Add support for configuring authentication type (!736) · Merge requests · GitLab.org / security-products / dast

Erran Carey requested to merge pass-through-dast-auth-type into main Feb 24, 2023

What does this MR do?

Support basic/digest authentication through DAST_USERNAME/DAST_PASSWORD rather than defaulting to form authentication.

Add a new flag --auth-type and a new environment variable DAST_AUTH_TYPE for writing AuthDetails.AuthType to the browserker TOML configuration before running browser scans. DAST_AUTH_TYPE=basic-digest as shown in the test coverage will allow Basic auth to succeed without needing to manually set the authorization header.

What are the relevant issue numbers?

gitlab-org/gitlab#393058 (closed)

GitLab Docs MR

There is currently no MR but gitlab-org/gitlab#370305 (closed) is labeled as "eng contribution potential". We should at least add a small snippet about Basic Authentication to the docs since this MR makes it more easily configurable.

Edited Feb 24, 2023 by Erran Carey

Add support for configuring authentication type

What does this MR do?

What are the relevant issue numbers?

GitLab Docs MR

Merge request reports