Commit a1e4b7c1 authored by Alex Kalderimis's avatar Alex Kalderimis

Merge branch 'philipcunningham-disable-authentication-225406' into 'master'

Filter auth params from DAST config when disabled

See merge request gitlab-org/gitlab!58622
parents e7b108d9 1304b47e
...@@ -72,11 +72,15 @@ module DastOnDemandScans ...@@ -72,11 +72,15 @@ module DastOnDemandScans
def site_profile_config def site_profile_config
return {} unless dast_site_profile return {} unless dast_site_profile
excluded_urls = dast_site_profile.excluded_urls.presence&.join(',')
return { excluded_urls: excluded_urls } unless dast_site_profile.auth_enabled
{ {
excluded_urls: dast_site_profile.excluded_urls.presence&.join(','), excluded_urls: excluded_urls,
auth_username_field: dast_site_profile.auth_username_field, auth_username_field: dast_site_profile.auth_username_field,
auth_password_field: dast_site_profile.auth_password_field, auth_password_field: dast_site_profile.auth_password_field,
auth_username: dast_site_profile.auth_username auth_username: dast_site_profile.auth_username,
auth_url: dast_site_profile.auth_url
} }
end end
......
...@@ -10,7 +10,7 @@ FactoryBot.define do ...@@ -10,7 +10,7 @@ FactoryBot.define do
"#{FFaker::Product.product_name.truncate(200)} - #{i}" "#{FFaker::Product.product_name.truncate(200)} - #{i}"
end end
auth_enabled { false } auth_enabled { true }
auth_url { "#{dast_site.url}/sign-in" } auth_url { "#{dast_site.url}/sign-in" }
auth_username_field { 'session[username]' } auth_username_field { 'session[username]' }
auth_password_field { 'session[password]' } auth_password_field { 'session[password]' }
......
...@@ -16,7 +16,7 @@ RSpec.describe Mutations::DastSiteProfiles::Update do ...@@ -16,7 +16,7 @@ RSpec.describe Mutations::DastSiteProfiles::Update do
let(:new_auth) do let(:new_auth) do
{ {
enabled: true, enabled: false,
url: "#{new_target_url}/login", url: "#{new_target_url}/login",
username_field: 'login[username]', username_field: 'login[username]',
password_field: 'login[password]', password_field: 'login[password]',
......
...@@ -125,6 +125,7 @@ RSpec.describe Gitlab::Ci::Config do ...@@ -125,6 +125,7 @@ RSpec.describe Gitlab::Ci::Config do
stage: 'test', stage: 'test',
image: { name: '$SECURE_ANALYZERS_PREFIX/dast:$DAST_VERSION' }, image: { name: '$SECURE_ANALYZERS_PREFIX/dast:$DAST_VERSION' },
variables: { variables: {
DAST_AUTH_URL: dast_site_profile.auth_url,
DAST_VERSION: 1, DAST_VERSION: 1,
SECURE_ANALYZERS_PREFIX: 'registry.gitlab.com/gitlab-org/security-products/analyzers', SECURE_ANALYZERS_PREFIX: 'registry.gitlab.com/gitlab-org/security-products/analyzers',
DAST_WEBSITE: dast_site_profile.dast_site.url, DAST_WEBSITE: dast_site_profile.dast_site.url,
......
...@@ -93,6 +93,7 @@ RSpec.describe Gitlab::Ci::Config::SecurityOrchestrationPolicies::Processor do ...@@ -93,6 +93,7 @@ RSpec.describe Gitlab::Ci::Config::SecurityOrchestrationPolicies::Processor do
name: '$SECURE_ANALYZERS_PREFIX/dast:$DAST_VERSION' name: '$SECURE_ANALYZERS_PREFIX/dast:$DAST_VERSION'
}, },
variables: { variables: {
DAST_AUTH_URL: dast_site_profile.auth_url,
DAST_VERSION: 1, DAST_VERSION: 1,
SECURE_ANALYZERS_PREFIX: 'registry.gitlab.com/gitlab-org/security-products/analyzers', SECURE_ANALYZERS_PREFIX: 'registry.gitlab.com/gitlab-org/security-products/analyzers',
DAST_WEBSITE: dast_site_profile.dast_site.url, DAST_WEBSITE: dast_site_profile.dast_site.url,
......
...@@ -65,6 +65,7 @@ RSpec.describe DastOnDemandScans::CreateService do ...@@ -65,6 +65,7 @@ RSpec.describe DastOnDemandScans::CreateService do
let(:expected_params) do let(:expected_params) do
{ {
auth_password_field: dast_site_profile.auth_password_field, auth_password_field: dast_site_profile.auth_password_field,
auth_url: dast_site_profile.auth_url,
auth_username: dast_site_profile.auth_username, auth_username: dast_site_profile.auth_username,
auth_username_field: dast_site_profile.auth_username_field, auth_username_field: dast_site_profile.auth_username_field,
branch: project.default_branch_or_master, branch: project.default_branch_or_master,
......
...@@ -42,6 +42,7 @@ RSpec.describe DastOnDemandScans::ParamsCreateService do ...@@ -42,6 +42,7 @@ RSpec.describe DastOnDemandScans::ParamsCreateService do
auth_password_field: dast_site_profile.auth_password_field, auth_password_field: dast_site_profile.auth_password_field,
auth_username: dast_site_profile.auth_username, auth_username: dast_site_profile.auth_username,
auth_username_field: dast_site_profile.auth_username_field, auth_username_field: dast_site_profile.auth_username_field,
auth_url: dast_site_profile.auth_url,
branch: project.default_branch, branch: project.default_branch,
dast_profile: nil, dast_profile: nil,
excluded_urls: dast_site_profile.excluded_urls.join(','), excluded_urls: dast_site_profile.excluded_urls.join(','),
...@@ -58,6 +59,7 @@ RSpec.describe DastOnDemandScans::ParamsCreateService do ...@@ -58,6 +59,7 @@ RSpec.describe DastOnDemandScans::ParamsCreateService do
auth_password_field: dast_site_profile.auth_password_field, auth_password_field: dast_site_profile.auth_password_field,
auth_username: dast_site_profile.auth_username, auth_username: dast_site_profile.auth_username,
auth_username_field: dast_site_profile.auth_username_field, auth_username_field: dast_site_profile.auth_username_field,
auth_url: dast_site_profile.auth_url,
branch: project.default_branch, branch: project.default_branch,
dast_profile: nil, dast_profile: nil,
excluded_urls: dast_site_profile.excluded_urls.join(','), excluded_urls: dast_site_profile.excluded_urls.join(','),
...@@ -89,6 +91,24 @@ RSpec.describe DastOnDemandScans::ParamsCreateService do ...@@ -89,6 +91,24 @@ RSpec.describe DastOnDemandScans::ParamsCreateService do
end end
end end
end end
context 'when authentication is not enabled' do
let_it_be(:dast_site_profile) { create(:dast_site_profile, project: project, auth_enabled: false) }
it 'returns prepared scanner params excluding auth params in the payload' do
expect(subject.payload).to eq(
branch: project.default_branch,
dast_profile: nil,
excluded_urls: dast_site_profile.excluded_urls.join(','),
full_scan_enabled: false,
show_debug_messages: false,
spider_timeout: nil,
target_timeout: nil,
target_url: dast_site_profile.dast_site.url,
use_ajax_spider: false
)
end
end
end end
context 'when the dast_profile is provided' do context 'when the dast_profile is provided' do
...@@ -102,6 +122,7 @@ RSpec.describe DastOnDemandScans::ParamsCreateService do ...@@ -102,6 +122,7 @@ RSpec.describe DastOnDemandScans::ParamsCreateService do
auth_username: dast_site_profile.auth_username, auth_username: dast_site_profile.auth_username,
auth_username_field: dast_site_profile.auth_username_field, auth_username_field: dast_site_profile.auth_username_field,
branch: dast_profile.branch_name, branch: dast_profile.branch_name,
auth_url: dast_site_profile.auth_url,
dast_profile: dast_profile, dast_profile: dast_profile,
excluded_urls: dast_site_profile.excluded_urls.join(','), excluded_urls: dast_site_profile.excluded_urls.join(','),
full_scan_enabled: false, full_scan_enabled: false,
......
...@@ -51,6 +51,7 @@ RSpec.describe Security::SecurityOrchestrationPolicies::OnDemandScanPipelineConf ...@@ -51,6 +51,7 @@ RSpec.describe Security::SecurityOrchestrationPolicies::OnDemandScanPipelineConf
it 'delegates variables preparation to ::Ci::DastScanCiConfigurationService' do it 'delegates variables preparation to ::Ci::DastScanCiConfigurationService' do
expected_params = { expected_params = {
auth_password_field: site_profile.auth_password_field, auth_password_field: site_profile.auth_password_field,
auth_url: site_profile.auth_url,
auth_username: site_profile.auth_username, auth_username: site_profile.auth_username,
auth_username_field: site_profile.auth_username_field, auth_username_field: site_profile.auth_username_field,
dast_profile: nil, dast_profile: nil,
...@@ -81,6 +82,7 @@ RSpec.describe Security::SecurityOrchestrationPolicies::OnDemandScanPipelineConf ...@@ -81,6 +82,7 @@ RSpec.describe Security::SecurityOrchestrationPolicies::OnDemandScanPipelineConf
stage: 'test', stage: 'test',
image: { name: '$SECURE_ANALYZERS_PREFIX/dast:$DAST_VERSION' }, image: { name: '$SECURE_ANALYZERS_PREFIX/dast:$DAST_VERSION' },
variables: { variables: {
DAST_AUTH_URL: site_profile.auth_url,
DAST_DEBUG: 'false', DAST_DEBUG: 'false',
DAST_EXCLUDE_URLS: site_profile.excluded_urls.join(','), DAST_EXCLUDE_URLS: site_profile.excluded_urls.join(','),
DAST_FULL_SCAN_ENABLED: 'false', DAST_FULL_SCAN_ENABLED: 'false',
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment