dast_api_rest

Passed Started 1 year ago by
1Running with gitlab-runner 15.9.0~beta.212.g8ccc65e7 (8ccc65e7)
2  on green-2.private.runners-manager.gitlab.com/gitlab.com/gitlab-org GaSD-S1F, system ID: s_5651e5b5643b
3  feature flags: FF_NETWORK_PER_BUILD:true, FF_USE_IMPROVED_URL_MASKING:true
 4  Resolving secrets  
  00:00
 5  Preparing the "docker+machine" executor  
  00:08
6Using Docker executor with image registry.gitlab.com/security-products/api-security:2 ...
7Authenticating with credentials from job payload (GitLab Registry)
8Pulling docker image registry.gitlab.com/security-products/api-security:2 ...
9Using docker image sha256:5954cf888bd5c3ed78a08d5a03c9fde48b7238a93465f60ae38c27073aa5acb1 for registry.gitlab.com/security-products/api-security:2 with digest registry.gitlab.com/security-products/api-security@sha256:b69cf76559194a806b673ebf7b45c3403a24618e367a8818b96e3e56fb3b4064 ...
 10  Preparing environment  
  00:02
11Running on runner-gasd-s1f-project-278964-concurrent-0 via runner-gasd-s1f-private-1680249956-60dbca23...
 12  Getting source from Git repository  
  00:35
13$ eval "$CI_PRE_CLONE_SCRIPT"
14Fetching changes with git depth set to 20...
15Initialized empty Git repository in /builds/gitlab-org/gitlab/.git/
16Created fresh repository.
17remote: Enumerating objects: 142800, done.        
18remote: Counting objects: 100% (142800/142800), done.        
19remote: Compressing objects: 100% (90296/90296), done.        
20remote: Total 142800 (delta 63939), reused 100950 (delta 47254), pack-reused 0        
21Receiving objects: 100% (142800/142800), 122.84 MiB | 26.85 MiB/s, done.
22Resolving deltas: 100% (63939/63939), done.
23From https://git-us-east1-d.ci-gateway.int.gprd.gitlab.net:8989/gitlab-org/gitlab
24 * [new ref]             refs/pipelines/824162353 -> refs/pipelines/824162353
25 * [new branch]          ruby2                    -> origin/ruby2
26Checking out c780697c as detached HEAD (ref is ruby2)...
27Skipping Git submodules setup
28$ git remote set-url origin "${CI_REPOSITORY_URL}"
 29  Downloading artifacts  
  00:01
30Downloading artifacts for review-deploy (4039022168)...
31Downloading artifacts from coordinator... ok        host=storage.googleapis.com id=4039022168 responseStatus=200 OK token=64_xPVD1
 32  Executing "step_script" stage of the job script  
  00:32
33Using docker image sha256:5954cf888bd5c3ed78a08d5a03c9fde48b7238a93465f60ae38c27073aa5acb1 for registry.gitlab.com/security-products/api-security:2 with digest registry.gitlab.com/security-products/api-security@sha256:b69cf76559194a806b673ebf7b45c3403a24618e367a8818b96e3e56fb3b4064 ...
34$ /peach/analyzer-dast-api
3510:46:03 [INF] DAST API: Gitlab DAST API
3610:46:03 [INF] DAST API: -------------------
3710:46:03 [INF] DAST API: 
3810:46:03 [INF] DAST API: version: 2.19.0
3910:46:03 [INF] DAST API: api: http://127.0.0.1:5500
4010:46:03 [INF] DAST API: api port: 5500
4110:46:03 [INF] DAST API: config: /peach/configs/gitlab-dast-api-config.yml
4210:46:03 [INF] DAST API: openapi: doc/api/openapi/openapi_v2.yaml
4310:46:03 [INF] DAST API: overrides_env: not shown
4410:46:03 [INF] DAST API: profile: Passive
4510:46:03 [INF] DAST API: project: gitlab-org/gitlab
4610:46:03 [INF] DAST API: security report: gl-dast-api-report.json
4710:46:03 [INF] DAST API: security report asset path: gl-assets
4810:46:03 [INF] DAST API: ci_project_url: https://gitlab.com/gitlab-org/gitlab
4910:46:03 [INF] DAST API: ci_job_id: 4039022252
5010:46:03 [INF] DAST API: service_start_timeout: 300
5110:46:03 [INF] DAST API: target_url: https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app (environment_url.txt)
5210:46:03 [INF] DAST API: timeout: 30
5310:46:03 [INF] DAST API: verbose: False
5410:46:03 [INF] DAST API: 
5510:46:03 [INF] DAST API: Waiting for DAST API (http://127.0.0.1:5500) to become available...
