Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
c2d881c2
Commit
c2d881c2
authored
Mar 11, 2021
by
Dheeraj Joshi
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update schema for DAST site profile form
Update excluded-urls input field schema from string to [string]
parent
db9606da
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
63 additions
and
16 deletions
+63
-16
ee/app/assets/javascripts/security_configuration/dast_site_profiles_form/components/dast_site_profile_form.vue
..._site_profiles_form/components/dast_site_profile_form.vue
+16
-3
ee/app/views/projects/security/dast_site_profiles/edit.html.haml
...views/projects/security/dast_site_profiles/edit.html.haml
+1
-1
ee/spec/frontend/on_demand_scans/mocks/mock_data.js
ee/spec/frontend/on_demand_scans/mocks/mock_data.js
+2
-2
ee/spec/frontend/security_configuration/dast_site_profiles_form/components/dast_site_profile_form_spec.js
...e_profiles_form/components/dast_site_profile_form_spec.js
+44
-10
No files found.
ee/app/assets/javascripts/security_configuration/dast_site_profiles_form/components/dast_site_profile_form.vue
View file @
c2d881c2
...
@@ -24,6 +24,7 @@ import DastSiteAuthSection from './dast_site_auth_section.vue';
...
@@ -24,6 +24,7 @@ import DastSiteAuthSection from './dast_site_auth_section.vue';
const
MAX_CHAR_LIMIT_EXCLUDED_URLS
=
2048
;
const
MAX_CHAR_LIMIT_EXCLUDED_URLS
=
2048
;
const
MAX_CHAR_LIMIT_REQUEST_HEADERS
=
2048
;
const
MAX_CHAR_LIMIT_REQUEST_HEADERS
=
2048
;
const
EXCLUDED_URLS_SEPARATOR
=
'
,
'
;
export
default
{
export
default
{
name
:
'
DastSiteProfileForm
'
,
name
:
'
DastSiteProfileForm
'
,
...
@@ -63,7 +64,7 @@ export default {
...
@@ -63,7 +64,7 @@ export default {
},
},
},
},
data
()
{
data
()
{
const
{
name
=
''
,
targetUrl
=
''
,
excludedUrls
=
''
,
requestHeaders
=
''
,
auth
=
{}
}
=
const
{
name
=
''
,
targetUrl
=
''
,
excludedUrls
=
[]
,
requestHeaders
=
''
,
auth
=
{}
}
=
this
.
siteProfile
||
{};
this
.
siteProfile
||
{};
const
form
=
{
const
form
=
{
...
@@ -72,7 +73,11 @@ export default {
...
@@ -72,7 +73,11 @@ export default {
fields
:
{
fields
:
{
profileName
:
initFormField
({
value
:
name
}),
profileName
:
initFormField
({
value
:
name
}),
targetUrl
:
initFormField
({
value
:
targetUrl
}),
targetUrl
:
initFormField
({
value
:
targetUrl
}),
excludedUrls
:
initFormField
({
value
:
excludedUrls
,
required
:
false
,
skipValidation
:
true
}),
excludedUrls
:
initFormField
({
value
:
excludedUrls
.
join
(
EXCLUDED_URLS_SEPARATOR
),
required
:
false
,
skipValidation
:
true
,
}),
requestHeaders
:
initFormField
({
requestHeaders
:
initFormField
({
value
:
requestHeaders
,
value
:
requestHeaders
,
required
:
false
,
required
:
false
,
...
@@ -150,6 +155,9 @@ export default {
...
@@ -150,6 +155,9 @@ export default {
}
}
},
},
methods
:
{
methods
:
{
parseExcludedUrls
(
input
)
{
return
input
.
value
.
split
(
EXCLUDED_URLS_SEPARATOR
).
map
((
url
)
=>
url
.
trim
());
},
onSubmit
()
{
onSubmit
()
{
const
isAuthEnabled
=
const
isAuthEnabled
=
this
.
glFeatures
.
securityDastSiteProfilesAdditionalFields
&&
this
.
glFeatures
.
securityDastSiteProfilesAdditionalFields
&&
...
@@ -165,13 +173,18 @@ export default {
...
@@ -165,13 +173,18 @@ export default {
this
.
hideErrors
();
this
.
hideErrors
();
const
{
errorMessage
}
=
this
.
i18n
;
const
{
errorMessage
}
=
this
.
i18n
;
const
{
profileName
,
targetUrl
,
...
additionalFields
}
=
serializeFormObject
(
this
.
form
.
fields
);
const
variables
=
{
const
variables
=
{
input
:
{
input
:
{
fullPath
:
this
.
fullPath
,
fullPath
:
this
.
fullPath
,
...(
this
.
isEdit
?
