Extend DastSiteProfile with more config options
Related Issue(s)
What does this MR do?
adds additional some additional configuration for DastSiteProfiles
and stubs out some of GraphQL arguments and fields until the backend for storing them securely is in place.
Why?
we want to offer users more control over their dast
on-demand scans.
GraphQL
Query
query project($fullPath: ID!) {
project(fullPath: $fullPath) {
dastSiteProfiles(first: 1) {
nodes {
id
profileName
targetUrl
editPath
excludedUrls
requestHeaders
validationStatus
normalizedTargetUrl
auth { enabled url usernameField passwordField username password }
referencedInSecurityPolicies
}
}
}
}
Mutations
dastSiteProfileCreate
mutation($dastSiteProfileCreateInput: DastSiteProfileCreateInput!) {
dastSiteProfileCreate(input: $dastSiteProfileCreateInput) {
clientMutationId
errors
id
}
}
{
"dastSiteProfileCreateInput":{
"fullPath":"namespace10/project10",
"profileName":"Open-source intermediate methodology",
"targetUrl":"http://example18.test",
"excludedUrls":"http://example18.test/signout",
"requestHeaders":"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0",
"auth":{
"enabled":false
}
}
}
dastSiteProfileUpdate
mutation($dastSiteProfileUpdateInput: DastSiteProfileUpdateInput!) {
dastSiteProfileUpdate(input: $dastSiteProfileUpdateInput) {
clientMutationId
errors
id
}
}
{
"dastSiteProfileUpdateInput":{
"fullPath":"namespace25/project25",
"id":"gid://gitlab/DastSiteProfile/24",
"profileName":"c7ad43f42039f195dc8654f6389f57b9",
"targetUrl":"http://example36.test",
"excludedUrls":"http://example36.test/signout",
"requestHeaders":"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0",
"auth":{
"enabled":false
}
}
}
Database
Migrations
% rails db:migrate:up VERSION=20210302025305
== 20210302025305 AddExcludedUrlsAndRequestHeadersToDastSiteProfiles: migrating
-- add_column(:dast_site_profiles, :excluded_urls, :text)
-> 0.0016s
-- add_column(:dast_site_profiles, :auth_enabled, :boolean, {:default=>false, :null=>false})
-> 0.0028s
-- add_column(:dast_site_profiles, :auth_url, :text)
-> 0.0012s
-- add_column(:dast_site_profiles, :auth_username_field, :text)
-> 0.0009s
-- add_column(:dast_site_profiles, :auth_password_field, :text)
-> 0.0009s
-- add_column(:dast_site_profiles, :auth_username, :text)
-> 0.0009s
-- transaction_open?()
-> 0.0000s
-- current_schema()
-> 0.0002s
-- execute("ALTER TABLE dast_site_profiles\nADD CONSTRAINT check_07ae59ac33\nCHECK ( char_length(excluded_urls) <= 2048 )\nNOT VALID;\n")
-> 0.0012s
-- current_schema()
-> 0.0002s
-- execute("SET statement_timeout TO 0")
-> 0.0006s
-- execute("ALTER TABLE dast_site_profiles VALIDATE CONSTRAINT check_07ae59ac33;")
-> 0.0012s
-- execute("RESET ALL")
-> 0.0006s
-- transaction_open?()
-> 0.0000s
-- current_schema()
-> 0.0002s
-- execute("ALTER TABLE dast_site_profiles\nADD CONSTRAINT check_d446f7047b\nCHECK ( char_length(auth_url) <= 1024 )\nNOT VALID;\n")
-> 0.0010s
-- current_schema()
-> 0.0002s
-- execute("ALTER TABLE dast_site_profiles VALIDATE CONSTRAINT check_d446f7047b;")
-> 0.0011s
-- transaction_open?()
-> 0.0000s
-- current_schema()
-> 0.0002s
-- execute("ALTER TABLE dast_site_profiles\nADD CONSTRAINT check_5203110fee\nCHECK ( char_length(auth_username_field) <= 255 )\nNOT VALID;\n")
-> 0.0012s
-- current_schema()
-> 0.0002s
-- execute("ALTER TABLE dast_site_profiles VALIDATE CONSTRAINT check_5203110fee;")
-> 0.0014s
-- transaction_open?()
-> 0.0000s
-- current_schema()
-> 0.0004s
-- execute("ALTER TABLE dast_site_profiles\nADD CONSTRAINT check_c329dffdba\nCHECK ( char_length(auth_password_field) <= 255 )\nNOT VALID;\n")
-> 0.0011s
-- current_schema()
-> 0.0002s
-- execute("ALTER TABLE dast_site_profiles VALIDATE CONSTRAINT check_c329dffdba;")
-> 0.0010s
-- transaction_open?()
-> 0.0000s
-- current_schema()
-> 0.0002s
-- execute("ALTER TABLE dast_site_profiles\nADD CONSTRAINT check_f22f18002a\nCHECK ( char_length(auth_username) <= 255 )\nNOT VALID;\n")
-> 0.0016s
-- current_schema()
-> 0.0002s
-- execute("ALTER TABLE dast_site_profiles VALIDATE CONSTRAINT check_f22f18002a;")
-> 0.0011s
== 20210302025305 AddExcludedUrlsAndRequestHeadersToDastSiteProfiles: migrated (0.1245s)
% rails db:migrate:down VERSION=20210302025305
== 20210302025305 AddExcludedUrlsAndRequestHeadersToDastSiteProfiles: reverting
-- remove_column(:dast_site_profiles, :auth_username)
-> 0.0018s
-- remove_column(:dast_site_profiles, :auth_password_field)
-> 0.0010s
-- remove_column(:dast_site_profiles, :auth_username_field)
-> 0.0009s
-- remove_column(:dast_site_profiles, :auth_url)
-> 0.0008s
-- remove_column(:dast_site_profiles, :auth_enabled)
-> 0.0008s
-- remove_column(:dast_site_profiles, :excluded_urls)
-> 0.0008s
== 20210302025305 AddExcludedUrlsAndRequestHeadersToDastSiteProfiles: reverted (0.0133s)
Does this MR meet the acceptance criteria?
Conformity
-
Does this MR need a changelog?-
I have included a changelog entry. -
I have not included a changelog entry because _____.
-
-
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Merge request reports
Activity
added typefeature label
7 Warnings This merge request is quite big (675 lines changed), please consider splitting it into multiple merge requests. d871be77: Commits that change 30 or more lines across at least 3 files must describe these changes in the commit body. For more information, take a look at our Commit message guidelines. 56017e6b: Commits that change 30 or more lines across at least 3 files must describe these changes in the commit body. For more information, take a look at our Commit message guidelines. e20b5d9c: Commits that change 30 or more lines across at least 3 files must describe these changes in the commit body. For more information, take a look at our Commit message guidelines. 4f045d58: Commits that change 30 or more lines across at least 3 files must describe these changes in the commit body. For more information, take a look at our Commit message guidelines. e7565f48: Commits that change 30 or more lines across at least 3 files must describe these changes in the commit body. For more information, take a look at our Commit message guidelines. This merge request does not have any assignee yet. Setting an assignee clarifies who needs to take action on the merge request at any given time. 2 Messages This merge request adds or changes files that require a review from the Database team. This merge request adds or changes documentation files. A review from the Technical Writing team before you merge is recommended. Reviews can happen after you merge. This merge request requires a database review. To make sure these changes are reviewed, take the following steps:
- Ensure the merge request has database and databasereview pending labels. If the merge request modifies database files, Danger will do this for you.
- Prepare your MR for database review according to the docs.
- Assign and mention the database reviewer suggested by Reviewer Roulette.
The following files require a review from the Database team:
db/migrate/20210302025305_add_excluded_urls_and_request_headers_to_dast_site_profiles.rb
db/migrate/20210311022012_add_text_limits_to_dast_site_profiles.rb
db/schema_migrations/20210302025305
db/schema_migrations/20210311022012
db/structure.sql
Documentation review
The following files require a review from a technical writer:
doc/api/graphql/reference/index.md
The review does not need to block merging this merge request. See the:
-
Metadata for the
*.md
files that you've changed. The first few lines of each*.md
file identify the stage and group most closely associated with your docs change. - The Technical Writer assigned for that stage and group.
- Documentation workflows for information on when to assign a merge request for review.
Reviewer roulette
Changes that require review have been detected! A merge request is normally reviewed by both a reviewer and a maintainer in its primary category (e.g. frontend or backend), and by a maintainer in all other categories.
To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.
To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.
Once you've decided who will review this merge request, assign them as a reviewer! Danger does not automatically notify them for you.
Category Reviewer Maintainer backend Drew Blessing ( @dblessing
) (UTC-5)Etienne Baqué ( @ebaque
) (UTC+3)~changelog No reviewer available No maintainer available database Michał Zając ( @Quintasan
) (UTC+1)Toon Claes ( @toon
) (UTC+1)~migration No reviewer available No maintainer available If needed, you can retry the
danger-review
job that generated this comment.Generated by
DangerEdited by 🤖 GitLab Bot 🤖- Resolved by Philip Cunningham
added 519 commits
-
85760862...827fcc6a - 502 commits from branch
master
- 248c94fa - wip
- b53fe2f1 - wip
- 702bee0d - wip
- 4a72fb46 - wip
- ca0c13ae - wip
- 7761ac6a - wip
- 6060baf7 - wip
- 1f485a43 - wip
- 343e2cf8 - wip
- 9d0e57ec - wip
- f90062b7 - wip
- ce66c13f - wip
- 3329b2e9 - wip
- 6b4c0d7d - wip
- b5f56d8d - wip
- 3a0c9a64 - wip
- a648adb1 - wip
Toggle commit list-
85760862...827fcc6a - 502 commits from branch
added 1 commit
- 8f0d1a70 - Extend DastSiteProfile with more configuration
added databasereview pending label
added database documentation labels
added 2 commits