diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-05-19 18:44:42 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-05-19 18:44:42 +0300 |
commit | 4555e1b21c365ed8303ffb7a3325d773c9b8bf31 (patch) | |
tree | 5423a1c7516cffe36384133ade12572cf709398d /app/services/security | |
parent | e570267f2f6b326480d284e0164a6464ba4081bc (diff) |
Add latest changes from gitlab-org/gitlab@13-12-stable-eev13.12.0-rc42
Diffstat (limited to 'app/services/security')
4 files changed, 100 insertions, 47 deletions
diff --git a/app/services/security/ci_configuration/base_create_service.rb b/app/services/security/ci_configuration/base_create_service.rb new file mode 100644 index 00000000000..adb45244adb --- /dev/null +++ b/app/services/security/ci_configuration/base_create_service.rb @@ -0,0 +1,62 @@ +# frozen_string_literal: true + +module Security + module CiConfiguration + class BaseCreateService + attr_reader :branch_name, :current_user, :project + + def initialize(project, current_user) + @project = project + @current_user = current_user + @branch_name = project.repository.next_branch(next_branch) + end + + def execute + project.repository.add_branch(current_user, branch_name, project.default_branch) + + attributes_for_commit = attributes + + result = ::Files::MultiService.new(project, current_user, attributes_for_commit).execute + + return ServiceResponse.error(message: result[:message]) unless result[:status] == :success + + track_event(attributes_for_commit) + ServiceResponse.success(payload: { branch: branch_name, success_path: successful_change_path }) + rescue Gitlab::Git::PreReceiveError => e + ServiceResponse.error(message: e.message) + rescue StandardError + project.repository.rm_branch(current_user, branch_name) if project.repository.branch_exists?(branch_name) + raise + end + + private + + def attributes + { + commit_message: message, + branch_name: branch_name, + start_branch: branch_name, + actions: [action] + } + end + + def existing_gitlab_ci_content + @gitlab_ci_yml ||= project.repository.gitlab_ci_yml_for(project.repository.root_ref_sha) + YAML.safe_load(@gitlab_ci_yml) if @gitlab_ci_yml + end + + def successful_change_path + merge_request_params = { source_branch: branch_name, description: description } + Gitlab::Routing.url_helpers.project_new_merge_request_url(project, merge_request: merge_request_params) + end + + def track_event(attributes_for_commit) + action = attributes_for_commit[:actions].first + + Gitlab::Tracking.event( + self.class.to_s, action[:action], label: action[:default_values_overwritten].to_s + ) + end + end + end +end diff --git a/app/services/security/ci_configuration/sast_create_service.rb b/app/services/security/ci_configuration/sast_create_service.rb index 8fc3b8d078c..f495cac18f8 100644 --- a/app/services/security/ci_configuration/sast_create_service.rb +++ b/app/services/security/ci_configuration/sast_create_service.rb @@ -2,64 +2,30 @@ module Security module CiConfiguration - class SastCreateService < ::BaseService + class SastCreateService < ::Security::CiConfiguration::BaseCreateService + attr_reader :params + def initialize(project, current_user, params) - @project = project - @current_user = current_user + super(project, current_user) @params = params - @branch_name = @project.repository.next_branch('set-sast-config') - end - - def execute - attributes_for_commit = attributes - result = ::Files::MultiService.new(@project, @current_user, attributes_for_commit).execute - - if result[:status] == :success - result[:success_path] = successful_change_path - track_event(attributes_for_commit) - else - result[:errors] = result[:message] - end - - result - - rescue Gitlab::Git::PreReceiveError => e - { status: :error, errors: e.message } end private - def attributes - actions = Security::CiConfiguration::SastBuildActions.new(@project.auto_devops_enabled?, @params, existing_gitlab_ci_content).generate - - @project.repository.add_branch(@current_user, @branch_name, @project.default_branch) - message = _('Set .gitlab-ci.yml to enable or configure SAST') - - { - commit_message: message, - branch_name: @branch_name, - start_branch: @branch_name, - actions: actions - } + def action + Security::CiConfiguration::SastBuildAction.new(project.auto_devops_enabled?, params, existing_gitlab_ci_content).generate end - def existing_gitlab_ci_content - gitlab_ci_yml = @project.repository.gitlab_ci_yml_for(@project.repository.root_ref_sha) - YAML.safe_load(gitlab_ci_yml) if gitlab_ci_yml + def next_branch + 'set-sast-config' end - def successful_change_path - description = _('Set .gitlab-ci.yml to enable or configure SAST security scanning using the GitLab managed template. You can [add variable overrides](https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings) to customize SAST settings.') - merge_request_params = { source_branch: @branch_name, description: description } - Gitlab::Routing.url_helpers.project_new_merge_request_url(@project, merge_request: merge_request_params) + def message + _('Configure SAST in `.gitlab-ci.yml`, creating this file if it does not already exist') end - def track_event(attributes_for_commit) - action = attributes_for_commit[:actions].first - - Gitlab::Tracking.event( - self.class.to_s, action[:action], label: action[:default_values_overwritten].to_s - ) + def description + _('Configure SAST in `.gitlab-ci.yml` using the GitLab managed template. You can [add variable overrides](https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings) to customize SAST settings.') end end end diff --git a/app/services/security/ci_configuration/sast_parser_service.rb b/app/services/security/ci_configuration/sast_parser_service.rb index a8fe5764d19..5220525d552 100644 --- a/app/services/security/ci_configuration/sast_parser_service.rb +++ b/app/services/security/ci_configuration/sast_parser_service.rb @@ -74,7 +74,7 @@ module Security def sast_excluded_analyzers strong_memoize(:sast_excluded_analyzers) do - all_analyzers = Security::CiConfiguration::SastBuildActions::SAST_DEFAULT_ANALYZERS.split(', ') rescue [] + all_analyzers = Security::CiConfiguration::SastBuildAction::SAST_DEFAULT_ANALYZERS.split(', ') rescue [] enabled_analyzers = sast_default_analyzers.split(',').map(&:strip) rescue [] excluded_analyzers = gitlab_ci_yml_attributes["SAST_EXCLUDED_ANALYZERS"] || sast_template_attributes["SAST_EXCLUDED_ANALYZERS"] diff --git a/app/services/security/ci_configuration/secret_detection_create_service.rb b/app/services/security/ci_configuration/secret_detection_create_service.rb new file mode 100644 index 00000000000..ff3458d36fc --- /dev/null +++ b/app/services/security/ci_configuration/secret_detection_create_service.rb @@ -0,0 +1,25 @@ +# frozen_string_literal: true + +module Security + module CiConfiguration + class SecretDetectionCreateService < ::Security::CiConfiguration::BaseCreateService + private + + def action + Security::CiConfiguration::SecretDetectionBuildAction.new(project.auto_devops_enabled?, existing_gitlab_ci_content).generate + end + + def next_branch + 'set-secret-detection-config' + end + + def message + _('Configure Secret Detection in `.gitlab-ci.yml`, creating this file if it does not already exist') + end + + def description + _('Configure Secret Detection in `.gitlab-ci.yml` using the GitLab managed template. You can [add variable overrides](https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings) to customize Secret Detection settings.') + end + end + end +end |