Browser based supports Mutual TLS without ZAP

Problem

DAST uses Mutual TLS when the user specifies the CI/CD variables DAST_PKCS12_CERTIFICATE_BASE64 and DAST_PKCS12_PASSWORD. The browser-based analyzer proxies HTTP requests through ZAP, so in order to remove ZAP an alternative Mutual TLS solution must be used.

Proposal

FIPS Browser-based DAST proxies all requests via Squid, which also provides Mutual TLS functionality. The same solution can be leveraged for non-FIPS browser-based DAST.

dast-chromium

1. Update build-squid.sh to work with both UBI & Ubuntu
2. Update .gitlab-ci.yml to build squid similar to fips build
3. Update Dockerfile to include squid similar to how Dockerfile_fips does
4. Update test/chromium_smoke_test.sh so Squid tests also run for non-FIPS build
5. Verify build works and tests pass
6. Manually verify Squid is working in built image

browserker

1. Review fips build process and identify Squid related items
2. Mirror Squid related items from fips build for regular build
3. Create entrypoint.sh script based on entrypoint-fips.sh script
4. Update Dockerfile entry point to be entrypoint.sh
5. Enable test/end-to-end/test-squid-forward-proxy-errors.sh for regular builds
6. Enable test/end-to-end/test-mutual-tls.sh for regular builds
7. Verify tests are passing

dast

1. Create an entrypoint.dast.sh script based on entrypoint-fips.dast.sh or combine is possible
2. Review Dockerfile-fips and identify all squid related items and mirror to Dockerfile
3. Review test-fips.sh and extract squid related tests into it's own test file that runs for both builds
4. Add Proxy configuration parameter (see comment)
5. Verify all tests are passing
6. Are any additional tests needed?
7. Is there a Mutual TLS demo project to test with?