Skip to content

Add tag_list to DastScannerProfileType

Marcos Rocha requested to merge mc_rocha-add-tag-list-to-dast-scanner-profile-type-345430 into master

What does this MR do and why?

This MR adds the tag_list field to the DastScannerProfileType, and updates the related services, and mutations.

This MR is part of issue #345430 (closed)

Screenshots or screen recordings

Create a new DastScannerProfile with tags.

Screenshot_2022-12-20_at_3.26.53_PM

Update the tags of a DastScannerProfile.

Screenshot_2022-12-20_at_3.35.05_PM

How to set up and validate locally

Create a new DastScannerProfile with tags

  1. Go to /-/graphql-explorer
  2. Type a query like
mutation dastScannerProfileCreate($input: DastScannerProfileCreateInput!) {
  dastScannerProfileCreate(input: $input) {
    id
    errors
    dastScannerProfile {
      tagList
    }
  }
}
{
  "input": {
    "fullPath": "root/apiscantest",
    "profileName": "Test Tags 2",
    "tagList": ["ruby", "dast"]
  }
}
  1. Check the result
{
  "data": {
    "dastScannerProfileCreate": {
      "id": "gid://gitlab/DastScannerProfile/6",
      "errors": [],
      "dastScannerProfile": {
        "tagList": [
          "dast",
          "ruby"
        ]
      }
    }
  }
}

Update the tags of a DastScannerProfile

  1. Go to /-/graphql-explorer
  2. Type a query like
mutation dastScannerProfileUpdate($input: DastScannerProfileUpdateInput!) {
  dastScannerProfileUpdate(input: $input) {
    id
    errors
    dastScannerProfile {
      tagList
    }
  }
}
{
  "input": {
    "id": "gid://gitlab/DastScannerProfile/6",
    "profileName": "Test Tags 2",
    "spiderTimeout": 1,
    "targetTimeout": 1,
    "tagList": ["rails", "on-demand"]
  }
}
  1. Check the result
{
  "data": {
    "dastScannerProfileUpdate": {
      "id": "gid://gitlab/DastScannerProfile/6",
      "errors": [],
      "dastScannerProfile": {
        "tagList": [
          "on-demand",
          "rails"
        ]
      }
    }
  }
}

Run an on-demand scan

  1. Go to /-/on_demand_scans#/all
  2. Create a new on-demand scan using a DastScannerProfile with tags
  3. Make sure you have a runner with all DastScannerProfile tags.
  4. Save and run the scan.
  5. Check the job created. It should have the DastScannerProfile tags. Screenshot_2022-12-21_at_5.00.13_PM
  6. Wait for the job to start. It should run on the runner with all DastScannerProfile tags. Screenshot_2022-12-21_at_5.04.08_PM

Screenshot_2022-12-21_at_5.03.39_PM

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Marcos Rocha

Merge request reports