DAST API OpenAPI excludes defined paths
Summary
The DAST API scanner excludes some paths under certain conditions:
- if
consumes
array is undefined or empty, and - if any
"in" : "body"
parameter is defined
If both are true the path is excluded from the list of operations.
Steps to reproduce
- Clone the OpenAPI example project
- Run the pipeline without modification.
- In the
dast_api
job logs note the lineLoaded 5 operations from: rest_target_openapi.json
- Remove all the
consumes
arrays from therest_target_openapi.json
definition file. - Rerun the pipeline.
- In the
dast_api
job logs note the lineLoaded 3 operations from: rest_target_openapi.json
The two jobs that are excluded are jobs that contain parameters that define "in" : "body"
.
What is the current bug behavior?
Jobs are excluded without any reason
What is the expected correct behavior?
Jobs should not be excluded.
Relevant logs and/or screenshots
-
Example of job showing 5 operations
-
Example of job showing 3 operations
Results of GitLab environment info
Replicated on GitLab.com
job showing 5 operations
Running with gitlab-runner 16.9.1 (782c6ecb) on green-4.saas-linux-small-amd64.runners-manager.gitlab.com/default ntHFEtyX, system ID: s_8990de21c550 feature flags: FF_USE_IMPROVED_URL_MASKING:true Resolving secrets 00:00 Preparing the "docker+machine" executor 00:32 Using Docker executor with image registry.gitlab.com/security-products/api-security:3 ... Starting service registry.gitlab.com/cmarais_ultimate_group/ticket_work/510334_dast_api_bug/openapi-example-1/target-flask:latest ... Authenticating with credentials from job payload (GitLab Registry) Pulling docker image registry.gitlab.com/cmarais_ultimate_group/ticket_work/510334_dast_api_bug/openapi-example-1/target-flask:latest ... Using docker image sha256:acb79b92a253c00ce0fde139102c5bd514798a905a92b19c97c56024b9c9f69c for registry.gitlab.com/cmarais_ultimate_group/ticket_work/510334_dast_api_bug/openapi-example-1/target-flask:latest with digest registry.gitlab.com/cmarais_ultimate_group/ticket_work/510334_dast_api_bug/openapi-example-1/target-flask@sha256:bbd4b80f44fde0ec7b99d30c59584b68a5134b0866fa0492961a287fb9c82ede ... Waiting for services to be up and running (timeout 30 seconds)... *** WARNING: Service runner-nthfetyx-project-55846011-concurrent-0-cda34ab16cf66019-registry.gitlab.com__cmarais_ultimate_group__ticket_work__510334_dast_api_bug__openapi-example-1__target-flask-0 probably didn't start properly. Health check error: service "runner-nthfetyx-project-55846011-concurrent-0-cda34ab16cf66019-registry.gitlab.com__cmarais_ultimate_group__ticket_work__510334_dast_api_bug__openapi-example-1__target-flask-0-wait-for-service" health check: exit code 1 Health check container logs: 2024-03-14T09:16:02.154222769Z FATAL: No HOST or PORT found Service container logs: 2024-03-14T09:16:02.239318129Z 2024-03-14 09:16:02,231 [INFO ] syslog destination: ('localhost', 514) 2024-03-14T09:16:02.239362370Z 2024-03-14 09:16:02,231 [INFO ] rest_target.py initializing. 2024-03-14T09:16:02.239384220Z 2024-03-14 09:16:02,231 [INFO ] Creating in-memory database. 2024-03-14T09:16:02.249472107Z 2024-03-14 09:16:02,245 [INFO ] Starting REST application 2024-03-14T09:16:02.249501297Z 2024-03-14 09:16:02+0000 [-] Log opened. 2024-03-14T09:16:02.249528467Z 2024-03-14 09:16:02+0000 [-] Site starting on 7777 2024-03-14T09:16:02.249532357Z 2024-03-14 09:16:02+0000 [-] Starting factory 2024-03-14T09:16:02.249537158Z 2024-03-14 09:16:02+0000 [-] Site (TLS) starting on 7778 ********* Authenticating with credentials from job payload (GitLab Registry) Pulling docker image registry.gitlab.com/security-products/api-security:3 ... Using docker image sha256:011cac2778795d5021e6ca8ee65304f1d524fff910f3eadfe8514c3e0003780f for registry.gitlab.com/security-products/api-security:3 with digest registry.gitlab.com/security-products/api-security@sha256:2e70d097c2d30e9b65f468ccc62d72110d2ee57411171721f2695a0a397232d7 ... Preparing environment 00:02 Running on runner-nthfetyx-project-55846011-concurrent-0 via runner-nthfetyx-s-l-s-amd64-1710407546-7cafee1f... Getting source from Git repository 00:01 Fetching changes with git depth set to 20... Initialized empty Git repository in /builds/cmarais_ultimate_group/ticket_work/510334_dast_api_bug/openapi-example-1/.git/ Created fresh repository. Checking out f78d4ba7 as detached HEAD (ref is main)... Skipping Git submodules setup $ git remote set-url origin "${CI_REPOSITORY_URL}" Executing "step_script" stage of the job script 01:02 Using docker image sha256:011cac2778795d5021e6ca8ee65304f1d524fff910f3eadfe8514c3e0003780f for registry.gitlab.com/security-products/api-security:3 with digest registry.gitlab.com/security-products/api-security@sha256:2e70d097c2d30e9b65f468ccc62d72110d2ee57411171721f2695a0a397232d7 ... $ /peach/analyzer-dast-api 09:16:11 [INF] DAST API: Gitlab DAST API 09:16:11 [INF] DAST API: ------------------- 09:16:11 [INF] DAST API: 09:16:11 [INF] DAST API: version: 3.10.0 09:16:11 [INF] DAST API: api: http://127.0.0.1:5500 09:16:11 [INF] DAST API: api port: 5500 09:16:11 [INF] DAST API: config: /peach/configs/gitlab-dast-api-config.yml 09:16:11 [INF] DAST API: openapi: rest_target_openapi.json 09:16:11 [INF] DAST API: profile: Quick 09:16:11 [INF] DAST API: project: cmarais_ultimate_group/ticket_work/510334_dast_api_bug/openapi-example-1 09:16:11 [INF] DAST API: security report: gl-dast-api-report.json 09:16:11 [INF] DAST API: security report asset path: gl-assets 09:16:11 [INF] DAST API: ci_project_url: https://gitlab.com/cmarais_ultimate_group/ticket_work/510334_dast_api_bug/openapi-example-1 09:16:11 [INF] DAST API: ci_job_id: 6391085092 09:16:11 [INF] DAST API: service_start_timeout: 300 09:16:11 [INF] DAST API: target_url: http://target:7777 09:16:11 [INF] DAST API: timeout: 30 09:16:11 [INF] DAST API: verbose: False 09:16:11 [INF] DAST API: 09:16:11 [INF] DAST API: Waiting for DAST API (http://127.0.0.1:5500) to become available... 09:16:11 [INF] DAST API: Backing off 0.9 seconds afters 1 tries 09:16:12 [INF] DAST API: Backing off 1.8 seconds afters 2 tries 09:16:15 [INF] DAST API: Waiting for scan target (http://target:7777) to become available... 09:16:36 [INF] DAST API: 09:16:36 [INF] DAST API: Loaded 5 operations from: rest_target_openapi.json 09:16:36 [INF] DAST API: 09:16:36 [INF] DAST API: Testing operation [1/5]: 'GET http://target:7777/api/users/1'. 09:16:36 [INF] DAST API: - Parameters: (Headers: 4, Query: 0, Body: 0) 09:16:36 [INF] DAST API: - Request body size: 0 Bytes (0 bytes) 09:16:36 [INF] DAST API: 09:16:36 [INF] DAST API: Finished testing operation 'GET http://target:7777/api/users/1'. 09:16:36 [INF] DAST API: - Excluded Parameters: (Headers: 0, Query: 0, Body: 0) 09:16:36 [INF] DAST API: - Performed 788 requests 09:16:36 [INF] DAST API: - Average response body size: 224 Bytes (224 bytes) 09:16:36 [INF] DAST API: - Average call time: 2.78 milliseconds (0.002779 seconds) 09:16:36 [INF] DAST API: - Time to complete: 1 second and 608.29 milliseconds (1.608293 seconds) 09:16:36 [INF] DAST API: 09:16:36 [INF] DAST API: Testing operation [2/5]: 'PUT http://target:7777/api/users/1'. 09:16:36 [INF] DAST API: - Parameters: (Headers: 5, Query: 0, Body: 6) 09:16:36 [INF] DAST API: - Request body size: 65 Bytes (65 bytes) 09:16:36 [INF] DAST API: 09:16:51 [INF] DAST API: Finished testing operation 'PUT http://target:7777/api/users/1'. 09:16:51 [INF] DAST API: - Excluded Parameters: (Headers: 0, Query: 0, Body: 0) 09:16:51 [INF] DAST API: - Performed 1599 requests 09:16:51 [INF] DAST API: - Average response body size: 227 Bytes (227 bytes) 09:16:51 [INF] DAST API: - Average call time: 15.06 milliseconds (0.015065 seconds) 09:16:51 [INF] DAST API: - Time to complete: 12 seconds and 786.86 milliseconds (12.786862 seconds) 09:16:51 [INF] DAST API: 09:16:51 [INF] DAST API: Testing operation [3/5]: 'GET http://target:7777/api/users?user=string-without-format'. 09:16:51 [INF] DAST API: - Parameters: (Headers: 4, Query: 1, Body: 0) 09:16:51 [INF] DAST API: - Request body size: 0 Bytes (0 bytes) 09:16:51 [INF] DAST API: 09:16:51 [INF] DAST API: Finished testing operation 'GET http://target:7777/api/users?user=string-without-format'. 09:16:51 [INF] DAST API: - Excluded Parameters: (Headers: 0, Query: 0, Body: 0) 09:16:51 [INF] DAST API: - Performed 776 requests 09:16:51 [INF] DAST API: - Average response body size: 137 Bytes (137 bytes) 09:16:51 [INF] DAST API: - Average call time: 2.86 milliseconds (0.002863 seconds) 09:16:51 [INF] DAST API: - Time to complete: 6 seconds and 168.19 milliseconds (6.168193 seconds) 09:16:51 [INF] DAST API: 09:16:51 [INF] DAST API: Testing operation [4/5]: 'POST http://target:7777/api/users'. 09:16:51 [INF] DAST API: - Parameters: (Headers: 5, Query: 0, Body: 6) 09:16:51 [INF] DAST API: - Request body size: 62 Bytes (62 bytes) 09:16:51 [INF] DAST API: 09:17:06 [INF] DAST API: Finished testing operation 'POST http://target:7777/api/users'. 09:17:06 [INF] DAST API: - Excluded Parameters: (Headers: 0, Query: 0, Body: 0) 09:17:06 [INF] DAST API: - Performed 1444 requests 09:17:06 [INF] DAST API: - Average response body size: 229 Bytes (229 bytes) 09:17:06 [INF] DAST API: - Average call time: 15.60 milliseconds (0.015601 seconds) 09:17:06 [INF] DAST API: - Time to complete: 12 seconds and 53.11 milliseconds (12.053112 seconds) 09:17:06 [INF] DAST API: 09:17:06 [INF] DAST API: Testing operation [5/5]: 'DELETE http://target:7777/api/users/2'. 09:17:06 [INF] DAST API: - Parameters: (Headers: 4, Query: 0, Body: 0) 09:17:06 [INF] DAST API: - Request body size: 0 Bytes (0 bytes) 09:17:06 [INF] DAST API: 09:17:06 [INF] DAST API: Finished testing operation 'DELETE http://target:7777/api/users/2'. 09:17:06 [INF] DAST API: - Excluded Parameters: (Headers: 0, Query: 0, Body: 0) 09:17:06 [INF] DAST API: - Performed 776 requests 09:17:06 [INF] DAST API: - Average response body size: 218 Bytes (218 bytes) 09:17:06 [INF] DAST API: - Average call time: 2.60 milliseconds (0.002602 seconds) 09:17:06 [INF] DAST API: - Time to complete: 1 second and 409.65 milliseconds (1.409652 seconds) 09:17:06 [INF] DAST API: 09:17:06 [INF] DAST API: 09:17:06 [INF] DAST API: Generating security report as 'gl-dast-api-report.json'. 09:17:07 [INF] DAST API: 09:17:07 [INF] DAST API: --[ Tested Operations ]------------------------- 09:17:07 [INF] DAST API: 401 GET http://target:7777/api/users/1 UNAUTHORIZED 09:17:07 [INF] DAST API: 401 PUT http://target:7777/api/users/1 UNAUTHORIZED 09:17:07 [INF] DAST API: 200 GET http://target:7777/api/users?user=string-without-format OK 09:17:07 [INF] DAST API: 401 POST http://target:7777/api/users UNAUTHORIZED 09:17:07 [INF] DAST API: 401 DELETE http://target:7777/api/users/2 UNAUTHORIZED 09:17:07 [INF] DAST API: ------------------------------------------------ 09:17:07 [INF] DAST API: 09:17:07 [INF] DAST API: --[ Excluded Operations ]----------------------- 09:17:07 [INF] DAST API: No operations were excluded 09:17:07 [INF] DAST API: ------------------------------------------------ 09:17:07 [INF] DAST API: 09:17:07 [INF] DAST API: --[ Excluded Parameters ]----------------------- 09:17:07 [INF] DAST API: No parameters were excluded 09:17:07 [INF] DAST API: ------------------------------------------------ 09:17:07 [INF] DAST API: 09:17:07 [INF] DAST API: --[ Finished testing ]-------------------------- 09:17:07 [INF] DAST API: Testing completed successfully 09:17:07 [INF] DAST API: 09:17:07 [INF] DAST API: * Performed total of 5383 API requests. 09:17:07 [INF] DAST API: * Performed total of 13 security checks. 09:17:07 [INF] DAST API: - Active checks....: 8 09:17:07 [INF] DAST API: - Passive checks...: 5 09:17:07 [INF] DAST API: * Detected 2 vulnerabilities. 09:17:07 [INF] DAST API: ------------------------------------------------ 09:17:07 [INF] DAST API: 09:17:07 [INF] DAST API: Testing completed successfully, 2 issues detected. 09:17:07 [INF] DAST API: 09:17:07 [INF] DAST API: Stopping scanner... Waiting for scanner to terminate /peach/analyzer-dast-api: line 57: kill: (18) - No such process Uploading artifacts for successful job 00:04 Uploading artifacts... gl-assets: found 5 matching artifact files and directories gl-dast-api-report.json: found 1 matching artifact files and directories gl-*.log: found 2 matching artifact files and directories WARNING: Upload request redirected location=https://gitlab.com/api/v4/jobs/6391085092/artifacts?artifact_format=zip&artifact_type=archive new-url=https://gitlab.com WARNING: Retrying... context=artifacts-uploader error=request redirected Uploading artifacts as "archive" to coordinator... 201 Created id=6391085092 responseStatus=201 Created token=glcbt-65 Uploading artifacts... gl-dast-api-report.json: found 1 matching artifact files and directories WARNING: Upload request redirected location=https://gitlab.com/api/v4/jobs/6391085092/artifacts?artifact_format=raw&artifact_type=dast new-url=https://gitlab.com WARNING: Retrying... context=artifacts-uploader error=request redirected Uploading artifacts as "dast" to coordinator... 201 Created id=6391085092 responseStatus=201 Created token=glcbt-65 Cleaning up project directory and file based variables 00:00 Job succeeded
job showing 3 operations
Running with gitlab-runner 16.9.1 (782c6ecb) on green-2.saas-linux-small-amd64.runners-manager.gitlab.com/default ns46NMmJ, system ID: s_85d7af184313 feature flags: FF_USE_IMPROVED_URL_MASKING:true Resolving secrets 00:00 Preparing the "docker+machine" executor 00:32 Using Docker executor with image registry.gitlab.com/security-products/api-security:3 ... Starting service registry.gitlab.com/cmarais_ultimate_group/ticket_work/510334_dast_api_bug/openapi-example-1/target-flask:latest ... Authenticating with credentials from job payload (GitLab Registry) Pulling docker image registry.gitlab.com/cmarais_ultimate_group/ticket_work/510334_dast_api_bug/openapi-example-1/target-flask:latest ... Using docker image sha256:6d30fbbcc064c9b94f910538575efdc1cbbbe5082c05c38a75094c1758422cc1 for registry.gitlab.com/cmarais_ultimate_group/ticket_work/510334_dast_api_bug/openapi-example-1/target-flask:latest with digest registry.gitlab.com/cmarais_ultimate_group/ticket_work/510334_dast_api_bug/openapi-example-1/target-flask@sha256:752dd7917b5e3ac7f97d1652e2b9f42a9c157d9332ed4d5f4fe83a79e9d8d5c7 ... Waiting for services to be up and running (timeout 30 seconds)... *** WARNING: Service runner-ns46nmmj-project-55846011-concurrent-0-6980a90fe53d5181-registry.gitlab.com__cmarais_ultimate_group__ticket_work__510334_dast_api_bug__openapi-example-1__target-flask-0 probably didn't start properly. Health check error: service "runner-ns46nmmj-project-55846011-concurrent-0-6980a90fe53d5181-registry.gitlab.com__cmarais_ultimate_group__ticket_work__510334_dast_api_bug__openapi-example-1__target-flask-0-wait-for-service" health check: exit code 1 Health check container logs: 2024-03-14T10:11:55.820920877Z FATAL: No HOST or PORT found Service container logs: 2024-03-14T10:11:55.907244823Z 2024-03-14 10:11:55,905 [INFO ] syslog destination: ('localhost', 514) 2024-03-14T10:11:55.907275472Z 2024-03-14 10:11:55,906 [INFO ] rest_target.py initializing. 2024-03-14T10:11:55.907280492Z 2024-03-14 10:11:55,906 [INFO ] Creating in-memory database. 2024-03-14T10:11:55.916427481Z 2024-03-14 10:11:55,916 [INFO ] Starting REST application 2024-03-14T10:11:55.916939298Z 2024-03-14 10:11:55+0000 [-] Log opened. 2024-03-14T10:11:55.917683804Z 2024-03-14 10:11:55+0000 [-] Site starting on 7777 2024-03-14T10:11:55.918021122Z 2024-03-14 10:11:55+0000 [-] Starting factory 2024-03-14T10:11:55.919913981Z 2024-03-14 10:11:55+0000 [-] Site (TLS) starting on 7778 ********* Authenticating with credentials from job payload (GitLab Registry) Pulling docker image registry.gitlab.com/security-products/api-security:3 ... Using docker image sha256:011cac2778795d5021e6ca8ee65304f1d524fff910f3eadfe8514c3e0003780f for registry.gitlab.com/security-products/api-security:3 with digest registry.gitlab.com/security-products/api-security@sha256:2e70d097c2d30e9b65f468ccc62d72110d2ee57411171721f2695a0a397232d7 ... Preparing environment 00:03 Running on runner-ns46nmmj-project-55846011-concurrent-0 via runner-ns46nmmj-s-l-s-amd64-1710411017-f0c1f59c... Getting source from Git repository 00:01 Fetching changes with git depth set to 20... Initialized empty Git repository in /builds/cmarais_ultimate_group/ticket_work/510334_dast_api_bug/openapi-example-1/.git/ Created fresh repository. Checking out 6bd26373 as detached HEAD (ref is main)... Skipping Git submodules setup $ git remote set-url origin "${CI_REPOSITORY_URL}" Executing "step_script" stage of the job script 00:31 Using docker image sha256:011cac2778795d5021e6ca8ee65304f1d524fff910f3eadfe8514c3e0003780f for registry.gitlab.com/security-products/api-security:3 with digest registry.gitlab.com/security-products/api-security@sha256:2e70d097c2d30e9b65f468ccc62d72110d2ee57411171721f2695a0a397232d7 ... $ /peach/analyzer-dast-api 10:12:05 [INF] DAST API: Gitlab DAST API 10:12:05 [INF] DAST API: ------------------- 10:12:05 [INF] DAST API: 10:12:05 [INF] DAST API: version: 3.10.0 10:12:05 [INF] DAST API: api: http://127.0.0.1:5500 10:12:05 [INF] DAST API: api port: 5500 10:12:05 [INF] DAST API: config: /peach/configs/gitlab-dast-api-config.yml 10:12:05 [INF] DAST API: openapi: rest_target_openapi.json 10:12:05 [INF] DAST API: profile: Quick 10:12:05 [INF] DAST API: project: cmarais_ultimate_group/ticket_work/510334_dast_api_bug/openapi-example-1 10:12:05 [INF] DAST API: security report: gl-dast-api-report.json 10:12:05 [INF] DAST API: security report asset path: gl-assets 10:12:05 [INF] DAST API: ci_project_url: https://gitlab.com/cmarais_ultimate_group/ticket_work/510334_dast_api_bug/openapi-example-1 10:12:05 [INF] DAST API: ci_job_id: 6391629196 10:12:05 [INF] DAST API: service_start_timeout: 300 10:12:05 [INF] DAST API: target_url: http://target:7777 10:12:05 [INF] DAST API: timeout: 30 10:12:05 [INF] DAST API: verbose: False 10:12:05 [INF] DAST API: 10:12:05 [INF] DAST API: Waiting for DAST API (http://127.0.0.1:5500) to become available... 10:12:05 [INF] DAST API: Backing off 0.7 seconds afters 1 tries 10:12:06 [INF] DAST API: Backing off 0.9 seconds afters 2 tries 10:12:08 [INF] DAST API: Waiting for scan target (http://target:7777) to become available... 10:12:29 [INF] DAST API: 10:12:29 [INF] DAST API: Loaded 3 operations from: rest_target_openapi.json 10:12:29 [INF] DAST API: 10:12:29 [INF] DAST API: Testing operation [1/3]: 'GET http://target:7777/api/users/1'. 10:12:29 [INF] DAST API: - Parameters: (Headers: 4, Query: 0, Body: 0) 10:12:29 [INF] DAST API: - Request body size: 0 Bytes (0 bytes) 10:12:29 [INF] DAST API: 10:12:29 [INF] DAST API: Finished testing operation 'GET http://target:7777/api/users/1'. 10:12:29 [INF] DAST API: - Excluded Parameters: (Headers: 0, Query: 0, Body: 0) 10:12:29 [INF] DAST API: - Performed 788 requests 10:12:29 [INF] DAST API: - Average response body size: 224 Bytes (224 bytes) 10:12:29 [INF] DAST API: - Average call time: 2.81 milliseconds (0.002814 seconds) 10:12:29 [INF] DAST API: - Time to complete: 1 second and 625.09 milliseconds (1.625086 seconds) 10:12:29 [INF] DAST API: 10:12:29 [INF] DAST API: Testing operation [2/3]: 'GET http://target:7777/api/users?user=string-without-format'. 10:12:29 [INF] DAST API: - Parameters: (Headers: 4, Query: 1, Body: 0) 10:12:29 [INF] DAST API: - Request body size: 0 Bytes (0 bytes) 10:12:29 [INF] DAST API: 10:12:29 [INF] DAST API: Finished testing operation 'GET http://target:7777/api/users?user=string-without-format'. 10:12:29 [INF] DAST API: - Excluded Parameters: (Headers: 0, Query: 0, Body: 0) 10:12:29 [INF] DAST API: - Performed 776 requests 10:12:29 [INF] DAST API: - Average response body size: 137 Bytes (137 bytes) 10:12:29 [INF] DAST API: - Average call time: 3.21 milliseconds (0.003215 seconds) 10:12:29 [INF] DAST API: - Time to complete: 6 seconds and 998.83 milliseconds (6.998829 seconds) 10:12:29 [INF] DAST API: 10:12:29 [INF] DAST API: Testing operation [3/3]: 'DELETE http://target:7777/api/users/2'. 10:12:29 [INF] DAST API: - Parameters: (Headers: 4, Query: 0, Body: 0) 10:12:29 [INF] DAST API: - Request body size: 0 Bytes (0 bytes) 10:12:29 [INF] DAST API: 10:12:29 [INF] DAST API: Finished testing operation 'DELETE http://target:7777/api/users/2'. 10:12:29 [INF] DAST API: - Excluded Parameters: (Headers: 0, Query: 0, Body: 0) 10:12:29 [INF] DAST API: - Performed 776 requests 10:12:29 [INF] DAST API: - Average response body size: 218 Bytes (218 bytes) 10:12:29 [INF] DAST API: - Average call time: 2.85 milliseconds (0.002848 seconds) 10:12:29 [INF] DAST API: - Time to complete: 1 second and 578.96 milliseconds (1.578957 seconds) 10:12:29 [INF] DAST API: 10:12:29 [INF] DAST API: 10:12:29 [INF] DAST API: Generating security report as 'gl-dast-api-report.json'. 10:12:29 [INF] DAST API: 10:12:29 [INF] DAST API: --[ Tested Operations ]------------------------- 10:12:29 [INF] DAST API: 401 GET http://target:7777/api/users/1 UNAUTHORIZED 10:12:29 [INF] DAST API: 200 GET http://target:7777/api/users?user=string-without-format OK 10:12:29 [INF] DAST API: 401 DELETE http://target:7777/api/users/2 UNAUTHORIZED 10:12:29 [INF] DAST API: ------------------------------------------------ 10:12:29 [INF] DAST API: 10:12:29 [INF] DAST API: --[ Excluded Operations ]----------------------- 10:12:29 [INF] DAST API: No operations were excluded 10:12:29 [INF] DAST API: ------------------------------------------------ 10:12:29 [INF] DAST API: 10:12:29 [INF] DAST API: --[ Excluded Parameters ]----------------------- 10:12:29 [INF] DAST API: No parameters were excluded 10:12:29 [INF] DAST API: ------------------------------------------------ 10:12:29 [INF] DAST API: 10:12:29 [INF] DAST API: --[ Finished testing ]-------------------------- 10:12:29 [INF] DAST API: Testing completed successfully 10:12:29 [INF] DAST API: 10:12:29 [INF] DAST API: * Performed total of 2340 API requests. 10:12:29 [INF] DAST API: * Performed total of 13 security checks. 10:12:29 [INF] DAST API: - Active checks....: 8 10:12:29 [INF] DAST API: - Passive checks...: 5 10:12:29 [INF] DAST API: * Detected 2 vulnerabilities. 10:12:29 [INF] DAST API: ------------------------------------------------ 10:12:29 [INF] DAST API: 10:12:29 [INF] DAST API: Testing completed successfully, 2 issues detected. 10:12:29 [INF] DAST API: 10:12:29 [INF] DAST API: Stopping scanner... /peach/analyzer-dast-api: line 57: kill: (17) - No such process Waiting for scanner to terminate Uploading artifacts for successful job 00:04 Uploading artifacts... gl-assets: found 5 matching artifact files and directories gl-dast-api-report.json: found 1 matching artifact files and directories gl-*.log: found 2 matching artifact files and directories WARNING: Upload request redirected location=https://gitlab.com/api/v4/jobs/6391629196/artifacts?artifact_format=zip&artifact_type=archive new-url=https://gitlab.com WARNING: Retrying... context=artifacts-uploader error=request redirected Uploading artifacts as "archive" to coordinator... 201 Created id=6391629196 responseStatus=201 Created token=glcbt-65 Uploading artifacts... gl-dast-api-report.json: found 1 matching artifact files and directories WARNING: Upload request redirected location=https://gitlab.com/api/v4/jobs/6391629196/artifacts?artifact_format=raw&artifact_type=dast new-url=https://gitlab.com WARNING: Retrying... context=artifacts-uploader error=request redirected Uploading artifacts as "dast" to coordinator... 201 Created id=6391629196 responseStatus=201 Created token=glcbt-65 Cleaning up project directory and file based variables 00:00 Job succeeded