Target PING error output
Target Ping Failures
User Story: As a DAST user, when the target ping fails before human output starts, I need an informative error message that helps me understand what went wrong and how to fix it.
Tasks:
-
Improve target ping error messages -
Add documentation links for getting started -
Ensure error occurs gracefully in a human readable way -
Test various failure scenarios: -
Target unreachable -
Invalid URL/endpoint [to be picked up as part of [Config] refactoring to track set config values... (#577992) • Unassigned • 18.6 ] -
The hostname being invalid -
Port not being accessible -
Server returning a 500 error -
Site not being ready for access
-
Acceptance Criteria:
- Clear error message when target ping fails
- Includes specific reason for failure
- Provides troubleshooting link
Current look:
⚠️ Failure Report:
• Error: failed to wait for target to be available: context deadline exceededProposed look:
Below are mockups of the section, which provide more detailed failure messages to help users troubleshoot target site checks more effectively.
I am also making it known that for the first iteration, the individual retry messages will be printed each time the retry function is hit. I know it is a little bit noisy for a while but I will come back with a second iteration of updating every x amount of seconds after the MVC.
Success:
┌────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ GitLab DAST │
│ Dynamic Security Testing │
└────────────────────────────────────────────────────────────────────────────────────────────────────────┘
🔍 DAST Scanner v6.21.0 | 🌐 Chromium v139.0.7258.42 | 📍 Target: http://localhost:8090
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
⚡ Connecting to http://localhost:8090, looking for a healthy response (HTTP status < 500)
✅ Successfully connected to configured target url!
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━DNS failure:
┌────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ GitLab DAST │
│ Dynamic Security Testing │
└────────────────────────────────────────────────────────────────────────────────────────────────────────┘
🔍 DAST Scanner v6.21.0 | 🌐 Chromium v139.0.7258.42 | 📍 Target: http://localhost:8090
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
⚡ Connecting to http://localhost:8090, looking for a healthy response (HTTP status < 500)
Will retry every 2s for up to 60s by default (configurable via DAST_TARGET_CHECK_TIMEOUT)
• DNS lookup failed, verify the hostname for DAST_TARGET_URL
• DNS lookup failed, verify the hostname for DAST_TARGET_URL
...
❌ Configured DAST_TARGET_URL unreachable!
📌 Need help configuring DAST_TARGET_URL? You can ask GitLab Duo for assistance, or review the
Getting started guide: https://docs.gitlab.com/user/application_security/dast/browser/#getting-started
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
┌────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ Scan Failure Summary │
└────────────────────────────────────────────────────────────────────────────────────────────────────────┘
⚠️ Failure Report:
• Error: failed to connect to the configured DAST_TARGET_URL before the connection timeout expiredConnection refused:
┌────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ GitLab DAST │
│ Dynamic Security Testing │
└────────────────────────────────────────────────────────────────────────────────────────────────────────┘
🔍 DAST Scanner vdevelopment | 🌐 Chromium v139.0.7258.42 | 📍 Target: http://localhost:8090
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
⚡ Connecting to http://localhost:8090, looking for a healthy response (HTTP status < 500)
Will retry every 2s for up to 60s by default (configurable via DAST_TARGET_CHECK_TIMEOUT)
• connection refused, the server isn't listening on the provided port, the service has crashed, or a firewall is blocking the connection
• connection refused, the server isn't listening on the provided port, the service has crashed, or a firewall is blocking the connection
...
❌ Configured DAST_TARGET_URL unreachable!
📌 Need help configuring DAST_TARGET_URL? You can ask GitLab Duo for assistance, or review the
Getting started guide: https://docs.gitlab.com/user/application_security/dast/browser/#getting-started
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
┌────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ Scan Failure Summary │
└────────────────────────────────────────────────────────────────────────────────────────────────────────┘
⚠️ Failure Report:
• Error: failed to connect to the configured DAST_TARGET_URL before the connection timeout expiredInternal server error:
┌────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ GitLab DAST │
│ Dynamic Security Testing │
└────────────────────────────────────────────────────────────────────────────────────────────────────────┘
🔍 DAST Scanner vdevelopment | 🌐 Chromium v139.0.7258.42 | 📍 Target: https://httpbin.org/status/500
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
⚡ Connecting to https://httpbin.org/status/500, looking for a healthy response (HTTP status < 500)
Will retry every 2s for up to 60s by default (configurable via DAST_TARGET_CHECK_TIMEOUT)
• target responded with status code 500
• target responded with status code 500
...
❌ Configured DAST_TARGET_URL unreachable!
📌 Need help configuring DAST_TARGET_URL? You can ask GitLab Duo for assistance, or review the
Getting started guide: https://docs.gitlab.com/user/application_security/dast/browser/#getting-started
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
┌────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ Scan Failure Summary │
└────────────────────────────────────────────────────────────────────────────────────────────────────────┘
⚠️ Failure Report:
• Error: failed to connect to the configured DAST_TARGET_URL before the connection timeout expiredEventually succeeds (has no error report, but prints retry attempts):
┌────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ GitLab DAST │
│ Dynamic Security Testing │
└────────────────────────────────────────────────────────────────────────────────────────────────────────┘
🔍 DAST Scanner vdevelopment | 🌐 Chromium v139.0.7258.42 | 📍 Target: http://localhost:8090
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
⚡ Connecting to http://localhost:8090, looking for a healthy response (HTTP status < 500)
Will retry every 2s for up to 60s by default (configurable via DAST_TARGET_CHECK_TIMEOUT)
• target responded with status code 503
• target responded with status code 503
✅ Successfully connected to configured target url!
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📚 Full report available at: gl-dast-report.json
🔗 Troubleshooting guide: https://docs.gitlab.com/user/application_security/dast/browser/troubleshootingEdited by Hannah Baker