gitlab-qa 14.14.0 → 14.16.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d73b967d2138dc5d4937126e2eed2a7bf79869c7dbba222bb2288eeb5579b7fa
4
- data.tar.gz: c8c5ddbff3b831889fc0f670c00538e936a5528bb2ffc775f5db30abf93366a7
3
+ metadata.gz: b98b613be98b09d382003ce5a1bd4562bddf7a7e0216de30a76c0c264c51a973
4
+ data.tar.gz: 808ee2237ccbcabe62430f504b99a1c39930e90ccaff107d7316ce8a7ee71f52
5
5
  SHA512:
6
- metadata.gz: c16e9f78c27107f1b512eff6101eb04c7ca39d6b8dd0cdd55cc08b3c07c5d4884a66ce378b61c5526983df982083b7b81e86d0cc3c87913e4050a4ea29ae9fea
7
- data.tar.gz: 55af607f3fa32af6494800b66c3bf1614426fe02191a21894e2553361b2979421912dcbef0b488f9021c5d6f281965019fc82f245e09a84db8049a6edd18cb18
6
+ metadata.gz: edff13e29e9dc6cdda84b1cf8103676e5b74703a45fd6a7a77d34cc5b7f5b1fa836957e130806c263864c2ee659bb7f7cd9c9620e0f97c8c5cce0b756b7b2c60
7
+ data.tar.gz: 45ef2a7609d5e2345a4ca25067cb722098fe0ec734b9ab18ebf5513bf1af45d87f0a755f91ae0c4b2e10329a809e72c25f81df2c293aaadcc5dc89c763c07f6d
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- gitlab-qa (14.14.0)
4
+ gitlab-qa (14.16.0)
5
5
  activesupport (>= 6.1, < 7.2)
6
6
  gitlab (~> 4.19)
7
7
  http (~> 5.0)
@@ -375,6 +375,30 @@ $ export EE_LICENSE=$(cat /path/to/Geo.gitlab_license)
375
375
  $ gitlab-qa Test::Integration::Geo EE
376
376
  ```
377
377
 
378
+ [test-cvs]: ...
379
+
380
+ ### `Test::Integration::ContinuousVulnerabilityScanning EE|<full image address>`
381
+
382
+ This tests [Continuous Vulnerability Scanning](https://docs.gitlab.com/ee/user/application_security/continuous_vulnerability_scanning/)
383
+ which is functionality to allow updated vulnerabilities to be downloaded and shown for
384
+ relevant software dependencies.
385
+
386
+ It is designed to run against a particular end to end spec as per the example.
387
+
388
+ It is EE functionality and requires a license to be set.
389
+
390
+ **Required environment variables:**
391
+
392
+ - `EE_LICENSE`: A valid EE license.
393
+
394
+ Example:
395
+
396
+ ```shell
397
+ $ export EE_LICENSE=$(cat /path/to/gitlab_license)
398
+ $ export GITLAB_LICENSE_MODE=test
399
+ $ gitlab-qa Test::Integration::ContinuousVulnerabilityScanning EE
400
+ ````
401
+
378
402
  [test-geo]: https://gitlab.com/gitlab-org/gitlab-ee/blob/master/qa/qa/ee/scenario/test/geo.rb
379
403
 
380
404
  ### `Test::Integration::GitalyCluster CE|EE|<full image address>`
@@ -0,0 +1,2 @@
1
+ {"advisory":{"id":"<%= SecureRandom.uuid %>","source":"glad","title":"Arbitrary test vulnerability","description":"An arbitrary vulnerability exists for testing. This vulnerability should be picked up by Continuous Vulnerability Scanning.","cvss_v3":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","published_date":"<%= Date.today.prev_day.iso8601 %>","urls":["https://gitlab.com/willmeek"],"identifiers":[{"type":"cve","name":"CVE-2124-12345","value":"CVE-2124-12345","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2124-12345"},{"type":"ghsa","name":"GHSA-abcd-123e-fg4h","value":"GHSA-abcd-123e-fg4h","url":"https://gitlab.com/willmeek"},{"type":"cwe","name":"CWE-42","value":"42","url":"https://gitlab.com/willmeek"}]},"packages":[{"name":"RedCloth","purl_type":"gem","affected_range":"<=3.39.0","solution":"Upgrade to version 3.39.0 or above.","fixed_versions":["3.39.0"]}]}
2
+ {"advisory":{"id":"<%= SecureRandom.uuid %>","source":"glad","title":"Outdated test vulnerability","description":"An Outdated vulnerability exists for testing. This vulnerability should NOT be picked up by Continuous Vulnerability Scanning.","cvss_v3":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","published_date":"<%= (Date.today - 15).iso8601 %>","urls":["https://gitlab.com/willmeek"],"identifiers":[{"type":"cve","name":"CVE-2124-54321","value":"CVE-2124-54321","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2124-54321"},{"type":"ghsa","name":"GHSA-abcd-321e-fg4h","value":"GHSA-abcd-321e-fg4h","url":"https://gitlab.com/willmeek"},{"type":"cwe","name":"CWE-43","value":"43","url":"https://gitlab.com/willmeek"}]},"packages":[{"name":"RedCloth","purl_type":"gem","affected_range":"<=3.39.0","solution":"Upgrade to version 3.39.0 or above.","fixed_versions":["3.39.0"]}]}
@@ -140,7 +140,8 @@ module Gitlab
140
140
  set_qa_user_agent
141
141
  env = @omnibus_gitlab_rails_env.merge(
142
142
  {
143
- 'GITLAB_ALLOW_SEPARATE_CI_DATABASE' => Runtime::Env.allow_separate_ci_database.to_s
143
+ 'GITLAB_ALLOW_SEPARATE_CI_DATABASE' => Runtime::Env.allow_separate_ci_database.to_s,
144
+ 'COVERBAND_ENABLED' => Runtime::Env.coverband_enabled?.to_s
144
145
  }
145
146
  )
146
147
 
@@ -24,6 +24,7 @@ module Gitlab
24
24
  'AWS_S3_REGION' => :aws_s3_region,
25
25
  'CACHE_NAMESPACE_NAME' => :cache_namespace_name,
26
26
  'CHROME_DISABLE_DEV_SHM' => :chrome_disable_dev_shm,
27
+ 'COVERBAND_ENABLED' => :coverband_enabled,
27
28
  'CI' => :ci,
28
29
  'CI_JOB_ID' => :ci_job_id,
29
30
  'CI_JOB_NAME' => :ci_job_name,
@@ -468,6 +469,10 @@ module Gitlab
468
469
  enabled?(env_var_value_if_defined('GITLAB_ALLOW_SEPARATE_CI_DATABASE'), default: false)
469
470
  end
470
471
 
472
+ def coverband_enabled?
473
+ enabled?(env_var_value_if_defined('COVERBAND_ENABLED'), default: false)
474
+ end
475
+
471
476
  def mock_github_enabled?
472
477
  enabled?(env_var_value_if_defined('QA_MOCK_GITHUB'), default: true)
473
478
  end
@@ -0,0 +1,86 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'date'
4
+ require 'erb'
5
+ require 'pathname'
6
+
7
+ module Gitlab
8
+ module QA
9
+ module Scenario
10
+ module Test
11
+ module Integration
12
+ class ContinuousVulnerabilityScanning < Scenario::Template
13
+ def initialize
14
+ @network = Runtime::Env.docker_network
15
+ @tag = 'secure_cvs'
16
+ end
17
+
18
+ def perform(release, *rspec_args)
19
+ Component::Gitlab.perform do |gitlab|
20
+ setup_and_run_tests(gitlab, release, *rspec_args)
21
+ end
22
+ end
23
+
24
+ private
25
+
26
+ def setup_and_run_tests(gitlab, release, *rspec_args)
27
+ set_up_gitlab(gitlab, release)
28
+ gitlab.instance do
29
+ place_new_vulnerabilities(gitlab)
30
+ run_specs(gitlab, *rspec_args)
31
+ end
32
+ end
33
+
34
+ def set_up_gitlab(gitlab, release)
35
+ gitlab.release = QA::Release.new(release)
36
+ gitlab.name = 'gitlab'
37
+ gitlab.network = @network
38
+ end
39
+
40
+ def place_new_vulnerabilities(gitlab)
41
+ write_vulnerabilities(gitlab, generate_filepath, generate_vulnerabilities)
42
+ start_advisory_sync_worker(gitlab)
43
+ end
44
+
45
+ def generate_vulnerabilities
46
+ template = File.read(File.expand_path('../../../../../../fixtures/cvs/vulnerabilities_template.erb', __dir__))
47
+ ERB.new(template).result(binding)
48
+ end
49
+
50
+ def generate_filepath
51
+ File.join(
52
+ "/opt/gitlab/embedded/service/gitlab-rails/vendor/package_metadata/advisories/v2/rubygem/#{Time.now.to_i}",
53
+ '000000000.ndjson'
54
+ )
55
+ end
56
+
57
+ def write_vulnerabilities(gitlab, filepath, content)
58
+ gitlab.docker.exec(gitlab.name, "mkdir -p #{File.dirname(filepath)}")
59
+ gitlab.docker.write_files(gitlab.name) { |f| f.write(filepath, content, false) }
60
+ end
61
+
62
+ def start_advisory_sync_worker(gitlab)
63
+ gitlab.docker.exec(gitlab.name, "PM_SYNC_IN_DEV=true gitlab-rails runner 'loop do PackageMetadata::AdvisoriesSyncWorker.new.perform; sleep 30; end' &")
64
+ end
65
+
66
+ def run_specs(gitlab, *rspec_args)
67
+ Runtime::Logger.info('Running Continuous Vulnerability Scanning spec...')
68
+ rspec_args << "--" unless rspec_args.include?('--')
69
+ rspec_args << "--tag" << @tag
70
+ run_spec_component(gitlab, rspec_args)
71
+ end
72
+
73
+ def run_spec_component(gitlab, rspec_args)
74
+ Component::Specs.perform do |specs|
75
+ specs.suite = 'Test::Instance::All'
76
+ specs.release = gitlab.release
77
+ specs.network = gitlab.network
78
+ specs.args = [gitlab.address, *rspec_args]
79
+ end
80
+ end
81
+ end
82
+ end
83
+ end
84
+ end
85
+ end
86
+ end
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Gitlab
4
4
  module QA
5
- VERSION = '14.14.0'
5
+ VERSION = '14.16.0'
6
6
  end
7
7
  end
@@ -95,6 +95,7 @@ module RuboCop
95
95
  'CI_PIPELINE_URL' => :ci_pipeline_url,
96
96
  'CI_PIPELINE_CREATED_AT' => :ci_pipeline_created_at,
97
97
  'CI_MERGE_REQUEST_IID' => :ci_merge_request_iid,
98
+ 'COVERBAND_ENABLED' => :coverband_enabled,
98
99
  'GITLAB_CI' => :gitlab_ci,
99
100
  'ELASTIC_URL' => :elastic_url,
100
101
  'GITLAB_QA_LOOP_RUNNER_MINUTES' => :gitlab_qa_loop_runner_minutes,
@@ -18,7 +18,7 @@ class AdminAccessTokenSeed
18
18
 
19
19
  admin_user.personal_access_tokens.build(token_params).tap do |pat|
20
20
  pat.set_token(TOKEN_VALUE)
21
- pat.organization = Organizations::Organization.default_organization
21
+ pat.organization = Organizations::Organization.default_organization if Gitlab.version_info >= Gitlab::VersionInfo.new(17, 4)
22
22
  pat.save!
23
23
  end
24
24
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gitlab-qa
3
3
  version: !ruby/object:Gem::Version
4
- version: 14.14.0
4
+ version: 14.16.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - GitLab Quality
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2024-09-11 00:00:00.000000000 Z
11
+ date: 2024-09-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: climate_control
@@ -376,6 +376,7 @@ files:
376
376
  - docs/waits.md
377
377
  - docs/what_tests_can_be_run.md
378
378
  - exe/gitlab-qa
379
+ - fixtures/cvs/vulnerabilities_template.erb
379
380
  - fixtures/ldap/1_add_nodes.ldif
380
381
  - fixtures/ldap/2_add_users.ldif
381
382
  - fixtures/ldap/3_add_groups.ldif
@@ -450,6 +451,7 @@ files:
450
451
  - lib/gitlab/qa/scenario/test/integration/ai_gateway_no_seat_assigned.rb
451
452
  - lib/gitlab/qa/scenario/test/integration/chaos.rb
452
453
  - lib/gitlab/qa/scenario/test/integration/client_ssl.rb
454
+ - lib/gitlab/qa/scenario/test/integration/continuous_vulnerability_scanning.rb
453
455
  - lib/gitlab/qa/scenario/test/integration/elasticsearch.rb
454
456
  - lib/gitlab/qa/scenario/test/integration/geo.rb
455
457
  - lib/gitlab/qa/scenario/test/integration/gitaly_cluster.rb