Add scan file path to dast site profile
What does this MR do and why?
Describe in detail what your merge request does and why.
As suggested here, The MR !79279 (closed) was split in two.
This Merge Request adds backend support to the scanFilePath.
This is one of the extra configuration options that should be included in the on-demand scan configuration screen as described here and here.
Checklist
-
Add scanFilePathfield todast_site_profilemodel -
Create a migration to add the scanFilePathcolumn into the database -
Add scanFilePathfield todast_site_profile_type -
Add scanFilePathfield toMutations::DastSiteProfiles::Createmutation -
Add scanFilePathfield toMutations::DastSiteProfiles::Updatemutation -
Add scanFilePathfield toMutations::AppSec::Dast::SiteProfiles::SharedArguments -
Set the appropriate environment variable based on the scan_method.
GraphQl Updates
The DastSiteProfileCreateInput and DastSiteProfileUpdateInput GraphQL types need to be extended to support the new scan method option.
-
scanFilePath-Type::String
ScanMethodEnum is a new Enum to identify the scan method used for the API Scan. The values for the enum are
dastSiteProfiles Query
project(fullPath: $fullPath) {
dastSiteProfiles(...) {
nodes {
id
profileName
normalizedTargetUrl
targetUrl
targetType
+ scanFilePath
}
}
}Database updates
Add scan_file_path
migration up
main: == 20220126191624 AddScanFilePathToDastSiteProfile: migrating =================
main: -- add_column(:dast_site_profiles, :scan_file_path, :text)
main: -> 0.0045s
main: == 20220126191624 AddScanFilePathToDastSiteProfile: migrated (0.0045s) ========migration down
main: == 20220126191624 AddScanFilePathToDastSiteProfile: reverting =================
main: -- remove_column(:dast_site_profiles, :scan_file_path, :text)
main: -> 0.0039s
main: == 20220126191624 AddScanFilePathToDastSiteProfile: reverted (0.0040s) ========
Add scan_file_path size limit
migration up
main: == 20221012135524 AddScanFilePathLimitForDastSiteProfile: migrating ===========
main: -- transaction_open?()
main: -> 0.0000s
main: -- current_schema()
main: -> 0.0010s
main: -- transaction_open?()
main: -> 0.0000s
main: -- execute("ALTER TABLE dast_site_profiles\nADD CONSTRAINT check_8d2aa0f66d\nCHECK ( char_length(scan_file_path) <= 1024 )\nNOT VALID;\n")
main: -> 0.0037s
main: -- current_schema()
main: -> 0.0001s
main: -- execute("SET statement_timeout TO 0")
main: -> 0.0001s
main: -- execute("ALTER TABLE dast_site_profiles VALIDATE CONSTRAINT check_8d2aa0f66d;")
main: -> 0.0008s
main: -- execute("RESET statement_timeout")
main: -> 0.0001s
main: == 20221012135524 AddScanFilePathLimitForDastSiteProfile: migrated (0.0198s) ==migration down
main: == 20220126191624 AddScanFilePathToDastSiteProfile: reverting =================
main: -- remove_column(:dast_site_profiles, :scan_file_path, :text)
main: -> 0.0017s
main: == 20220126191624 AddScanFilePathToDastSiteProfile: reverted (0.0018s) ========Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
How to setup and validate in the review-app
-
Open the Review App
-
Create a personal access token
- Enable the `` feature flag
curl --location --request POST 'https://gitlab-review-mc-rocha-a-migmre.gitlab-review.app/api/v4/features/dast_api_scanner' \
--header 'Authorization: Bearer <your-token>' \
--header 'Content-Type: application/json' \
--data-raw '{
"value": true
}'-
Create a new blank project
-
Create a new on-demand scan and set the scan file path
In this example the scan method is OpenAPI and the target used was this project.
Opening this project with Gitpod will provide a public available target
examples:
target file without host information
https://gitlab-review-mc-rocha-a-migmre.gitlab-review.app/root/apiscantest/-/jobs/392
Output
Running with gitlab-runner 15.1.0 (76984217)
on review-mc-rocha-a-migmre-gitlab-runner-7c6458f84d-qmpqv Ny23sQ8v
Resolving secrets
00:00
Preparing the "kubernetes" executor
00:00
Using Kubernetes namespace: review-mc-rocha-a-migmre
Using Kubernetes executor with image registry.gitlab.com/security-products/api-security:2 ...
