Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
ba5ddcb8
Commit
ba5ddcb8
authored
Sep 14, 2021
by
Aditya Tiwari
Committed by
Bob Van Landuyt
Sep 14, 2021
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Create a DAST Profile schedule for existing profile
parent
98a4386b
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
57 additions
and
15 deletions
+57
-15
ee/app/services/app_sec/dast/profiles/audit/update_service.rb
...pp/services/app_sec/dast/profiles/audit/update_service.rb
+1
-1
ee/app/services/app_sec/dast/profiles/update_service.rb
ee/app/services/app_sec/dast/profiles/update_service.rb
+27
-10
ee/spec/services/app_sec/dast/profiles/update_service_spec.rb
...pec/services/app_sec/dast/profiles/update_service_spec.rb
+29
-4
No files found.
ee/app/services/app_sec/dast/profiles/audit/update_service.rb
View file @
ba5ddcb8
...
...
@@ -9,7 +9,7 @@ module AppSec
params
[
:new_params
].
each
do
|
property
,
new_value
|
old_value
=
params
[
:old_params
][
property
]
next
if
old_value
==
new_value
next
if
old_value
.
to_s
==
new_value
.
to_s
::
Gitlab
::
Audit
::
Auditor
.
audit
(
name:
'dast_profile_update'
,
...
...
ee/app/services/app_sec/dast/profiles/update_service.rb
View file @
ba5ddcb8
...
...
@@ -9,14 +9,13 @@ module AppSec
def
execute
return
unauthorized
unless
allowed?
return
error
(
'Profile parameter missing'
)
unless
dast_profile
return
error
(
'Dast Profile Schedule not found'
)
if
update_schedule?
&&
!
schedule
build_auditors!
ApplicationRecord
.
transaction
do
dast_profile
.
update!
(
dast_profile_params
)
update_
schedule
if
update_schedule?
update_
or_create_schedule!
if
schedule_input_params
end
execute_auditors!
...
...
@@ -44,23 +43,31 @@ module AppSec
private
attr_reader
:auditors
attr_reader
:auditors
,
:create_schedule_audit
def
allowed?
container
.
licensed_feature_available?
(
:security_on_demand_scans
)
&&
can?
(
current_user
,
:create_on_demand_dast_scan
,
container
)
end
def
update_schedule?
schedule_input_params
.
present?
end
def
update_or_create_schedule!
if
schedule
schedule
.
update!
(
schedule_input_params
)
else
::
Dast
::
ProfileSchedule
.
new
(
dast_profile:
dast_profile
,
owner:
current_user
,
project:
container
).
tap
do
|
dast_schedule
|
dast_schedule
.
update!
(
schedule_input_params
)
end
def
update_schedul
e
schedule
.
update!
(
schedule_input_params
)
@create_schedule_audit
=
tru
e
end
end
def
schedule
@schedule
||=
dast_profile
.
dast_profile_schedule
dast_profile
.
dast_profile_schedule
end
def
error
(
message
,
opts
=
{})
...
...
@@ -98,7 +105,7 @@ module AppSec
})
]
if
schedule_input_params
if
schedule_input_params
&&
schedule
@auditors
<<
AppSec
::
Dast
::
ProfileSchedules
::
Audit
::
UpdateService
.
new
(
project:
container
,
current_user:
current_user
,
params:
{
dast_profile_schedule:
schedule
,
...
...
@@ -110,6 +117,16 @@ module AppSec
def
execute_auditors!
auditors
.
map
(
&
:execute
)
if
create_schedule_audit
::
Gitlab
::
Audit
::
Auditor
.
audit
(
name:
'dast_profile_schedule_create'
,
author:
current_user
,
scope:
container
,
target:
schedule
,
message:
'Added DAST profile schedule'
)
end
end
def
create_scan
(
dast_profile
)
...
...
ee/spec/services/app_sec/dast/profiles/update_service_spec.rb
View file @
ba5ddcb8
...
...
@@ -92,11 +92,36 @@ RSpec.describe AppSec::Dast::Profiles::UpdateService do
end
context
'when associated schedule is not present'
do
it
'communicates failure for dast_profile_schedule'
do
before
do
expect
(
dast_profile
.
dast_profile_schedule
).
to
be
nil
end
it
'creates a new schedule'
do
aggregate_failures
do
expect
{
subject
}.
to
change
{
Dast
::
ProfileSchedule
.
count
}.
by
(
1
)
end
end
it
'returns the success status'
do
expect
(
subject
.
status
).
to
eq
(
:success
)
end
it
'audits the creation'
do
schedule
=
subject
.
payload
[
:dast_profile_schedule
]
audit_event
=
AuditEvent
.
find_by
(
target_id:
schedule
.
id
)
aggregate_failures
do
expect
(
dast_profile
.
dast_profile_schedule
).
to
be
nil
expect
(
subject
.
status
).
to
eq
(
:error
)
expect
(
subject
.
message
).
to
include
(
'Dast Profile Schedule not found'
)
expect
(
audit_event
.
author
).
to
eq
(
user
)
expect
(
audit_event
.
entity
).
to
eq
(
project
)
expect
(
audit_event
.
target_id
).
to
eq
(
dast_profile
.
dast_profile_schedule
.
id
)
expect
(
audit_event
.
target_type
).
to
eq
(
'Dast::ProfileSchedule'
)
expect
(
audit_event
.
details
).
to
eq
({
author_name:
user
.
name
,
custom_message:
'Added DAST profile schedule'
,
target_id:
schedule
.
id
,
target_type:
'Dast::ProfileSchedule'
,
target_details:
user
.
name
})
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment