gitlab-qa 14.14.0 → 14.15.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/docs/what_tests_can_be_run.md +24 -0
  4. data/fixtures/cvs/vulnerabilities_template.erb +2 -0
  5. data/lib/gitlab/qa/scenario/test/integration/continuous_vulnerability_scanning.rb +86 -0
  6. data/lib/gitlab/qa/version.rb +1 -1
  7. data/support/data/admin_access_token_seed.rb +1 -1
  8. metadata +4 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d73b967d2138dc5d4937126e2eed2a7bf79869c7dbba222bb2288eeb5579b7fa
4
- data.tar.gz: c8c5ddbff3b831889fc0f670c00538e936a5528bb2ffc775f5db30abf93366a7
3
+ metadata.gz: 497913af708d5bd502f32c82f052d0dbcfddb70142979c9e2ecf76ea40ab76d8
4
+ data.tar.gz: 730eec75c41c7805635602a68d461844062dc786bf953071bc80a0256f5fec97
5
5
  SHA512:
6
- metadata.gz: c16e9f78c27107f1b512eff6101eb04c7ca39d6b8dd0cdd55cc08b3c07c5d4884a66ce378b61c5526983df982083b7b81e86d0cc3c87913e4050a4ea29ae9fea
7
- data.tar.gz: 55af607f3fa32af6494800b66c3bf1614426fe02191a21894e2553361b2979421912dcbef0b488f9021c5d6f281965019fc82f245e09a84db8049a6edd18cb18
6
+ metadata.gz: e8e4b3d39cf8cdf652cdd0001bd1f3238e8f707e51159b3e48a8bf43d8827485684e18734b345a8a793afdb36bdc2fb8fe36437160ee997dc6a04a4647fb1b7b
7
+ data.tar.gz: c353c880a71f75860f0ffb6e8bfd13360680bdc5f31573abaa12b455194529273498728d9bbbbe48b61ffda62fddf1b7e02ddc93d5e1abb1ca96e0cbd68ae2be
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- gitlab-qa (14.14.0)
4
+ gitlab-qa (14.15.0)
5
5
  activesupport (>= 6.1, < 7.2)
6
6
  gitlab (~> 4.19)
7
7
  http (~> 5.0)
data/docs/what_tests_can_be_run.md CHANGED
@@ -375,6 +375,30 @@ $ export EE_LICENSE=$(cat /path/to/Geo.gitlab_license)
375
375
  $ gitlab-qa Test::Integration::Geo EE
376
376
  ```
377
377
 
378
+ [test-cvs]: ...
379
+
380
+ ### `Test::Integration::ContinuousVulnerabilityScanning EE|<full image address>`
381
+
382
+ This tests [Continuous Vulnerability Scanning](https://docs.gitlab.com/ee/user/application_security/continuous_vulnerability_scanning/)
383
+ which is functionality to allow updated vulnerabilities to be downloaded and shown for
384
+ relevant software dependencies.
385
+
386
+ It is designed to run against a particular end to end spec as per the example.
387
+
388
+ It is EE functionality and requires a license to be set.
389
+
390
+ **Required environment variables:**
391
+
392
+ - `EE_LICENSE`: A valid EE license.
393
+
394
+ Example:
395
+
396
+ ```shell
397
+ $ export EE_LICENSE=$(cat /path/to/gitlab_license)
398
+ $ export GITLAB_LICENSE_MODE=test
399
+ $ gitlab-qa Test::Integration::ContinuousVulnerabilityScanning EE
400
+ ````
401
+
378
402
  [test-geo]: https://gitlab.com/gitlab-org/gitlab-ee/blob/master/qa/qa/ee/scenario/test/geo.rb
379
403
 
380
404
  ### `Test::Integration::GitalyCluster CE|EE|<full image address>`
data/fixtures/cvs/vulnerabilities_template.erb ADDED
@@ -0,0 +1,2 @@
1
+ {"advisory":{"id":"<%= SecureRandom.uuid %>","source":"glad","title":"Arbitrary test vulnerability","description":"An arbitrary vulnerability exists for testing. This vulnerability should be picked up by Continuous Vulnerability Scanning.","cvss_v3":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","published_date":"<%= Date.today.prev_day.iso8601 %>","urls":["https://gitlab.com/willmeek"],"identifiers":[{"type":"cve","name":"CVE-2124-12345","value":"CVE-2124-12345","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2124-12345"},{"type":"ghsa","name":"GHSA-abcd-123e-fg4h","value":"GHSA-abcd-123e-fg4h","url":"https://gitlab.com/willmeek"},{"type":"cwe","name":"CWE-42","value":"42","url":"https://gitlab.com/willmeek"}]},"packages":[{"name":"RedCloth","purl_type":"gem","affected_range":"<=3.39.0","solution":"Upgrade to version 3.39.0 or above.","fixed_versions":["3.39.0"]}]}
2
+ {"advisory":{"id":"<%= SecureRandom.uuid %>","source":"glad","title":"Outdated test vulnerability","description":"An Outdated vulnerability exists for testing. This vulnerability should NOT be picked up by Continuous Vulnerability Scanning.","cvss_v3":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","published_date":"<%= (Date.today - 15).iso8601 %>","urls":["https://gitlab.com/willmeek"],"identifiers":[{"type":"cve","name":"CVE-2124-54321","value":"CVE-2124-54321","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2124-54321"},{"type":"ghsa","name":"GHSA-abcd-321e-fg4h","value":"GHSA-abcd-321e-fg4h","url":"https://gitlab.com/willmeek"},{"type":"cwe","name":"CWE-43","value":"43","url":"https://gitlab.com/willmeek"}]},"packages":[{"name":"RedCloth","purl_type":"gem","affected_range":"<=3.39.0","solution":"Upgrade to version 3.39.0 or above.","fixed_versions":["3.39.0"]}]}
