Commit cbcfbee7 authored by Alex Pooley's avatar Alex Pooley

Merge branch '355526-dast-submit-field-db' into 'master'

Add dast_submit_field to DAST site profile

See merge request gitlab-org/gitlab!84245
parents ab8d9688 ae5c2556
# frozen_string_literal: true
class AddSubmitFieldToDastSiteProfiles < Gitlab::Database::Migration[1.0]
# rubocop:disable Migration/AddLimitToTextColumns
# limit is added in 20220331174459_add_text_limit_to_submit_field_dast_site_profiles
def change
add_column :dast_site_profiles, :auth_submit_field, :text
end
# rubocop:enable Migration/AddLimitToTextColumns
end
# frozen_string_literal: true
class AddTextLimitToSubmitFieldDastSiteProfiles < Gitlab::Database::Migration[1.0]
disable_ddl_transaction!
def up
add_text_limit :dast_site_profiles, :auth_submit_field, 255
end
def down
remove_text_limit :dast_site_profiles, :auth_submit_field
end
end
b4f2c1c90447a41d69f08ca2c5cbb5fb0baf1fe04e43d5dc86323d01be9e28ef
\ No newline at end of file
cc7da5bba5fd42a0c443290791eeee76491a29ab37a06f0a70806dc09ec1ceab
\ No newline at end of file
......@@ -14054,8 +14054,10 @@ CREATE TABLE dast_site_profiles (
auth_username text,
target_type smallint DEFAULT 0 NOT NULL,
scan_method smallint DEFAULT 0 NOT NULL,
auth_submit_field text,
CONSTRAINT check_5203110fee CHECK ((char_length(auth_username_field) <= 255)),
CONSTRAINT check_6cfab17b48 CHECK ((char_length(name) <= 255)),
CONSTRAINT check_af44f54c96 CHECK ((char_length(auth_submit_field) <= 255)),
CONSTRAINT check_c329dffdba CHECK ((char_length(auth_password_field) <= 255)),
CONSTRAINT check_d446f7047b CHECK ((char_length(auth_url) <= 1024)),
CONSTRAINT check_f22f18002a CHECK ((char_length(auth_username) <= 255))
......@@ -10,7 +10,7 @@ class DastSiteProfile < ApplicationRecord
validates :excluded_urls, length: { maximum: 25 }
validates :auth_url, addressable_url: true, length: { maximum: 1024 }, allow_nil: true
validates :auth_username_field, :auth_password_field, :auth_username, length: { maximum: 255 }
validates :auth_username_field, :auth_password_field, :auth_username, :auth_submit_field, length: { maximum: 255 }
validates :name, length: { maximum: 255 }, uniqueness: { scope: :project_id }, presence: true
validates :project_id, :dast_site_id, presence: true
......@@ -59,6 +59,7 @@ class DastSiteProfile < ApplicationRecord
variables.append(key: 'DAST_USERNAME', value: auth_username)
variables.append(key: 'DAST_USERNAME_FIELD', value: auth_username_field)
variables.append(key: 'DAST_PASSWORD_FIELD', value: auth_password_field)
variables.append(key: 'DAST_SUBMIT_FIELD', value: auth_submit_field)
end
end
......
......@@ -21,5 +21,9 @@ FactoryBot.define do
trait :with_dast_site_validation do
dast_site { association :dast_site, :with_dast_site_validation, project: project }
end
trait :with_dast_submit_field do
auth_submit_field { 'css:button[type="submit"]' }
end
end
end
......@@ -23,6 +23,7 @@ RSpec.describe DastSiteProfile, type: :model do
it { is_expected.to validate_length_of(:auth_url).is_at_most(1024).allow_nil }
it { is_expected.to validate_length_of(:auth_username).is_at_most(255) }
it { is_expected.to validate_length_of(:auth_username_field).is_at_most(255) }
it { is_expected.to validate_length_of(:auth_submit_field).is_at_most(255) }
it { is_expected.to validate_length_of(:name).is_at_most(255) }
it { is_expected.to validate_presence_of(:dast_site_id) }
it { is_expected.to validate_presence_of(:name) }
......@@ -226,17 +227,38 @@ RSpec.describe DastSiteProfile, type: :model do
let(:keys) { subject.ci_variables.map { |variable| variable[:key] } }
let(:excluded_urls) { subject.excluded_urls.join(',') }
it 'returns a collection of variables' do
expected_variables = [
{ key: 'DAST_WEBSITE', value: subject.dast_site.url, public: true, masked: false },
{ key: 'DAST_EXCLUDE_URLS', value: excluded_urls, public: true, masked: false },
{ key: 'DAST_AUTH_URL', value: subject.auth_url, public: true, masked: false },
{ key: 'DAST_USERNAME', value: subject.auth_username, public: true, masked: false },
{ key: 'DAST_USERNAME_FIELD', value: subject.auth_username_field, public: true, masked: false },
{ key: 'DAST_PASSWORD_FIELD', value: subject.auth_password_field, public: true, masked: false }
]
expect(collection.to_runner_variables).to eq(expected_variables)
context 'without_dast_submit_field' do
it 'returns a collection of variables' do
expected_variables = [
{ key: 'DAST_WEBSITE', value: subject.dast_site.url, public: true, masked: false },
{ key: 'DAST_EXCLUDE_URLS', value: excluded_urls, public: true, masked: false },
{ key: 'DAST_AUTH_URL', value: subject.auth_url, public: true, masked: false },
{ key: 'DAST_USERNAME', value: subject.auth_username, public: true, masked: false },
{ key: 'DAST_USERNAME_FIELD', value: subject.auth_username_field, public: true, masked: false },
{ key: 'DAST_PASSWORD_FIELD', value: subject.auth_password_field, public: true, masked: false }
]
expect(collection.to_runner_variables).to eq(expected_variables)
end
end
context 'with_dast_submit_field' do
subject { create(:dast_site_profile, :with_dast_site_validation, :with_dast_submit_field, project: project) }
it 'returns a collection of variables' do
expected_variables = [
{ key: 'DAST_WEBSITE', value: subject.dast_site.url, public: true, masked: false },
{ key: 'DAST_EXCLUDE_URLS', value: excluded_urls, public: true, masked: false },
{ key: 'DAST_AUTH_URL', value: subject.auth_url, public: true, masked: false },
{ key: 'DAST_USERNAME', value: subject.auth_username, public: true, masked: false },
{ key: 'DAST_USERNAME_FIELD', value: subject.auth_username_field, public: true, masked: false },
{ key: 'DAST_PASSWORD_FIELD', value: subject.auth_password_field, public: true, masked: false },
{ key: 'DAST_SUBMIT_FIELD', value: subject.auth_submit_field, public: true, masked: false }
]
expect(collection.to_runner_variables).to eq(expected_variables)
end
end
context 'when target_type=api' do
......@@ -254,7 +276,7 @@ RSpec.describe DastSiteProfile, type: :model do
subject { build(:dast_site_profile, auth_enabled: false) }
it 'returns a collection of variables excluding any auth variables', :aggregate_failures do
expect(keys).not_to include('DAST_AUTH_URL', 'DAST_USERNAME', 'DAST_USERNAME_FIELD', 'DAST_PASSWORD_FIELD')
expect(keys).not_to include('DAST_AUTH_URL', 'DAST_USERNAME', 'DAST_USERNAME_FIELD', 'DAST_PASSWORD_FIELD', 'DAST_SUBMIT_FIELD')
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment