobs_code_quality
- p_ci_templates_implicit_jobs_deploy_ecs
- p_ci_templates_implicit_jobs_deploy_ec2
- p_ci_templates_implicit_auto_devops_deploy
- p_ci_templates_implicit_auto_devops_build
- p_ci_templates_implicit_jobs_browser_performance_testing
- p_ci_templates_implicit_jobs_test
- p_ci_templates_implicit_auto_devops_deploy_latest
- p_ci_templates_implicit_jobs_browser_performance_testing_latest
- p_ci_templates_implicit_jobs_cf_provision
- p_ci_templates_implicit_jobs_build_latest
- p_ci_templates_implicit_security_sast
- p_ci_templates_implicit_security_dast_runner_validation
- p_ci_templates_implicit_security_dast_on_demand_scan
- p_ci_templates_implicit_security_secret_detection
- p_ci_templates_implicit_security_license_scanning
- p_ci_templates_implicit_security_coverage_fuzzing
- p_ci_templates_implicit_security_api_fuzzing_latest
- p_ci_templates_implicit_security_secure_binaries
- p_ci_templates_implicit_security_dast_api
- p_ci_templates_implicit_security_container_scanning
- p_ci_templates_implicit_security_dast_latest
- p_ci_templates_implicit_security_dependency_scanning
- p_ci_templates_implicit_security_api_fuzzing
- p_ci_templates_implicit_security_dast
- p_ci_templates_implicit_security_cluster_image_scanning
distribution: distribution:
- ce - ce
- ee - ee
......
...@@ -42,7 +42,7 @@ module AppSec ...@@ -42,7 +42,7 @@ module AppSec
def ci_configuration def ci_configuration
{ {
'stages' => ['dast'], 'stages' => ['dast'],
'include' => [{ 'template' => 'DAST-On-Demand-Scan.gitlab-ci.yml' }], 'include' => [{ 'template' => 'Security/DAST-On-Demand-Scan.gitlab-ci.yml' }],
'dast' => { 'dast' => {
'dast_configuration' => { 'site_profile' => dast_site_profile.name, 'scanner_profile' => dast_scanner_profile&.name }.compact 'dast_configuration' => { 'site_profile' => dast_site_profile.name, 'scanner_profile' => dast_scanner_profile&.name }.compact
} }
......
...@@ -30,7 +30,7 @@ module AppSec ...@@ -30,7 +30,7 @@ module AppSec
end end
def ci_configuration def ci_configuration
{ 'include' => [{ 'template' => 'DAST-Runner-Validation.gitlab-ci.yml' }] } { 'include' => [{ 'template' => 'Security/DAST-Runner-Validation.gitlab-ci.yml' }] }
end end
def dast_site_validation_variables def dast_site_validation_variables
......
...@@ -19,7 +19,7 @@ module AppSec ...@@ -19,7 +19,7 @@ module AppSec
def preset_configuration def preset_configuration
{ {
'stages' => ['fuzz'], 'stages' => ['fuzz'],
'include' => [{ 'template' => 'API-Fuzzing.gitlab-ci.yml' }] 'include' => [{ 'template' => 'Security/API-Fuzzing.gitlab-ci.yml' }]
} }
end end
......
...@@ -38,7 +38,7 @@ RSpec.describe Mutations::AppSec::Fuzzing::API::CiConfiguration::Create do ...@@ -38,7 +38,7 @@ RSpec.describe Mutations::AppSec::Fuzzing::API::CiConfiguration::Create do
) )
expect(Psych.load(subject[:configuration_yaml])).to eq({ expect(Psych.load(subject[:configuration_yaml])).to eq({
'stages' => ['fuzz'], 'stages' => ['fuzz'],
'include' => [{ 'template' => 'API-Fuzzing.gitlab-ci.yml' }], 'include' => [{ 'template' => 'Security/API-Fuzzing.gitlab-ci.yml' }],
'variables' => { 'variables' => {
'FUZZAPI_HTTP_PASSWORD' => '$PASSWORD', 'FUZZAPI_HTTP_PASSWORD' => '$PASSWORD',
'FUZZAPI_HTTP_USERNAME' => '$USERNAME', 'FUZZAPI_HTTP_USERNAME' => '$USERNAME',
......
...@@ -52,7 +52,7 @@ RSpec.describe 'CreateApiFuzzingCiConfiguration' do ...@@ -52,7 +52,7 @@ RSpec.describe 'CreateApiFuzzingCiConfiguration' do
expect(gitlab_ci_yml_edit_path).to eq(project_ci_pipeline_editor_path(project)) expect(gitlab_ci_yml_edit_path).to eq(project_ci_pipeline_editor_path(project))
expect(Psych.load(yaml)).to eq({ expect(Psych.load(yaml)).to eq({
'stages' => ['fuzz'], 'stages' => ['fuzz'],
'include' => [{ 'template' => 'API-Fuzzing.gitlab-ci.yml' }], 'include' => [{ 'template' => 'Security/API-Fuzzing.gitlab-ci.yml' }],
'variables' => { 'variables' => {
'FUZZAPI_HTTP_PASSWORD' => '$PASSWORD', 'FUZZAPI_HTTP_PASSWORD' => '$PASSWORD',
'FUZZAPI_HTTP_USERNAME' => '$USERNAME', 'FUZZAPI_HTTP_USERNAME' => '$USERNAME',
......
...@@ -28,7 +28,7 @@ RSpec.describe AppSec::Dast::ScanConfigs::BuildService do ...@@ -28,7 +28,7 @@ RSpec.describe AppSec::Dast::ScanConfigs::BuildService do
stages: stages:
- dast - dast
include: include:
- template: DAST-On-Demand-Scan.gitlab-ci.yml - template: Security/DAST-On-Demand-Scan.gitlab-ci.yml
dast: dast:
dast_configuration: dast_configuration:
site_profile: #{dast_site_profile.name} site_profile: #{dast_site_profile.name}
...@@ -92,7 +92,7 @@ RSpec.describe AppSec::Dast::ScanConfigs::BuildService do ...@@ -92,7 +92,7 @@ RSpec.describe AppSec::Dast::ScanConfigs::BuildService do
stages: stages:
- dast - dast
include: include:
- template: DAST-On-Demand-Scan.gitlab-ci.yml - template: Security/DAST-On-Demand-Scan.gitlab-ci.yml
dast: dast:
dast_configuration: dast_configuration:
site_profile: #{dast_site_profile.name} site_profile: #{dast_site_profile.name}
......
...@@ -23,7 +23,7 @@ RSpec.describe ::AppSec::Fuzzing::API::CiConfigurationCreateService do ...@@ -23,7 +23,7 @@ RSpec.describe ::AppSec::Fuzzing::API::CiConfigurationCreateService do
it 'returns the API fuzzing configuration based on the given parameters' do it 'returns the API fuzzing configuration based on the given parameters' do
is_expected.to eq({ is_expected.to eq({
'stages' => ['fuzz'], 'stages' => ['fuzz'],
'include' => [{ 'template' => 'API-Fuzzing.gitlab-ci.yml' }], 'include' => [{ 'template' => 'Security/API-Fuzzing.gitlab-ci.yml' }],
'variables' => { 'variables' => {
'FUZZAPI_HTTP_PASSWORD' => '$PASSWORD', 'FUZZAPI_HTTP_PASSWORD' => '$PASSWORD',
'FUZZAPI_HTTP_USERNAME' => '$USERNAME', 'FUZZAPI_HTTP_USERNAME' => '$USERNAME',
...@@ -50,7 +50,7 @@ RSpec.describe ::AppSec::Fuzzing::API::CiConfigurationCreateService do ...@@ -50,7 +50,7 @@ RSpec.describe ::AppSec::Fuzzing::API::CiConfigurationCreateService do
it 'returns the API fuzzing configuration based on the given parameters' do it 'returns the API fuzzing configuration based on the given parameters' do
is_expected.to eq({ is_expected.to eq({
'stages' => ['fuzz'], 'stages' => ['fuzz'],
'include' => [{ 'template' => 'API-Fuzzing.gitlab-ci.yml' }], 'include' => [{ 'template' => 'Security/API-Fuzzing.gitlab-ci.yml' }],
'variables' => { 'variables' => {
'FUZZAPI_HTTP_PASSWORD' => '$PASSWORD', 'FUZZAPI_HTTP_PASSWORD' => '$PASSWORD',
'FUZZAPI_HTTP_USERNAME' => '$USERNAME', 'FUZZAPI_HTTP_USERNAME' => '$USERNAME',
...@@ -77,7 +77,7 @@ RSpec.describe ::AppSec::Fuzzing::API::CiConfigurationCreateService do ...@@ -77,7 +77,7 @@ RSpec.describe ::AppSec::Fuzzing::API::CiConfigurationCreateService do
it 'returns the API fuzzing configuration based on the given parameters' do it 'returns the API fuzzing configuration based on the given parameters' do
is_expected.to eq({ is_expected.to eq({
'stages' => ['fuzz'], 'stages' => ['fuzz'],
'include' => [{ 'template' => 'API-Fuzzing.gitlab-ci.yml' }], 'include' => [{ 'template' => 'Security/API-Fuzzing.gitlab-ci.yml' }],
'variables' => { 'variables' => {
'FUZZAPI_HTTP_PASSWORD' => '$PASSWORD', 'FUZZAPI_HTTP_PASSWORD' => '$PASSWORD',
'FUZZAPI_HTTP_USERNAME' => '$USERNAME', 'FUZZAPI_HTTP_USERNAME' => '$USERNAME',
...@@ -101,7 +101,7 @@ RSpec.describe ::AppSec::Fuzzing::API::CiConfigurationCreateService do ...@@ -101,7 +101,7 @@ RSpec.describe ::AppSec::Fuzzing::API::CiConfigurationCreateService do
it 'does not include them in the configuration' do it 'does not include them in the configuration' do
is_expected.to eq({ is_expected.to eq({
'stages' => ['fuzz'], 'stages' => ['fuzz'],
'include' => [{ 'template' => 'API-Fuzzing.gitlab-ci.yml' }], 'include' => [{ 'template' => 'Security/API-Fuzzing.gitlab-ci.yml' }],
'variables' => { 'variables' => {
'FUZZAPI_HAR' => 'https://api.gov/api_spec', 'FUZZAPI_HAR' => 'https://api.gov/api_spec',
'FUZZAPI_TARGET_URL' => 'https://api.gov' 'FUZZAPI_TARGET_URL' => 'https://api.gov'
......
...@@ -22,7 +22,7 @@ RSpec.describe Ci::CreatePipelineService do ...@@ -22,7 +22,7 @@ RSpec.describe Ci::CreatePipelineService do
let(:config) do let(:config) do
<<~EOY <<~EOY
include: include:
- template: DAST.gitlab-ci.yml - template: Security/DAST.gitlab-ci.yml
stages: stages:
- build - build
- dast - dast
...@@ -72,6 +72,10 @@ RSpec.describe Ci::CreatePipelineService do ...@@ -72,6 +72,10 @@ RSpec.describe Ci::CreatePipelineService do
project_features = project.licensed_features project_features = project.licensed_features
allow(project).to receive(:licensed_features).and_return(project_features << :dast) allow(project).to receive(:licensed_features).and_return(project_features << :dast)
# The latest version of the template does not run unless DAST is
# configured via environment variables.
stub_feature_flags(redirect_to_latest_template_security_dast: false)
end end
context 'when the stage is dast' do context 'when the stage is dast' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment