gitlab-qa 14.14.0 → 14.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d73b967d2138dc5d4937126e2eed2a7bf79869c7dbba222bb2288eeb5579b7fa
4
- data.tar.gz: c8c5ddbff3b831889fc0f670c00538e936a5528bb2ffc775f5db30abf93366a7
3
+ metadata.gz: 497913af708d5bd502f32c82f052d0dbcfddb70142979c9e2ecf76ea40ab76d8
4
+ data.tar.gz: 730eec75c41c7805635602a68d461844062dc786bf953071bc80a0256f5fec97
5
5
  SHA512:
6
- metadata.gz: c16e9f78c27107f1b512eff6101eb04c7ca39d6b8dd0cdd55cc08b3c07c5d4884a66ce378b61c5526983df982083b7b81e86d0cc3c87913e4050a4ea29ae9fea
7
- data.tar.gz: 55af607f3fa32af6494800b66c3bf1614426fe02191a21894e2553361b2979421912dcbef0b488f9021c5d6f281965019fc82f245e09a84db8049a6edd18cb18
6
+ metadata.gz: e8e4b3d39cf8cdf652cdd0001bd1f3238e8f707e51159b3e48a8bf43d8827485684e18734b345a8a793afdb36bdc2fb8fe36437160ee997dc6a04a4647fb1b7b
7
+ data.tar.gz: c353c880a71f75860f0ffb6e8bfd13360680bdc5f31573abaa12b455194529273498728d9bbbbe48b61ffda62fddf1b7e02ddc93d5e1abb1ca96e0cbd68ae2be
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- gitlab-qa (14.14.0)
4
+ gitlab-qa (14.15.0)
5
5
  activesupport (>= 6.1, < 7.2)
6
6
  gitlab (~> 4.19)
7
7
  http (~> 5.0)
@@ -375,6 +375,30 @@ $ export EE_LICENSE=$(cat /path/to/Geo.gitlab_license)
375
375
  $ gitlab-qa Test::Integration::Geo EE
376
376
  ```
377
377
 
378
+ [test-cvs]: ...
379
+
380
+ ### `Test::Integration::ContinuousVulnerabilityScanning EE|<full image address>`
381
+
382
+ This tests [Continuous Vulnerability Scanning](https://docs.gitlab.com/ee/user/application_security/continuous_vulnerability_scanning/)
383
+ which is functionality to allow updated vulnerabilities to be downloaded and shown for
384
+ relevant software dependencies.
385
+
386
+ It is designed to run against a particular end to end spec as per the example.
387
+
388
+ It is EE functionality and requires a license to be set.
389
+
390
+ **Required environment variables:**
391
+
392
+ - `EE_LICENSE`: A valid EE license.
393
+
394
+ Example:
395
+
396
+ ```shell
397
+ $ export EE_LICENSE=$(cat /path/to/gitlab_license)
398
+ $ export GITLAB_LICENSE_MODE=test
399
+ $ gitlab-qa Test::Integration::ContinuousVulnerabilityScanning EE
400
+ ````
401
+
378
402
  [test-geo]: https://gitlab.com/gitlab-org/gitlab-ee/blob/master/qa/qa/ee/scenario/test/geo.rb
379
403
 
380
404
  ### `Test::Integration::GitalyCluster CE|EE|<full image address>`
@@ -0,0 +1,2 @@
1
+ {"advisory":{"id":"<%= SecureRandom.uuid %>","source":"glad","title":"Arbitrary test vulnerability","description":"An arbitrary vulnerability exists for testing. This vulnerability should be picked up by Continuous Vulnerability Scanning.","cvss_v3":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","published_date":"<%= Date.today.prev_day.iso8601 %>","urls":["https://gitlab.com/willmeek"],"identifiers":[{"type":"cve","name":"CVE-2124-12345","value":"CVE-2124-12345","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2124-12345"},{"type":"ghsa","name":"GHSA-abcd-123e-fg4h","value":"GHSA-abcd-123e-fg4h","url":"https://gitlab.com/willmeek"},{"type":"cwe","name":"CWE-42","value":"42","url":"https://gitlab.com/willmeek"}]},"packages":[{"name":"RedCloth","purl_type":"gem","affected_range":"<=3.39.0","solution":"Upgrade to version 3.39.0 or above.","fixed_versions":["3.39.0"]}]}
2
+ {"advisory":{"id":"<%= SecureRandom.uuid %>","source":"glad","title":"Outdated test vulnerability","description":"An Outdated vulnerability exists for testing. This vulnerability should NOT be picked up by Continuous Vulnerability Scanning.","cvss_v3":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","published_date":"<%= (Date.today - 15).iso8601 %>","urls":["https://gitlab.com/willmeek"],"identifiers":[{"type":"cve","name":"CVE-2124-54321","value":"CVE-2124-54321","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2124-54321"},{"type":"ghsa","name":"GHSA-abcd-321e-fg4h","value":"GHSA-abcd-321e-fg4h","url":"https://gitlab.com/willmeek"},{"type":"cwe","name":"CWE-43","value":"43","url":"https://gitlab.com/willmeek"}]},"packages":[{"name":"RedCloth","purl_type":"gem","affected_range":"<=3.39.0","solution":"Upgrade to version 3.39.0 or above.","fixed_versions":["3.39.0"]}]}
@@ -0,0 +1,86 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'date'
4
+ require 'erb'
5
+ require 'pathname'
6
+
7
+ module Gitlab
8
+ module QA
9
+ module Scenario
10
+ module Test
11
+ module Integration
12
+ class ContinuousVulnerabilityScanning < Scenario::Template
13
+ def initialize
14
+ @network = Runtime::Env.docker_network
15
+ @tag = 'secure_cvs'
16
+ end
17
+
18
+ def perform(release, *rspec_args)
19
+ Component::Gitlab.perform do |gitlab|
20
+ setup_and_run_tests(gitlab, release, *rspec_args)
21
+ end
22
+ end
23
+
24
+ private
25
+
26
+ def setup_and_run_tests(gitlab, release, *rspec_args)
27
+ set_up_gitlab(gitlab, release)
28
+ gitlab.instance do
29
+ place_new_vulnerabilities(gitlab)
30
+ run_specs(gitlab, *rspec_args)
31
+ end
32
+ end
33
+
34
+ def set_up_gitlab(gitlab, release)
35
+ gitlab.release = QA::Release.new(release)
36
+ gitlab.name = 'gitlab'
37
+ gitlab.network = @network
38
+ end
39
+
40
+ def place_new_vulnerabilities(gitlab)
41
+ write_vulnerabilities(gitlab, generate_filepath, generate_vulnerabilities)
42
+ start_advisory_sync_worker(gitlab)
43
+ end
44
+
45
+ def generate_vulnerabilities
46
+ template = File.read(File.expand_path('../../../../../../fixtures/cvs/vulnerabilities_template.erb', __dir__))
47
+ ERB.new(template).result(binding)
48
+ end
49
+
50
+ def generate_filepath
51
+ File.join(
52
+ "/opt/gitlab/embedded/service/gitlab-rails/vendor/package_metadata/advisories/v2/rubygem/#{Time.now.to_i}",
53
+ '000000000.ndjson'
54
+ )
55
+ end
56
+
57
+ def write_vulnerabilities(gitlab, filepath, content)
58
+ gitlab.docker.exec(gitlab.name, "mkdir -p #{File.dirname(filepath)}")
59
+ gitlab.docker.write_files(gitlab.name) { |f| f.write(filepath, content, false) }
60
+ end
61
+
62
+ def start_advisory_sync_worker(gitlab)
63
+ gitlab.docker.exec(gitlab.name, "PM_SYNC_IN_DEV=true gitlab-rails runner 'loop do PackageMetadata::AdvisoriesSyncWorker.new.perform; sleep 30; end' &")
64
+ end
65
+
66
+ def run_specs(gitlab, *rspec_args)
67
+ Runtime::Logger.info('Running Continuous Vulnerability Scanning spec...')
68
+ rspec_args << "--" unless rspec_args.include?('--')
69
+ rspec_args << "--tag" << @tag
70
+ run_spec_component(gitlab, rspec_args)
71
+ end
72
+
73
+ def run_spec_component(gitlab, rspec_args)
74
+ Component::Specs.perform do |specs|
75
+ specs.suite = 'Test::Instance::All'
76
+ specs.release = gitlab.release
77
+ specs.network = gitlab.network
78
+ specs.args = [gitlab.address, *rspec_args]
79
+ end
80
+ end
81
+ end
82
+ end
83
+ end
84
+ end
85
+ end
86
+ end
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Gitlab
4
4
  module QA
5
- VERSION = '14.14.0'
5
+ VERSION = '14.15.0'
6
6
  end
7
7
  end
@@ -18,7 +18,7 @@ class AdminAccessTokenSeed
18
18
 
19
19
  admin_user.personal_access_tokens.build(token_params).tap do |pat|
20
20
  pat.set_token(TOKEN_VALUE)
21
- pat.organization = Organizations::Organization.default_organization
21
+ pat.organization = Organizations::Organization.default_organization if Gitlab.version_info >= Gitlab::VersionInfo.new(17, 4)
22
22
  pat.save!
23
23
  end
24
24
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gitlab-qa
3
3
  version: !ruby/object:Gem::Version
4
- version: 14.14.0
4
+ version: 14.15.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - GitLab Quality
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2024-09-11 00:00:00.000000000 Z
11
+ date: 2024-09-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: climate_control
@@ -376,6 +376,7 @@ files:
376
376
  - docs/waits.md
377
377
  - docs/what_tests_can_be_run.md
378
378
  - exe/gitlab-qa
379
+ - fixtures/cvs/vulnerabilities_template.erb
379
380
  - fixtures/ldap/1_add_nodes.ldif
380
381
  - fixtures/ldap/2_add_users.ldif
381
382
  - fixtures/ldap/3_add_groups.ldif
@@ -450,6 +451,7 @@ files:
450
451
  - lib/gitlab/qa/scenario/test/integration/ai_gateway_no_seat_assigned.rb
451
452
  - lib/gitlab/qa/scenario/test/integration/chaos.rb
452
453
  - lib/gitlab/qa/scenario/test/integration/client_ssl.rb
454
+ - lib/gitlab/qa/scenario/test/integration/continuous_vulnerability_scanning.rb
453
455
  - lib/gitlab/qa/scenario/test/integration/elasticsearch.rb
454
456
  - lib/gitlab/qa/scenario/test/integration/geo.rb
455
457
  - lib/gitlab/qa/scenario/test/integration/gitaly_cluster.rb