Commit f090988f authored by Robert Speicher's avatar Robert Speicher

Merge branch 'add_scanner_profile_properties_to_on_demand_scan_254626' into 'master'

Honor all DAST Scanner Profile variables in on demand DAST Scan

See merge request gitlab-org/gitlab!44508
parents 15699fe7 af7b02c8
...@@ -44,7 +44,10 @@ module Mutations ...@@ -44,7 +44,10 @@ module Mutations
branch: project.default_branch, branch: project.default_branch,
target_url: dast_site.url, target_url: dast_site.url,
spider_timeout: dast_scanner_profile&.spider_timeout, spider_timeout: dast_scanner_profile&.spider_timeout,
target_timeout: dast_scanner_profile&.target_timeout target_timeout: dast_scanner_profile&.target_timeout,
full_scan_enabled: dast_scanner_profile&.full_scan_enabled?,
use_ajax_spider: dast_scanner_profile&.use_ajax_spider,
show_debug_messages: dast_scanner_profile&.show_debug_messages
) )
if result.success? if result.success?
......
...@@ -12,4 +12,8 @@ class DastScannerProfile < ApplicationRecord ...@@ -12,4 +12,8 @@ class DastScannerProfile < ApplicationRecord
passive: 1, passive: 1,
active: 2 active: 2
} }
def full_scan_enabled?
scan_type == 'active'
end
end end
...@@ -5,7 +5,10 @@ module Ci ...@@ -5,7 +5,10 @@ module Ci
ENV_MAPPING = { ENV_MAPPING = {
spider_timeout: 'DAST_SPIDER_MINS', spider_timeout: 'DAST_SPIDER_MINS',
target_timeout: 'DAST_TARGET_AVAILABILITY_TIMEOUT', target_timeout: 'DAST_TARGET_AVAILABILITY_TIMEOUT',
target_url: 'DAST_WEBSITE' target_url: 'DAST_WEBSITE',
use_ajax_spider: 'DAST_USE_AJAX_SPIDER',
show_debug_messages: 'DAST_DEBUG',
full_scan_enabled: 'DAST_FULL_SCAN_ENABLED'
}.freeze }.freeze
def self.ci_template_raw def self.ci_template_raw
...@@ -40,9 +43,9 @@ module Ci ...@@ -40,9 +43,9 @@ module Ci
def ci_yaml(args) def ci_yaml(args)
variables = args.each_with_object({}) do |(key, val), hash| variables = args.each_with_object({}) do |(key, val), hash|
next unless val && ENV_MAPPING[key] next if val.nil? || !ENV_MAPPING[key]
hash[ENV_MAPPING[key]] = val hash[ENV_MAPPING[key]] = !!val == val ? val.to_s : val
hash hash
end end
......
---
title: Honor all DAST Scanner Profile variables in on demand DAST Scan
merge_request: 44508
author:
type: added
...@@ -103,7 +103,7 @@ RSpec.describe Mutations::DastOnDemandScans::Create do ...@@ -103,7 +103,7 @@ RSpec.describe Mutations::DastOnDemandScans::Create do
end end
context 'when dast_scanner_profile_id is provided' do context 'when dast_scanner_profile_id is provided' do
let(:dast_scanner_profile) { create(:dast_scanner_profile, project: project, target_timeout: 200, spider_timeout: 5000) } let(:dast_scanner_profile) { create(:dast_scanner_profile, project: project, target_timeout: 200, spider_timeout: 5000, use_ajax_spider: true, show_debug_messages: true, scan_type: 'active') }
let(:dast_scanner_profile_id) { dast_scanner_profile.to_global_id } let(:dast_scanner_profile_id) { dast_scanner_profile.to_global_id }
subject do subject do
...@@ -123,7 +123,10 @@ RSpec.describe Mutations::DastOnDemandScans::Create do ...@@ -123,7 +123,10 @@ RSpec.describe Mutations::DastOnDemandScans::Create do
it 'passes additional arguments to the underlying service object' do it 'passes additional arguments to the underlying service object' do
args = hash_including( args = hash_including(
spider_timeout: dast_scanner_profile.spider_timeout, spider_timeout: dast_scanner_profile.spider_timeout,
target_timeout: dast_scanner_profile.target_timeout target_timeout: dast_scanner_profile.target_timeout,
use_ajax_spider: dast_scanner_profile.use_ajax_spider,
show_debug_messages: dast_scanner_profile.show_debug_messages,
full_scan_enabled: dast_scanner_profile.full_scan_enabled?
) )
expect_any_instance_of(::Ci::RunDastScanService).to receive(:execute).with(args).and_call_original expect_any_instance_of(::Ci::RunDastScanService).to receive(:execute).with(args).and_call_original
......
...@@ -24,4 +24,18 @@ RSpec.describe DastScannerProfile, type: :model do ...@@ -24,4 +24,18 @@ RSpec.describe DastScannerProfile, type: :model do
end end
end end
end end
describe 'full_scan_enabled?' do
describe 'when is active scan' do
subject { create(:dast_scanner_profile, scan_type: :active).full_scan_enabled? }
it { is_expected.to eq(true) }
end
describe 'when is passive scan' do
subject { create(:dast_scanner_profile, scan_type: :passive).full_scan_enabled? }
it { is_expected.to eq(false) }
end
end
end end
...@@ -7,6 +7,9 @@ RSpec.describe Ci::RunDastScanService do ...@@ -7,6 +7,9 @@ RSpec.describe Ci::RunDastScanService do
let(:project) { create(:project, :repository, creator: user) } let(:project) { create(:project, :repository, creator: user) }
let(:branch) { project.default_branch } let(:branch) { project.default_branch }
let(:target_url) { generate(:url) } let(:target_url) { generate(:url) }
let(:use_ajax_spider) { true }
let(:show_debug_messages) { false }
let(:full_scan_enabled) { true }
before do before do
stub_licensed_features(security_on_demand_scans: true) stub_licensed_features(security_on_demand_scans: true)
...@@ -27,7 +30,7 @@ RSpec.describe Ci::RunDastScanService do ...@@ -27,7 +30,7 @@ RSpec.describe Ci::RunDastScanService do
end end
describe '#execute' do describe '#execute' do
subject { described_class.new(project, user).execute(branch: branch, target_url: target_url, spider_timeout: 42, target_timeout: 21) } subject { described_class.new(project, user).execute(branch: branch, target_url: target_url, spider_timeout: 42, target_timeout: 21, use_ajax_spider: use_ajax_spider, show_debug_messages: show_debug_messages, full_scan_enabled: full_scan_enabled) }
let(:status) { subject.status } let(:status) { subject.status }
let(:pipeline) { subject.payload } let(:pipeline) { subject.payload }
...@@ -125,6 +128,18 @@ RSpec.describe Ci::RunDastScanService do ...@@ -125,6 +128,18 @@ RSpec.describe Ci::RunDastScanService do
'key' => 'DAST_TARGET_AVAILABILITY_TIMEOUT', 'key' => 'DAST_TARGET_AVAILABILITY_TIMEOUT',
'value' => '21', 'value' => '21',
'public' => true 'public' => true
}, {
'key' => "DAST_USE_AJAX_SPIDER",
'public' => true,
'value' => 'true'
}, {
'key' => "DAST_DEBUG",
'public' => true,
'value' => 'false'
}, {
'key' => "DAST_FULL_SCAN_ENABLED",
'public' => true,
'value' => 'true'
}, { }, {
'key' => 'GIT_STRATEGY', 'key' => 'GIT_STRATEGY',
'value' => 'none', 'value' => 'none',
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment