Move exclusions into the FullScan.yml.

Lombiq · Aug 23, 2024 · 387ae20 · 387ae20
1 parent bc5900f
commit 387ae20
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 7 deletions.
diff --git a/Lombiq.Tests.UI/SecurityScanning/AutomationFrameworkPlans/FullScan.yml b/Lombiq.Tests.UI/SecurityScanning/AutomationFrameworkPlans/FullScan.yml
@@ -4,7 +4,10 @@ env:
     - name: Default Context
       urls:
         - <start URL>
-      excludePaths: []
+      excludePaths:
+        # Don't inspect any part of the Admin dashboard or the testing-exclusive Lombiq.Tests.UI.Shortcuts module.
+        - .*/Admin/.*
+        - .*/Lombiq.Tests.UI.Shortcuts/.*
       authentication:
         parameters: {}
         verification:

diff --git a/Lombiq.Tests.UI/SecurityScanning/SecurityScanningUITestContextExtensions.cs b/Lombiq.Tests.UI/SecurityScanning/SecurityScanningUITestContextExtensions.cs
@@ -82,12 +82,6 @@ public static Task RunAndConfigureAndAssertFullSecurityScanForContinuousIntegrat
                 // Signing in ensures full access and that the bot won't have to interact with the login screen.
                 if (doSignIn) configuration.SignIn();
 
-                // There is no need to security scan the admin dashboard.
-                configuration.ExcludeUrlWithRegex(@".*/Admin/.*");
-
-                // There is no need to security scan anything in Lombiq.Tests.UI.Shortcuts.
-                configuration.ExcludeUrlWithRegex(@".*/Lombiq.Tests.UI.Shortcuts/.*");
-
                 // Active scan takes a very long time, this is not practical in CI.
                 configuration.ModifyZapPlan(plan => plan
                     .SetActiveScanMaxDuration(maxActiveScanDurationInMinutes, maxRuleDurationInMinutes));