Failures on loading Vulnerability and license widget, seen on Master pipeline
Summary
Failing job(s): https://gitlab.com/gitlab-org/gitlab-qa-mirror/-/jobs/2448098582 , multiple across https://gitlab.com/gitlab-org/gitlab-qa-mirror/-/pipelines/537556680
Failing spec(s): ./qa/specs/features/ee/browser_ui/13_secure/vulnerability_management_spec.rb
Corresponding test case(s):
Have been able to replicate on latest master by running
CHROME_HEADLESS=false bundle exec bin/qa Test::Instance::All http://GDK/ ./qa/specs/features/ee/browser_ui/13_secure/vulnerability_management_spec.rb
Stack trace
Stack trace shows we cannot see vulnerability
1) Secure Security Reports in a Merge Request can create an auto-remediation MR
Failure/Error: merge_request.resolve_vulnerability_with_mr remediable_vuln_name
Capybara::ElementNotFound:
Unable to find link or button "Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js" within #<Capybara::Node::Element tag="section" path="/HTML/BODY[1]/DIV[3]/DIV[1]/DIV[3]/MAIN[1]/DIV[2]/DIV[2]/DIV[3]/DIV[1]/DIV[1]/SECTION[1]/DIV[1]/DIV[2]/DIV[3]/SECTION[1]">
# ./qa/ee/page/merge_request/show.rb:123:in `block in click_vulnerability'
# ./qa/page/base.rb:357:in `block in within_element'
# ./qa/page/base.rb:356:in `within_element'
# ./qa/support/page/logging.rb:157:in `within_element'
# ./qa/ee/page/merge_request/show.rb:122:in `click_vulnerability'
# ./qa/ee/page/merge_request/show.rb:145:in `resolve_vulnerability_with_mr'
# ./qa/specs/features/ee/browser_ui/13_secure/vulnerability_management_spec.rb:87:in `block (4 levels) in <module:QA>'
# ./qa/scenario/actable.rb:16:in `perform'
# ./qa/specs/features/ee/browser_ui/13_secure/vulnerability_management_spec.rb:85:in `block (3 levels) in <module:QA>'
# ./qa/specs/spec_helper.rb:133:in `block (2 levels) in <top (required)>'
# ./qa/specs/knapsack_runner.rb:15:in `run'
# ./qa/specs/runner.rb:54:in `perform'
# ./qa/scenario/template.rb:10:in `block in perform'
# ./qa/scenario/template.rb:8:in `tap'
# ./qa/scenario/template.rb:8:in `perform'
# ./qa/scenario/template.rb:50:in `perform'
# ./qa/scenario/template.rb:10:in `block in perform'
# ./qa/scenario/template.rb:8:in `tap'
# ./qa/scenario/template.rb:8:in `perform'
# ./qa/scenario/bootable.rb:51:in `launch!'
2) Secure Security Reports in a Merge Request can dismiss a vulnerability with a reason
Failure/Error: merge_request.dismiss_vulnerability_with_reason(vuln_name, dismiss_reason)
Capybara::ElementNotFound:
Unable to find link or button "Regular Expression Denial of Service in debug" within #<Capybara::Node::Element tag="section" path="/HTML/BODY[1]/DIV[3]/DIV[1]/DIV[3]/MAIN[1]/DIV[2]/DIV[2]/DIV[3]/DIV[1]/DIV[1]/SECTION[1]/DIV[1]/DIV[2]/DIV[3]/SECTION[1]">