Using attach strategy to execute scripts...
Preparing environment
Waiting for pod review-mc-rocha-a-migmre/runner-ny23sq8v-project-409-concurrent-0zp2t6 to be running, status is Pending
Waiting for pod review-mc-rocha-a-migmre/runner-ny23sq8v-project-409-concurrent-0zp2t6 to be running, status is Pending
ContainersNotInitialized: "containers with incomplete status: [init-permissions]"
ContainersNotReady: "containers with unready status: [build helper]"
ContainersNotReady: "containers with unready status: [build helper]"
Waiting for pod review-mc-rocha-a-migmre/runner-ny23sq8v-project-409-concurrent-0zp2t6 to be running, status is Pending
ContainersNotInitialized: "containers with incomplete status: [init-permissions]"
ContainersNotReady: "containers with unready status: [build helper]"
ContainersNotReady: "containers with unready status: [build helper]"
Waiting for pod review-mc-rocha-a-migmre/runner-ny23sq8v-project-409-concurrent-0zp2t6 to be running, status is Pending
ContainersNotInitialized: "containers with incomplete status: [init-permissions]"
ContainersNotReady: "containers with unready status: [build helper]"
ContainersNotReady: "containers with unready status: [build helper]"
Waiting for pod review-mc-rocha-a-migmre/runner-ny23sq8v-project-409-concurrent-0zp2t6 to be running, status is Pending
ContainersNotInitialized: "containers with incomplete status: [init-permissions]"
ContainersNotReady: "containers with unready status: [build helper]"
ContainersNotReady: "containers with unready status: [build helper]"
Waiting for pod review-mc-rocha-a-migmre/runner-ny23sq8v-project-409-concurrent-0zp2t6 to be running, status is Pending
ContainersNotInitialized: "containers with incomplete status: [init-permissions]"
ContainersNotReady: "containers with unready status: [build helper]"
ContainersNotReady: "containers with unready status: [build helper]"
Waiting for pod review-mc-rocha-a-migmre/runner-ny23sq8v-project-409-concurrent-0zp2t6 to be running, status is Pending
ContainersNotInitialized: "containers with incomplete status: [init-permissions]"
ContainersNotReady: "containers with unready status: [build helper]"
ContainersNotReady: "containers with unready status: [build helper]"
Waiting for pod review-mc-rocha-a-migmre/runner-ny23sq8v-project-409-concurrent-0zp2t6 to be running, status is Pending
ContainersNotInitialized: "containers with incomplete status: [init-permissions]"
ContainersNotReady: "containers with unready status: [build helper]"
ContainersNotReady: "containers with unready status: [build helper]"
Waiting for pod review-mc-rocha-a-migmre/runner-ny23sq8v-project-409-concurrent-0zp2t6 to be running, status is Pending
ContainersNotReady: "containers with unready status: [build helper]"
ContainersNotReady: "containers with unready status: [build helper]"
Waiting for pod review-mc-rocha-a-migmre/runner-ny23sq8v-project-409-concurrent-0zp2t6 to be running, status is Pending
ContainersNotReady: "containers with unready status: [build helper]"
ContainersNotReady: "containers with unready status: [build helper]"
Waiting for pod review-mc-rocha-a-migmre/runner-ny23sq8v-project-409-concurrent-0zp2t6 to be running, status is Pending
ContainersNotReady: "containers with unready status: [build helper]"
ContainersNotReady: "containers with unready status: [build helper]"
Running on runner-ny23sq8v-project-409-concurrent-0zp2t6 via review-mc-rocha-a-migmre-gitlab-runner-7c6458f84d-qmpqv...
Getting source from Git repository
00:00
Fetching changes with git depth set to 20...
Initialized empty Git repository in /builds/root/apiscantest/.git/
Created fresh repository.
Checking out f1ce4d74 as main...
