Skip to content

DAST Scanner Profile - Add edit capability

Dheeraj Joshi requested to merge djadmin-scanner-profile-edit into master

This is an implementation for #235414 (closed)

What does this MR do?

This change would

  1. Enable edit button in Scanner profile list
  2. Allow editing an existing Scanner Profile

Implementation Plan

backend (including HAML)
  • Create the controller action dast_scanner_profiles_controller.rb
    • The action should retrieve the profile being edited and pass it down to the view
  • Create the corresponding edit route in ee/config/routes/project.rb
    • The route should be protected with the same policy as /:namespace/:project/-/on_demand_scans
  • Create the HAML view in ee/app/views/projects/dast_scanner_profiles/edit.html.haml
    • The HAML view renders a mount point for the previously created DAST Scanner Profile form
    • It passes the profile's data down to the Vue app via data- attributes:
      • ID
      • Profile Name
      • Spider Timeout
      • Target Timeout
  • Active nav items for editing profile
    • In ee/app/helpers/ee/projects_helper.rb
frontend
  • Create the client-side GraphQL mutation
  • Implement the edit mode in the DAST Scanner Profile form.
    • The component should accept a profile's data via props
    • The fields should be populated with the profile's data.
    • On submit, the dastScannerProfileUpdate mutation is triggered instead of dastScannerProfileCreated, and the variables include the profile's ID.
  • Enable the edit button in Scanner Profiles list
  • Add specs

Changelog

Changelog is not required for this MR as the changes are behind a feature flag

Prior Work

  • This is a follow up task to Adding DAST Scanner Profiles Form MVC - !40963 (merged)

  • This MR is highly inspired from prior work done at Adding Edit Capability in DAST Site Profile - !38315 (diffs)

Screenshots

Before After (Edit buttons are enabled now)
image image

Editing a scanner profile in action

dast_scanner_profile_edit

Local testing:

  1. Enable feature flag:
echo "Feature.enable(:security_on_demand_scans_scanner_profiles)" | spring rails c
  1. Navigate to on-demand scanner profile page:

Example - http://localhost:3000/root/example-security-report/-/on_demand_scans/profiles#scanner-profiles

  1. Create a profile (scanner profile)

  2. Try to edit the profile and update any information. The updated information should persist.

Does this MR meet the acceptance criteria?

Conformity

Edited by Dheeraj Joshi

Merge request reports