DAST site profiles: support validation path
- Related issue: #247106 (closed)
What does this MR do?
This adds support for providing a validation file path when validation a DAST site profile.
- The input's prefix now defaults to the target URL's origin, followed by a trailing slash
- The input itself defaults to the target URL's path followed by the generated token
- Submitting the validation form now sends the validation path along with the GraphQL mutation
What does this MR do?
This hooks up the frontend validation components to actual API calls for validating DAST sites.
How to test this?
- Enable the feature flag.
echo "Feature.enable(:security_on_demand_scans_site_validation)" | rails c
-
Install and setup
graphql-vue-apollo-playground
locally. Checkout themock-dast-site-profiles
branch and run the mock server. -
Use the local mock server in the Apollo provider.
diff --git a/ee/app/assets/javascripts/dast_site_profiles_form/graphql/provider.js b/ee/app/assets/javascripts/dast_site_profiles_form/graphql/provider.js
index ef96b443da8..993a7cefb5c 100644
--- a/ee/app/assets/javascripts/dast_site_profiles_form/graphql/provider.js
+++ b/ee/app/assets/javascripts/dast_site_profiles_form/graphql/provider.js
@@ -5,5 +5,10 @@ import createDefaultClient from '~/lib/graphql';
Vue.use(VueApollo);
export default new VueApollo({
- defaultClient: createDefaultClient(),
+ defaultClient: createDefaultClient(
+ {},
+ {
+ baseUrl: 'http://localhost:4000',
+ },
+ ),
});
- Navigate to the DAST Site profile form in your GDK:
/:namespace/:project/-/on_demand_scans/profiles/dast_site_profiles/new
Screenshots
Does this MR meet the acceptance criteria?
Conformity
- [-] Changelog entry (not needed, this feature is still behind a feature flag)
- [-] Documentation (if required)
-
Code review guidelines - [-] Merge request performance guidelines
-
Style guides - [-] Database guides
-
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers - [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Edited by Paul Gascou-Vaillancourt