Skipping Git submodules setup
Executing "step_script" stage of the job script
03:44
$ /peach/analyzer-dast-api
22:37:17 [INF] API Security: Gitlab API Security
22:37:17 [INF] API Security: -------------------
22:37:17 [INF] API Security:
22:37:17 [INF] API Security: version: 2.0.69
22:37:17 [INF] API Security: api: http://127.0.0.1:5000
22:37:17 [INF] API Security: config: /peach/configs/gitlab-dast-api-config.yml
22:37:17 [INF] API Security: openapi: https://3000-mcrocha-testrailsopenap-bfggihhf94z.ws-us70.gitpod.io/api-docs/v1/swagger.yaml
22:37:17 [INF] API Security: profile: Quick
22:37:17 [INF] API Security: project: root/apiscantest
22:37:17 [INF] API Security: security report: gl-dast-api-report.json
22:37:17 [INF] API Security: security report asset path: gl-assets
22:37:17 [INF] API Security: ci_project_url: https://gitlab-review-mc-rocha-a-migmre.gitlab-review.app/root/apiscantest
22:37:17 [INF] API Security: ci_job_id: 392
22:37:17 [INF] API Security: service_start_timeout: 300
22:37:17 [INF] API Security: target_url: None
22:37:17 [INF] API Security: timeout: 30
22:37:17 [INF] API Security: verbose: False
22:37:17 [INF] API Security:
22:37:17 [INF] API Security: Waiting for API Security (http://127.0.0.1:5000) to become available...
22:37:17 [INF] API Security: Backing off 0.8 seconds afters 1 tries
22:37:17 [INF] API Security: Backing off 0.8 seconds afters 2 tries
22:37:49 [INF] API Security:
22:37:49 [INF] API Security: Loaded 6 operations from: https://3000-mcrocha-testrailsopenap-bfggihhf94z.ws-us70.gitpod.io/api-docs/v1/swagger.yaml
22:37:49 [INF] API Security:
22:37:49 [INF] API Security: Testing operation [1/6]: 'GET https://3000-mcrocha-testrailsopenap-bfggihhf94z.ws-us70.gitpod.io/api-docs/v1/swagger.yaml/posts'.
22:37:49 [INF] API Security: - Parameters: (Headers: 4, Query: 0, Body: 0)
22:37:49 [INF] API Security: - Request body size: 0 Bytes (0 bytes)
22:37:49 [INF] API Security:
22:37:49 [INF] API Security: Testing operation [2/6]: 'POST https://3000-mcrocha-testrailsopenap-bfggihhf94z.ws-us70.gitpod.io/api-docs/v1/swagger.yaml/posts'.
22:37:49 [INF] API Security: - Parameters: (Headers: 4, Query: 0, Body: 0)
22:37:49 [INF] API Security: - Request body size: 0 Bytes (0 bytes)
22:37:49 [INF] API Security:
22:38:20 [INF] API Security: Finished testing operation 'GET https://3000-mcrocha-testrailsopenap-bfggihhf94z.ws-us70.gitpod.io/api-docs/v1/swagger.yaml/posts'.
22:38:20 [INF] API Security: - Excluded Parameters: (Headers: 0, Query: 0, Body: 0)
22:38:20 [INF] API Security: - Performed 945 requests
22:38:20 [INF] API Security: - Average response body size: 5.6 kB (5563 bytes)
22:38:20 [INF] API Security: - Average call time: 93.41 milliseconds (0.093411 seconds)
22:38:20 [INF] API Security: - Time to complete: 35 seconds and 559.88 milliseconds (35.559885 seconds)
22:38:20 [INF] API Security:
22:38:20 [INF] API Security: Testing operation [3/6]: 'GET https://3000-mcrocha-testrailsopenap-bfggihhf94z.ws-us70.gitpod.io/api-docs/v1/swagger.yaml/posts/string-without-format'.
22:38:20 [INF] API Security: - Parameters: (Headers: 4, Query: 0, Body: 0)
22:38:20 [INF] API Security: - Request body size: 0 Bytes (0 bytes)
22:38:20 [INF] API Security:
22:38:50 [INF] API Security: Finished testing operation 'POST https://3000-mcrocha-testrailsopenap-bfggihhf94z.ws-us70.gitpod.io/api-docs/v1/swagger.yaml/posts'.
22:38:50 [INF] API Security: - Excluded Parameters: (Headers: 0, Query: 0, Body: 0)
22:38:50 [INF] API Security: - Performed 931 requests
22:38:50 [INF] API Security: - Average response body size: 5.1 kB (5130 bytes)
22:38:50 [INF] API Security: - Average call time: 81.64 milliseconds (0.081637 seconds)
22:38:50 [INF] API Security: - Time to complete: 58 seconds and 668.80 milliseconds (58.668796 seconds)
22:38:50 [INF] API Security:
22:38:50 [INF] API Security: Testing operation [4/6]: 'PATCH https://3000-mcrocha-testrailsopenap-bfggihhf94z.ws-us70.gitpod.io/api-docs/v1/swagger.yaml/posts/string-without-format'.
22:38:50 [INF] API Security: - Parameters: (Headers: 4, Query: 0, Body: 0)
22:38:50 [INF] API Security: - Request body size: 0 Bytes (0 bytes)
22:38:50 [INF] API Security:
22:39:20 [INF] API Security: Finished testing operation 'GET https://3000-mcrocha-testrailsopenap-bfggihhf94z.ws-us70.gitpod.io/api-docs/v1/swagger.yaml/posts/string-without-format'.
22:39:20 [INF] API Security: - Excluded Parameters: (Headers: 0, Query: 0, Body: 0)
22:39:20 [INF] API Security: - Performed 1086 requests
22:39:20 [INF] API Security: - Average response body size: 5.2 kB (5205 bytes)
22:39:20 [INF] API Security: - Average call time: 75.21 milliseconds (0.075206 seconds)
22:39:20 [INF] API Security: - Time to complete: 56 seconds and 131.04 milliseconds (56.131042 seconds)
22:39:20 [INF] API Security:
22:39:20 [INF] API Security: Testing operation [5/6]: 'PUT https://3000-mcrocha-testrailsopenap-bfggihhf94z.ws-us70.gitpod.io/api-docs/v1/swagger.yaml/posts/string-without-format'.
22:39:20 [INF] API Security: - Parameters: (Headers: 4, Query: 0, Body: 0)
22:39:20 [INF] API Security: - Request body size: 0 Bytes (0 bytes)
22:39:20 [INF] API Security:
22:39:37 [INF] API Security: Finished testing operation 'PATCH https://3000-mcrocha-testrailsopenap-bfggihhf94z.ws-us70.gitpod.io/api-docs/v1/swagger.yaml/posts/string-without-format'.
22:39:37 [INF] API Security: - Excluded Parameters: (Headers: 0, Query: 0, Body: 0)
22:39:37 [INF] API Security: - Performed 1086 requests
22:39:37 [INF] API Security: - Average response body size: 5.2 kB (5209 bytes)
22:39:37 [INF] API Security: - Average call time: 75.41 milliseconds (0.075406 seconds)
22:39:37 [INF] API Security: - Time to complete: 56 seconds and 607.25 milliseconds (56.607252 seconds)
22:39:37 [INF] API Security:
22:39:37 [INF] API Security: Testing operation [6/6]: 'DELETE https://3000-mcrocha-testrailsopenap-bfggihhf94z.ws-us70.gitpod.io/api-docs/v1/swagger.yaml/posts/string-without-format'.
22:39:37 [INF] API Security: - Parameters: (Headers: 4, Query: 0, Body: 0)
22:39:37 [INF] API Security: - Request body size: 0 Bytes (0 bytes)
22:39:37 [INF] API Security:
22:40:23 [INF] API Security: Finished testing operation 'PUT https://3000-mcrocha-testrailsopenap-bfggihhf94z.ws-us70.gitpod.io/api-docs/v1/swagger.yaml/posts/string-without-format'.
