Update placeholders for DAST Profile sensitive fields
Related issue - #323449 (closed)
What does this MR do?
-
Updates placeholder for sensitive fields when updating a site profile
- password field, a required field, to have asterisks
- request headers, an optional field, to have
[Redacted]
placeholder when value is set previously
-
Update summary when selecting a site profile to create a new DAST Scan
- show the placeholder for password when auth is enabled
- disable summary field for optional fields (exclude urls, request headers)
-
Also, removes an extended query for site profile in favor of using
@client
directive
Screenshots (strongly suggested)
Editing site profile | Profile summary |
---|---|
How to test this
Site Profile Updation
-
Create a DAST site profile, skip if you already have site profile created. To do so, visit the following path in your local GDK
/:namespace/:project/-/security/configuration/dast_profiles/dast_site_profiles/new
-
Enable the
security_dast_site_profiles_additional_fields
feature flag.
echo "Feature.enable(:security_dast_site_profiles_additional_fields)" | rails c
- Select and open the created site profile from
/:namespace/:project/-/security/configuration/dast_profiles/#site-profiles
Site Profile Summary
-
Enable the
security_dast_site_profiles_additional_fields
feature flag, if not done already -
(optional) Add the following diff to have multiple profiles
diff --git a/ee/app/assets/javascripts/on_demand_scans/components/on_demand_scans_form.vue b/ee/app/assets/javascripts/on_demand_scans/components/on_demand_scans_form.vue
index 02d7965b424..5772cfe2d09 100644
--- a/ee/app/assets/javascripts/on_demand_scans/components/on_demand_scans_form.vue
+++ b/ee/app/assets/javascripts/on_demand_scans/components/on_demand_scans_form.vue
@@ -31,6 +31,8 @@ import validation from '~/vue_shared/directives/validation';
import glFeatureFlagsMixin from '~/vue_shared/mixins/gl_feature_flags_mixin';
import dastProfileCreateMutation from '../graphql/dast_profile_create.mutation.graphql';
import dastProfileUpdateMutation from '../graphql/dast_profile_update.mutation.graphql';
+import { siteProfiles } from 'ee_jest/on_demand_scans/mocks/mock_data';
+
import {
ERROR_RUN_SCAN,
ERROR_FETCH_SCANNER_PROFILES,
@@ -59,7 +61,8 @@ const createProfilesApolloOptions = (name, field, { fetchQuery, fetchError }) =>
if (edges.length === 1) {
this[field] = edges[0].node.id;
}
- return edges.map(({ node }) => node);
+ // return edges.map(({ node }) => node);
+ return siteProfiles;
},
error(e) {
Sentry.captureException(e);
- Visit on-demand scans form and select a site profile from the dropdown
/:namespace/:project/-/on_demand_scans /new
Does this MR meet the acceptance criteria?
Conformity
-
📋 Does this MR need a changelog?-
I have included a changelog entry. -
I have not included a changelog entry because feature flag .
-
-
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Edited by Dheeraj Joshi