Remove mock data from DAST Site Profiles
Related issue - #324387 (closed)
What does this MR do?
Syncs backend and frontend for delivery of feature that adds authentication, request headers and excluded URLs to DAST on-demand scans.
Frontend
- Remove mock data for saved DAST site profiles
- Sets a default value for
Enable Authentication
checkbox - Harmonize form validations for site profiles
- New Profile & Edit Profile should behave similarly
- Followup-MR to improve UX - !58930 (merged)
Backend
- Extracts a presenter to share some presentational concerns between GraphQL and HAML
- Adds an additional spec to ensure JSON data is as expected
Screencast
- Form validations for editing a profile without auth
Before | After |
---|---|
profile_validation_master | profile_validation_fix |
How to test this?
- Enable feature flag
security_dast_site_profiles_additional_fields
echo "Feature.enable(:security_dast_site_profiles_additional_fields)" | rails c
-
Navigate to the DAST profile library page in your GDK:
/:namespace/:project/-/security/configuration/dast_profiles#site-profiles
-
Select
New
>Site Profile
or edit an existing profile
Does this MR meet the acceptance criteria?
Conformity
-
📋 Does this MR need a changelog?-
I have included a changelog entry. -
I have not included a changelog entry because featureflagdisabled ( :security_dast_site_profiles_additional_fields
).
-
-
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Edited by Dheeraj Joshi