22:40:23 [INF] API Security: - Excluded Parameters: (Headers: 0, Query: 0, Body: 0)
22:40:23 [INF] API Security: - Performed 1086 requests
22:40:23 [INF] API Security: - Average response body size: 5.2 kB (5236 bytes)
22:40:23 [INF] API Security: - Average call time: 74.92 milliseconds (0.074923 seconds)
22:40:23 [INF] API Security: - Time to complete: 1 minute, 3 seconds and 44.66 milliseconds (63.044664 seconds)
22:40:23 [INF] API Security:
22:40:53 [INF] API Security: Finished testing operation 'DELETE https://3000-mcrocha-testrailsopenap-bfggihhf94z.ws-us70.gitpod.io/api-docs/v1/swagger.yaml/posts/string-without-format'.
22:40:53 [INF] API Security: - Excluded Parameters: (Headers: 0, Query: 0, Body: 0)
22:40:53 [INF] API Security: - Performed 1086 requests
22:40:53 [INF] API Security: - Average response body size: 5.3 kB (5251 bytes)
22:40:53 [INF] API Security: - Average call time: 88.27 milliseconds (0.088272 seconds)
22:40:53 [INF] API Security: - Time to complete: 1 minute, 19 seconds and 401.33 milliseconds (79.401331 seconds)
22:40:53 [INF] API Security:
22:40:53 [INF] API Security:
22:40:53 [INF] API Security: Generating security report as 'gl-dast-api-report.json'.
22:40:54 [INF] API Security:
22:40:54 [INF] API Security: --[ Tested Operations ]-------------------------
22:40:54 [INF] API Security: 404 GET https://3000-mcrocha-testrailsopenap-bfggihhf94z.ws-us70.gitpod.io:443/api-docs/v1/swagger.yaml/posts Not Found
22:40:54 [INF] API Security: 404 POST https://3000-mcrocha-testrailsopenap-bfggihhf94z.ws-us70.gitpod.io:443/api-docs/v1/swagger.yaml/posts Not Found
22:40:54 [INF] API Security: 404 GET https://3000-mcrocha-testrailsopenap-bfggihhf94z.ws-us70.gitpod.io:443/api-docs/v1/swagger.yaml/posts/string-without-format Not Found
22:40:54 [INF] API Security: 404 PATCH https://3000-mcrocha-testrailsopenap-bfggihhf94z.ws-us70.gitpod.io:443/api-docs/v1/swagger.yaml/posts/string-without-format Not Found
22:40:54 [INF] API Security: 404 PUT https://3000-mcrocha-testrailsopenap-bfggihhf94z.ws-us70.gitpod.io:443/api-docs/v1/swagger.yaml/posts/string-without-format Not Found
22:40:54 [INF] API Security: 404 DELETE https://3000-mcrocha-testrailsopenap-bfggihhf94z.ws-us70.gitpod.io:443/api-docs/v1/swagger.yaml/posts/string-without-format Not Found
22:40:54 [INF] API Security: ------------------------------------------------
22:40:54 [INF] API Security:
22:40:54 [INF] API Security: --[ Excluded Operations ]-----------------------
22:40:54 [INF] API Security: No operations were excluded
22:40:54 [INF] API Security: ------------------------------------------------
22:40:54 [INF] API Security:
22:40:54 [INF] API Security: --[ Excluded Parameters ]-----------------------
22:40:54 [INF] API Security: No parameters were excluded
22:40:54 [INF] API Security: ------------------------------------------------
22:40:54 [INF] API Security:
22:40:54 [INF] API Security: --[ Finished testing ]--------------------------
22:40:54 [INF] API Security: Testing completed successfully
22:40:54 [INF] API Security:
22:40:54 [INF] API Security: * Performed total of 6220 API requests.
22:40:54 [INF] API Security: * Performed total of 13 security checks.
22:40:54 [INF] API Security: - Active checks....: 8
22:40:54 [INF] API Security: - Passive checks...: 5
22:40:54 [INF] API Security: * Detected 9 vulnerabilities.
22:40:54 [INF] API Security: ------------------------------------------------
22:40:54 [INF] API Security:
22:40:54 [INF] API Security: Testing completed successfully, 9 issues detected.
22:40:54 [INF] API Security:
22:40:54 [INF] API Security:
Stopping scanner...
