Skip to content

Standardise use of Python in DAST

Issue: #118748 (closed), should be addressed first and the standardized version should be Python 3.

Previous Description:

Concern

DAST uses Python to orchestrate and run the ZAProxy scanner.

When running in the Docker container to run ZAProxy, Python 2.7.15+ is used. When running unit tests in DAST CI, Python 3.7 is used.

This has the following issues:

  • Setting up a local machine for development on DAST is more complicated than necessary.
  • Unnecessary risk is introduced because we're using a version live that is different to what is tested.
  • Modules/code that require Python 3 could accidentally be introduced.

Proposal

  • We standardise on using Python 2.7.x as the version of Python for DAST.
  • The CI template changes and uses a Python 2.7 docker image to run the unit tests.
  • Unit tests are re-written to depend on Python 2.7 modules/code.

Note: End to end tests run using Python 2.7, which provides a fairly high level of safety regarding accidentally releasing DAST with Python 3 code.

Edited by Seth Berger