Catch YAML errors when parsing security policies (!75092) · Merge requests · GitLab.org / GitLab

Alan (Maciej) Paruszewski requested to merge 346316-catch-yaml-errors-when-parsing-security-policies into master Nov 23, 2021

What does this MR do and why?

This MR adds simple rescue when parsing security policy from YAML file. Users might configure their policies in incorrect way and we were not catching that before. This change introduces that.

How to set up and validate locally

Create new project
Create new security policy project
Add to .gitlab/security-policies/policy.yml invalid policy (cadence value should be quoted, otherwise YAML parser will think that this is an alias):

---
scan_execution_policy:
- name: Enforce DAST and secret detection scans every 10 minutes
  description: This policy enforces DAST and secret detection scans to run every 10 minutes
  enabled: true
  rules:
  - type: schedule
    branches:
    - main
    cadence: */10 * * * *
  actions:
  - scan: dast
    scanner_profile: Scanner Profile C
    site_profile: Site Profile D
  - scan: secret_detection

You should not see failed Security::CreateOrchestrationPolicyWorker jobs in Sidekiq because of this.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #346316 (closed)

Catch YAML errors when parsing security policies

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports