Only ping target after ZAP has started
What does this MR do?
This MR attempts to avoid the breaking changes created by !323 (merged) by moving the DAST target access check to the location of the legacy ZAP check. By using ZAP as a proxy for the check, the target is still added to the attack surface like it was in the legacy check. This preserves existing users' scan results.
Technically speaking, this MR:
- removes the use of ZAP to access the target from
TargetSelector
- moves the use of
TargetWebsite
to access the target fromScanScriptWrapper
toTargetSelector
and uses ZAP as a proxy for the check - moves the use of
ZapWebdriver
to authenticate with the target fromCustomHooks.zap_started
to follow the target access check. Because the target sometimes takes several seconds to become available, attempting to authenticate before running the access check (which retries several times if the target is not available) could result in errors - removes
ZAProxy.urlopen
because it is no longer used - moves
src.target_website
tosrc.services.target_probe
andsrc.target_website_availability_check
tosrc.services.target_availability_check
since I think they are appropriately services - removes
ZAProxy.ping_target
because it is no longer used
What are the relevant issue numbers?
Edited by Avielle Wolfe