Hack a solution to exclude updating a ZAP extension
What does this MR do?
The recently Webdriver Linux ZAP extension has broken the ZAP Ajax Spider functionality (see gitlab-org/gitlab#55266 (closed)). This MR provides a way around the problem with some positively nasty hacks to avoid the problem extension being updated.
Specifically:
- sed is used to remove the hardcoded
addonupdate
directive in ZAP Python code😵 - every (known) ZAP extension, aside from the problem extension, is added as a
addoninstall
directive. This also serves to update the extension
This is a terrible solution because
- Find and replace in 3rd party code is extremely brittle, and hard to read/understand
- If a new extension is released tomorrow, DAST won't be installing it
- If an extension is renamed, DAST will remain on the old version
However, this might be enough to resolve the issue for now.
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Job definition example -
Vendored CI Templates (also in CE)
-
-
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer