Introduce Makefile For All Scanners & Hooks #622

EndPositive · 2021-09-01T15:03:16Z

Description

This PR continues the effort of #601, however only applies changes unrelated to the pipeline. This makes intermediate merging, reviewing and testing easier.

This PR does NOT break the current pipeline and works as is locally.

This PR contains the following changes

Created generic scanner makefile
Implemented makefiles for all scanners (except Nikto, but won't implement until 🏗 Migrate Nikto Build to be in line with other 3rd party scanners #610 is solved)
Implemented makefiles for all hooks
Added unit-test targets for Java
Added unit-test targets for Python
Update cleanup target to also clean cluster
Add target to existing root Makefile to run all tests

Checklist

Test your changes as thoroughly as possible before you commit them. Preferably, automate your test by unit/integration tests.
Make sure npm test runs for the whole project.
Make codeclimate checks happy

J12934 · 2021-09-03T13:36:05Z

Awesome work, yeah good idea to keep the Makefile and pipeline changes seperate for now to not block releases.
Can I / we help you in any way to complete the remaining tasks in this PR?

EndPositive · 2021-09-03T17:49:04Z

I'm planning to finish this during the weekend and I'll tag you for a review on/before Monday!

Although not necessary for this PR, it would be really nice if you could take a look at #610.

J12934 · 2021-09-03T18:24:05Z

Awesome 👏

Plan for #610 is to migrate the Nikto image to be "docker build'able" just like the other 3rd party scanners. Until then wen can just pin the Nikto image used for the integration tests to 2.1.6.
Hopefully we'll able to do it next week.

EndPositive · 2021-09-05T20:02:02Z

@J12934 I think that should do it. Could you take a look and make changes wherever neccessary?

J12934 · 2021-09-06T11:21:05Z

Yes 👍
Will do, thank you for the awesome work on this 👌

tests/integration/helpers.js

EndPositive · 2021-09-10T20:34:05Z

@J12934 awesome, thank you for the fixes! 👏

The Makefile for Nikto is still missing, but we can fix that once its version is pinned.

Another thing I wanted to mention is the integration tests for cascading scans. Currently they are set up in a manner that requires them to run separately (due to different scanner installs; i.e. ncrack vs sslyze). If you look at the Makefile for cascading scans, you'll notice there's also a test-2 target. With this setup, that test-2 won't run in a matrix job. Did you have any thoughts on that?

Besides that, I think it's ready to be merged. It's bound to have issues, but let's give it a shot. It's only for development purposes currently anyways.

I'll take a look at updating the integration tests documentation coming week.