# ./qa/ee/page/merge_request/show.rb:123:in `block in click_vulnerability'
# ./qa/page/base.rb:357:in `block in within_element'
# ./qa/page/base.rb:356:in `within_element'
# ./qa/support/page/logging.rb:157:in `within_element'
# ./qa/ee/page/merge_request/show.rb:122:in `click_vulnerability'
# ./qa/ee/page/merge_request/show.rb:133:in `dismiss_vulnerability_with_reason'
# ./qa/specs/features/ee/browser_ui/13_secure/vulnerability_management_spec.rb:66:in `block (4 levels) in <module:QA>'
# ./qa/scenario/actable.rb:16:in `perform'
# ./qa/specs/features/ee/browser_ui/13_secure/vulnerability_management_spec.rb:64:in `block (3 levels) in <module:QA>'
# ./qa/specs/spec_helper.rb:133:in `block (2 levels) in <top (required)>'
# ./qa/specs/knapsack_runner.rb:15:in `run'
# ./qa/specs/runner.rb:54:in `perform'
# ./qa/scenario/template.rb:10:in `block in perform'
# ./qa/scenario/template.rb:8:in `tap'
# ./qa/scenario/template.rb:8:in `perform'
# ./qa/scenario/template.rb:50:in `perform'
# ./qa/scenario/template.rb:10:in `block in perform'
# ./qa/scenario/template.rb:8:in `tap'
# ./qa/scenario/template.rb:8:in `perform'
# ./qa/scenario/bootable.rb:51:in `launch!'
3) Secure Security Reports in a Merge Request can create an issue from a vulnerability
Failure/Error: merge_request.create_vulnerability_issue(vuln_name)
Capybara::ElementNotFound:
Unable to find link or button "Regular Expression Denial of Service in debug" within #<Capybara::Node::Element tag="section" path="/HTML/BODY[1]/DIV[3]/DIV[1]/DIV[3]/MAIN[1]/DIV[2]/DIV[2]/DIV[3]/DIV[1]/DIV[1]/SECTION[1]/DIV[1]/DIV[2]/DIV[3]/SECTION[1]">
# ./qa/ee/page/merge_request/show.rb:123:in `block in click_vulnerability'
# ./qa/page/base.rb:357:in `block in within_element'
# ./qa/page/base.rb:356:in `within_element'
# ./qa/support/page/logging.rb:157:in `within_element'
# ./qa/ee/page/merge_request/show.rb:122:in `click_vulnerability'
# ./qa/ee/page/merge_request/show.rb:157:in `create_vulnerability_issue'
# ./qa/specs/features/ee/browser_ui/13_secure/vulnerability_management_spec.rb:76:in `block (4 levels) in <module:QA>'
# ./qa/scenario/actable.rb:16:in `perform'
# ./qa/specs/features/ee/browser_ui/13_secure/vulnerability_management_spec.rb:74:in `block (3 levels) in <module:QA>'
# ./qa/specs/spec_helper.rb:133:in `block (2 levels) in <top (required)>'
# ./qa/specs/knapsack_runner.rb:15:in `run'
# ./qa/specs/runner.rb:54:in `perform'
# ./qa/scenario/template.rb:10:in `block in perform'
# ./qa/scenario/template.rb:8:in `tap'
# ./qa/scenario/template.rb:8:in `perform'
# ./qa/scenario/template.rb:50:in `perform'
# ./qa/scenario/template.rb:10:in `block in perform'
# ./qa/scenario/template.rb:8:in `tap'
# ./qa/scenario/template.rb:8:in `perform'
# ./qa/scenario/bootable.rb:51:in `launch!'
Finished in 30 minutes 27 seconds (files took 29.77 seconds to load)
73 examples, 3 failures, 6 pending
Failed examples:
rspec ./qa/specs/features/ee/browser_ui/13_secure/vulnerability_management_spec.rb:84 # Secure Security Reports in a Merge Request can create an auto-remediation MR
rspec ./qa/specs/features/ee/browser_ui/13_secure/vulnerability_management_spec.rb:61 # Secure Security Reports in a Merge Request can dismiss a vulnerability with a reason
rspec ./qa/specs/features/ee/browser_ui/13_secure/vulnerability_management_spec.rb:73 # Secure Security Reports in a Merge Request can create an issue from a vulnerability
Screenshot / HTML page
Note - the local repo does show Pipeline vulnerabilities and licenses being populated eg.
If it is related, the local scanned_resources
just contains
~/Downloads/scanned_resources.csv
Method,Scheme,Host,Port,Path,Query String
POST,http,target,7777,/api/users,
Possible fixes
Edited by Will Meek