Update DastSiteProfile variables for graphql scans (!106767) · Merge requests · GitLab.org / GitLab

Marcos Rocha requested to merge mc_rocha-fix-scan-file-path-validation-for-graphql-378692 into master Dec 13, 2022

What does this MR do and why?

This MR updates the dast_site_profile configuration variables for GraphQL scans

The MR update the variable DAST_API_GRAPHQL to accept a file path. This change is necessary because the DAST API analyzer expects a file path for GraphQL scans not an URL.

And it also adds the DAST_API_TARGET_URL for GraphQL scans. The Analyzer won't work without variable when the scanMethod is GraphQL.

More context about this issue can be found here.

This Merge Request is related to issue #378692 (closed)

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

How to set up and validate locally

Go to -/on_demand_scans/new
Create a new site profile like:

Click in Run
Check the value of the variable [INF] DAST API: graphql: in the job log. It should match the GraphQL endpoint path.
Check the value of the variable [INF] DAST API: target_url: in the job log. It should match the API endpoint URL.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Dec 13, 2022 by Marcos Rocha

Update DastSiteProfile variables for graphql scans

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports