1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
# frozen_string_literal: true
module Projects
module Security
class ConfigurationPresenter < Gitlab::View::Presenter::Delegated
include AutoDevopsHelper
include ::Security::LatestPipelineInformation
presents ::Project, as: :project
def to_h
{
auto_devops_enabled: auto_devops_source?,
auto_devops_help_page_path: help_page_path('topics/autodevops/index.md'),
auto_devops_path: auto_devops_settings_path(project),
can_enable_auto_devops: can_enable_auto_devops?,
features: features,
help_page_path: help_page_path('user/application_security/index.md'),
latest_pipeline_path: latest_pipeline_path,
gitlab_ci_present: project.has_ci_config_file?,
gitlab_ci_history_path: gitlab_ci_history_path,
security_training_enabled: project.security_training_available?,
container_scanning_for_registry_enabled: container_scanning_for_registry_enabled,
pre_receive_secret_detection_available:
Gitlab::CurrentSettings.current_application_settings.pre_receive_secret_detection_enabled,
pre_receive_secret_detection_enabled: pre_receive_secret_detection_enabled,
user_is_project_admin: user_is_project_admin?,
secret_detection_configuration_path: secret_detection_configuration_path
}
end
def to_html_data_attribute
data = to_h
data[:features] = data[:features].to_json
data
end
private
def can_enable_auto_devops?
feature_available?(:builds, current_user) &&
user_is_project_admin? &&
!archived?
end
def user_is_project_admin?
can?(current_user, :admin_project, self)
end
def gitlab_ci_history_path
return '' if project.empty_repo?
::Gitlab::Routing.url_helpers.project_blame_path(
project, File.join(project.default_branch_or_main, project.ci_config_path_or_default))
end
def features
scans = scan_types.map do |scan_type|
scan(scan_type, configured: scanner_enabled?(scan_type))
end
# These scans are "fake" (non job) entries. Add them manually.
scans << scan(:corpus_management, configured: true)
scans << scan(:dast_profiles, configured: true)
# Add pre-receive before secret detection
if dedicated_instance? || pre_receive_secret_detection_feature_flag_enabled?
secret_detection_index = scans.index { |scan| scan[:type] == :secret_detection } || -1
scans.insert(secret_detection_index, scan(:pre_receive_secret_detection, configured: true))
end
scans
end
def latest_pipeline_path
return help_page_path('ci/pipelines/index.md') unless latest_default_branch_pipeline
project_pipeline_path(self, latest_default_branch_pipeline)
end
def scan(type, configured: false)
scan = ::Gitlab::Security::ScanConfiguration.new(project: project, type: type, configured: configured)
{
type: scan.type,
configured: scan.configured?,
configuration_path: scan.configuration_path,
available: scan.available?,
can_enable_by_merge_request: scan.can_enable_by_merge_request?,
meta_info_path: scan.meta_info_path,
on_demand_available: scan.on_demand_available?,
security_features: scan.security_features
}
end
def scan_types
::Security::SecurityJobsFinder.allowed_job_types + ::Security::LicenseComplianceJobsFinder.allowed_job_types
end
def dedicated_instance?
::Gitlab::CurrentSettings.gitlab_dedicated_instance?
end
def pre_receive_secret_detection_feature_flag_enabled?
project.licensed_feature_available?(:pre_receive_secret_detection) &&
Feature.enabled?(:pre_receive_secret_detection_push_check, project)
end
def project_settings
project.security_setting
end
def container_scanning_for_registry_enabled; end
def pre_receive_secret_detection_enabled; end
def secret_detection_configuration_path; end
end
end
end
Projects::Security::ConfigurationPresenter.prepend_mod_with('Projects::Security::ConfigurationPresenter')
|