data/lib/gitlab/qa/scenario/test/integration/continuous_vulnerability_scanning.rb ADDED
@@ -0,0 +1,86 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'date'
4
+ require 'erb'
5
+ require 'pathname'
6
+
7
+ module Gitlab
8
+ module QA
9
+ module Scenario
10
+ module Test
11
+ module Integration
12
+ class ContinuousVulnerabilityScanning < Scenario::Template
13
+ def initialize
14
+ @network = Runtime::Env.docker_network
15
+ @tag = 'secure_cvs'
16
+ end
17
+
18
+ def perform(release, *rspec_args)
19
+ Component::Gitlab.perform do |gitlab|
20
+ setup_and_run_tests(gitlab, release, *rspec_args)
21
+ end
22
+ end
23
+
24
+ private
25
+
26
+ def setup_and_run_tests(gitlab, release, *rspec_args)
27
+ set_up_gitlab(gitlab, release)
28
+ gitlab.instance do
29
+ place_new_vulnerabilities(gitlab)
30
+ run_specs(gitlab, *rspec_args)
31
+ end
32
+ end
33
+
34
+ def set_up_gitlab(gitlab, release)
35
+ gitlab.release = QA::Release.new(release)
36
+ gitlab.name = 'gitlab'
37
+ gitlab.network = @network
38
+ end
39
+
40
+ def place_new_vulnerabilities(gitlab)
41
+ write_vulnerabilities(gitlab, generate_filepath, generate_vulnerabilities)
42
+ start_advisory_sync_worker(gitlab)
43
+ end
44
+
45
+ def generate_vulnerabilities
46
+ template = File.read(File.expand_path('../../../../../../fixtures/cvs/vulnerabilities_template.erb', __dir__))
47
+ ERB.new(template).result(binding)
48
+ end
49
+
50
+ def generate_filepath
51
+ File.join(
52
+ "/opt/gitlab/embedded/service/gitlab-rails/vendor/package_metadata/advisories/v2/rubygem/#{Time.now.to_i}",
53
+ '000000000.ndjson'
54
+ )
55
+ end
56
+
57
+ def write_vulnerabilities(gitlab, filepath, content)
58
+ gitlab.docker.exec(gitlab.name, "mkdir -p #{File.dirname(filepath)}")
59
+ gitlab.docker.write_files(gitlab.name) { |f| f.write(filepath, content, false) }
60
+ end
61
+
62
+ def start_advisory_sync_worker(gitlab)
63
+ gitlab.docker.exec(gitlab.name, "PM_SYNC_IN_DEV=true gitlab-rails runner 'loop do PackageMetadata::AdvisoriesSyncWorker.new.perform; sleep 30; end' &")
64
+ end
65
+
66
+ def run_specs(gitlab, *rspec_args)
67
+ Runtime::Logger.info('Running Continuous Vulnerability Scanning spec...')
68
+ rspec_args << "--" unless rspec_args.include?('--')
69
+ rspec_args << "--tag" << @tag
70
+ run_spec_component(gitlab, rspec_args)
71
+ end
72
+
73
+ def run_spec_component(gitlab, rspec_args)
74
+ Component::Specs.perform do |specs|
75
+ specs.suite = 'Test::Instance::All'
76
+ specs.release = gitlab.release
77
+ specs.network = gitlab.network
78
+ specs.args = [gitlab.address, *rspec_args]
79
+ end
80
+ end
81
+ end
82
+ end
83
+ end
84
+ end
85
+ end
86
+ end
data/lib/gitlab/qa/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Gitlab
4
4
  module QA
5
- VERSION = '14.14.0'
5
+ VERSION = '14.15.0'
6
6
  end
7
7
  end
data/support/data/admin_access_token_seed.rb CHANGED
@@ -18,7 +18,7 @@ class AdminAccessTokenSeed
18
18
 
19
19
  admin_user.personal_access_tokens.build(token_params).tap do |pat|
20
20
  pat.set_token(TOKEN_VALUE)
21
- pat.organization = Organizations::Organization.default_organization
21
+ pat.organization = Organizations::Organization.default_organization if Gitlab.version_info >= Gitlab::VersionInfo.new(17, 4)
22
22
  pat.save!
23
23
  end
24
24
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gitlab-qa
3
3
  version: !ruby/object:Gem::Version
4
- version: 14.14.0
4
+ version: 14.15.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - GitLab Quality
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2024-09-11 00:00:00.000000000 Z
11
+ date: 2024-09-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: climate_control
@@ -376,6 +376,7 @@ files:
376
376
  - docs/waits.md
377
377
  - docs/what_tests_can_be_run.md
378
378
  - exe/gitlab-qa
379
+ - fixtures/cvs/vulnerabilities_template.erb
379
380
  - fixtures/ldap/1_add_nodes.ldif
380
381
  - fixtures/ldap/2_add_users.ldif
381
382
  - fixtures/ldap/3_add_groups.ldif
@@ -450,6 +451,7 @@ files:
450
451
  - lib/gitlab/qa/scenario/test/integration/ai_gateway_no_seat_assigned.rb
451
452
  - lib/gitlab/qa/scenario/test/integration/chaos.rb
452
453
  - lib/gitlab/qa/scenario/test/integration/client_ssl.rb
454
+ - lib/gitlab/qa/scenario/test/integration/continuous_vulnerability_scanning.rb
453
455
  - lib/gitlab/qa/scenario/test/integration/elasticsearch.rb
454
456
  - lib/gitlab/qa/scenario/test/integration/geo.rb
455
457
  - lib/gitlab/qa/scenario/test/integration/gitaly_cluster.rb