From 31a58cc2c7e9bbcd1080c7cc90948e29a7b8417e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A1ra=20El-Saig?= <sara.el-saig@lombiq.com>
Date: Mon, 8 Jan 2024 07:24:53 +0100
Subject: [PATCH] Reorganize the security scanning test into a reusable
 extension.

---
 ...SecurityScanningUITestContextExtensions.cs | 44 +++++++++++++++++++
 .../YamlDocumentExtensions.cs                 |  2 +-
 2 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/Lombiq.Tests.UI/SecurityScanning/SecurityScanningUITestContextExtensions.cs b/Lombiq.Tests.UI/SecurityScanning/SecurityScanningUITestContextExtensions.cs
index dafc754b2..f8df51174 100644
--- a/Lombiq.Tests.UI/SecurityScanning/SecurityScanningUITestContextExtensions.cs
+++ b/Lombiq.Tests.UI/SecurityScanning/SecurityScanningUITestContextExtensions.cs
@@ -7,6 +7,7 @@
 using System;
 using System.Net;
 using System.Threading.Tasks;
+using static Lombiq.Tests.UI.Services.OrchardCoreUITestExecutorConfiguration;
 
 namespace Lombiq.Tests.UI.SecurityScanning;
 
@@ -50,6 +51,49 @@ public static Task RunAndAssertFullSecurityScanAsync(
             configure,
             assertSecurityScanResult);
 
+    /// <inheritdoc cref="RunAndAssertFullSecurityScanAsync"/>
+    /// <param name="doSignIn">If <see langword="true"/> the bot is configured to sign in as <c>admin</c> first.</param>
+    /// <param name="maxScanDurationInMinutes">Time limit for the active scan altogether.</param>
+    /// <param name="maxRuleDurationInMinutes">Time limit for the individual rules in the active scan.</param>
+    /// <remarks><para>
+    /// This extension method makes changes to the normal configuration of the test to be more suited for CI operation.
+    /// It changes the <see cref="UITestContext.Configuration"/> to not do any retries because this is a long running
+    /// test. It also replaces the app log assertion logic with the specialized version for security scans, <see
+    /// cref="UseAssertAppLogsForSecurityScan"/>. The scan is configured to ignore the admin dashboard, optionally log
+    /// in as admin, and use the provided time limits for the "active scan" portion of the security scan.
+    /// </para></remarks>
+    public static Task RunAndConfigureAndAssertFullSecurityScanForAutomationAsync(
+        this UITestContext context,
+        Action<SecurityScanConfiguration> additionalConfiguration = null,
+        Action<SarifLog> assertSecurityScanResult = null,
+        bool doSignIn = true,
+        int maxScanDurationInMinutes = 10,
+        int maxRuleDurationInMinutes = 2)
+    {
+        // Ignore some validation errors that only happen during security tests.
+        context.Configuration.AssertAppLogsAsync = UseAssertAppLogsForSecurityScan();
+
+        // This takes over 10 minutes and the session will certainly time out with retries.
+        context.Configuration.MaxRetryCount = 0;
+
+        return context.RunAndAssertFullSecurityScanAsync(
+            configuration =>
+            {
+                // Signing in ensures full access and that the bot won't have to interact with the login screen.
+                if (doSignIn) configuration.SignIn();
+
+                // There is no need to security scan the admin dashboard.
+                configuration.ExcludeUrlWithRegex(@".*/Admin/.*");
+
+                // Active scan takes a very long time, this is not practical in CI.
+                configuration.ModifyZapPlan(plan => plan
+                    .SetActiveScanMaxDuration(maxScanDurationInMinutes, maxRuleDurationInMinutes));
+
+                additionalConfiguration?.Invoke(configuration);
+            },
+            assertSecurityScanResult);
+    }
+
     /// <summary>
     /// Run a <see href="https://www.zaproxy.org/">Zed Attack Proxy (ZAP)</see> security scan against an app with the
     /// GraphQL Automation Framework profile and runs assertions on the result (see <see
diff --git a/Lombiq.Tests.UI/SecurityScanning/YamlDocumentExtensions.cs b/Lombiq.Tests.UI/SecurityScanning/YamlDocumentExtensions.cs
index 85c77eb41..fee0beb59 100644
--- a/Lombiq.Tests.UI/SecurityScanning/YamlDocumentExtensions.cs
+++ b/Lombiq.Tests.UI/SecurityScanning/YamlDocumentExtensions.cs
@@ -358,7 +358,7 @@ public static void SetActiveScanParameter(this YamlDocument yamlDocument, YamlNo
     /// Sets time limits on the "activeScan" job. Both are in minutes. If set to 0 it means unlimited.
     /// </summary>
     /// <param name="maxScanDurationInMinutes">Time limit for the active scan altogether.</param>
-    /// <param name="maxRuleDurationInMinutes">Time limit for the individual rule scans in minutes.</param>
+    /// <param name="maxRuleDurationInMinutes">Time limit for the individual rule scans.</param>
     public static void SetActiveScanMaxDuration(
         this YamlDocument yamlDocument,
         int maxScanDurationInMinutes,