Wire up DAST Saved Scans with the API (!53501) · Merge requests · GitLab.org / GitLab

Paul Gascou-Vaillancourt requested to merge 296752-dast-saved-scans-cleanup into master Feb 05, 2021

What does this MR do?

This wires-up the frontend and the backend for the following GraphQL queries and mutations:

dastProfiles query: up until now, this has been querying local mocks. Now that this query is supported by the backend, we can remove the client-side mocks and hit the actual API.
dastScanCreate mutation: this mutation was marked as a known invalid query in config/known_invalid_graphql_queries.yml. Since the backend now supports it, we can remove the override. Additionally, the mutation has been cleaned-up by leveraging DastProfileCreateInput .
dastScanUpdate mutation: this mutation used the @client directive to not be considered invalid. Now that the backend supports it, we can remove the directive and let the mutation hit the API. Additionally, the mutation has been cleaned-up by leveraging DastProfileUpdateInput.

Note that during backend reviews, it was decided to drop the notion of savedScans in favor of dastProfiles. Therefor, a few renames had to be done here as well:

savedScans query renamed to dastProfiles.
dastScanCreate mutation renamed to dastProfileCreate
dastScanUpdate mutation renamed to dastProfileUpdate

How to test this?

Enable the feature flag.

echo "Feature.enable(:dast_saved_scans)" | rails c

Browse to the new DAST scan page at /:namespace/:project/-/on_demand_scans/new. You should be able to create a scan.
Browse to the DAST scans list at /:namespace/:project/-/security/configuration/dast_profiles. You should see your previously created scan(s) here.
Edit any scan.