Skip to content

GitLab Next

Why GitLab
Pricing
Contact Sales
Explore

Sign in
Get free trial

Change the ZAP hook used to authenticate sessions

Review changes
Download
Patches
Plain diff

Cameron Swords requested to merge login-on-zap-started-hook into master Mar 05, 2020

Overview 1
Commits 1
Pipelines 2
Changes 2

What does this MR do?

When ZAProxy starts, DAST listens to the zap_access_target hook. When the hook is called, DAST creates a new session, and if required, starts a browser and logs the user in using supplied credentials.

This MR changes this behaviour to instead listen for the zap_started hook. The primary reason for this is that the API scanning code does not have a zap_access_target hook, therefore any functionality we add to that hook would not work for an API scan.

This in part resolves issue gitlab-org/gitlab#10928 (closed).

Does this MR meet the acceptance criteria?

Changelog entry added
Documentation created/updated for GitLab EE, if necessary
Documentation created/updated for this project, if necessary
Documentation reviewed by technical writer or follow-up review issue created
Tests added for this feature/bug
Job definition updated, if necessary
- Job definition example
- Vendored CI Templates (also in CE)
Conforms to the code review guidelines
Conforms to the Go guidelines
Security reports checked/validated by reviewer

Merge request reports

Assignee

Reviewers

Request review from

Time tracking