Parse Login Actions configuration in DAST Browser Based Analyzer
Part 1 of the implementation of DAST_AFTER_LOGIN_ACTIONS
in Browserker, a new comma separated list of actions to be executed after login. Example: "click(on=css:.remember-me),click(on=id:stay-signed-in)"
As a first, we will be supporting the click
action.
Related Issue: #383754 (closed)
Implementation Plan
- Add new field to configuration
- Add AfterLoginActions []string to tomlAuthConfig (toml_auth_config.go).
- Add AfterLoginActions browserk.LoginAction to AuthDetails (auth.go). Parse (see new point) and assign this property in toml_auth_config.go.
- Parse
DAST_AFTER_LOGIN_ACTIONS
- In
scanner/auth
, create a new packageactions
. Create a new struct,LoginAction
. - In
browserk/auth.go
, create a new interface calledLoginAction
. - In the
actions
package, create aClickAction
. Ensure that theclick(on=xxxx)
can be parsed into a click login action. - In the
actions
package, create aLoginActions
(similar toselector.QuerySelectors
) - In the
actions
package, create aparser.go
with a Parse function. Parse should convert a series of login action strings intoactions.LoginActions
, and the Parse function should returnbrowser.LoginAction
(similar toscanner/browser/selector/parser.go#Parse
) - Parse should return an error with an appropriate error message if unable to be parsed.
- If there is no after login steps, Parse should return an empty
actions.LoginActions
. This way, the service that uses the steps won't need to worry about it being nil.
- In
Edited by Arpit Gogia