gitlab-qa 14.14.0 → 14.15.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/docs/what_tests_can_be_run.md +24 -0
- data/fixtures/cvs/vulnerabilities_template.erb +2 -0
- data/lib/gitlab/qa/scenario/test/integration/continuous_vulnerability_scanning.rb +86 -0
- data/lib/gitlab/qa/version.rb +1 -1
- data/support/data/admin_access_token_seed.rb +1 -1
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 497913af708d5bd502f32c82f052d0dbcfddb70142979c9e2ecf76ea40ab76d8
|
|
4
|
+
data.tar.gz: 730eec75c41c7805635602a68d461844062dc786bf953071bc80a0256f5fec97
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e8e4b3d39cf8cdf652cdd0001bd1f3238e8f707e51159b3e48a8bf43d8827485684e18734b345a8a793afdb36bdc2fb8fe36437160ee997dc6a04a4647fb1b7b
|
|
7
|
+
data.tar.gz: c353c880a71f75860f0ffb6e8bfd13360680bdc5f31573abaa12b455194529273498728d9bbbbe48b61ffda62fddf1b7e02ddc93d5e1abb1ca96e0cbd68ae2be
|
data/Gemfile.lock
CHANGED
|
@@ -375,6 +375,30 @@ $ export EE_LICENSE=$(cat /path/to/Geo.gitlab_license)
|
|
|
375
375
|
$ gitlab-qa Test::Integration::Geo EE
|
|
376
376
|
```
|
|
377
377
|
|
|
378
|
+
[test-cvs]: ...
|
|
379
|
+
|
|
380
|
+
### `Test::Integration::ContinuousVulnerabilityScanning EE|<full image address>`
|
|
381
|
+
|
|
382
|
+
This tests [Continuous Vulnerability Scanning](https://docs.gitlab.com/ee/user/application_security/continuous_vulnerability_scanning/)
|
|
383
|
+
which is functionality to allow updated vulnerabilities to be downloaded and shown for
|
|
384
|
+
relevant software dependencies.
|
|
385
|
+
|
|
386
|
+
It is designed to run against a particular end to end spec as per the example.
|
|
387
|
+
|
|
388
|
+
It is EE functionality and requires a license to be set.
|
|
389
|
+
|
|
390
|
+
**Required environment variables:**
|
|
391
|
+
|
|
392
|
+
- `EE_LICENSE`: A valid EE license.
|
|
393
|
+
|
|
394
|
+
Example:
|
|
395
|
+
|
|
396
|
+
```shell
|
|
397
|
+
$ export EE_LICENSE=$(cat /path/to/gitlab_license)
|
|
398
|
+
$ export GITLAB_LICENSE_MODE=test
|
|
399
|
+
$ gitlab-qa Test::Integration::ContinuousVulnerabilityScanning EE
|
|
400
|
+
````
|
|
401
|
+
|
|
378
402
|
[test-geo]: https://gitlab.com/gitlab-org/gitlab-ee/blob/master/qa/qa/ee/scenario/test/geo.rb
|
|
379
403
|
|
|
380
404
|
### `Test::Integration::GitalyCluster CE|EE|<full image address>`
|
|
@@ -0,0 +1,2 @@
|
|
|
1
|
+
{"advisory":{"id":"<%= SecureRandom.uuid %>","source":"glad","title":"Arbitrary test vulnerability","description":"An arbitrary vulnerability exists for testing. This vulnerability should be picked up by Continuous Vulnerability Scanning.","cvss_v3":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","published_date":"<%= Date.today.prev_day.iso8601 %>","urls":["https://gitlab.com/willmeek"],"identifiers":[{"type":"cve","name":"CVE-2124-12345","value":"CVE-2124-12345","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2124-12345"},{"type":"ghsa","name":"GHSA-abcd-123e-fg4h","value":"GHSA-abcd-123e-fg4h","url":"https://gitlab.com/willmeek"},{"type":"cwe","name":"CWE-42","value":"42","url":"https://gitlab.com/willmeek"}]},"packages":[{"name":"RedCloth","purl_type":"gem","affected_range":"<=3.39.0","solution":"Upgrade to version 3.39.0 or above.","fixed_versions":["3.39.0"]}]}
|
|
2
|
+
{"advisory":{"id":"<%= SecureRandom.uuid %>","source":"glad","title":"Outdated test vulnerability","description":"An Outdated vulnerability exists for testing. This vulnerability should NOT be picked up by Continuous Vulnerability Scanning.","cvss_v3":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","published_date":"<%= (Date.today - 15).iso8601 %>","urls":["https://gitlab.com/willmeek"],"identifiers":[{"type":"cve","name":"CVE-2124-54321","value":"CVE-2124-54321","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2124-54321"},{"type":"ghsa","name":"GHSA-abcd-321e-fg4h","value":"GHSA-abcd-321e-fg4h","url":"https://gitlab.com/willmeek"},{"type":"cwe","name":"CWE-43","value":"43","url":"https://gitlab.com/willmeek"}]},"packages":[{"name":"RedCloth","purl_type":"gem","affected_range":"<=3.39.0","solution":"Upgrade to version 3.39.0 or above.","fixed_versions":["3.39.0"]}]}
|
|
@@ -0,0 +1,86 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'date'
|
|
4
|
+
require 'erb'
|
|
5
|
+
require 'pathname'
|
|
6
|
+
|
|
7
|
+
module Gitlab
|
|
8
|
+
module QA
|
|
9
|
+
module Scenario
|
|
10
|
+
module Test
|
|
11
|
+
module Integration
|
|
12
|
+
class ContinuousVulnerabilityScanning < Scenario::Template
|
|
13
|
+
def initialize
|
|
14
|
+
@network = Runtime::Env.docker_network
