Track Browserker vulnerability findings in the outputted Secure report

Proposal

Browserker doesn't use the URL of the page to identify the location of a vulnerability finding, instead, it uses the path traversed. This issue proposes to add the tracking information to the JSON report so that it can be used to track vulnerability findings in GitLab Rails.

Example

An example of a path traversed by the browser in Browserker is as follows:

LoadURL [http://pancakes:8090] -> 
LeftClick [class=navigation-menu-item ham... li] -> 
LeftClick [a href=/pancakes] -> 
LeftClick [a href=/pancake/3]

This path will end up being used as the tracking identifier. For example, something like:

"tracking": {
    "type": "hash",
    "items": [
        { "data": "LoadURL [http://pancakes:8090]" },
        { "data": "LeftClick [class=navigation-menu-item ham... li]" },
        { "data": "LeftClick [a href=/pancakes]" },
        { "data": "LeftClick [a href=/pancake/3]" }
    ]
}

Or possibly just:

"tracking": {
    "type": "hash",
    "hash": "b7306c5a2c5423adc5f76173ce7f7c47"
}

In Scope

Add tracking type hash to the Secure Report Format.
Export the tracking location for the Browserker vulnerability in the outputted Secure JSON report.

Out of Scope

Update GitLab Rails to use tracking.hash. A new issue should be created for this.

References

This was spoken about in the Schema MR gitlab-org/security-products/security-report-schemas!69 (comment 546946008).

Edited Feb 25, 2022 by Cameron Swords