{
id
:
this
.
siteProfile
.
id
}
:
{}),
...(
this
.
isEdit
?
{
id
:
this
.
siteProfile
.
id
}
:
{}),
...
serializeFormObject
(
this
.
form
.
fields
),
profileName
,
targetUrl
,
...(
this
.
glFeatures
.
securityDastSiteProfilesAdditionalFields
&&
{
...(
this
.
glFeatures
.
securityDastSiteProfilesAdditionalFields
&&
{
...
additionalFields
,
auth
:
serializeFormObject
(
this
.
authSection
.
fields
),
auth
:
serializeFormObject
(
this
.
authSection
.
fields
),
excludedUrls
:
this
.
parseExcludedUrls
(
this
.
form
.
fields
.
excludedUrls
),
}),
}),
},
},
};
};
...
...
ee/app/views/projects/security/dast_site_profiles/edit.html.haml
View file @
c2d881c2
...
@@ -6,6 +6,6 @@
...
@@ -6,6 +6,6 @@
.js-dast-site-profile-form
{
data:
{
full_path:
@project
.
path_with_namespace
,
.js-dast-site-profile-form
{
data:
{
full_path:
@project
.
path_with_namespace
,
profiles_library_path:
project_security_configuration_dast_profiles_path
(
@project
,
anchor:
'site-profiles'
),
profiles_library_path:
project_security_configuration_dast_profiles_path
(
@project
,
anchor:
'site-profiles'
),
site_profile:
{
id:
@site_profile
.
to_global_id
.
to_s
,
name:
@site_profile
.
name
,
target_url:
@site_profile
.
dast_site
.
url
,
site_profile:
{
id:
@site_profile
.
to_global_id
.
to_s
,
name:
@site_profile
.
name
,
target_url:
@site_profile
.
dast_site
.
url
,
excluded_urls:
'https://example.com/logout'
,
request_headers:
'new-header'
,
excluded_urls:
[
'https://example.com/logout'
,
'https://example.com/send_mail'
]
,
request_headers:
'new-header'
,
auth:
{
enabled:
true
,
url:
'https://example.com'
,
username:
'admin'
,
usernameField:
'username'
,
passwordField:
'password'
},
referenced_in_security_policies:
@site_profile
.
referenced_in_security_policies
}.
to_json
,
auth:
{
enabled:
true
,
url:
'https://example.com'
,
username:
'admin'
,
usernameField:
'username'
,
passwordField:
'password'
},
referenced_in_security_policies:
@site_profile
.
referenced_in_security_policies
}.
to_json
,
on_demand_scans_path:
new_project_on_demand_scan_path
(
@project
)
}
}
on_demand_scans_path:
new_project_on_demand_scan_path
(
@project
)
}
}
ee/spec/frontend/on_demand_scans/mocks/mock_data.js
View file @
c2d881c2
...
@@ -51,7 +51,7 @@ export const siteProfiles = [
...
@@ -51,7 +51,7 @@ export const siteProfiles = [
username
:
'
admin
'
,
username
:
'
admin
'
,
password
:
'
password
'
,
password
:
'
password
'
,
},
},
excludedUrls
:
'
https://foo.com/logout,https://foo.com/send_mail
'
,
excludedUrls
:
[
'
https://foo.com/logout
'
,
'
https://foo.com/send_mail
'
]
,
requestHeaders
:
'
log-identifier: dast-active-scan
'
,
requestHeaders
:
'
log-identifier: dast-active-scan
'
,
referencedInSecurityPolicies
:
[],
referencedInSecurityPolicies
:
[],
},
},
...
@@ -65,7 +65,7 @@ export const siteProfiles = [
...
@@ -65,7 +65,7 @@ export const siteProfiles = [
auth
:
{
auth
:
{
enabled
:
false
,
enabled
:
false
,
},
},
excludedUrls
:
'
https://bar.com/logout
'
,
excludedUrls
:
[
'
https://bar.com/logout
'
]
,
requestHeaders
:
'
auth: gitlab-dast
'
,
requestHeaders
:
'
auth: gitlab-dast
'
,
referencedInSecurityPolicies
:
[],
referencedInSecurityPolicies
:
[],
},
},
...
...
ee/spec/frontend/security_configuration/dast_site_profiles_form/components/dast_site_profile_form_spec.js
View file @
c2d881c2
...
@@ -24,7 +24,7 @@ const profilesLibraryPath = `${TEST_HOST}/${fullPath}/-/security/configuration/d
...
@@ -24,7 +24,7 @@ const profilesLibraryPath = `${TEST_HOST}/${fullPath}/-/security/configuration/d
const
onDemandScansPath
=
`
${
TEST_HOST
}
/
${
fullPath
}
/-/on_demand_scans`
;
const
onDemandScansPath
=
`
${
TEST_HOST
}
/
${
fullPath
}
/-/on_demand_scans`
;
const
profileName
=
'
My DAST site profile
'
;
const
profileName
=
'
My DAST site profile
'
;
const
targetUrl
=
'
http://example.com
'
;
const
targetUrl
=
'
http://example.com
'
;
const
excludedUrls
=
'
http
://example.com/logout
'
;
const
excludedUrls
=
'
http
s://foo.com/logout, https://foo.com/send_mail
'
;
const
requestHeaders
=
'
my-new-header=something
'
;
const
requestHeaders
=
'
my-new-header=something
'
;
const
defaultProps
=
{
const
defaultProps
=
{
...
@@ -224,10 +224,10 @@ describe('DastSiteProfileForm', () => {
...
@@ -224,10 +224,10 @@ describe('DastSiteProfileForm', () => {
input
:
{
input
:
{
profileName
,
profileName
,
targetUrl
,
targetUrl
,
excludedUrls
,
requestHeaders
,
requestHeaders
,
fullPath
,
fullPath
,
auth
:
siteProfileOne
.
auth
,
auth
:
siteProfileOne
.
auth
,
excludedUrls
:
siteProfileOne
.
excludedUrls
,
...
mutationVars
,
...
mutationVars
,
},
},
});
});
...
@@ -319,21 +319,55 @@ describe('DastSiteProfileForm', () => {
...
@@ -319,21 +319,55 @@ describe('DastSiteProfileForm', () => {
});
});
describe
(
'
when feature flag is off
'
,
()
=>
{
describe
(
'
when feature flag is off
'
,
()
=>
{
beforeEach
(()
=>
{
const
mountOpts
=
{
createFullComponent
({
provide
:
{
provide
:
{
glFeatures
:
{
glFeatures
:
{
securityDastSiteProfilesAdditionalFields
:
false
,
securityDastSiteProfilesAdditionalFields
:
false
,
},
},
},
});
},
});
};
const
fillAndSubmitForm
=
async
()
=>
{
await
setFieldValue
(
findProfileNameInput
(),
profileName
);
await
setFieldValue
(
findTargetUrlInput
(),
targetUrl
);
submitForm
();
};
it
(
'
should not render additional fields
'
,
()
=>
{
it
(
'
should not render additional fields
'
,
()
=>
{
createFullComponent
(
mountOpts
);
expect
(
findAuthSection
().
exists
()).
toBe
(
false
);
expect
(
findAuthSection
().
exists
()).
toBe
(
false
);
expect
(
findExcludedUrlsInput
().
exists
()).
toBe
(
false
);
expect
(
findExcludedUrlsInput
().
exists
()).
toBe
(
false
);
expect
(
findRequestHeadersInput
().
exists
()).
toBe
(
false
);
expect
(
findRequestHeadersInput
().
exists
()).
toBe
(
false
);
});
});
describe
.
each
`
title | siteProfile | mutationVars | mutationKind
${
'
New site profile
'
}
|
${
null
}
|
${{}}
|
$
{
'
dastSiteProfileCreate
'
}
${
'
Edit site profile
'
}
|
${
siteProfileOne
}
|
${{
id
:
siteProfileOne
.
id
}
} |
${
'
dastSiteProfileUpdate
'
}
`
(
'
$title
'
,
({
siteProfile
,
mutationVars
,
mutationKind
})
=>
{
beforeEach
(()
=>
{
createFullComponent
({
propsData
:
{
siteProfile
,
},
...
mountOpts
,
});
fillAndSubmitForm
();
});
it
(
'
form submission triggers correct GraphQL mutation
'
,
async
()
=>
{
await
fillAndSubmitForm
();
expect
(
requestHandlers
[
mutationKind
]).
toHaveBeenCalledWith
({
input
:
{
profileName
,
targetUrl
,
fullPath
,
...
mutationVars
,
},
});
});
});
});
});
describe
(
'
when profile does not come from a policy
'
,
()
=>
{
describe
(
'
when profile does not come from a policy
'
,
()
=>
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment