Update Browserker test expectations (!357) · Merge requests · GitLab.org / security-products / dast

Cameron Swords requested to merge update-browserker-tests into master Dec 03, 2020

What does this MR do?

This MR updates the Browserker end-to-end test expectations. These tests started failing recently as two vulnerability findings were missing:

{
  "cve": "10021",
  "description": "The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'...",
  "evidence": {
    "method": "GET",
    "url": "https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css"
  }
},
{
  "cve": "10021",
  "description": "The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'...",
  "evidence": {
    "method": "GET",
    "url": "https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/webfonts/fa-solid-900.woff2"
  }
}

It seems that CloudFlare have resolved the vulnerabilities, so these have been removed from the expectations. A future exercise could take place to remove external dependencies from end-to-end tests.

Update Browserker test expectations

What does this MR do?

Merge request reports