diff --git a/ee/app/controllers/projects/security/api_fuzzing_configuration_controller.rb b/ee/app/controllers/projects/security/api_fuzzing_configuration_controller.rb
new file mode 100644
index 0000000000000000000000000000000000000000..e25c05bbdbab660ca96142223460ebae1ed6aa47
--- /dev/null
+++ b/ee/app/controllers/projects/security/api_fuzzing_configuration_controller.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Projects
+ module Security
+ class ApiFuzzingConfigurationController < Projects::ApplicationController
+ include SecurityDashboardsPermissions
+
+ alias_method :vulnerable, :project
+
+ feature_category :fuzz_testing
+
+ def show
+ not_found unless Feature.enabled?(:api_fuzzing_configuration_ui, @project, default_enabled: :yaml)
+ end
+ end
+ end
+end
diff --git a/ee/app/controllers/projects/security/configuration_controller.rb b/ee/app/controllers/projects/security/configuration_controller.rb
index c0df5df217104825d3d163210383028d1287ad15..b916a3e50dea0a003584db88880a7f45cfa7c4b0 100644
--- a/ee/app/controllers/projects/security/configuration_controller.rb
+++ b/ee/app/controllers/projects/security/configuration_controller.rb
@@ -10,6 +10,7 @@ class ConfigurationController < Projects::ApplicationController
before_action only: [:show] do
push_frontend_feature_flag(:security_auto_fix, project, default_enabled: false)
push_frontend_feature_flag(:sast_configuration_ui, project, default_enabled: true)
+ push_frontend_feature_flag(:api_fuzzing_configuration_ui, project, default_enabled: :yaml)
end
before_action only: [:auto_fix] do
diff --git a/ee/app/helpers/ee/projects_helper.rb b/ee/app/helpers/ee/projects_helper.rb
index afed7001315797c82f0262b4ac4496bc4e58beeb..274f16523b927851388d95998927f84333547df5 100644
--- a/ee/app/helpers/ee/projects_helper.rb
+++ b/ee/app/helpers/ee/projects_helper.rb
@@ -162,6 +162,7 @@ def sidebar_security_paths
%w[
projects/security/configuration#show
projects/security/sast_configuration#show
+ projects/security/api_fuzzing_configuration#show
projects/security/vulnerabilities#show
projects/security/vulnerability_report#index
projects/security/dashboard#index
@@ -200,6 +201,7 @@ def sidebar_security_configuration_paths
%w[
projects/security/configuration#show
projects/security/sast_configuration#show
+ projects/security/api_fuzzing_configuration#show
projects/security/dast_profiles#show
projects/security/dast_site_profiles#new
projects/security/dast_site_profiles#edit
diff --git a/ee/app/presenters/projects/security/configuration_presenter.rb b/ee/app/presenters/projects/security/configuration_presenter.rb
index eccd873e189fddc353d174bb931943edf94707a1..5b3c0c16785ac4159ee29883337d47da8eddcdd0 100644
--- a/ee/app/presenters/projects/security/configuration_presenter.rb
+++ b/ee/app/presenters/projects/security/configuration_presenter.rb
@@ -183,7 +183,8 @@ def project_settings
def configuration_path(type)
{
sast: project_security_configuration_sast_path(project),
- dast_profiles: project_security_configuration_dast_profiles_path(project)
+ dast_profiles: project_security_configuration_dast_profiles_path(project),
+ api_fuzzing: ::Feature.enabled?(:api_fuzzing_configuration_ui, project, default_enabled: :yaml) ? project_security_configuration_api_fuzzing_path(project) : nil
}[type]
end
end
diff --git a/ee/app/views/projects/security/api_fuzzing_configuration/show.html.haml b/ee/app/views/projects/security/api_fuzzing_configuration/show.html.haml
new file mode 100644
index 0000000000000000000000000000000000000000..a92c186168be2633544da6d91ff11feba9fcad9a
--- /dev/null
+++ b/ee/app/views/projects/security/api_fuzzing_configuration/show.html.haml
@@ -0,0 +1,5 @@
+- add_to_breadcrumbs _("Security Configuration"), project_security_configuration_path(@project)
+- breadcrumb_title _("API Fuzzing Configuration")
+- page_title _("API Fuzzing Configuration")
+
+%h1= "API fuzzing configuration"
diff --git a/ee/config/feature_flags/development/api_fuzzing_configuration_ui.yml b/ee/config/feature_flags/development/api_fuzzing_configuration_ui.yml
new file mode 100644
index 0000000000000000000000000000000000000000..ad15a26b93f3c4ba15037a3574d4263ac1956517
--- /dev/null
+++ b/ee/config/feature_flags/development/api_fuzzing_configuration_ui.yml
@@ -0,0 +1,8 @@
+---
+name: api_fuzzing_configuration_ui
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51940
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/299234
+milestone: '13.9'
+type: development
+group: group::fuzz testing
+default_enabled: false
diff --git a/ee/config/routes/project.rb b/ee/config/routes/project.rb
index 4da2046b0082462dd12fb7c1da526f940bc59468..9efc0d55f1d250a75acd7395e9a21b375ca9ed66 100644
--- a/ee/config/routes/project.rb
+++ b/ee/config/routes/project.rb
@@ -67,6 +67,7 @@
post :auto_fix, on: :collection
resource :corpus_management, only: [:show], controller: :corpus_management
resource :sast, only: [:show, :create], controller: :sast_configuration
+ resource :api_fuzzing, only: :show, controller: :api_fuzzing_configuration
resource :dast_profiles, only: [:show] do
resources :dast_site_profiles, only: [:new, :edit]
resources :dast_scanner_profiles, only: [:new, :edit]
diff --git a/ee/spec/controllers/projects/security/api_fuzzing_configuration_controller_spec.rb b/ee/spec/controllers/projects/security/api_fuzzing_configuration_controller_spec.rb
new file mode 100644
index 0000000000000000000000000000000000000000..2ea82e028ff133e2b61f5f359af21fb957faeab0
--- /dev/null
+++ b/ee/spec/controllers/projects/security/api_fuzzing_configuration_controller_spec.rb
@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Projects::Security::ApiFuzzingConfigurationController do
+ let_it_be(:group) { create(:group) }
+ let_it_be(:project) { create(:project, namespace: group) }
+ let_it_be(:developer) { create(:user) }
+ let_it_be(:guest) { create(:user) }
+
+ before_all do
+ group.add_developer(developer)
+ group.add_guest(guest)
+ end
+
+ describe 'GET #show' do
+ subject(:request) { get :show, params: { namespace_id: project.namespace, project_id: project } }
+
+ render_views
+
+ it_behaves_like SecurityDashboardsPermissions do
+ let(:vulnerable) { project }
+ let(:security_dashboard_action) { request }
+ end
+
+ context 'with authorized user' do
+ before do
+ stub_licensed_features(security_dashboard: true)
+
+ sign_in(developer)
+ end
+
+ it 'renders the show template' do
+ request
+
+ expect(response).to have_gitlab_http_status(:ok)
+ expect(response).to render_template(:show)
+ end
+
+ it 'renders the side navigation with the correct submenu set as active' do
+ request
+
+ expect(response.body).to have_active_sub_navigation('Configuration')
+ end
+
+ context 'with feature flag disabled' do
+ before do
+ stub_feature_flags(api_fuzzing_configuration_ui: false)
+ end
+
+ it 'returns a 404 for an HTML request' do
+ request
+
+ expect(response).to have_gitlab_http_status(:not_found)
+ end
+ end
+ end
+
+ context 'with unauthorized user' do
+ before do
+ stub_licensed_features(security_dashboard: true)
+
+ sign_in(guest)
+ end
+
+ it 'returns a 403' do
+ request
+
+ expect(response).to have_gitlab_http_status(:forbidden)
+ end
+ end
+ end
+end
diff --git a/ee/spec/helpers/projects_helper_spec.rb b/ee/spec/helpers/projects_helper_spec.rb
index 5fca91caf7e54034a6914045fc3822704aedecad..53771168ecc063cb071d38bfa4bdb39c369c6abd 100644
--- a/ee/spec/helpers/projects_helper_spec.rb
+++ b/ee/spec/helpers/projects_helper_spec.rb
@@ -204,6 +204,7 @@
%w[
projects/security/configuration#show
projects/security/sast_configuration#show
+ projects/security/api_fuzzing_configuration#show
projects/security/vulnerabilities#show
projects/security/vulnerability_report#index
projects/security/dashboard#index
@@ -248,6 +249,7 @@
%w[
projects/security/configuration#show
projects/security/sast_configuration#show
+ projects/security/api_fuzzing_configuration#show
projects/security/dast_profiles#show
projects/security/dast_site_profiles#new
projects/security/dast_site_profiles#edit
diff --git a/ee/spec/presenters/projects/security/configuration_presenter_spec.rb b/ee/spec/presenters/projects/security/configuration_presenter_spec.rb
index 5d51976778dbebe0a30af1c08196f887cd32b847..2444b9a3cfab21187f316533329de21b0d01b738 100644
--- a/ee/spec/presenters/projects/security/configuration_presenter_spec.rb
+++ b/ee/spec/presenters/projects/security/configuration_presenter_spec.rb
@@ -274,13 +274,11 @@ def security_scan(type, configured:, auto_dev_ops_enabled: false)
end
def configuration_path(type)
- if type === :dast_profiles
- project_security_configuration_dast_profiles_path(project)
- elsif type === :sast
- project_security_configuration_sast_path(project)
- else
- nil
- end
+ {
+ dast_profiles: project_security_configuration_dast_profiles_path(project),
+ sast: project_security_configuration_sast_path(project),
+ api_fuzzing: project_security_configuration_api_fuzzing_path(project)
+ }[type]
end
def scan_status(type, configured, auto_dev_ops_enabled)
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index fd23f9b9cfef9924cd7090e16605a61a1e8b25b4..3ed2267acaafb73a115a0a234faf63ef019391de 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -1361,6 +1361,9 @@ msgstr ""
msgid "API Fuzzing"
msgstr ""
+msgid "API Fuzzing Configuration"
+msgstr ""
+
msgid "API Help"
msgstr ""