Add basic Open API v2 support (!92) · Merge requests · GitLab.org / security-products / dast

Cameron Swords requested to merge open-api-support into master Jan 02, 2020

What does this MR do?

Adds OpenAPI v2 support to DAST. The name of the API specification file and the format is passed to DAST. DAST finds this file in the /zap/wrk directory, and uses it to determine URLs available for scanning.

For the moment, this is limited to:

Open API v2 only
Use only with the legacy script /zap/zap-api-scan.py
Specifications loaded via files, not URLs
YAML specifications, not JSON
No domain rewriting
No authentication

This MR in part resolves issue gitlab-org/gitlab#10928 (closed).

Edited Feb 28, 2020 by Cameron Swords

Add basic Open API v2 support

What does this MR do?

Merge request reports