5610:46:03 [INF] DAST API: Backing off 0.1 seconds afters 1 tries
5710:46:03 [INF] DAST API: Backing off 0.5 seconds afters 2 tries
5810:46:04 [INF] DAST API: Backing off 1.0 seconds afters 3 tries
5910:46:06 [INF] DAST API: Waiting for scan target (https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app) to become available...
6010:46:29 [INF] DAST API: 
6110:46:29 [INF] DAST API: Loaded 9 operations from: doc/api/openapi/openapi_v2.yaml
6210:46:29 [INF] DAST API: 
6310:46:29 [INF] DAST API: Testing operation [1/9]: 'POST https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app/api/v4/projects/string-without-format/access_requests'.
6410:46:29 [INF] DAST API:  - Parameters: (Headers: 5, Query: 0, Body: 0)
6510:46:29 [INF] DAST API:  - Request body size: 0 Bytes (0 bytes)
6610:46:29 [INF] DAST API: 
6710:46:29 [INF] DAST API: Finished testing operation 'POST https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app/api/v4/projects/string-without-format/access_requests'.
6810:46:29 [INF] DAST API:  - Excluded Parameters: (Headers: 0, Query: 0, Body: 0)
6910:46:29 [INF] DAST API:  - Performed 1 requests
7010:46:29 [INF] DAST API:  - Average response body size: 35 Bytes (35 bytes)
7110:46:29 [INF] DAST API:  - Average call time: 0.01 milliseconds (5e-06 seconds)
7210:46:29 [INF] DAST API:  - Time to complete: 0 milliseconds (0.0 seconds)
7310:46:29 [INF] DAST API:  - No checks were performed on this operation. It may be a duplicate of another operation that was already checked.
7410:46:29 [INF] DAST API: 
7510:46:29 [INF] DAST API: Testing operation [2/9]: 'GET https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app/api/v4/version'.
7610:46:29 [INF] DAST API:  - Parameters: (Headers: 5, Query: 0, Body: 0)
7710:46:29 [INF] DAST API:  - Request body size: 0 Bytes (0 bytes)
7810:46:29 [INF] DAST API: 
7910:46:29 [INF] DAST API: Finished testing operation 'GET https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app/api/v4/version'.
8010:46:29 [INF] DAST API:  - Excluded Parameters: (Headers: 0, Query: 0, Body: 0)
8110:46:29 [INF] DAST API:  - Performed 1 requests
8210:46:29 [INF] DAST API:  - Average response body size: 185 Bytes (185 bytes)
8310:46:29 [INF] DAST API:  - Average call time: 0.01 milliseconds (6e-06 seconds)
8410:46:29 [INF] DAST API:  - Time to complete: 0 milliseconds (0.0 seconds)
8510:46:29 [INF] DAST API:  - No checks were performed on this operation. It may be a duplicate of another operation that was already checked.
8610:46:29 [INF] DAST API: 
8710:46:29 [INF] DAST API: Testing operation [3/9]: 'POST https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app/api/v4/groups/string-without-format/access_requests'.
8810:46:29 [INF] DAST API:  - Parameters: (Headers: 5, Query: 0, Body: 0)
8910:46:29 [INF] DAST API:  - Request body size: 0 Bytes (0 bytes)
9010:46:29 [INF] DAST API: 
9110:46:29 [INF] DAST API: Finished testing operation 'POST https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app/api/v4/groups/string-without-format/access_requests'.
9210:46:29 [INF] DAST API:  - Excluded Parameters: (Headers: 0, Query: 0, Body: 0)
9310:46:29 [INF] DAST API:  - Performed 1 requests
9410:46:29 [INF] DAST API:  - Average response body size: 33 Bytes (33 bytes)
9510:46:29 [INF] DAST API:  - Average call time: 0.01 milliseconds (6e-06 seconds)
9610:46:29 [INF] DAST API:  - Time to complete: 0 milliseconds (0.0 seconds)
9710:46:29 [INF] DAST API:  - No checks were performed on this operation. It may be a duplicate of another operation that was already checked.
9810:46:29 [INF] DAST API: 
9910:46:29 [INF] DAST API: Testing operation [4/9]: 'GET https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app/api/v4/user_counts'.
10010:46:29 [INF] DAST API:  - Parameters: (Headers: 5, Query: 0, Body: 0)
10110:46:29 [INF] DAST API:  - Request body size: 0 Bytes (0 bytes)
10210:46:29 [INF] DAST API: 
10310:46:29 [INF] DAST API: Finished testing operation 'GET https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app/api/v4/user_counts'.
10410:46:29 [INF] DAST API:  - Excluded Parameters: (Headers: 0, Query: 0, Body: 0)
10510:46:29 [INF] DAST API:  - Performed 1 requests
10610:46:29 [INF] DAST API:  - Average response body size: 114 Bytes (114 bytes)
10710:46:29 [INF] DAST API:  - Average call time: 0.01 milliseconds (6e-06 seconds)
10810:46:29 [INF] DAST API:  - Time to complete: 0 milliseconds (0.0 seconds)
10910:46:29 [INF] DAST API:  - No checks were performed on this operation. It may be a duplicate of another operation that was already checked.
11010:46:29 [INF] DAST API: 
11110:46:29 [INF] DAST API: Testing operation [5/9]: 'GET https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app/api/v4/projects/string-without-format/access_requests?page=1&per_page=20'.
11210:46:29 [INF] DAST API:  - Parameters: (Headers: 5, Query: 2, Body: 0)
11310:46:29 [INF] DAST API:  - Request body size: 0 Bytes (0 bytes)
11410:46:29 [INF] DAST API: 
11510:46:29 [INF] DAST API: Finished testing operation 'GET https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app/api/v4/projects/string-without-format/access_requests?page=1&per_page=20'.
11610:46:29 [INF] DAST API:  - Excluded Parameters: (Headers: 0, Query: 0, Body: 0)
11710:46:29 [INF] DAST API:  - Performed 1 requests
11810:46:29 [INF] DAST API:  - Average response body size: 35 Bytes (35 bytes)
11910:46:29 [INF] DAST API:  - Average call time: 0.01 milliseconds (6e-06 seconds)
12010:46:29 [INF] DAST API:  - Time to complete: 0 milliseconds (0.0 seconds)
12110:46:29 [INF] DAST API:  - No checks were performed on this operation. It may be a duplicate of another operation that was already checked.
12210:46:29 [INF] DAST API: 
12310:46:29 [INF] DAST API: Testing operation [6/9]: 'DELETE https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app/api/v4/projects/string-without-format/access_requests/32'.
12410:46:29 [INF] DAST API:  - Parameters: (Headers: 5, Query: 0, Body: 0)
12510:46:29 [INF] DAST API:  - Request body size: 0 Bytes (0 bytes)
12610:46:29 [INF] DAST API: 
12710:46:29 [INF] DAST API: Finished testing operation 'DELETE https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app/api/v4/projects/string-without-format/access_requests/32'.
12810:46:29 [INF] DAST API:  - Excluded Parameters: (Headers: 0, Query: 0, Body: 0)
12910:46:29 [INF] DAST API:  - Performed 1 requests
13010:46:29 [INF] DAST API:  - Average response body size: 35 Bytes (35 bytes)
13110:46:29 [INF] DAST API:  - Average call time: 0.01 milliseconds (7e-06 seconds)
13210:46:29 [INF] DAST API:  - Time to complete: 0 milliseconds (0.0 seconds)
13310:46:29 [INF] DAST API:  - No checks were performed on this operation. It may be a duplicate of another operation that was already checked.
13410:46:29 [INF] DAST API: 
13510:46:29 [INF] DAST API: Testing operation [7/9]: 'GET https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app/api/v4/metadata'.
13610:46:29 [INF] DAST API:  - Parameters: (Headers: 5, Query: 0, Body: 0)
13710:46:29 [INF] DAST API:  - Request body size: 0 Bytes (0 bytes)
13810:46:29 [INF] DAST API: 
13910:46:29 [INF] DAST API: Finished testing operation 'GET https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app/api/v4/metadata'.
14010:46:29 [INF] DAST API:  - Excluded Parameters: (Headers: 0, Query: 0, Body: 0)
14110:46:29 [INF] DAST API:  - Performed 1 requests
14210:46:29 [INF] DAST API:  - Average response body size: 185 Bytes (185 bytes)
14310:46:29 [INF] DAST API:  - Average call time: 0.01 milliseconds (5e-06 seconds)
14410:46:29 [INF] DAST API:  - Time to complete: 0 milliseconds (0.0 seconds)
14510:46:29 [INF] DAST API:  - No checks were performed on this operation. It may be a duplicate of another operation that was already checked.
14610:46:29 [INF] DAST API: 
14710:46:29 [INF] DAST API: Testing operation [8/9]: 'DELETE https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app/api/v4/groups/string-without-format/access_requests/32'.
14810:46:29 [INF] DAST API:  - Parameters: (Headers: 5, Query: 0, Body: 0)
14910:46:29 [INF] DAST API:  - Request body size: 0 Bytes (0 bytes)
15010:46:29 [INF] DAST API: 
15110:46:29 [INF] DAST API: Finished testing operation 'DELETE https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app/api/v4/groups/string-without-format/access_requests/32'.
15210:46:29 [INF] DAST API:  - Excluded Parameters: (Headers: 0, Query: 0, Body: 0)
15310:46:29 [INF] DAST API:  - Performed 1 requests
15410:46:29 [INF] DAST API:  - Average response body size: 33 Bytes (33 bytes)
15510:46:29 [INF] DAST API:  - Average call time: 0.04 milliseconds (3.8e-05 seconds)
15610:46:29 [INF] DAST API:  - Time to complete: 0 milliseconds (0.0 seconds)
15710:46:29 [INF] DAST API:  - No checks were performed on this operation. It may be a duplicate of another operation that was already checked.
15810:46:29 [INF] DAST API: 
15910:46:29 [INF] DAST API: Testing operation [9/9]: 'GET https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app/api/v4/groups/string-without-format/access_requests?page=1&per_page=20'.
16010:46:29 [INF] DAST API:  - Parameters: (Headers: 5, Query: 2, Body: 0)
16110:46:29 [INF] DAST API:  - Request body size: 0 Bytes (0 bytes)
16210:46:29 [INF] DAST API: 
16310:46:29 [INF] DAST API: Finished testing operation 'GET https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app/api/v4/groups/string-without-format/access_requests?page=1&per_page=20'.
16410:46:29 [INF] DAST API:  - Excluded Parameters: (Headers: 0, Query: 0, Body: 0)
16510:46:29 [INF] DAST API:  - Performed 1 requests
16610:46:29 [INF] DAST API:  - Average response body size: 33 Bytes (33 bytes)
16710:46:29 [INF] DAST API:  - Average call time: 0.01 milliseconds (6e-06 seconds)
16810:46:29 [INF] DAST API:  - Time to complete: 0 milliseconds (0.0 seconds)
16910:46:29 [INF] DAST API:  - No checks were performed on this operation. It may be a duplicate of another operation that was already checked.
17010:46:29 [INF] DAST API: 
17110:46:29 [INF] DAST API: 
17210:46:29 [INF] DAST API: Generating security report as 'gl-dast-api-report.json'.
17310:46:29 [INF] DAST API: 
17410:46:29 [INF] DAST API: --[ Tested Operations ]-------------------------
17510:46:29 [INF] DAST API: 404 DELETE https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app:443/api/v4/groups/string-without-format/access_requests/32 Not Found
17610:46:29 [INF] DAST API: 404 POST https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app:443/api/v4/groups/string-without-format/access_requests Not Found
17710:46:29 [INF] DAST API: 404 GET https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app:443/api/v4/groups/string-without-format/access_requests?page=1&per_page=20 Not Found
17810:46:29 [INF] DAST API: 404 DELETE https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app:443/api/v4/projects/string-without-format/access_requests/32 Not Found
17910:46:29 [INF] DAST API: 404 POST https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app:443/api/v4/projects/string-without-format/access_requests Not Found
18010:46:29 [INF] DAST API: 404 GET https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app:443/api/v4/projects/string-without-format/access_requests?page=1&per_page=20 Not Found
18110:46:29 [INF] DAST API: 200 GET https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app:443/api/v4/user_counts OK
18210:46:29 [INF] DAST API: 200 GET https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app:443/api/v4/metadata OK
18310:46:29 [INF] DAST API: 200 GET https://gitlab-review-ruby2night-tv3k2b.gitlab-review.app:443/api/v4/version OK
18410:46:29 [INF] DAST API: ------------------------------------------------
18510:46:29 [INF] DAST API: 
18610:46:29 [INF] DAST API: --[ Excluded Operations ]-----------------------
18710:46:29 [INF] DAST API: No operations were excluded
18810:46:29 [INF] DAST API: ------------------------------------------------
18910:46:29 [INF] DAST API: 
19010:46:29 [INF] DAST API: --[ Excluded Parameters ]-----------------------
19110:46:29 [INF] DAST API: No parameters were excluded
19210:46:29 [INF] DAST API: ------------------------------------------------
19310:46:29 [INF] DAST API: 
19410:46:29 [INF] DAST API: --[ Finished testing ]--------------------------
19510:46:29 [INF] DAST API: Testing completed successfully
19610:46:29 [INF] DAST API: 
19710:46:29 [INF] DAST API:   * Performed total of 9 API requests.
19810:46:29 [INF] DAST API:   * Performed total of 5 security checks.
19910:46:29 [INF] DAST API:     - Active checks....: 0
20010:46:29 [INF] DAST API:     - Passive checks...: 5
20110:46:29 [INF] DAST API:   * Detected 0 vulnerabilities.
20210:46:29 [INF] DAST API: ------------------------------------------------
20310:46:29 [INF] DAST API: 
20410:46:29 [INF] DAST API: Testing completed successfully, no security issues detected.
20510:46:29 [INF] DAST API: 
20610:46:29 [INF] DAST API: 
207Stopping scanner...
208Waiting for scanner to terminate
209/peach/analyzer-dast-api: line 57: kill: (19) - No such process
 210  Uploading artifacts for successful job  
  00:05
211Uploading artifacts...
212gl-assets: found 1 matching artifact files and directories 
213gl-dast-api-report.json: found 1 matching artifact files and directories 
214gl-*.log: found 2 matching artifact files and directories 
215WARNING: Upload request redirected                  location=https://gitlab.com/api/v4/jobs/4039022252/artifacts?artifact_format=zip&artifact_type=archive new-url=https://gitlab.com
216WARNING: Retrying...                                context=artifacts-uploader error=request redirected
217Uploading artifacts as "archive" to coordinator... 201 Created  id=4039022252 responseStatus=201 Created token=64_xPVD1
218Uploading artifacts...
219gl-dast-api-report.json: found 1 matching artifact files and directories 
220WARNING: Upload request redirected                  location=https://gitlab.com/api/v4/jobs/4039022252/artifacts?artifact_format=raw&artifact_type=dast new-url=https://gitlab.com
221WARNING: Retrying...                                context=artifacts-uploader error=request redirected
222Uploading artifacts as "dast" to coordinator... 201 Created  id=4039022252 responseStatus=201 Created token=64_xPVD1
 223  Cleaning up project directory and file based variables  
  00:01
224Job succeeded
Job artifacts
The artifacts were removed 1 year ago
Commit c780697c
Merge branch '392640-inconsistent-help-icons' into 'master'
Related jobs

dast:anti-clickjacking-header
dast:insecure-http-method
dast:server-side-template-inj
dast:server-side-template-inj-blind
dast:session-fixation
dast:xss-dombased
dast:xss-persistant
dast_api_graphql