From 2c7573273e7aeb55a3f8f8b71289a836fe8e5530 Mon Sep 17 00:00:00 2001
From: Dheeraj Joshi <djoshi@gitlab.com>
Date: Thu, 9 May 2024 15:50:03 +0530
Subject: [PATCH] Refactor pre-receive secret detection UI rendering
This fixes the UI rendering logic for pre-receive
secret detection feature. This is done to prevent
it to be treated as a new job type
---
app/finders/security/security_jobs_finder.rb | 2 +-
.../security/configuration_presenter.rb | 17 +++++++++--------
doc/api/graphql/reference/index.md | 2 --
.../types/security_scanner_type_enum_spec.rb | 2 +-
.../security/configuration_presenter_spec.rb | 1 +
5 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/app/finders/security/security_jobs_finder.rb b/app/finders/security/security_jobs_finder.rb
index d9523332f30c..8cfb699a62a1 100644
--- a/app/finders/security/security_jobs_finder.rb
+++ b/app/finders/security/security_jobs_finder.rb
@@ -13,7 +13,7 @@
module Security
class SecurityJobsFinder < JobsFinder
def self.allowed_job_types
- [:sast, :sast_iac, :breach_and_attack_simulation, :dast, :dependency_scanning, :container_scanning, :pre_receive_secret_detection, :secret_detection, :coverage_fuzzing, :api_fuzzing, :cluster_image_scanning]
+ [:sast, :sast_iac, :breach_and_attack_simulation, :dast, :dependency_scanning, :container_scanning, :secret_detection, :coverage_fuzzing, :api_fuzzing, :cluster_image_scanning]
end
end
end
diff --git a/app/presenters/projects/security/configuration_presenter.rb b/app/presenters/projects/security/configuration_presenter.rb
index 28045db4407f..f97062396256 100644
--- a/app/presenters/projects/security/configuration_presenter.rb
+++ b/app/presenters/projects/security/configuration_presenter.rb
@@ -63,6 +63,14 @@ def features
# These scans are "fake" (non job) entries. Add them manually.
scans << scan(:corpus_management, configured: true)
scans << scan(:dast_profiles, configured: true)
+
+ # Add pre-receive before secret detection
+ if dedicated_instance? || pre_receive_secret_detection_feature_flag_enabled?
+ secret_detection_index = scans.index { |scan| scan[:type] == :secret_detection } || -1
+ scans.insert(secret_detection_index, scan(:pre_receive_secret_detection, configured: true))
+ end
+
+ scans
end
def latest_pipeline_path
@@ -87,14 +95,7 @@ def scan(type, configured: false)
end
def scan_types
- job_types = ::Security::SecurityJobsFinder.allowed_job_types +
- ::Security::LicenseComplianceJobsFinder.allowed_job_types
-
- unless dedicated_instance? || pre_receive_secret_detection_feature_flag_enabled?
- job_types.delete(:pre_receive_secret_detection)
- end
-
- job_types
+ ::Security::SecurityJobsFinder.allowed_job_types + ::Security::LicenseComplianceJobsFinder.allowed_job_types
end
def dedicated_instance?
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index d0b21a44bcbc..f219f055d6ad 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -34325,7 +34325,6 @@ The status of the security scan.
| <a id="securityreporttypeenumcoverage_fuzzing"></a>`COVERAGE_FUZZING` | COVERAGE FUZZING scan report. |
| <a id="securityreporttypeenumdast"></a>`DAST` | DAST scan report. |
| <a id="securityreporttypeenumdependency_scanning"></a>`DEPENDENCY_SCANNING` | DEPENDENCY SCANNING scan report. |
-| <a id="securityreporttypeenumpre_receive_secret_detection"></a>`PRE_RECEIVE_SECRET_DETECTION` | PRE RECEIVE SECRET DETECTION scan report. |
| <a id="securityreporttypeenumsast"></a>`SAST` | SAST scan report. |
| <a id="securityreporttypeenumsast_iac"></a>`SAST_IAC` | SAST IAC scan report. |
| <a id="securityreporttypeenumsecret_detection"></a>`SECRET_DETECTION` | SECRET DETECTION scan report. |
@@ -34343,7 +34342,6 @@ The type of the security scanner.
| <a id="securityscannertypecoverage_fuzzing"></a>`COVERAGE_FUZZING` | Coverage Fuzzing scanner. |
| <a id="securityscannertypedast"></a>`DAST` | DAST scanner. |
| <a id="securityscannertypedependency_scanning"></a>`DEPENDENCY_SCANNING` | Dependency Scanning scanner. |
-| <a id="securityscannertypepre_receive_secret_detection"></a>`PRE_RECEIVE_SECRET_DETECTION` | Pre Receive Secret Detection scanner. |
| <a id="securityscannertypesast"></a>`SAST` | SAST scanner. |
| <a id="securityscannertypesast_iac"></a>`SAST_IAC` | Sast Iac scanner. |
| <a id="securityscannertypesecret_detection"></a>`SECRET_DETECTION` | Secret Detection scanner. |
diff --git a/ee/spec/graphql/types/security_scanner_type_enum_spec.rb b/ee/spec/graphql/types/security_scanner_type_enum_spec.rb
index 2baf9f2a3a13..3b6cd957cf31 100644
--- a/ee/spec/graphql/types/security_scanner_type_enum_spec.rb
+++ b/ee/spec/graphql/types/security_scanner_type_enum_spec.rb
@@ -4,6 +4,6 @@
RSpec.describe GitlabSchema.types['SecurityScannerType'] do
it 'exposes all security scanner types' do
- expect(described_class.values.keys).to match_array(%w[API_FUZZING BREACH_AND_ATTACK_SIMULATION CLUSTER_IMAGE_SCANNING CONTAINER_SCANNING COVERAGE_FUZZING DAST DEPENDENCY_SCANNING PRE_RECEIVE_SECRET_DETECTION SAST SAST_IAC SECRET_DETECTION])
+ expect(described_class.values.keys).to match_array(%w[API_FUZZING BREACH_AND_ATTACK_SIMULATION CLUSTER_IMAGE_SCANNING CONTAINER_SCANNING COVERAGE_FUZZING DAST DEPENDENCY_SCANNING SAST SAST_IAC SECRET_DETECTION])
end
end
diff --git a/spec/presenters/projects/security/configuration_presenter_spec.rb b/spec/presenters/projects/security/configuration_presenter_spec.rb
index d41c51d43d18..843b4b0747e9 100644
--- a/spec/presenters/projects/security/configuration_presenter_spec.rb
+++ b/spec/presenters/projects/security/configuration_presenter_spec.rb
@@ -12,6 +12,7 @@
before do
stub_licensed_features(licensed_scan_types.index_with { true })
+ stub_licensed_features(pre_receive_secret_detection: true)
end
describe '#to_html_data_attribute' do
--
GitLab