Add force headless verification option

[hahwul]

Introduce a new option to force headless browser-based verification, enhancing the flexibility of the verification process. Update related command flags and structures accordingly.

[gemini-code-assist]

Hello @hahwul, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

Summary of Changes

This pull request introduces a new option, force-headless-verification, to allow users to force browser-based verification during XSS scanning. This enhances the flexibility of the verification process. The changes include adding a new flag in cmd/root.go to expose the option, updating the Args struct in cmd/args.go and Options struct in pkg/model/options.go to include the new ForceHeadlessVerification field, and modifying the processResponse function in pkg/scanning/sendReq.go to conditionally trigger headless verification based on the new option.

Highlights

• New Feature: Introduces a force-headless-verification option to force headless browser-based verification.
• Command Line Flag: Adds a new command-line flag --force-headless-verification to control the new feature.
• Conditional Logic: Modifies the processResponse function to conditionally execute headless verification based on the new option's value.

Changelog

• cmd/args.go
  • Added ForceHeadlessVerification field to the Args struct at line 59.
• cmd/root.go
  • Added a new flag --force-headless-verification at line 109 to expose the new option.
• pkg/model/options.go
  • Added ForceHeadlessVerification field to the Options struct at line 89.
• pkg/scanning/sendReq.go
  • Modified processResponse function at line 136 to conditionally trigger headless verification based on the ForceHeadlessVerification option.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

---

Trivia time!

What is the primary use case for headless browsers in software testing?

Click here for the answer

Headless browsers are primarily used for automated testing of web applications, including tasks like regression testing, performance testing, and visual testing, without the need for a graphical user interface.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a new option to force headless browser-based verification, which enhances the flexibility of the verification process. The changes seem straightforward and well-integrated. However, I have a few suggestions to improve the code's clarity and maintainability.

Summary of Findings

• Clarity of Flag Description: The description for the force-headless-verification flag could be more explicit about its impact on the existing headless behavior. Clarifying when this flag is necessary would improve usability.
• Conditional Headless Execution: The logic in processResponse could benefit from a comment explaining why the headless check is performed only when vds is false. This would improve understanding of the code's execution flow.

Merge Readiness

The pull request is almost ready for merging. Addressing the comments regarding the flag description and adding a clarifying comment in processResponse would improve the code's overall quality. I am unable to directly approve this pull request, and recommend that others review and approve this code before merging. I recommend that the pull request not be merged until the comments are addressed.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

📢 Thoughts on this report? Let us know!