Skip to content

Remove mock data from DAST Site Profiles

Dheeraj Joshi requested to merge djadmin-sync-up-dast-site-auth into master

Related issue - #324387 (closed)

What does this MR do?

Syncs backend and frontend for delivery of feature that adds authentication, request headers and excluded URLs to DAST on-demand scans.

Frontend

  • Remove mock data for saved DAST site profiles
  • Sets a default value for Enable Authentication checkbox
  • Harmonize form validations for site profiles
    • New Profile & Edit Profile should behave similarly
  • Followup-MR to improve UX - !58930 (merged)

Backend

  • Extracts a presenter to share some presentational concerns between GraphQL and HAML
  • Adds an additional spec to ensure JSON data is as expected

Screencast

  • Form validations for editing a profile without auth
Before After
profile_validation_master profile_validation_fix

How to test this?

  1. Enable feature flag security_dast_site_profiles_additional_fields 
echo "Feature.enable(:security_dast_site_profiles_additional_fields)" | rails c

  1. Navigate to the DAST profile library page in your GDK: /:namespace/:project/-/security/configuration/dast_profiles#site-profiles

  2. Select New > Site Profile or edit an existing profile

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by Dheeraj Joshi

Merge request reports