From f92438b87818fba3a5d22dacc6cb6648b45ed87d Mon Sep 17 00:00:00 2001
From: Tiger Watson <twatson@gitlab.com>
Date: Sat, 6 Apr 2019 16:02:04 +0000
Subject: Restore original Security/DAST.gitlab-ci.yml

Reverts https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/26520
for Security/DAST.gitlab-ci.yml.
---
 lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml  |  8 +++-
 lib/gitlab/ci/templates/Jobs/DAST.gitlab-ci.yml    | 54 ----------------------
 .../ci/templates/Security/DAST.gitlab-ci.yml       | 51 +++++++++++++++++---
 3 files changed, 51 insertions(+), 62 deletions(-)
 delete mode 100644 lib/gitlab/ci/templates/Jobs/DAST.gitlab-ci.yml

diff --git a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml
index f786022beb0..b3eec2b6210 100644
--- a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml
@@ -78,8 +78,14 @@ include:
   - template: Jobs/Code-Quality.gitlab-ci.yml
   - template: Jobs/Deploy.gitlab-ci.yml
   - template: Jobs/Browser-Performance-Testing.gitlab-ci.yml
-  - template: Jobs/DAST.gitlab-ci.yml
+  - template: Security/DAST.gitlab-ci.yml
   - template: Security/Container-Scanning.gitlab-ci.yml
   - template: Security/Dependency-Scanning.gitlab-ci.yml
   - template: Security/License-Management.gitlab-ci.yml
   - template: Security/SAST.gitlab-ci.yml
+
+# Override DAST job to exclude master branch
+dast:
+  except:
+    refs:
+      - master
\ No newline at end of file
diff --git a/lib/gitlab/ci/templates/Jobs/DAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/DAST.gitlab-ci.yml
deleted file mode 100644
index aedbbb21674..00000000000
--- a/lib/gitlab/ci/templates/Jobs/DAST.gitlab-ci.yml
+++ /dev/null
@@ -1,54 +0,0 @@
-dast:
-  stage: dast
-  image: docker:stable
-  variables:
-    DOCKER_DRIVER: overlay2
-  allow_failure: true
-  services:
-    - docker:stable-dind
-  script:
-    - export DAST_WEBSITE=${DAST_WEBSITE:-$(cat environment_url.txt)}
-    - export DAST_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')}
-    - |
-      if ! docker info &>/dev/null; then
-        if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then
-          export DOCKER_HOST='tcp://localhost:2375'
-        fi
-      fi
-    - |
-      function dast_run() {
-        docker run \
-        --env DAST_TARGET_AVAILABILITY_TIMEOUT \
-        --volume "$PWD:/output" \
-        --volume /var/run/docker.sock:/var/run/docker.sock \
-        -w /output \
-        "registry.gitlab.com/gitlab-org/security-products/dast:$DAST_VERSION" \
-        /analyze -t $DAST_WEBSITE \
-        "$@"
-      }
-    - |
-      if [ -n "$DAST_AUTH_URL" ]
-      then
-        dast_run \
-          --auth-url $DAST_AUTH_URL \
-          --auth-username $DAST_USERNAME \
-          --auth-password $DAST_PASSWORD \
-          --auth-username-field $DAST_USERNAME_FIELD \
-          --auth-password-field $DAST_PASSWORD_FIELD
-      else
-        dast_run
-      fi
-  artifacts:
-    reports:
-      dast: gl-dast-report.json
-  only:
-    refs:
-      - branches
-      - tags
-    variables:
-      - $GITLAB_FEATURES =~ /\bdast\b/
-  except:
-    refs:
-      - master
-    variables:
-      - $DAST_DISABLED
diff --git a/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml
index 770340de16f..2a90cc9a06c 100644
--- a/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml
@@ -4,12 +4,6 @@
 # List of the variables: https://gitlab.com/gitlab-org/security-products/dast#settings
 # How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
 
-include:
-  - template: Jobs/DAST.gitlab-ci.yml
-
-variables:
-  DAST_WEBSITE: http://example.com # Please edit to be your website to scan for vulnerabilities
-
 stages:
   - build
   - test
@@ -17,10 +11,53 @@ stages:
   - dast
 
 dast:
+  stage: dast
+  image: docker:stable
+  variables:
+    DOCKER_DRIVER: overlay2
+  allow_failure: true
+  services:
+    - docker:stable-dind
+  script:
+    - export DAST_WEBSITE=${DAST_WEBSITE:-$(cat environment_url.txt)}
+    - export DAST_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')}
+    - |
+      if ! docker info &>/dev/null; then
+        if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then
+          export DOCKER_HOST='tcp://localhost:2375'
+        fi
+      fi
+    - |
+      function dast_run() {
+        docker run \
+        --env DAST_TARGET_AVAILABILITY_TIMEOUT \
+        --volume "$PWD:/output" \
+        --volume /var/run/docker.sock:/var/run/docker.sock \
+        -w /output \
+        "registry.gitlab.com/gitlab-org/security-products/dast:$DAST_VERSION" \
+        /analyze -t $DAST_WEBSITE \
+        "$@"
+      }
+    - |
+      if [ -n "$DAST_AUTH_URL" ]
+      then
+        dast_run \
+          --auth-url $DAST_AUTH_URL \
+          --auth-username $DAST_USERNAME \
+          --auth-password $DAST_PASSWORD \
+          --auth-username-field $DAST_USERNAME_FIELD \
+          --auth-password-field $DAST_PASSWORD_FIELD
+      else
+        dast_run
+      fi
+  artifacts:
+    reports:
+      dast: gl-dast-report.json
   only:
     refs:
       - branches
+    variables:
+      - $GITLAB_FEATURES =~ /\bdast\b/
   except:
-    refs: [] # Override default from template
     variables:
       - $DAST_DISABLED
-- 
cgit v1.2.1