Skip to content

GitLab Next

Why GitLab
Pricing
Contact Sales
Explore

Sign in
Get free trial

GitLab.org
security-products
dast
Merge requests
!366

DAST excludes Browserker URLs that are out of scope

Review changes
Download
Patches
Plain diff

Craig Smith requested to merge exclude_vulnerabilities_not_for_allowed_hosts_50 into master Jan 07, 2021

Overview 22
Commits 1
Pipelines 22
Changes 13

What does this MR do?

When Browserker spiders, it indexes all the links of the page, including those outside of the target website. This MR updates ZAP to only scan hosts that are included in DAST_BROWSERKER_ALLOWED_HOSTS.

What are the relevant issue numbers?

gitlab-org/security-products/analyzers/browserker#50

Does this MR meet the acceptance criteria?

Changelog entry added
Documentation created/updated for GitLab EE, if necessary
Documentation created/updated for this project, if necessary
Documentation reviewed by technical writer or follow-up review issue created
Tests added for this feature/bug
Job definition updated, if necessary
- Job definition example
- Vendored CI Templates (also in CE)
Conforms to the code review guidelines
Conforms to the Go guidelines
Security reports checked/validated by reviewer

Edited Jan 08, 2021 by Craig Smith

Merge request reports

Assignee

Select assignees

Reviewers

Request review from

Time tracking