diff options
Diffstat (limited to 'spec/factories/ci')
| -rw-r--r-- | spec/factories/ci/build_trace_section_names.rb | 8 | ||||
| -rw-r--r-- | spec/factories/ci/builds.rb | 22 | ||||
| -rw-r--r-- | spec/factories/ci/job_artifacts.rb | 70 | ||||
| -rw-r--r-- | spec/factories/ci/pending_builds.rb | 2 | ||||
| -rw-r--r-- | spec/factories/ci/reports/security/aggregated_reports.rb | 14 | ||||
| -rw-r--r-- | spec/factories/ci/reports/security/finding_keys.rb | 18 | ||||
| -rw-r--r-- | spec/factories/ci/reports/security/findings.rb | 54 | ||||
| -rw-r--r-- | spec/factories/ci/reports/security/locations/sast.rb | 23 | ||||
| -rw-r--r-- | spec/factories/ci/reports/security/reports.rb | 28 |
9 files changed, 229 insertions, 10 deletions
diff --git a/spec/factories/ci/build_trace_section_names.rb b/spec/factories/ci/build_trace_section_names.rb deleted file mode 100644 index b9b66b49317..00000000000 --- a/spec/factories/ci/build_trace_section_names.rb +++ /dev/null @@ -1,8 +0,0 @@ -# frozen_string_literal: true - -FactoryBot.define do - factory :ci_build_trace_section_name, class: 'Ci::BuildTraceSectionName' do - sequence(:name) { |n| "section_#{n}" } - project factory: :project - end -end diff --git a/spec/factories/ci/builds.rb b/spec/factories/ci/builds.rb index 0e535aeaa8d..f3500301e22 100644 --- a/spec/factories/ci/builds.rb +++ b/spec/factories/ci/builds.rb @@ -120,6 +120,19 @@ FactoryBot.define do end end + trait :environment_with_deployment_tier do + environment { 'test_portal' } + options do + { + script: %w(ls), + environment: { name: 'test_portal', + action: 'start', + url: 'http://staging.example.com/$CI_JOB_NAME', + deployment_tier: 'testing' } + } + end + end + trait :deploy_to_production do environment { 'production' } @@ -224,8 +237,13 @@ FactoryBot.define do # to the job. If `build.deployment` has already been set, it doesn't # build a new instance. environment = Gitlab::Ci::Pipeline::Seed::Environment.new(build).to_resource - build.deployment = - Gitlab::Ci::Pipeline::Seed::Deployment.new(build, environment).to_resource + + build.assign_attributes( + deployment: Gitlab::Ci::Pipeline::Seed::Deployment.new(build, environment).to_resource, + metadata_attributes: { + expanded_environment_name: environment.name + } + ) end end diff --git a/spec/factories/ci/job_artifacts.rb b/spec/factories/ci/job_artifacts.rb index 642437b1119..2f4eb99a073 100644 --- a/spec/factories/ci/job_artifacts.rb +++ b/spec/factories/ci/job_artifacts.rb @@ -287,6 +287,76 @@ FactoryBot.define do end end + trait :common_security_report do + file_format { :raw } + file_type { :dependency_scanning } + + after(:build) do |artifact, _| + artifact.file = fixture_file_upload( + Rails.root.join('spec/fixtures/security_reports/master/gl-common-scanning-report.json'), 'application/json') + end + end + + trait :common_security_report_with_blank_names do + file_format { :raw } + file_type { :dependency_scanning } + + after(:build) do |artifact, _| + artifact.file = fixture_file_upload( + Rails.root.join('spec/fixtures/security_reports/master/gl-common-scanning-report-names.json'), 'application/json') + end + end + + trait :sast_deprecated do + file_type { :sast } + file_format { :raw } + + after(:build) do |artifact, _| + artifact.file = fixture_file_upload( + Rails.root.join('spec/fixtures/security_reports/deprecated/gl-sast-report.json'), 'application/json') + end + end + + trait :sast_with_corrupted_data do + file_type { :sast } + file_format { :raw } + + after(:build) do |artifact, _| + artifact.file = fixture_file_upload( + Rails.root.join('spec/fixtures/trace/sample_trace'), 'application/json') + end + end + + trait :sast_feature_branch do + file_format { :raw } + file_type { :sast } + + after(:build) do |artifact, _| + artifact.file = fixture_file_upload( + Rails.root.join('spec/fixtures/security_reports/feature-branch/gl-sast-report.json'), 'application/json') + end + end + + trait :secret_detection_feature_branch do + file_format { :raw } + file_type { :secret_detection } + + after(:build) do |artifact, _| + artifact.file = fixture_file_upload( + Rails.root.join('spec/fixtures/security_reports/feature-branch/gl-secret-detection-report.json'), 'application/json') + end + end + + trait :sast_with_missing_scanner do + file_type { :sast } + file_format { :raw } + + after(:build) do |artifact, _| + artifact.file = fixture_file_upload( + Rails.root.join('spec/fixtures/security_reports/master/gl-sast-missing-scanner.json'), 'application/json') + end + end + trait :secret_detection do file_type { :secret_detection } file_format { :raw } diff --git a/spec/factories/ci/pending_builds.rb b/spec/factories/ci/pending_builds.rb index 90779ae8ab9..fbd76e07d8e 100644 --- a/spec/factories/ci/pending_builds.rb +++ b/spec/factories/ci/pending_builds.rb @@ -6,5 +6,7 @@ FactoryBot.define do project protected { build.protected } instance_runners_enabled { true } + namespace { project.namespace } + minutes_exceeded { false } end end diff --git a/spec/factories/ci/reports/security/aggregated_reports.rb b/spec/factories/ci/reports/security/aggregated_reports.rb new file mode 100644 index 00000000000..eb678dc9766 --- /dev/null +++ b/spec/factories/ci/reports/security/aggregated_reports.rb @@ -0,0 +1,14 @@ +# frozen_string_literal: true + +FactoryBot.define do + factory :ci_reports_security_aggregated_reports, class: '::Gitlab::Ci::Reports::Security::AggregatedReport' do + reports { FactoryBot.build_list(:ci_reports_security_report, 1) } + findings { FactoryBot.build_list(:ci_reports_security_finding, 1) } + + skip_create + + initialize_with do + ::Gitlab::Ci::Reports::Security::AggregatedReport.new(reports, findings) + end + end +end diff --git a/spec/factories/ci/reports/security/finding_keys.rb b/spec/factories/ci/reports/security/finding_keys.rb new file mode 100644 index 00000000000..f00a043012e --- /dev/null +++ b/spec/factories/ci/reports/security/finding_keys.rb @@ -0,0 +1,18 @@ +# frozen_string_literal: true + +FactoryBot.define do + factory :ci_reports_security_finding_key, class: '::Gitlab::Ci::Reports::Security::FindingKey' do + sequence :location_fingerprint do |a| + Digest::SHA1.hexdigest(a.to_s) + end + sequence :identifier_fingerprint do |a| + Digest::SHA1.hexdigest(a.to_s) + end + + skip_create + + initialize_with do + ::Gitlab::Ci::Reports::Security::FindingKey.new(**attributes) + end + end +end diff --git a/spec/factories/ci/reports/security/findings.rb b/spec/factories/ci/reports/security/findings.rb new file mode 100644 index 00000000000..e3971bc48f3 --- /dev/null +++ b/spec/factories/ci/reports/security/findings.rb @@ -0,0 +1,54 @@ +# frozen_string_literal: true + +FactoryBot.define do + factory :ci_reports_security_finding, class: '::Gitlab::Ci::Reports::Security::Finding' do + compare_key { "#{identifiers.first&.external_type}:#{identifiers.first&.external_id}:#{location.fingerprint}" } + confidence { :medium } + identifiers { Array.new(1) { association(:ci_reports_security_identifier) } } + location factory: :ci_reports_security_locations_sast + metadata_version { 'sast:1.0' } + name { 'Cipher with no integrity' } + report_type { :sast } + raw_metadata do + { + description: "The cipher does not provide data integrity update 1", + solution: "GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.", + location: { + file: "maven/src/main/java/com/gitlab/security_products/tests/App.java", + start_line: 29, + end_line: 29, + class: "com.gitlab.security_products.tests.App", + method: "insecureCypher" + }, + links: [ + { + name: "Cipher does not check for integrity first?", + url: "https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first" + } + ] + }.to_json + end + scanner factory: :ci_reports_security_scanner + severity { :high } + scan factory: :ci_reports_security_scan + sequence(:uuid) do |n| + ::Security::VulnerabilityUUID.generate( + report_type: report_type, + primary_identifier_fingerprint: identifiers.first&.fingerprint, + location_fingerprint: location.fingerprint, + project_id: n + ) + end + vulnerability_finding_signatures_enabled { false } + + skip_create + + trait :dynamic do + location { association(:ci_reports_security_locations_sast, :dynamic) } + end + + initialize_with do + ::Gitlab::Ci::Reports::Security::Finding.new(**attributes) + end + end +end diff --git a/spec/factories/ci/reports/security/locations/sast.rb b/spec/factories/ci/reports/security/locations/sast.rb new file mode 100644 index 00000000000..59b54ecd8f2 --- /dev/null +++ b/spec/factories/ci/reports/security/locations/sast.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +FactoryBot.define do + factory :ci_reports_security_locations_sast, class: '::Gitlab::Ci::Reports::Security::Locations::Sast' do + file_path { 'maven/src/main/java/com/gitlab/security_products/tests/App.java' } + start_line { 29 } + end_line { 31 } + class_name { 'com.gitlab.security_products.tests.App' } + method_name { 'insecureCypher' } + + skip_create + + initialize_with do + ::Gitlab::Ci::Reports::Security::Locations::Sast.new(**attributes) + end + + trait :dynamic do + sequence(:file_path, 'a') { |n| "path/#{n}" } + start_line { Random.rand(20) } + end_line { start_line + Random.rand(5) } + end + end +end diff --git a/spec/factories/ci/reports/security/reports.rb b/spec/factories/ci/reports/security/reports.rb new file mode 100644 index 00000000000..5699b8fee3e --- /dev/null +++ b/spec/factories/ci/reports/security/reports.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +FactoryBot.define do + factory :ci_reports_security_report, class: '::Gitlab::Ci::Reports::Security::Report' do + type { :sast } + pipeline { association(:ci_pipeline) } + created_at { 2.weeks.ago } + scanned_resources { [] } + + transient do + findings { [] } + scanners { [] } + identifiers { [] } + end + + after :build do |report, evaluator| + evaluator.scanners.each { |s| report.add_scanner(s) } + evaluator.identifiers.each { |id| report.add_identifier(id) } + evaluator.findings.each { |o| report.add_finding(o) } + end + + skip_create + + initialize_with do + ::Gitlab::Ci::Reports::Security::Report.new(type, pipeline, created_at) + end + end +end |