DAST site profiles: support validation path (!42906) · Merge requests · GitLab.org / GitLab

Paul Gascou-Vaillancourt requested to merge 247106-dast-site-text-file-validation-paths into master Sep 21, 2020

Related issue: #247106 (closed)

What does this MR do?

This adds support for providing a validation file path when validation a DAST site profile.

The input's prefix now defaults to the target URL's origin, followed by a trailing slash
The input itself defaults to the target URL's path followed by the generated token
Submitting the validation form now sends the validation path along with the GraphQL mutation

What does this MR do?

This hooks up the frontend validation components to actual API calls for validating DAST sites.

How to test this?

Enable the feature flag.

echo "Feature.enable(:security_on_demand_scans_site_validation)" | rails c

Install and setup graphql-vue-apollo-playground locally. Checkout the mock-dast-site-profiles branch and run the mock server.
Use the local mock server in the Apollo provider.

diff --git a/ee/app/assets/javascripts/dast_site_profiles_form/graphql/provider.js b/ee/app/assets/javascripts/dast_site_profiles_form/graphql/provider.js
index ef96b443da8..993a7cefb5c 100644
--- a/ee/app/assets/javascripts/dast_site_profiles_form/graphql/provider.js
+++ b/ee/app/assets/javascripts/dast_site_profiles_form/graphql/provider.js
@@ -5,5 +5,10 @@ import createDefaultClient from '~/lib/graphql';
 Vue.use(VueApollo);
 
 export default new VueApollo({
-  defaultClient: createDefaultClient(),
+  defaultClient: createDefaultClient(
+    {},
+    {
+      baseUrl: 'http://localhost:4000',
+    },
+  ),
 });