|
|
15
|
+
@tag = 'secure_cvs'
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def perform(release, *rspec_args)
|
|
19
|
+
Component::Gitlab.perform do |gitlab|
|
|
20
|
+
setup_and_run_tests(gitlab, release, *rspec_args)
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
private
|
|
25
|
+
|
|
26
|
+
def setup_and_run_tests(gitlab, release, *rspec_args)
|
|
27
|
+
set_up_gitlab(gitlab, release)
|
|
28
|
+
gitlab.instance do
|
|
29
|
+
place_new_vulnerabilities(gitlab)
|
|
30
|
+
run_specs(gitlab, *rspec_args)
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
def set_up_gitlab(gitlab, release)
|
|
35
|
+
gitlab.release = QA::Release.new(release)
|
|
36
|
+
gitlab.name = 'gitlab'
|
|
37
|
+
gitlab.network = @network
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def place_new_vulnerabilities(gitlab)
|
|
41
|
+
write_vulnerabilities(gitlab, generate_filepath, generate_vulnerabilities)
|
|
42
|
+
start_advisory_sync_worker(gitlab)
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
def generate_vulnerabilities
|
|
46
|
+
template = File.read(File.expand_path('../../../../../../fixtures/cvs/vulnerabilities_template.erb', __dir__))
|
|
47
|
+
ERB.new(template).result(binding)
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
def generate_filepath
|
|
51
|
+
File.join(
|
|
52
|
+
"/opt/gitlab/embedded/service/gitlab-rails/vendor/package_metadata/advisories/v2/rubygem/#{Time.now.to_i}",
|
|
53
|
+
'000000000.ndjson'
|
|
54
|
+
)
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
def write_vulnerabilities(gitlab, filepath, content)
|
|
58
|
+
gitlab.docker.exec(gitlab.name, "mkdir -p #{File.dirname(filepath)}")
|
|
59
|
+
gitlab.docker.write_files(gitlab.name) { |f| f.write(filepath, content, false) }
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
def start_advisory_sync_worker(gitlab)
|
|
63
|
+
gitlab.docker.exec(gitlab.name, "PM_SYNC_IN_DEV=true gitlab-rails runner 'loop do PackageMetadata::AdvisoriesSyncWorker.new.perform; sleep 30; end' &")
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
def run_specs(gitlab, *rspec_args)
|
|
67
|
+
Runtime::Logger.info('Running Continuous Vulnerability Scanning spec...')
|
|
68
|
+
rspec_args << "--" unless rspec_args.include?('--')
|
|
69
|
+
rspec_args << "--tag" << @tag
|
|
70
|
+
run_spec_component(gitlab, rspec_args)
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
def run_spec_component(gitlab, rspec_args)
|
|
74
|
+
Component::Specs.perform do |specs|
|
|
75
|
+
specs.suite = 'Test::Instance::All'
|
|
76
|
+
specs.release = gitlab.release
|
|
77
|
+
specs.network = gitlab.network
|
|
78
|
+
specs.args = [gitlab.address, *rspec_args]
|
|
79
|
+
end
|
|
80
|
+
end
|
|
81
|
+
end
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
end
|
|
85
|
+
end
|
|
86
|
+
end
|
data/lib/gitlab/qa/version.rb
CHANGED
|
@@ -18,7 +18,7 @@ class AdminAccessTokenSeed
|
|
|
18
18
|
|
|
19
19
|
admin_user.personal_access_tokens.build(token_params).tap do |pat|
|
|
20
20
|
pat.set_token(TOKEN_VALUE)
|
|
21
|
-
pat.organization = Organizations::Organization.default_organization
|
|
21
|
+
pat.organization = Organizations::Organization.default_organization if Gitlab.version_info >= Gitlab::VersionInfo.new(17, 4)
|
|
22
22
|
pat.save!
|
|
23
23
|
end
|
|
24
24
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: gitlab-qa
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 14.
|
|
4
|
+
version: 14.15.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- GitLab Quality
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-09-
|
|
11
|
+
date: 2024-09-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: climate_control
|
|
@@ -376,6 +376,7 @@ files:
|
|
|
376
376
|
- docs/waits.md
|
|
377
377
|
- docs/what_tests_can_be_run.md
|
|
378
378
|
- exe/gitlab-qa
|
|
379
|
+
- fixtures/cvs/vulnerabilities_template.erb
|
|
379
380
|
- fixtures/ldap/1_add_nodes.ldif
|
|
380
381
|
- fixtures/ldap/2_add_users.ldif
|
|
381
382
|
- fixtures/ldap/3_add_groups.ldif
|
|
@@ -450,6 +451,7 @@ files:
|
|
|
450
451
|
- lib/gitlab/qa/scenario/test/integration/ai_gateway_no_seat_assigned.rb
|
|
451
452
|
- lib/gitlab/qa/scenario/test/integration/chaos.rb
|
|
452
453
|
- lib/gitlab/qa/scenario/test/integration/client_ssl.rb
|
|
454
|
+
- lib/gitlab/qa/scenario/test/integration/continuous_vulnerability_scanning.rb
|
|
453
455
|
- lib/gitlab/qa/scenario/test/integration/elasticsearch.rb
|
|
454
456
|
- lib/gitlab/qa/scenario/test/integration/geo.rb
|
|
455
457
|
- lib/gitlab/qa/scenario/test/integration/gitaly_cluster.rb
|