Skip to content

Add dast_pre_scan_verification field to ProfileType

Marcos Rocha requested to merge mc_rocha-add-pre-scan-status-graphql-379049 into master

What does this MR do and why?

This Merge Request adds the PreScanVerification to the GraphQL api. This new type will be used to return the pre-scan validation status as described here.

This Merge Request is related to issue #379049

Screenshots or screen recordings

Screenshot_2023-01-03_at_3.07.02_PM

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Create the pre-scan verification records

  1. Start the rails console
rails c
  1. Create the records
dpsv = dpsv = Dast::PreScanVerification.create(dast_profile: Dast::Profile.last, ci_pipeline: Ci::Pipeline.last)

Dast::PreScanVerificationStep.create(name: 'connection', dast_pre_scan_verification: dpsv)

Dast::PreScanVerificationStep.create(name: 'authentication', dast_pre_scan_verification: dpsv, verification_errors: ['Actionable error message'])

Dast::PreScanVerificationStep.create(name: 'crawling', dast_pre_scan_verification: dpsv)

Query the pre-scan verification

  1. Go to /-/graphql-explorer
  2. Add a Query like
{
  project(fullPath: "root/apiscantest") {
    dastProfiles {
      nodes {
        dastPreScanVerification {
          status
          valid
          preScanVerificationSteps {
            name
            errors
            success
          }
        }
      }
    }
  }
}
  1. Check the results
{
  "data": {
    "project": {
      "dastProfiles": {
        "nodes": [
          {
            "dastPreScanVerification": null
          },
          {
            "dastPreScanVerification": {
              "status": "COMPLETE_WITH_ERRORS",
              "valid": true,
              "preScanVerificationSteps": [
                {
                  "name": "connection",
                  "errors": [],
                  "success": true
                },
                {
                  "name": "authentication",
                  "errors": [
                    "Actionable error message"
                  ],
                  "success": false
                },
                {
                  "name": "crawling",
                  "errors": [],
                  "success": true
                }
              ]
            }
          }
        ]
      }
    }
  }
}

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Marcos Rocha

Merge request reports

Loading