Add scan file path to dast site profile
What does this MR do and why?
Describe in detail what your merge request does and why.
This Merge Request adds backend support to the scanFilePath
.
This is one of the extra configuration options that should be included in the on-demand scan configuration screen as described here and here.
Checklist
-
Add scanFilePath
field todast_site_profile
model -
Create a migration to add the scanFilePath
column into the database -
Add scanFilePath
field todast_site_profile_type
-
Add scanFilePath
field toMutations::DastSiteProfiles::Create
mutation -
Add scanFilePath
field toMutations::DastSiteProfiles::Update
mutation -
Add scanFilePath
field toMutations::AppSec::Dast::SiteProfiles::SharedArguments
-
Set the appropriate environment variable based on the scan_method.
GraphQl Updates
The DastSiteProfileCreateInput
and DastSiteProfileUpdateInput
GraphQL types need to be extended to support the new scan method option.
-
scanFilePath
-Type::String
ScanMethodEnum
is a new Enum to identify the scan method used for the API Scan. The values for the enum are
dastSiteProfiles
Query
project(fullPath: $fullPath) {
dastSiteProfiles(...) {
nodes {
id
profileName
normalizedTargetUrl
targetUrl
targetType
+ scanFilePath
}
}
}
Database updates
scan_file_path
Add migration up
main: == 20220126191624 AddScanFilePathToDastSiteProfile: migrating =================
main: -- add_column(:dast_site_profiles, :scan_file_path, :text)
main: -> 0.0012s
main: -- transaction_open?()
main: -> 0.0000s
main: -- current_schema()
main: -> 0.0002s
main: -- transaction_open?()
main: -> 0.0000s
main: -- execute("ALTER TABLE dast_site_profiles\nADD CONSTRAINT check_8d2aa0f66d\nCHECK ( char_length(scan_file_path) <= 1024 )\nNOT VALID;\n")
main: -> 0.0021s
main: -- current_schema()
main: -> 0.0001s
main: -- execute("SET statement_timeout TO 0")
main: -> 0.0002s
main: -- execute("ALTER TABLE dast_site_profiles VALIDATE CONSTRAINT check_8d2aa0f66d;")
main: -> 0.0005s
main: -- execute("RESET statement_timeout")
main: -> 0.0002s
main: == 20220126191624 AddScanFilePathToDastSiteProfile: migrated (0.0207s) ========
migration down
main: == 20220126191624 AddScanFilePathToDastSiteProfile: reverting =================
main: -- remove_column(:dast_site_profiles, :scan_file_path, :text)
main: -> 0.0039s
main: == 20220126191624 AddScanFilePathToDastSiteProfile: reverted (0.0040s) ========
scan_file_path
Update Update Query
UPDATE dast_site_profiles
SET
scan_file_path = dast_sites.url
FROM
dast_sites
WHERE
dast_site_profiles.dast_site_id = dast_sites.id AND dast_site_profiles.target_type = 1 AND dast_site_profiles.id BETWEEN 1 AND 500;
Query Plan https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/11876/commands/42192
Total rows updated https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/11876/commands/42193
migration up
bin/rails db:migrate:up:main VERSION=20220901171624
main: == 20220901171624 UpdateDastSiteProfileScanFilePath: migrating ================
main: -- transaction_open?()
main: -> 0.0000s
main: -- execute("UPDATE dast_site_profiles\n SET scan_file_path = dast_sites.url\nFROM dast_sites\nWHERE dast_site_profiles.dast_site_id = dast_sites.id\n AND dast_site_profiles.target_type = 1\n AND dast_site_profiles.id BETWEEN 1 AND 108\n")
main: -> 0.0016s
main: == 20220901171624 UpdateDastSiteProfileScanFilePath: migrated (0.0222s) =======
migration down
bin/rails db:migrate:down:main VERSION=20220901171624
main: == 20220901171624 UpdateDastSiteProfileScanFilePath: reverting ================
main: == 20220901171624 UpdateDastSiteProfileScanFilePath: reverted (0.0004s) =======
Screenshots or screen recordings
These are strongly recommended to assist reviewers and reduce the time to merge your change.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.