diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-12-27 15:09:52 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-12-27 15:09:52 +0300 |
commit | f8740a1ade9d4614dde927d8983eeb288e783ccf (patch) | |
tree | 62fd1c7987409292658c2160e8d233341d7732b2 /spec | |
parent | 7596630be2bb8febb34e782817c8339ba6ec7b2c (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec')
-rw-r--r-- | spec/lib/gitlab/security/scan_configuration_spec.rb | 100 | ||||
-rw-r--r-- | spec/presenters/projects/security/configuration_presenter_spec.rb | 1 |
2 files changed, 101 insertions, 0 deletions
diff --git a/spec/lib/gitlab/security/scan_configuration_spec.rb b/spec/lib/gitlab/security/scan_configuration_spec.rb index 9151db3c5ff..706f6664a41 100644 --- a/spec/lib/gitlab/security/scan_configuration_spec.rb +++ b/spec/lib/gitlab/security/scan_configuration_spec.rb @@ -86,4 +86,104 @@ RSpec.describe ::Gitlab::Security::ScanConfiguration do it { is_expected.to be_falsey } end end + + describe '#security_features' do + subject { scan.security_features } + + using RSpec::Parameterized::TableSyntax + + where(:scan_type, :features_hash) do + :sast | { name: "Static Application Security Testing (SAST)", + short_name: "SAST", + description: "Analyze your source code for known vulnerabilities.", + help_path: "/help/user/application_security/sast/index", + config_help_path: "/help/user/application_security/sast/index#configuration", + type: "sast" } + :sast_iac | { name: "Infrastructure as Code (IaC) Scanning", + short_name: "ciReport|SAST IaC", + description: "Analyze your infrastructure as code configuration files for known vulnerabilities.", + help_path: "/help/user/application_security/iac_scanning/index", + config_help_path: "/help/user/application_security/iac_scanning/index#configuration", + type: "sast_iac" } + :dast | { + badge: { text: "Available on demand", + tooltip_text: "On-demand scans run outside of the DevOps " \ + "cycle and find vulnerabilities in your projects", + variant: "info" }, + secondary: { + type: "dast_profiles", + name: "DAST profiles", + description: "SecurityConfiguration|Manage profiles for use by DAST scans.", + configuration_text: "SecurityConfiguration|Manage profiles" + }, + name: "Dynamic Application Security Testing (DAST)", + short_name: "ciReport|DAST", + description: "ciReport|Analyze a deployed version of your web application for known " \ + "vulnerabilities by examining it from the outside in. DAST works by simulating " \ + "external attacks on your application while it is running.", + help_path: "/help/user/application_security/dast/index", + config_help_path: "/help/user/application_security/dast/index#enable-automatic-dast-run", + type: "dast", + anchor: "dast" + } + :dependency_scanning | { name: "Dependency Scanning", + description: "Analyze your dependencies for known vulnerabilities.", + help_path: "/help/user/application_security/dependency_scanning/index", + config_help_path: "/help/user/application_security/dependency_scanning/index#configuration", + type: "dependency_scanning", + anchor: "dependency-scanning" } + :container_scanning | { name: "Container Scanning", + description: "Check your Docker images for known vulnerabilities.", + help_path: "/help/user/application_security/container_scanning/index", + config_help_path: "/help/user/application_security/container_scanning/index#configuration", + type: "container_scanning" } + :secret_detection | { name: "Secret Detection", + description: "Analyze your source code and git history for secrets.", + help_path: "/help/user/application_security/secret_detection/index", + config_help_path: "/help/user/application_security/secret_detection/index#configuration", + type: "secret_detection" } + :api_fuzzing | { name: "API Fuzzing", + description: "Find bugs in your code with API fuzzing.", + help_path: "/help/user/application_security/api_fuzzing/index", + type: "api_fuzzing" } + :coverage_fuzzing | { name: "Coverage Fuzzing", + description: "Find bugs in your code with coverage-guided fuzzing.", + help_path: "/help/user/application_security/coverage_fuzzing/index", + config_help_path: "/help/user/application_security/coverage_fuzzing/index#enable-coverage-guided-fuzz-testing", + type: "coverage_fuzzing", + secondary: { type: "corpus_management", + name: "Corpus Management", + description: "SecurityConfiguration|Manage corpus files used as " \ + "seed inputs with coverage-guided fuzzing.", + configuration_text: "SecurityConfiguration|Manage corpus" } } + :breach_and_attack_simulation | { anchor: "bas", + badge: { always_display: true, + text: "SecurityConfiguration|Incubating feature", + tooltip_text: "SecurityConfiguration|Breach and Attack Simulation is an incubating feature " \ + "extending existing security " \ + "testing by simulating adversary activity.", + variant: "info" }, + description: "SecurityConfiguration|Simulate breach and attack scenarios against your running " \ + "application by attempting to detect " \ + "and exploit known vulnerabilities.", + name: "SecurityConfiguration|Breach and Attack Simulation (BAS)", + help_path: "/help/user/application_security/breach_and_attack_simulation/index", + secondary: { config_help_path: "/help/user/application_security/breach_and_attack_simulation/" \ + "index#extend-dynamic-application-security-testing-dast", + description: "SecurityConfiguration|Enable incubating Breach and " \ + "Attack Simulation focused features " \ + "such as callback attacks in your DAST scans.", + name: "SecurityConfiguration|Out-of-Band Application Security Testing (OAST)" }, + short_name: "SecurityConfiguration|BAS", + type: "breach_and_attack_simulation" } + :invalid | {} + end + + with_them do + let(:type) { scan_type } + let(:configured) { true } + + it { is_expected.to eq features_hash } + end + end end diff --git a/spec/presenters/projects/security/configuration_presenter_spec.rb b/spec/presenters/projects/security/configuration_presenter_spec.rb index fcd170dfd66..9f6efb08fb1 100644 --- a/spec/presenters/projects/security/configuration_presenter_spec.rb +++ b/spec/presenters/projects/security/configuration_presenter_spec.rb @@ -88,6 +88,7 @@ RSpec.describe Projects::Security::ConfigurationPresenter, feature_category: :so expect(feature['can_enable_by_merge_request']).to eq(true) expect(feature['meta_info_path']).to be_nil expect(feature['on_demand_available']).to eq(false) + expect(feature['security_features']).not_to be_empty end context 'when checking features configured status' do |