Skip to content

Add option to add DAST_SUBMIT_FIELD

Aditya Tiwari requested to merge 355526-dast-submit-field into master

Add option to set DAST_SUBMIT_FIELD for on-demand DAST scans. Add ability to set Login submit element.

Changelog: added EE: true

Related to #355526 (closed)

DB Mr: !84245 (merged)

Steps to test:

Please use the following graphql:

Query

query project($fullPath: ID!) {
  project(fullPath: $fullPath) {
    dastSiteProfiles(first: 1) {
      nodes {
        id
        profileName
        targetUrl
        editPath
        excludedUrls
        requestHeaders
        validationStatus
        normalizedTargetUrl
        auth { enabled url usernameField passwordField username password submitField}
        referencedInSecurityPolicies
      }
    }
  }
}

{
      "fullPath":"gitlab-org/go-fuzzing-example8",
      "profileName":"Open-source intermediate methodology",
      "targetUrl":"http://example18.test",
      "excludedUrls":"http://example18.test/signout",
      "requestHeaders":"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0",
      "auth":{
         "enabled":true,
        "submitField": "css:button[type=\"submit\"]"
      }
}

Screenshot_2022-04-06_at_11.35.09_PM

Create mutation


mutation($dastSiteProfileCreateInput: DastSiteProfileCreateInput!) {
  dastSiteProfileCreate(input: $dastSiteProfileCreateInput) {
    clientMutationId
    errors
    id
  }
}



{
   "dastSiteProfileCreateInput":{
      "fullPath":"gitlab-org/go-fuzzing-example8",
      "profileName":"Open-source intermediate methodology",
      "targetUrl":"http://example18.test",
      "excludedUrls":"http://example18.test/signout",
      "requestHeaders":"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0",
      "auth":{
         "enabled":true,
        "submitField": "css:button[type=\"submit\"]"
      }
   }
}

Screenshot_2022-04-06_at_11.35.17_PM

Update mutation


mutation($dastSiteProfileUpdateInput: DastSiteProfileUpdateInput!) {
  dastSiteProfileUpdate(input: $dastSiteProfileUpdateInput) {
    clientMutationId
    errors
    id
  }
}


{
   "dastSiteProfileUpdateInput":{
      "fullPath":"gitlab-org/go-fuzzing-example8",
      "id":"gid://gitlab/DastSiteProfile/2",
      "profileName":"c7ad43f42039f195dc8654f6389f57b9",
      "targetUrl":"http://example36.test",
      "excludedUrls":"http://example36.test/signout",
      "requestHeaders":"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0",
      "auth":{
         "enabled":true, "submitField": "updatedcss"
      }
   }
}

Screenshot_2022-04-06_at_11.37.28_PM

Edited by Aditya Tiwari

Merge request reports