Automation Script Prerequisites
To ensure successful integration with FortiDAST, review the script requirements and configuration steps.
Requirements
Following are the script requirements.
-
Script size limit: 200 MiB
-
Supported formats: .py
-
Scripting languages: Python and Selenium IDE
-
Supported browser driver: Chrome
Configuration
Perform the following steps to configure your automation script before uploading it to FortiDAST.
1. Adding logging preferences
Include the following Selenium logging preferences to capture visited URLs and network APIs during script execution.
from selenium import webdriver
chrome_options = webdriver.ChromeOptions()
chrome_options.set_capability("goog:loggingPrefs", {"performance": "ALL", "browser": "ALL"})
driver = webdriver.Chrome(options=chrome_options) # Assuming chromedriver is in PATH
2. Exporting automation output
Integrate the export_output function to send the script's execution data to FortiDAST for analysis.
# Call the function before exiting the webdriver
def export_output(self, method): requestBody = {} requestBody['url'] = "<Target URL>" # Replace with your target URL requestBody['uuid'] = "<UUID>" # Replace with your FortiDAST assigned UUID requestBody['script_name'] = "<Script name>" # Replace with your script's unique name requestBody['json_content'] = self.driver.get_log('performance') jsonData = json.dumps(requestBody) # Print for debugging purposes (optional) # print(jsonData) headers = {"X-API-Key": "{0}".format("<FortiDAST Privileged API Key>"), "Content-Type": "application/json; charset=utf-8"} # Replace with FortiDAST privileged API key resp = requests.post("https://fortidast.forticloud.com/api/v1.0/asset/business_trace", headers=headers, data=jsonData, verify=False) self.driver.quit()
Note that information like target URL, UUID, and FortiDAST API key must be replaced.
-
A UUID is generated when a new asset is added, see Asset Authorization. You can also copy the UUID from the configuration page.
-
See REST APIto generate a privileged API key.