Collect auth metrics
Collect information about authentication performed by DAST.
{
"event": "collect_dast_scan_auth_metrics_from_pipeline",
// Columns (join, filter, fast)
"property": "scan_uuid", // join: Allows joining/distinct
"value": 4, // fast: browserk.AuthType (AuthNone = 0, AuthAuto = 1,
// AuthManual = 2, AuthBasicDigest = 3, AuthScript = 4
"parameter": 0, // fast: Success (0) or failure (define failure codes:
// - 1 is generic
// - 2 is panic
// - others TBD)
"label": "", // Unused
// JSON (slow)
// slow: Local storage used by auth mechanism, only include ones used
"storage_cookie": 1, // count of auth cookies
"storage_local": 1, // local storage used
// slow: Auth specific configuration variables set by user.
// only include variables actually set by user.
// specific variables may have specific value meanings
// for example, 1 file vs 2 URL for script variable.
// 1-? -- variable set by user.
"DAST_AUTH_USERNAME" : 1,
"DAST_AUTH_USERNAME_FIELD" : 1,
"DAST_AUTH_SCRIPT" : 1 // 1 - file path, 2 - URL
}Implementation Plan
Getting struct field tags (for environment names)
s := MyStruct{}
t := reflect.TypeOf(s)
for i := 0; i < t.NumField(); i++ {
field := t.Field(i)
jsonTag := field.Tag.Get("json")
if jsonTag == "" {
// No json tag, use the struct field name
fmt.Printf("Struct Field: %s, JSON Name: %s\n", field.Name, field.Name)
} else if jsonTag == "-" {
// Field is explicitly ignored with json:"-"
fmt.Printf("Struct Field: %s, JSON Name: (ignored)\n", field.Name)
} else {
// Extract the actual JSON name (before any options like ",omitempty")
jsonName := jsonTag
if commaIndex := findComma(jsonTag); commaIndex != -1 {
jsonName = jsonTag[:commaIndex]
}
fmt.Printf("Struct Field: %s, JSON Name: %s\n", field.Name, jsonName)
}
}Edited by Michael Eddington