/peach/analyzer-dast-api: line 56: kill: (19) - No such process
Waiting for scanner to terminate
Uploading artifacts for successful job
00:05
Uploading artifacts...
gl-assets: found 19 matching files and directories
gl-dast-api-report.json: found 1 matching files and directories
gl-*.log: found 2 matching files and directories
Uploading artifacts as "archive" to coordinator... 201 Created id=392 responseStatus=201 Created token=k-4bsfrv
Uploading artifacts...
gl-dast-api-report.json: found 1 matching files and directories
Uploading artifacts as "dast" to coordinator... 201 Created id=392 responseStatus=201 Created token=k-4bsfrv
Cleaning up project directory and file based variables
00:00
Job succeededTarget file with host information
https://gitlab-review-mc-rocha-a-migmre.gitlab-review.app/root/apiscantest/-/jobs/393
Search job log
Running with gitlab-runner 15.1.0 (76984217)
on review-mc-rocha-a-migmre-gitlab-runner-7c6458f84d-qmpqv Ny23sQ8v
Resolving secrets
00:00
Preparing the "kubernetes" executor
00:00
Using Kubernetes namespace: review-mc-rocha-a-migmre
Using Kubernetes executor with image registry.gitlab.com/security-products/api-security:2 ...
Using attach strategy to execute scripts...
Preparing environment
00:12
Waiting for pod review-mc-rocha-a-migmre/runner-ny23sq8v-project-409-concurrent-0b8xmx to be running, status is Pending
Waiting for pod review-mc-rocha-a-migmre/runner-ny23sq8v-project-409-concurrent-0b8xmx to be running, status is Pending
ContainersNotReady: "containers with unready status: [build helper]"
ContainersNotReady: "containers with unready status: [build helper]"
Waiting for pod review-mc-rocha-a-migmre/runner-ny23sq8v-project-409-concurrent-0b8xmx to be running, status is Pending
ContainersNotReady: "containers with unready status: [build helper]"
ContainersNotReady: "containers with unready status: [build helper]"
Waiting for pod review-mc-rocha-a-migmre/runner-ny23sq8v-project-409-concurrent-0b8xmx to be running, status is Pending
ContainersNotReady: "containers with unready status: [build helper]"
ContainersNotReady: "containers with unready status: [build helper]"
Running on runner-ny23sq8v-project-409-concurrent-0b8xmx via review-mc-rocha-a-migmre-gitlab-runner-7c6458f84d-qmpqv...
Getting source from Git repository
00:00
Fetching changes with git depth set to 20...
Initialized empty Git repository in /builds/root/apiscantest/.git/
Created fresh repository.
Checking out f1ce4d74 as main...
Skipping Git submodules setup
Executing "step_script" stage of the job script
01:03
$ /peach/analyzer-dast-api
23:34:56 [INF] API Security: Gitlab API Security
23:34:56 [INF] API Security: -------------------
23:34:56 [INF] API Security:
23:34:56 [INF] API Security: version: 2.0.69
23:34:56 [INF] API Security: api: http://127.0.0.1:5000
23:34:56 [INF] API Security: config: /peach/configs/gitlab-dast-api-config.yml
23:34:56 [INF] API Security: openapi: https://3000-mcrocha-testrailsopenap-bfggihhf94z.ws-us70.gitpod.io/api-docs/v1/swagger.yaml
23:34:56 [INF] API Security: profile: Quick
23:34:56 [INF] API Security: project: root/apiscantest
23:34:56 [INF] API Security: security report: gl-dast-api-report.json
23:34:56 [INF] API Security: security report asset path: gl-assets
23:34:56 [INF] API Security: ci_project_url: https://gitlab-review-mc-rocha-a-migmre.gitlab-review.app/root/apiscantest
23:34:56 [INF] API Security: ci_job_id: 393
23:34:56 [INF] API Security: service_start_timeout: 300
23:34:56 [INF] API Security: target_url: None
23:34:56 [INF] API Security: timeout: 30
23:34:56 [INF] API Security: verbose: False
23:34:56 [INF] API Security:
23:34:56 [INF] API Security: Waiting for API Security (http://127.0.0.1:5000) to become available...
23:34:56 [INF] API Security: Backing off 0.7 seconds afters 1 tries
23:34:57 [INF] API Security: Backing off 0.9 seconds afters 2 tries
23:35:22 [INF] API Security:
23:35:22 [INF] API Security: Loaded 1 operations from: https://3000-mcrocha-testrailsopenap-bfggihhf94z.ws-us70.gitpod.io/api-docs/v1/swagger.yaml
23:35:22 [INF] API Security:
23:35:22 [INF] API Security: Testing operation [1/1]: 'GET https://3000-mcrocha-testrailsopenap-bfggihhf94z.ws-us70.gitpod.io/posts'.
23:35:22 [INF] API Security: - Parameters: (Headers: 4, Query: 0, Body: 0)
23:35:22 [INF] API Security: - Request body size: 0 Bytes (0 bytes)
23:35:22 [INF] API Security:
23:35:52 [INF] API Security: Finished testing operation 'GET https://3000-mcrocha-testrailsopenap-bfggihhf94z.ws-us70.gitpod.io/posts'.
23:35:52 [INF] API Security: - Excluded Parameters: (Headers: 0, Query: 0, Body: 0)
23:35:52 [INF] API Security: - Performed 472 requests
23:35:52 [INF] API Security: - Average response body size: 6.1 kB (6065 bytes)
23:35:52 [INF] API Security: - Average call time: 112.82 milliseconds (0.112821 seconds)
23:35:52 [INF] API Security: - Time to complete: 29 seconds and 302.59 milliseconds (29.302587 seconds)
23:35:52 [INF] API Security:
23:35:52 [INF] API Security:
23:35:52 [INF] API Security: Generating security report as 'gl-dast-api-report.json'.
23:35:53 [INF] API Security:
23:35:53 [INF] API Security: --[ Tested Operations ]-------------------------
23:35:53 [INF] API Security: 200 GET https://3000-mcrocha-testrailsopenap-bfggihhf94z.ws-us70.gitpod.io:443/posts OK
23:35:53 [INF] API Security: ------------------------------------------------
23:35:53 [INF] API Security:
23:35:53 [INF] API Security: --[ Excluded Operations ]-----------------------
23:35:53 [INF] API Security: No operations were excluded
23:35:53 [INF] API Security: ------------------------------------------------
23:35:53 [INF] API Security:
23:35:53 [INF] API Security: --[ Excluded Parameters ]-----------------------
23:35:53 [INF] API Security: No parameters were excluded
23:35:53 [INF] API Security: ------------------------------------------------
23:35:53 [INF] API Security:
23:35:53 [INF] API Security: --[ Finished testing ]--------------------------
23:35:53 [INF] API Security: Testing completed successfully
23:35:53 [INF] API Security:
23:35:53 [INF] API Security: * Performed total of 472 API requests.
23:35:53 [INF] API Security: * Performed total of 13 security checks.
23:35:53 [INF] API Security: - Active checks....: 8
23:35:53 [INF] API Security: - Passive checks...: 5
23:35:53 [INF] API Security: * Detected 5 vulnerabilities.
23:35:53 [INF] API Security: ------------------------------------------------
23:35:53 [INF] API Security:
23:35:53 [INF] API Security: Testing completed successfully, 5 issues detected.
23:35:53 [INF] API Security:
23:35:53 [INF] API Security:
Stopping scanner...
/peach/analyzer-dast-api: line 56: kill: (18) - No such process
Waiting for scanner to terminate
Uploading artifacts for successful job
00:04
Uploading artifacts...
gl-assets: found 11 matching files and directories
gl-dast-api-report.json: found 1 matching files and directories
gl-*.log: found 2 matching files and directories
Uploading artifacts as "archive" to coordinator... 201 Created id=393 responseStatus=201 Created token=8vNPX3hj
Uploading artifacts...
gl-dast-api-report.json: found 1 matching files and directories
Uploading artifacts as "dast" to coordinator... 201 Created id=393 responseStatus=201 Created token=8vNPX3hj
Cleaning up project directory and file based variables
00:00
Job succeededMR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Marcos Rocha