Add GraphQL mutation for configuring API fuzzing scans (!53883) · Merge requests · GitLab.org / GitLab

Avielle Wolfe requested to merge 299234-api-fuzzing-config-mutation into master Feb 10, 2021

What does this MR do?

Adds Mutations::Security::CiConfiguration::ApiFuzzing::Create, which accepts configuration options as input and returns YAML that can be inserted into the project's .gitlab-ci.yml to configure API fuzzing scans
Adds Security::CiConfiguration::ApiFuzzing::CreateService to handle the actual creation of the configuration

Note: because this work is a behind a feature flag, this MR does not include a changelog

Example mutation query and result

Query:

mutation {
  createApiFuzzingCiConfiguration(input: {apiSpecificationFile: "https://api.gov", authPassword: "$PASSWORD", authUsername: "$USERNAME", projectPath: "gitlab-org/gitlab-test", scanMode: OPENAPI, scanProfile: "Quick-10", target: "https://api.gov"}) {
    configurationYaml
    errors
    gitlabCiYamlEditUrl
  }
}

Result:

{
  "data": {
    "createApiFuzzingCiConfiguration": {
      "configurationYaml": "---\nstages:\n- fuzz\ninclude:\n- template: API-Fuzzing.gitlab-ci.yml\nvariables:\n  FUZZAPI_TARGET_URL: https://api.gov\n  FUZZAPI_OPENAPI: https://api.gov\n  FUZZAPI_HTTP_PASSWORD: \"$PASSWORD\"\n  FUZZAPI_HTTP_USERNAME: \"$USERNAME\"\n  FUZZAPI_PROFILE: Quick-10\n",
      "errors": [],
      "gitlabCiYamlEditUrl": "/gitlab-org/gitlab-test/-/ci/editor"
    }
  }
}

Issue

This is the second backend MR for #299234 (closed)

Add GraphQL mutation for configuring API fuzzing scans

What does this MR do?

Example mutation query and result

Issue

Merge request reports