From a5f4bba440d7f9ea47046a0a561d49adf0a1e6d4 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Wed, 16 Jun 2021 18:25:58 +0000 Subject: Add latest changes from gitlab-org/gitlab@14-0-stable-ee --- .../ci_configuration/sast_build_action_spec.rb | 51 +++++++--------------- .../secret_detection_build_action_spec.rb | 8 ++-- 2 files changed, 19 insertions(+), 40 deletions(-) (limited to 'spec/lib/security') diff --git a/spec/lib/security/ci_configuration/sast_build_action_spec.rb b/spec/lib/security/ci_configuration/sast_build_action_spec.rb index 6a1ea68fdd6..5337e8d9c39 100644 --- a/spec/lib/security/ci_configuration/sast_build_action_spec.rb +++ b/spec/lib/security/ci_configuration/sast_build_action_spec.rb @@ -12,7 +12,6 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do [ { 'field' => 'stage', 'defaultValue' => 'test', 'value' => 'test' }, { 'field' => 'SEARCH_MAX_DEPTH', 'defaultValue' => 4, 'value' => 4 }, - { 'field' => 'SAST_ANALYZER_IMAGE_TAG', 'defaultValue' => 2, 'value' => 2 }, { 'field' => 'SAST_EXCLUDED_PATHS', 'defaultValue' => 'spec, test, tests, tmp', 'value' => 'spec, test, tests, tmp' } ] } end @@ -26,7 +25,6 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do [ { 'field' => 'stage', 'defaultValue' => 'test', 'value' => 'security' }, { 'field' => 'SEARCH_MAX_DEPTH', 'defaultValue' => 4, 'value' => 1 }, - { 'field' => 'SAST_ANALYZER_IMAGE_TAG', 'defaultValue' => 2, 'value' => 2 }, { 'field' => 'SAST_EXCLUDED_PATHS', 'defaultValue' => 'spec, test, tests, tmp', 'value' => 'spec,docs' } ] } end @@ -146,8 +144,6 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do subject(:result) { described_class.new(auto_devops_enabled, params_with_analyzer_info, gitlab_ci_content).generate } it 'writes SAST_EXCLUDED_ANALYZERS' do - stub_const('Security::CiConfiguration::SastBuildAction::SAST_DEFAULT_ANALYZERS', 'bandit, brakeman, flawfinder') - expect(result[:content]).to eq(sast_yaml_with_no_variables_set_but_analyzers) end end @@ -157,9 +153,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do subject(:result) { described_class.new(auto_devops_enabled, params_with_all_analyzers_enabled, gitlab_ci_content).generate } - it 'does not write SAST_DEFAULT_ANALYZERS or SAST_EXCLUDED_ANALYZERS' do - stub_const('Security::CiConfiguration::SastBuildAction::SAST_DEFAULT_ANALYZERS', 'brakeman, flawfinder') - + it 'does not write SAST_EXCLUDED_ANALYZERS' do expect(result[:content]).to eq(sast_yaml_with_no_variables_set) end end @@ -176,7 +170,6 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do [ { 'field' => 'stage', 'defaultValue' => 'test', 'value' => 'brand_new_stage' }, { 'field' => 'SEARCH_MAX_DEPTH', 'defaultValue' => 4, 'value' => 5 }, - { 'field' => 'SAST_ANALYZER_IMAGE_TAG', 'defaultValue' => 2, 'value' => 2 }, { 'field' => 'SAST_EXCLUDED_PATHS', 'defaultValue' => 'spec, test, tests, tmp', 'value' => 'spec,docs' } ] } end @@ -227,27 +220,27 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do def existing_gitlab_ci_and_template_array_without_sast { "stages" => %w(test security), "variables" => { "RANDOM" => "make sure this persists", "SECURE_ANALYZERS_PREFIX" => "localhost:5000/analyzers" }, - "sast" => { "variables" => { "SAST_ANALYZER_IMAGE_TAG" => 2, "SEARCH_MAX_DEPTH" => 1 }, "stage" => "security" }, + "sast" => { "variables" => { "SEARCH_MAX_DEPTH" => 1 }, "stage" => "security" }, "include" => [{ "template" => "existing.yml" }] } end def existing_gitlab_ci_and_single_template_with_sast_and_default_stage { "stages" => %w(test), "variables" => { "SECURE_ANALYZERS_PREFIX" => "localhost:5000/analyzers" }, - "sast" => { "variables" => { "SAST_ANALYZER_IMAGE_TAG" => 2, "SEARCH_MAX_DEPTH" => 1 }, "stage" => "test" }, + "sast" => { "variables" => { "SEARCH_MAX_DEPTH" => 1 }, "stage" => "test" }, "include" => { "template" => "Security/SAST.gitlab-ci.yml" } } end def existing_gitlab_ci_and_single_template_without_sast { "stages" => %w(test security), "variables" => { "RANDOM" => "make sure this persists", "SECURE_ANALYZERS_PREFIX" => "localhost:5000/analyzers" }, - "sast" => { "variables" => { "SAST_ANALYZER_IMAGE_TAG" => 2, "SEARCH_MAX_DEPTH" => 1 }, "stage" => "security" }, + "sast" => { "variables" => { "SEARCH_MAX_DEPTH" => 1 }, "stage" => "security" }, "include" => { "template" => "existing.yml" } } end def existing_gitlab_ci_with_no_variables { "stages" => %w(test security), - "sast" => { "variables" => { "SAST_ANALYZER_IMAGE_TAG" => 2, "SEARCH_MAX_DEPTH" => 1 }, "stage" => "security" }, + "sast" => { "variables" => { "SEARCH_MAX_DEPTH" => 1 }, "stage" => "security" }, "include" => [{ "template" => "Security/SAST.gitlab-ci.yml" }] } end @@ -267,7 +260,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do def existing_gitlab_ci { "stages" => %w(test security), "variables" => { "RANDOM" => "make sure this persists", "SECURE_ANALYZERS_PREFIX" => "bad_prefix" }, - "sast" => { "variables" => { "SAST_ANALYZER_IMAGE_TAG" => 2, "SEARCH_MAX_DEPTH" => 1 }, "stage" => "security" }, + "sast" => { "variables" => { "SEARCH_MAX_DEPTH" => 1 }, "stage" => "security" }, "include" => [{ "template" => "Security/SAST.gitlab-ci.yml" }] } end end @@ -319,20 +312,6 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do end end - describe 'Security::CiConfiguration::SastBuildAction::SAST_DEFAULT_ANALYZERS' do - subject(:variable) {Security::CiConfiguration::SastBuildAction::SAST_DEFAULT_ANALYZERS} - - it 'is sorted alphabetically' do - sorted_variable = Security::CiConfiguration::SastBuildAction::SAST_DEFAULT_ANALYZERS - .split(',') - .map(&:strip) - .sort - .join(', ') - - expect(variable).to eq(sorted_variable) - end - end - # stubbing this method allows this spec file to use fast_spec_helper def fast_auto_devops_stages auto_devops_template = YAML.safe_load( File.read('lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml') ) @@ -345,7 +324,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings # Note that environment variables can be set in several places - # See https://docs.gitlab.com/ee/ci/variables/#priority-of-environment-variables + # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence stages: - test sast: @@ -364,7 +343,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings # Note that environment variables can be set in several places - # See https://docs.gitlab.com/ee/ci/variables/#priority-of-environment-variables + # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence stages: - test sast: @@ -380,7 +359,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings # Note that environment variables can be set in several places - # See https://docs.gitlab.com/ee/ci/variables/#priority-of-environment-variables + # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence stages: - test - security @@ -402,7 +381,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings # Note that environment variables can be set in several places - # See https://docs.gitlab.com/ee/ci/variables/#priority-of-environment-variables + # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence stages: - build - test @@ -437,7 +416,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings # Note that environment variables can be set in several places - # See https://docs.gitlab.com/ee/ci/variables/#priority-of-environment-variables + # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence stages: - test - security @@ -461,7 +440,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings # Note that environment variables can be set in several places - # See https://docs.gitlab.com/ee/ci/variables/#priority-of-environment-variables + # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence stages: - test - security @@ -483,7 +462,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings # Note that environment variables can be set in several places - # See https://docs.gitlab.com/ee/ci/variables/#priority-of-environment-variables + # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence stages: - test - security @@ -506,7 +485,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings # Note that environment variables can be set in several places - # See https://docs.gitlab.com/ee/ci/variables/#priority-of-environment-variables + # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence stages: - test - security @@ -529,7 +508,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings # Note that environment variables can be set in several places - # See https://docs.gitlab.com/ee/ci/variables/#priority-of-environment-variables + # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence stages: - test - security diff --git a/spec/lib/security/ci_configuration/secret_detection_build_action_spec.rb b/spec/lib/security/ci_configuration/secret_detection_build_action_spec.rb index 31854fcf3a7..f6181c6ef7a 100644 --- a/spec/lib/security/ci_configuration/secret_detection_build_action_spec.rb +++ b/spec/lib/security/ci_configuration/secret_detection_build_action_spec.rb @@ -17,7 +17,7 @@ RSpec.describe Security::CiConfiguration::SecretDetectionBuildAction do # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings # Note that environment variables can be set in several places - # See https://docs.gitlab.com/ee/ci/variables/#priority-of-environment-variables + # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence stages: - test - security @@ -63,7 +63,7 @@ RSpec.describe Security::CiConfiguration::SecretDetectionBuildAction do # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings # Note that environment variables can be set in several places - # See https://docs.gitlab.com/ee/ci/variables/#priority-of-environment-variables + # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence stages: - test variables: @@ -112,7 +112,7 @@ RSpec.describe Security::CiConfiguration::SecretDetectionBuildAction do # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings # Note that environment variables can be set in several places - # See https://docs.gitlab.com/ee/ci/variables/#priority-of-environment-variables + # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence include: - template: Security/Secret-Detection.gitlab-ci.yml CI_YML @@ -132,7 +132,7 @@ RSpec.describe Security::CiConfiguration::SecretDetectionBuildAction do # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings # Note that environment variables can be set in several places - # See https://docs.gitlab.com/ee/ci/variables/#priority-of-environment-variables + # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence include: - template: Auto-DevOps.gitlab-ci.yml CI_YML -- cgit v1.2.3