Add an invoke task to make it easy to write a ZAP plugin
What does this MR do?
I've been experimenting on how to write a ZAP plugin and get it integrated into the DAST environment. This is hard to do as the constant change between directories and building the appropriate components makes the feedback loop larger than necessary.
This MR adds an invoke task, zap.project.fetch-local-addon, that when run with a ZAP addon will build the addon and copy it to the DAST resources/zap_plugins folder. When the DAST docker image is rebuilt, the resulting addon .zap file will be added to /zap/plugins, which will cause ZAP to automatically load the plugin.
A prerequisite to this task is that ZAP has been installed with invoke zap.project.install.
The feedback loop for creating/testing a ZAP plugin is much faster, as it then becomes:
- Update addon Java code
invoke zap.project.fetch-local-addon --addon [addon-name]-
docker build . -t dast, and docker -ti --rm -v $PWD:/output dast /analyze -t [target]
This can be used to test upstream changes made to a ZAP plugin, or for testing new ZAP plugins written by the DAST team.
What are the relevant issue numbers?
n/a
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Job definition example -
Vendored CI Templates (also in CE)
-
-
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer