diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index c72553397e..dc31f8f1fd 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -186,7 +186,7 @@ jobs: push: true tags: ${{ steps.docker_meta.outputs.tags }} labels: ${{ steps.docker_meta.outputs.labels }} - + - name: Update Docker Hub Description uses: peter-evans/dockerhub-description@v2 with: @@ -246,7 +246,7 @@ jobs: push: true tags: ${{ steps.docker_meta.outputs.tags }} labels: ${{ steps.docker_meta.outputs.labels }} - + - name: Update Docker Hub Description uses: peter-evans/dockerhub-description@v2 with: @@ -300,7 +300,7 @@ jobs: tags: ${{ steps.docker_meta.outputs.tags }} labels: ${{ steps.docker_meta.outputs.labels }} -# ---- New Makefile based CI Pipeline steps ---- + # ---- New Makefile based CI Pipeline steps ---- makefile-scanner: name: "Make Scanners" @@ -1033,15 +1033,19 @@ jobs: - name: "cascading Scans ncrack Integration Tests" run: | - kubectl -n integration-tests delete scans --all - # We'll run these in a separate namespace so that only the cascadingRules we want to test will be used - kubectl create namespace cascading-tests + + # We'll recreate the namespace so that no cascadingRules of previous tests can exist in there + if kubectl get namespace integration-tests; then + kubectl delete namespace integration-tests + fi + kubectl create namespace integration-tests + # Install cascading-scans hook - helm upgrade --install dssh ./hooks/cascading-scans/ -n cascading-tests \ + helm upgrade --install dssh ./hooks/cascading-scans/ -n integration-tests \ --set="hook.image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/hook-cascading-scans" \ --set="hook.image.tag=sha-$(git rev-parse --short HEAD)" # Install nmap - helm -n cascading-tests install nmap ./scanners/nmap/ \ + helm -n integration-tests install nmap ./scanners/nmap/ \ --set="scanner.image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/scanner-nmap" \ --set="scanner.image.tag=sha-$(git rev-parse --short HEAD)" \ --set="parser.image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/parser-nmap" \ @@ -1051,8 +1055,8 @@ jobs: # Install ncrack printf "root\nadmin\n" > users.txt printf "THEPASSWORDYOUCREATED\n123456\npassword\n" > passwords.txt - kubectl create secret generic --from-file users.txt --from-file passwords.txt ncrack-lists -n cascading-tests - cat < +# +# This Makefile expects some additional software to be installed: +# - git +# - node + npm +# - docker +# - kind +# - kubectl +# - helm +# - yq + +ifeq ($(include_guard),) + $(error you should never run this makefile directly!) +endif +ifeq ($(name),) + $(error name ENV is not set) +endif + +# Thx to https://stackoverflow.com/questions/5618615/check-if-a-program-exists-from-a-makefile +EXECUTABLES = make docker kind git node npm npx kubectl helm yq java python +K := $(foreach exec,$(EXECUTABLES),\ + $(if $(shell which $(exec)),some string,$(error "ERROR: The prerequisites are not met to execute this makefile! No '$(exec)' found in your PATH"))) + +# Variables you might want to override: +# +# IMG_NS: Defines the namespace under which the images are build. +# For `securecodebox/scanner-nmap` `securecodebox` is the namespace +# Defaults to `securecodebox` +# +# BASE_IMG_TAG: Defines the tag of the base image used to build this scanner/hook +# +# IMG_TAG: Tag used to tag the newly created image. Defaults to the shortend commit hash +# prefixed with `sha-` e.g. `sha-ef8de4b7` +# +# JEST_VERSION Defines the jest version used for executing the tests. Defaults to latest +# +# Examples: +# make all IMG_TAG=main +# make deploy IMG_TAG=$(git rev-parse --short HEAD) +# make integration-tests +# + +SHELL = /bin/sh + +IMG_NS ?= securecodebox +GIT_TAG ?= $$(git rev-parse --short HEAD) +BASE_IMG_TAG ?= latest +IMG_TAG ?= "sha-$(GIT_TAG)" +JEST_VERSION ?= latest + +parser-prefix = parser +scanner-prefix = scanner +hook-prefix = hook + +test: | clean-integration-tests unit-tests docker-build docker-export kind-import deploy deploy-test-deps integration-tests + +.PHONY: help unit-tests-hook install-deps docker-build docker-export kind-import deploy deploy-test-deps integration-tests all build test + +install-deps-js: + @echo ".: ⚙️ Installing all $(module) specific javascript dependencies." + cd ./.. && npm ci + cd ./../.. && npm ci + cd ../../${module}-sdk/nodejs && npm ci + cd ./${module}/ && npm ci + +unit-test-js: install-deps-js + @echo ".: 🧪 Starting unit-tests for '$(name)' $(module) with 'jest@$(JEST_VERSION)'." + npx --yes --package jest@$(JEST_VERSION) jest --ci --colors --coverage --passWithNoTests ${name}/${module}/ + +install-deps-py: + @echo ".: ⚙️ Installing all $(module) specific python dependencies." + python -m pip install --upgrade pip setuptools wheel pytest + cd ./$(module)/ && pip install -r requirements.txt + +unit-test-py: install-deps-py + cd ./$(module)/ && pytest --ignore-glob='*_local.py' --ignore=tests/docker + +unit-test-java: + cd ./$(module)/ && ./gradlew test + +common-docker-build: + @echo ".: ⚙️ Build '$(name)' $(module) with BASE_IMG_TAG: '$(BASE_IMG_TAG)'." + docker build --build-arg=scannerVersion=$(shell yq e .appVersion ./Chart.yaml) --build-arg=baseImageTag=$(BASE_IMG_TAG) --build-arg=namespace=$(IMG_NS) -t $(IMG_NS)/$(module)-$(name):$(IMG_TAG) -f ./$(module)/Dockerfile ./$(module) + +common-docker-export: + @echo ".: ⚙️ Saving new docker image archive to '$(module)-$(name).tar'." + docker save $(IMG_NS)/$(module)-$(name):$(IMG_TAG) -o $(module)-$(name).tar + +common-kind-import: + @echo ".: 💾 Importing the image archive '$(module)-$(name).tar' to local kind cluster." + kind load image-archive ./$(module)-$(name).tar + +deploy-test-deps: deploy-test-dep-namespace + +deploy-test-dep-namespace: + # If not exists create namespace where the tests will be executed + kubectl create namespace demo-targets --dry-run=client -o yaml | kubectl apply -f - + +deploy-test-dep-dummy-ssh: + # Install dummy-ssh app + helm -n demo-targets upgrade --install dummy-ssh ../../demo-targets/dummy-ssh/ --set="fullnameOverride=dummy-ssh" --wait + +deploy-test-dep-unsafe-https: + # Install unsafe-https app + helm -n demo-targets upgrade --install unsafe-https ../../demo-targets/unsafe-https/ --set="fullnameOverride=unsafe-https" --wait + +deploy-test-dep-bodgeit: + # Install bodgeit app + helm -n demo-targets upgrade --install bodgeit ../../demo-targets/bodgeit/ --set="fullnameOverride=bodgeit" --wait + +deploy-test-dep-petstore: + # Install bodgeit app + helm -n demo-targets upgrade --install petstore ../../demo-targets/swagger-petstore/ --set="fullnameOverride=petstore" --wait + +deploy-test-dep-old-wordpress: + # Install old-wordpress app + helm -n demo-targets upgrade --install old-wordpress ../../demo-targets/old-wordpress/ --set="fullnameOverride=old-wordpress" --wait + +deploy-test-dep-juiceshop: + # Install juiceshop app + helm -n demo-targets upgrade --install juiceshop ../../demo-targets/juice-shop/ --set="fullnameOverride=juiceshop" --wait + +deploy-test-dep-nginx: + # Delete leftover nginx's. Unfortunately can't create deployment only if not exists (like namespaces) + kubectl delete deployment nginx --namespace demo-targets --ignore-not-found --wait + kubectl delete svc nginx --namespace demo-targets --ignore-not-found --wait + # Install plain nginx server + kubectl create deployment --image nginx:alpine nginx --namespace demo-targets + kubectl expose deployment nginx --port 80 --namespace demo-targets + +deploy-test-dep-http-webhook: + helm -n integration-tests upgrade --install http-webhook ../../demo-targets/http-webhook/ + +deploy-test-dep-test-scan: + cd ../../scanners/test-scan/ && $(MAKE) docker-build docker-export kind-import && \ + helm -n integration-tests upgrade --install test-scan . \ + --set="scanner.image.repository=docker.io/$(IMG_NS)/$(scanner-prefix)-test-scan" \ + --set="parser.image.repository=docker.io/$(IMG_NS)/$(parser-prefix)-test-scan" \ + --set="parser.image.tag=$(IMG_TAG)" \ + --set="scanner.image.tag=$(IMG_TAG)" \ + --set="parser.env[0].name=CRASH_ON_FAILED_VALIDATION" \ + --set-string="parser.env[0].value=true" + +clean: + @echo ".: 🧹 Cleaning up all generated files." + rm -f ./$(module)-$(name).tar + rm -rf ./$(module)/node_modules + rm -rf ./$(module)/coverage + rm -rf ./integration-tests/node_modules + rm -rf ./integration-tests/coverage + rm -rf ../node_modules + rm -rf ../coverage + +clean-integration-tests: + @echo ".: 🧹 Resetting 'integration-tests' namespace" + kubectl delete namespace integration-tests --wait || true + kubectl create namespace integration-tests + +clean-demo-targets: + @echo ".: 🧹 Resetting 'demo-targets' namespace" + kubectl delete namespace demo-targets --wait || true + kubectl create namespace demo-targets diff --git a/hooks.mk b/hooks.mk new file mode 100644 index 0000000000..3a55ee62dd --- /dev/null +++ b/hooks.mk @@ -0,0 +1,45 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# +# +# This Makefile is intended to be used for developement and testing only. +# For using this scanner/hook in production please use the helm chart. +# See: +# +# This Makefile expects some additional software to be installed: +# - git +# - node + npm +# - docker +# - kind +# - kubectl +# - helm +# - yq + +module = hook +prefix = hook +name = ${hook} + +include ../../common.mk + +module = $(hook-prefix) + +docker-build: | common-docker-build +docker-export: | common-docker-export +kind-import: | common-kind-import + +unit-tests: + @$(MAKE) -s unit-test-js + +deploy: + @echo ".: 💾 Deploying '$(name)' $(hook-prefix) HelmChart with the docker tag '$(IMG_TAG)' into kind namespace 'integration-tests'." + helm -n integration-tests upgrade --install $(name) . --wait \ + --set="hook.image.repository=docker.io/$(IMG_NS)/$(hook-prefix)-$(name)" \ + --set="hook.image.tag=$(IMG_TAG)" + +integration-tests: + @echo ".: 🩺 Starting integration test in kind namespace 'integration-tests'." + kubectl -n integration-tests delete scans --all + cd ../../tests/integration/ && npm ci && npx --yes --package jest@$(JEST_VERSION) jest --verbose --ci --colors --coverage --passWithNoTests hooks/$(name)-$(hook-prefix).test.js diff --git a/hooks/cascading-scans/.gitignore b/hooks/cascading-scans/.gitignore index 6a7dc3f1a2..f316ccb5f6 100644 --- a/hooks/cascading-scans/.gitignore +++ b/hooks/cascading-scans/.gitignore @@ -6,3 +6,4 @@ node_modules *.map **.js !**.test.js +*.tar diff --git a/hooks/cascading-scans/.helmignore b/hooks/cascading-scans/.helmignore index c675d2c530..b2af8e6080 100644 --- a/hooks/cascading-scans/.helmignore +++ b/hooks/cascading-scans/.helmignore @@ -33,6 +33,7 @@ config/* Dockerfile .dockerignore docs/* +*.tar hook/* integration-tests/* examples/* diff --git a/hooks/cascading-scans/Makefile b/hooks/cascading-scans/Makefile new file mode 100644 index 0000000000..c28c857eb0 --- /dev/null +++ b/hooks/cascading-scans/Makefile @@ -0,0 +1,68 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +hook = cascading-scans + +include ../../hooks.mk + +test-2: | clean-integration-tests unit-tests docker-build docker-export kind-import deploy deploy-test-deps-2 integration-tests-2 + +deploy-test-dep-nmap: + cd ../../scanners/nmap/ && $(MAKE) -s docker-build docker-export kind-import && \ + helm -n integration-tests upgrade --install nmap . \ + --set="scanner.image.repository=docker.io/$(IMG_NS)/$(scanner-prefix)-nmap" \ + --set="parser.image.repository=docker.io/$(IMG_NS)/$(parser-prefix)-nmap" \ + --set="parser.image.tag=$(IMG_TAG)" \ + --set="scanner.image.tag=$(IMG_TAG)" \ + --set="parser.env[0].name=CRASH_ON_FAILED_VALIDATION" \ + --set-string="parser.env[0].value=true" + +deploy-test-dep-ncrack: + printf "root\nadmin\n" > users.txt + printf "THEPASSWORDYOUCREATED\n123456\npassword\n" > passwords.txt + kubectl create secret generic --from-file users.txt --from-file passwords.txt ncrack-lists -n integration-tests --dry-run=client -o yaml | kubectl apply -f - + cd ../../scanners/ncrack/ && $(MAKE) -s docker-build docker-export kind-import && \ + helm -n integration-tests upgrade --install ncrack . \ + --set="scanner.image.repository=docker.io/$(IMG_NS)/$(scanner-prefix)-ncrack" \ + --set="parser.image.repository=docker.io/$(IMG_NS)/$(parser-prefix)-ncrack" \ + --set="parser.image.tag=$(IMG_TAG)" \ + --set="scanner.image.tag=$(IMG_TAG)" \ + --set="parser.env[0].name=CRASH_ON_FAILED_VALIDATION" \ + --set-string="parser.env[0].value=true" \ + --set="scanner.extraVolumes[0].name=ncrack-lists" \ + --set="scanner.extraVolumes[0].secret.secretName=ncrack-lists" \ + --set="scanner.extraVolumeMounts[0].name=ncrack-lists" \ + --set="scanner.extraVolumeMounts[0].mountPath=/ncrack/" + +deploy-test-dep-sslyze: + cd ../../scanners/sslyze/ && $(MAKE) -s docker-build docker-export kind-import && \ + helm -n integration-tests upgrade --install sslyze . --wait \ + --set="parser.image.repository=docker.io/$(IMG_NS)/$(parser-prefix)-sslyze" \ + --set="parser.image.tag=$(IMG_TAG)" \ + --set="parser.env[0].name=CRASH_ON_FAILED_VALIDATION" \ + --set-string="parser.env[0].value=true" + +deploy-test-deps: deploy-test-dep-nmap deploy-test-dep-ncrack + +deploy: + @echo ".: 💾 Deploying '$(name)' $(hook-prefix) HelmChart with the docker tag '$(IMG_TAG)' into kind namespace 'cascading-scans'." + helm -n integration-tests upgrade --install dssh . --wait \ + --set="hook.image.repository=docker.io/$(IMG_NS)/$(hook-prefix)-$(name)" \ + --set="hook.image.tag=$(IMG_TAG)" + +integration-tests: + @echo ".: 🩺 Starting integration test in kind namespace 'cascading-scans'." + kubectl -n integration-tests delete scans --all + cd ../../tests/integration/ && npm ci && npx --yes --package jest@$(JEST_VERSION) jest --verbose --ci --colors --coverage --passWithNoTests scanner/cascade-nmap-ncrack.test.js + +deploy-test-deps-2: deploy-test-dep-unsafe-https deploy-test-dep-nmap deploy-test-dep-sslyze + +integration-tests-2: + @echo ".: 🩺 Starting integration test in kind namespace 'cascading-scans'." + kubectl -n integration-tests delete scans --all + cd ../../tests/integration/ && npm ci && npx --yes --package jest@$(JEST_VERSION) jest --verbose --ci --colors --coverage --passWithNoTests scanner/cascade-nmap-sslyze.test.js diff --git a/hooks/finding-post-processing/.gitignore b/hooks/finding-post-processing/.gitignore index b2ced8602b..e913556e3e 100644 --- a/hooks/finding-post-processing/.gitignore +++ b/hooks/finding-post-processing/.gitignore @@ -3,4 +3,4 @@ # SPDX-License-Identifier: Apache-2.0 node_modules - +*.tar diff --git a/hooks/finding-post-processing/.helmignore b/hooks/finding-post-processing/.helmignore index c675d2c530..a166d1464d 100644 --- a/hooks/finding-post-processing/.helmignore +++ b/hooks/finding-post-processing/.helmignore @@ -1,7 +1,6 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 - # Patterns to ignore when building packages. # This supports shell glob matching, relative path matching, and # negation (prefixed with !). Only one pattern per line. @@ -33,6 +32,7 @@ config/* Dockerfile .dockerignore docs/* +*.tar hook/* integration-tests/* examples/* diff --git a/hooks/finding-post-processing/Makefile b/hooks/finding-post-processing/Makefile new file mode 100644 index 0000000000..a246e30c5f --- /dev/null +++ b/hooks/finding-post-processing/Makefile @@ -0,0 +1,11 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +hook = finding-post-processing + +include ../../hooks.mk diff --git a/hooks/generic-webhook/.gitignore b/hooks/generic-webhook/.gitignore index 9e931e1f36..e913556e3e 100644 --- a/hooks/generic-webhook/.gitignore +++ b/hooks/generic-webhook/.gitignore @@ -3,3 +3,4 @@ # SPDX-License-Identifier: Apache-2.0 node_modules +*.tar diff --git a/hooks/generic-webhook/.helmignore b/hooks/generic-webhook/.helmignore index 8b8e4f4170..13b0d2f116 100644 --- a/hooks/generic-webhook/.helmignore +++ b/hooks/generic-webhook/.helmignore @@ -1,7 +1,6 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 - # Patterns to ignore when building packages. # This supports shell glob matching, relative path matching, and # negation (prefixed with !). Only one pattern per line. @@ -32,9 +31,9 @@ src/* config/* Dockerfile .dockerignore -docs/* +*.tar hook/* integration-tests/* examples/* -coverage/* -Makefile \ No newline at end of file +docs/* +Makefile diff --git a/hooks/generic-webhook/Makefile b/hooks/generic-webhook/Makefile new file mode 100644 index 0000000000..a66c55526e --- /dev/null +++ b/hooks/generic-webhook/Makefile @@ -0,0 +1,26 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +hook = generic-webhook + +include ../../hooks.mk + + +deploy-test-deps: deploy-test-dep-http-webhook deploy-test-dep-test-scan + +deploy: + @echo ".: 💾 Deploying '$(name)' $(hook-prefix) HelmChart with the docker tag '$(IMG_TAG)' into kind namespace 'integration-tests'." + helm -n integration-tests upgrade --install ro-hook . \ + --set="hook.image.repository=docker.io/$(IMG_NS)/$(hook-prefix)-$(name)" \ + --set="hook.image.tag=$(IMG_TAG)" \ + --set="webhookUrl=http://http-webhook/hallo-welt" + +integration-tests: + @echo ".: 🩺 Starting integration test in kind namespace 'integration-tests'." + kubectl -n integration-tests delete scans --all + cd ../../tests/integration/ && npm ci && npx --yes --package jest@$(JEST_VERSION) jest --verbose --ci --colors --coverage --passWithNoTests generic/read-only-write-hook.test.js diff --git a/hooks/notification/.gitignore b/hooks/notification/.gitignore index 2b6f55a4ef..5451060830 100644 --- a/hooks/notification/.gitignore +++ b/hooks/notification/.gitignore @@ -5,3 +5,4 @@ node_modules **.js **.js.map +*.tar diff --git a/hooks/notification/.helmignore b/hooks/notification/.helmignore index e6386b0850..59e402ece3 100644 --- a/hooks/notification/.helmignore +++ b/hooks/notification/.helmignore @@ -1,7 +1,6 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 - # Patterns to ignore when building packages. # This supports shell glob matching, relative path matching, and # negation (prefixed with !). Only one pattern per line. @@ -33,6 +32,7 @@ config/* Dockerfile .dockerignore docs/* +*.tar hook/* integration-tests/* examples/* diff --git a/hooks/notification/Makefile b/hooks/notification/Makefile new file mode 100644 index 0000000000..eb5fd0c684 --- /dev/null +++ b/hooks/notification/Makefile @@ -0,0 +1,26 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +hook = notification + +include ../../hooks.mk + +deploy-test-deps: deploy-test-dep-test-scan deploy-test-dep-http-webhook + +deploy: + @echo ".: 💾 Deploying '$(name)' $(hook-prefix) HelmChart with the docker tag '$(IMG_TAG)' into kind namespace 'integration-tests'." + helm -n integration-tests upgrade --install notification-hook . \ + --values ../../tests/integration/hooks/__testFiles__/notification-values.yaml \ + --set="hook.image.repository=docker.io/$(IMG_NS)/$(hook-prefix)-$(name)" \ + --set="hook.image.tag=$(IMG_TAG)" \ + --set="hook.image.pullPolicy=Never" + +integration-tests: + @echo ".: 🩺 Starting integration test in kind namespace 'integration-tests'." + kubectl -n integration-tests delete scans --all + cd ../../tests/integration/ && npm ci && npx --yes --package jest@$(JEST_VERSION) jest --verbose --ci --colors --coverage --passWithNoTests hooks/notification.test.js diff --git a/hooks/persistence-defectdojo/.gitignore b/hooks/persistence-defectdojo/.gitignore index fd68a3378a..d8e5a5d2a6 100644 --- a/hooks/persistence-defectdojo/.gitignore +++ b/hooks/persistence-defectdojo/.gitignore @@ -37,3 +37,5 @@ out/ ### VS Code ### .vscode/ + +*.tar diff --git a/hooks/persistence-defectdojo/.helmignore b/hooks/persistence-defectdojo/.helmignore index 2a4062abcb..b2af8e6080 100644 --- a/hooks/persistence-defectdojo/.helmignore +++ b/hooks/persistence-defectdojo/.helmignore @@ -32,20 +32,10 @@ src/* config/* Dockerfile .dockerignore -gradle/ -.gradle/ -.settings/ -bin/ -build/ -src/ -gradlew -gradlew.bat -settings.gradle -update.sh -build/ docs/* +*.tar hook/* integration-tests/* examples/* coverage/* -Makefile \ No newline at end of file +Makefile diff --git a/hooks/persistence-defectdojo/Makefile b/hooks/persistence-defectdojo/Makefile new file mode 100644 index 0000000000..a5285ce29b --- /dev/null +++ b/hooks/persistence-defectdojo/Makefile @@ -0,0 +1,14 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +hook = persistence-defectdojo + +include ../../hooks.mk + +unit-tests: + @$(MAKE) -s unit-test-java diff --git a/hooks/persistence-elastic/.gitignore b/hooks/persistence-elastic/.gitignore index 8d754920ee..e913556e3e 100644 --- a/hooks/persistence-elastic/.gitignore +++ b/hooks/persistence-elastic/.gitignore @@ -2,4 +2,5 @@ # # SPDX-License-Identifier: Apache-2.0 -node_modules/ +node_modules +*.tar diff --git a/hooks/persistence-elastic/.helmignore b/hooks/persistence-elastic/.helmignore index d97d8f3052..a166d1464d 100644 --- a/hooks/persistence-elastic/.helmignore +++ b/hooks/persistence-elastic/.helmignore @@ -1,7 +1,6 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 - # Patterns to ignore when building packages. # This supports shell glob matching, relative path matching, and # negation (prefixed with !). Only one pattern per line. @@ -33,9 +32,9 @@ config/* Dockerfile .dockerignore docs/* +*.tar hook/* integration-tests/* examples/* coverage/* -dashboardImporter/* Makefile diff --git a/hooks/persistence-elastic/Makefile b/hooks/persistence-elastic/Makefile new file mode 100644 index 0000000000..10febce9e5 --- /dev/null +++ b/hooks/persistence-elastic/Makefile @@ -0,0 +1,11 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +hook = persistence-elastic + +include ../../hooks.mk diff --git a/hooks/update-field/.gitignore b/hooks/update-field/.gitignore index 8d754920ee..c200405640 100644 --- a/hooks/update-field/.gitignore +++ b/hooks/update-field/.gitignore @@ -3,3 +3,4 @@ # SPDX-License-Identifier: Apache-2.0 node_modules/ +*.tar diff --git a/hooks/update-field/.helmignore b/hooks/update-field/.helmignore index 8b8e4f4170..13b0d2f116 100644 --- a/hooks/update-field/.helmignore +++ b/hooks/update-field/.helmignore @@ -1,7 +1,6 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 - # Patterns to ignore when building packages. # This supports shell glob matching, relative path matching, and # negation (prefixed with !). Only one pattern per line. @@ -32,9 +31,9 @@ src/* config/* Dockerfile .dockerignore -docs/* +*.tar hook/* integration-tests/* examples/* -coverage/* -Makefile \ No newline at end of file +docs/* +Makefile diff --git a/hooks/update-field/Makefile b/hooks/update-field/Makefile new file mode 100644 index 0000000000..a79225bb5b --- /dev/null +++ b/hooks/update-field/Makefile @@ -0,0 +1,31 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +hook = update-field + +include ../../hooks.mk + +deploy-test-deps: deploy-test-dep-test-scan + +deploy: + @echo ".: 💾 Deploying '$(name)' $(hook-prefix) HelmChart with the docker tag '$(IMG_TAG)' into kind namespace 'integration-tests'." + helm -n integration-tests upgrade --install update-category . --wait \ + --set="hook.image.repository=docker.io/$(IMG_NS)/$(hook-prefix)-$(name)" \ + --set="hook.image.tag=$(IMG_TAG)" \ + --set="attribute.name=category" \ + --set="attribute.value=fancy-category" + helm -n integration-tests upgrade --install update-severity . --wait \ + --set="hook.image.repository=docker.io/$(IMG_NS)/$(hook-prefix)-$(name)" \ + --set="hook.image.tag=$(IMG_TAG)" \ + --set="attribute.name=severity" \ + --set="attribute.value=high" + +integration-tests: + @echo ".: 🩺 Starting integration test in kind namespace 'integration-tests'." + kubectl -n integration-tests delete scans --all + cd ../../tests/integration/ && npm ci && npx --yes --package jest@$(JEST_VERSION) jest --verbose --ci --colors --coverage --passWithNoTests generic/read-write-hook.test.js diff --git a/operator/.helmignore b/operator/.helmignore index 6400802b76..ea43987c6a 100644 --- a/operator/.helmignore +++ b/operator/.helmignore @@ -41,3 +41,4 @@ Makefile PROJECT README.md.gotmpl docs/ +*.tar diff --git a/operator/Makefile b/operator/Makefile index 00b9878786..25ebabcfee 100644 --- a/operator/Makefile +++ b/operator/Makefile @@ -108,7 +108,7 @@ helm-deploy: --set="image.pullPolicy=IfNotPresent" \ --set="lurker.image.repository=docker.io/$(IMG_NS)/$(LURKER_IMG)" \ --set="lurker.image.tag=$(IMG_TAG)" \ - --set="lurker.pullPolicy=IfNotPresent" + --set="lurker.image.pullPolicy=IfNotPresent" install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. $(KUSTOMIZE) build config/crd | kubectl apply -f - diff --git a/scanners.mk b/scanners.mk new file mode 100644 index 0000000000..4ba48bac78 --- /dev/null +++ b/scanners.mk @@ -0,0 +1,80 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# +# +# This Makefile is intended to be used for developement and testing only. +# For using this scanner/hook in production please use the helm chart. +# See: +# +# This Makefile expects some additional software to be installed: +# - git +# - node + npm +# - docker +# - kind +# - kubectl +# - helm +# - yq + +name = ${scanner} + +include ../../common.mk + +module = $(scanner-prefix) + +ifeq ($(custom_scanner),) + docker-build: | docker-build-parser + docker-export: | docker-export-parser + kind-import: | kind-import-parser + deploy: deploy-without-scanner +else + docker-build: | docker-build-parser docker-build-scanner + docker-export: | docker-export-parser docker-export-scanner + kind-import: | kind-import-parser kind-import-scanner + deploy: deploy-with-scanner +endif + +unit-tests: + @$(MAKE) -s unit-test-js module=$(parser-prefix) + +install-deps: + @$(MAKE) -s install-deps-js module=$(parser-prefix) + +docker-build-parser: + @$(MAKE) -s common-docker-build module=$(parser-prefix) + +docker-export-parser: + @$(MAKE) -s common-docker-export module=$(parser-prefix) + +kind-import-parser: + @$(MAKE) -s common-kind-import module=$(parser-prefix) + +docker-build-scanner: + @$(MAKE) -s common-docker-build + +docker-export-scanner: + @$(MAKE) -s common-docker-export + +kind-import-scanner: + @$(MAKE) -s common-kind-import + +deploy-without-scanner: + @echo ".: 💾 Deploying '$(name)' $(scanner-prefix) HelmChart with the docker tag '$(IMG_TAG)' into kind namespace 'integration-tests'." + helm -n integration-tests upgrade --install $(name) ./ --wait \ + --set="parser.image.repository=docker.io/$(IMG_NS)/$(parser-prefix)-$(name)" \ + --set="parser.image.tag=$(IMG_TAG)" + +deploy-with-scanner: + @echo ".: 💾 Deploying '$(name)' $(scanner-prefix) HelmChart with the docker tag '$(IMG_TAG)' into kind namespace 'integration-tests'." + helm -n integration-tests upgrade --install $(name) ./ --wait \ + --set="parser.image.repository=docker.io/$(IMG_NS)/$(parser-prefix)-$(name)" \ + --set="parser.image.tag=$(IMG_TAG)" \ + --set="scanner.image.repository=docker.io/$(IMG_NS)/$(scanner-prefix)-$(name)" \ + --set="scanner.image.tag=$(IMG_TAG)" + +integration-tests: + @echo ".: 🩺 Starting integration test in kind namespace 'integration-tests'." + kubectl -n integration-tests delete scans --all + cd ../../tests/integration/ && npm ci && npx --yes --package jest@$(JEST_VERSION) jest --verbose --ci --colors --coverage --passWithNoTests ${scanner-prefix}/${name}.test.js diff --git a/scanners/amass/.gitignore b/scanners/amass/.gitignore index d874ad67cc..2783dbcddf 100644 --- a/scanners/amass/.gitignore +++ b/scanners/amass/.gitignore @@ -1 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + *.tar diff --git a/scanners/amass/Makefile b/scanners/amass/Makefile index 29ef87974c..6c4ece5958 100644 --- a/scanners/amass/Makefile +++ b/scanners/amass/Makefile @@ -4,109 +4,15 @@ # # SPDX-License-Identifier: Apache-2.0 # -# -# This Makefile is intended to be used for developement and testing only. -# For using this scanner/hook in production please use the helm chart. -# See: -# -# This Makefile expects some additional software to be installed: -# - git -# - node + npm -# - docker -# - kind -# - kubectl -# - helm - -# Thx to https://stackoverflow.com/questions/5618615/check-if-a-program-exists-from-a-makefile -EXECUTABLES = make docker kind git node npm npx kubectl helm -K := $(foreach exec,$(EXECUTABLES),\ - $(if $(shell which $(exec)),some string,$(error "ERROR: The prerequisites are not met to execute this makefile! No '$(exec)' found in your PATH"))) - - -# Variables you might want to override: -# -# IMG_NS: Defines the namespace under which the images are build. -# For `securecodebox/scanner-nmap` `securecodebox` is the namespace -# Defaults to `securecodebox` -# -# BASE_IMG_TAG: Defines the tag of the base image used to build this scanner/hook -# -# IMG_TAG: Tag used to tag the newly created image. Defaults to the shortend commit hash -# prefixed with `sha-` e.g. `sha-ef8de4b7` -# -# JEST_VERSION Defines the jest version used for executing the tests. Defaults to latest -# -# Examples: -# make all IMG_TAG=main -# make deploy IMG_TAG=$(git rev-parse --short HEAD) -# make integration-tests -# - -SHELL = /bin/sh - -IMG_NS ?= securecodebox -GIT_TAG ?= $$(git rev-parse --short HEAD) -BASE_IMG_TAG ?= latest -IMG_TAG ?= "sha-$(GIT_TAG)" -JEST_VERSION ?= latest +include_guard = set scanner = amass -scanner-prefix = scanner -parser-prefix = parser - -build: | install-deps docker-build - -test: | unit-tests docker-export kind-import deploy deploy-test-deps integration-tests - -all: | clean install-deps unit-tests docker-build docker-export kind-import deploy deploy-test-deps integration-tests - -.PHONY: unit-tests install-deps docker-build docker-export kind-import deploy deploy-test-deps integration-tests all build test - -unit-tests: - @echo ".: 🧪 Starting unit-tests for '$(scanner)' parser with 'jest@$(JEST_VERSION)'." - cd parser && npx --yes --package jest@$(JEST_VERSION) jest --ci --colors --coverage . - -install-deps: - @echo ".: ⚙️ Installing all scanner specific dependencies." - cd ./.. && npm ci - cd ../../parser-sdk/nodejs && npm ci - cd ./parser/ && npm ci - -docker-build: - @echo ".: ⚙️ Build With BASE_IMG_TAG: '$(BASE_IMG_TAG)'." - docker build --build-arg=baseImageTag=$(BASE_IMG_TAG) --build-arg=namespace=$(IMG_NS) -t $(IMG_NS)/$(parser-prefix)-$(scanner):$(IMG_TAG) -f ./parser/Dockerfile ./parser - -docker-export: - @echo ".: ⚙️ Saving new docker image archive to '$(parser-prefix)-$(scanner).tar'." - docker save $(IMG_NS)/$(parser-prefix)-$(scanner):$(IMG_TAG) -o $(parser-prefix)-$(scanner).tar - -kind-import: - @echo ".: 💾 Importing the image archive '$(parser-prefix)-$(scanner).tar' to local kind cluster." - kind load image-archive ./$(parser-prefix)-$(scanner).tar - -deploy: - @echo ".: 💾 Deploying '$(scanner)' scanner HelmChart with the docker tag '$(IMG_TAG)' into kind namespace 'integration-tests'." - helm -n integration-tests upgrade --install $(scanner) ./ --wait \ - --set="parser.image.repository=docker.io/$(IMG_NS)/$(parser-prefix)-$(scanner)" \ - --set="parser.image.tag=$(IMG_TAG)" - -deploy-test-deps: - -install-integration-test-deps: +include ../../scanners.mk integration-tests: @echo ".: 🩺 Starting integration test in kind namespace 'integration-tests'." kubectl -n integration-tests delete scans --all cd ../../tests/integration/ && npm ci - npx --yes --package jest@$(JEST_VERSION) jest --ci --colors --coverage ./integration-tests - -clean: - @echo ".: 🧹 Cleaning up all generated files." - rm -f ./$(parser-prefix)-$(scanner).tar - rm -rf ./parser/node_modules - rm -rf ./parser/coverage - rm -rf ./integration-tests/node_modules - rm -rf ./integration-tests/coverage - rm -rf ../node_modules - rm -rf ../coverage + cd ../../scanners/${scanner} + npx --yes --package jest@$(JEST_VERSION) jest --verbose --ci --colors --coverage --passWithNoTests ${scanner}/integration-tests diff --git a/scanners/angularjs-csti-scanner/.gitignore b/scanners/angularjs-csti-scanner/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/angularjs-csti-scanner/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/angularjs-csti-scanner/.helmignore b/scanners/angularjs-csti-scanner/.helmignore index 24bfe82395..fb9c1d2d6f 100644 --- a/scanners/angularjs-csti-scanner/.helmignore +++ b/scanners/angularjs-csti-scanner/.helmignore @@ -1,12 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ -Makefile \ No newline at end of file +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* +Makefile diff --git a/scanners/angularjs-csti-scanner/Makefile b/scanners/angularjs-csti-scanner/Makefile new file mode 100644 index 0000000000..1b6157243e --- /dev/null +++ b/scanners/angularjs-csti-scanner/Makefile @@ -0,0 +1,12 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = angularjs-csti-scanner +custom_scanner = set + +include ../../scanners.mk diff --git a/scanners/git-repo-scanner/.gitignore b/scanners/git-repo-scanner/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/git-repo-scanner/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/git-repo-scanner/.helmignore b/scanners/git-repo-scanner/.helmignore index 24bfe82395..fb9c1d2d6f 100644 --- a/scanners/git-repo-scanner/.helmignore +++ b/scanners/git-repo-scanner/.helmignore @@ -1,12 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ -Makefile \ No newline at end of file +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* +Makefile diff --git a/scanners/git-repo-scanner/Makefile b/scanners/git-repo-scanner/Makefile new file mode 100644 index 0000000000..982468f0c7 --- /dev/null +++ b/scanners/git-repo-scanner/Makefile @@ -0,0 +1,15 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = git-repo-scanner +custom_scanner = set + +include ../../scanners.mk + +unit-tests: + @$(MAKE) -s unit-test-py diff --git a/scanners/gitleaks/.gitignore b/scanners/gitleaks/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/gitleaks/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/gitleaks/.helmignore b/scanners/gitleaks/.helmignore index 64b2887490..fb9c1d2d6f 100644 --- a/scanners/gitleaks/.helmignore +++ b/scanners/gitleaks/.helmignore @@ -1,12 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile diff --git a/scanners/gitleaks/Makefile b/scanners/gitleaks/Makefile new file mode 100644 index 0000000000..cd91103cd2 --- /dev/null +++ b/scanners/gitleaks/Makefile @@ -0,0 +1,12 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = gitleaks +custom_scanner = set + +include ../../scanners.mk diff --git a/scanners/kube-hunter/.gitignore b/scanners/kube-hunter/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/kube-hunter/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/kube-hunter/.helmignore b/scanners/kube-hunter/.helmignore index 64b2887490..fb9c1d2d6f 100644 --- a/scanners/kube-hunter/.helmignore +++ b/scanners/kube-hunter/.helmignore @@ -1,12 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile diff --git a/scanners/kube-hunter/Makefile b/scanners/kube-hunter/Makefile new file mode 100644 index 0000000000..b10d90da53 --- /dev/null +++ b/scanners/kube-hunter/Makefile @@ -0,0 +1,12 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = kube-hunter +custom_scanner = set + +include ../../scanners.mk diff --git a/scanners/kubeaudit/.gitignore b/scanners/kubeaudit/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/kubeaudit/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/kubeaudit/.helmignore b/scanners/kubeaudit/.helmignore index 64b2887490..fb9c1d2d6f 100644 --- a/scanners/kubeaudit/.helmignore +++ b/scanners/kubeaudit/.helmignore @@ -1,12 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile diff --git a/scanners/kubeaudit/Makefile b/scanners/kubeaudit/Makefile new file mode 100644 index 0000000000..f659c0037b --- /dev/null +++ b/scanners/kubeaudit/Makefile @@ -0,0 +1,27 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = kubeaudit +custom_scanner = set + +include ../../scanners.mk + +deploy-with-scanner: + @echo ".: 💾 Deploying custom '$(scanner)' scanner HelmChart with the docker tag '$(IMG_TAG)' into kind namespace 'integration-tests'." + helm -n integration-tests upgrade --install $(scanner) ./ --wait \ + --set="parser.image.repository=docker.io/$(IMG_NS)/$(parser-prefix)-$(scanner)" \ + --set="parser.image.tag=$(IMG_TAG)" \ + --set="scanner.image.repository=docker.io/$(IMG_NS)/$(scanner-prefix)-$(scanner)" \ + --set="scanner.image.tag=$(IMG_TAG)" \ + --set="kubeauditScope=cluster" + +deploy-test-deps: + # If not exists create namespace where the tests will be executed + kubectl create namespace kubeaudit-tests --dry-run=client -o yaml | kubectl apply -f - + # Install jshop in kubeaudit-tests namespace + helm -n kubeaudit-tests upgrade --install juice-shop ../../demo-targets/juice-shop/ --wait diff --git a/scanners/ncrack/.gitignore b/scanners/ncrack/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/ncrack/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/ncrack/.helmignore b/scanners/ncrack/.helmignore index 64b2887490..fb9c1d2d6f 100644 --- a/scanners/ncrack/.helmignore +++ b/scanners/ncrack/.helmignore @@ -1,12 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile diff --git a/scanners/ncrack/Makefile b/scanners/ncrack/Makefile new file mode 100644 index 0000000000..0457181599 --- /dev/null +++ b/scanners/ncrack/Makefile @@ -0,0 +1,14 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = ncrack +custom_scanner = set + +include ../../scanners.mk + +deploy-test-deps: deploy-test-dep-dummy-ssh diff --git a/scanners/nikto/.gitignore b/scanners/nikto/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/nikto/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/nikto/.helmignore b/scanners/nikto/.helmignore index 64b2887490..fb9c1d2d6f 100644 --- a/scanners/nikto/.helmignore +++ b/scanners/nikto/.helmignore @@ -1,12 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile diff --git a/scanners/nikto/Makefile b/scanners/nikto/Makefile new file mode 100644 index 0000000000..68ce637091 --- /dev/null +++ b/scanners/nikto/Makefile @@ -0,0 +1,12 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = nikto +custom_scanner = set + +include ../../scanners.mk diff --git a/scanners/nmap/.gitignore b/scanners/nmap/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/nmap/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/nmap/.helmignore b/scanners/nmap/.helmignore index 64b2887490..fb9c1d2d6f 100644 --- a/scanners/nmap/.helmignore +++ b/scanners/nmap/.helmignore @@ -1,12 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile diff --git a/scanners/nmap/Makefile b/scanners/nmap/Makefile new file mode 100644 index 0000000000..3a9537d787 --- /dev/null +++ b/scanners/nmap/Makefile @@ -0,0 +1,12 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = nmap +custom_scanner = set + +include ../../scanners.mk diff --git a/scanners/nuclei/Makefile b/scanners/nuclei/Makefile new file mode 100644 index 0000000000..eda94fde93 --- /dev/null +++ b/scanners/nuclei/Makefile @@ -0,0 +1,11 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = nuclei + +include ../../scanners.mk diff --git a/scanners/screenshooter/.gitignore b/scanners/screenshooter/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/screenshooter/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/screenshooter/.helmignore b/scanners/screenshooter/.helmignore index 64b2887490..fb9c1d2d6f 100644 --- a/scanners/screenshooter/.helmignore +++ b/scanners/screenshooter/.helmignore @@ -1,12 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile diff --git a/scanners/screenshooter/Makefile b/scanners/screenshooter/Makefile new file mode 100644 index 0000000000..59364924ef --- /dev/null +++ b/scanners/screenshooter/Makefile @@ -0,0 +1,12 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = screenshooter +custom_scanner = set + +include ../../scanners.mk diff --git a/scanners/ssh-scan/.gitignore b/scanners/ssh-scan/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/ssh-scan/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/ssh-scan/.helmignore b/scanners/ssh-scan/.helmignore index 64b2887490..fb9c1d2d6f 100644 --- a/scanners/ssh-scan/.helmignore +++ b/scanners/ssh-scan/.helmignore @@ -1,12 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile diff --git a/scanners/ssh-scan/Makefile b/scanners/ssh-scan/Makefile new file mode 100644 index 0000000000..d5bf2c6e00 --- /dev/null +++ b/scanners/ssh-scan/Makefile @@ -0,0 +1,13 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = ssh-scan + +include ../../scanners.mk + +deploy-test-deps: deploy-test-dep-dummy-ssh diff --git a/scanners/sslyze/.gitignore b/scanners/sslyze/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/sslyze/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/sslyze/.helmignore b/scanners/sslyze/.helmignore index 64b2887490..fb9c1d2d6f 100644 --- a/scanners/sslyze/.helmignore +++ b/scanners/sslyze/.helmignore @@ -1,12 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile diff --git a/scanners/sslyze/Makefile b/scanners/sslyze/Makefile new file mode 100644 index 0000000000..d03720b427 --- /dev/null +++ b/scanners/sslyze/Makefile @@ -0,0 +1,13 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = sslyze + +include ../../scanners.mk + +deploy-test-deps: deploy-test-dep-unsafe-https diff --git a/scanners/test-scan/.gitignore b/scanners/test-scan/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/test-scan/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/test-scan/.helmignore b/scanners/test-scan/.helmignore index 64b2887490..fb9c1d2d6f 100644 --- a/scanners/test-scan/.helmignore +++ b/scanners/test-scan/.helmignore @@ -1,12 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile diff --git a/scanners/test-scan/Makefile b/scanners/test-scan/Makefile new file mode 100644 index 0000000000..323f2050f2 --- /dev/null +++ b/scanners/test-scan/Makefile @@ -0,0 +1,29 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = test-scan +custom_scanner = set + +include ../../scanners.mk + +deploy-with-scanner: + @echo ".: 💾 Deploying '$(name)' '$(scanner-prefix)' HelmChart with the docker tag '$(IMG_TAG)' into kind namespace 'integration-tests'." + helm -n integration-tests upgrade --install test-scan . \ + --set="scanner.image.repository=docker.io/$(IMG_NS)/$(scanner-prefix)-$(name)" \ + --set="parser.image.repository=docker.io/$(IMG_NS)/$(parser-prefix)-$(name)" \ + --set="parser.image.tag=$(IMG_TAG)" \ + --set="scanner.image.tag=$(IMG_TAG)" \ + --set="parser.env[0].name=CRASH_ON_FAILED_VALIDATION" \ + --set-string="parser.env[0].value=true" \ + --set="parser.env[1].name=PRODUCE_INVALID_FINDINGS" \ + --set-string="parser.env[1].value=true" + +integration-tests: + @echo ".: 🩺 Starting integration test in kind namespace 'integration-tests'." + kubectl -n integration-tests delete scans --all + cd ../../tests/integration/ && npm ci && npx --yes --package jest@$(JEST_VERSION) jest --verbose --ci --colors --coverage --passWithNoTests generic/findings-validation.test.js diff --git a/scanners/trivy/.gitignore b/scanners/trivy/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/trivy/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/trivy/.helmignore b/scanners/trivy/.helmignore index 64b2887490..fb9c1d2d6f 100644 --- a/scanners/trivy/.helmignore +++ b/scanners/trivy/.helmignore @@ -1,12 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile diff --git a/scanners/trivy/Makefile b/scanners/trivy/Makefile new file mode 100644 index 0000000000..b8a8962f38 --- /dev/null +++ b/scanners/trivy/Makefile @@ -0,0 +1,11 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = trivy + +include ../../scanners.mk diff --git a/scanners/typo3scan/.gitignore b/scanners/typo3scan/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/typo3scan/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/typo3scan/.helmignore b/scanners/typo3scan/.helmignore index 30a540feb0..fb9c1d2d6f 100644 --- a/scanners/typo3scan/.helmignore +++ b/scanners/typo3scan/.helmignore @@ -17,10 +17,24 @@ *.swp *.bak *.tmp -*.orig *~ # Various IDEs .project .idea/ *.tmproj .vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* +Makefile diff --git a/scanners/typo3scan/Makefile b/scanners/typo3scan/Makefile new file mode 100644 index 0000000000..65085a8b16 --- /dev/null +++ b/scanners/typo3scan/Makefile @@ -0,0 +1,12 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = typo3scan +custom_scanner = set + +include ../../scanners.mk diff --git a/scanners/whatweb/.gitignore b/scanners/whatweb/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/whatweb/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/whatweb/.helmignore b/scanners/whatweb/.helmignore index 64b2887490..fb9c1d2d6f 100644 --- a/scanners/whatweb/.helmignore +++ b/scanners/whatweb/.helmignore @@ -1,12 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile diff --git a/scanners/whatweb/Makefile b/scanners/whatweb/Makefile new file mode 100644 index 0000000000..9ea77fd9df --- /dev/null +++ b/scanners/whatweb/Makefile @@ -0,0 +1,12 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = whatweb +custom_scanner = set + +include ../../scanners.mk diff --git a/scanners/wpscan/.gitignore b/scanners/wpscan/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/wpscan/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/wpscan/.helmignore b/scanners/wpscan/.helmignore index e661d8214b..fb9c1d2d6f 100644 --- a/scanners/wpscan/.helmignore +++ b/scanners/wpscan/.helmignore @@ -1,13 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 - +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile diff --git a/scanners/wpscan/Makefile b/scanners/wpscan/Makefile new file mode 100644 index 0000000000..19fdf7ccca --- /dev/null +++ b/scanners/wpscan/Makefile @@ -0,0 +1,13 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = wpscan + +include ../../scanners.mk + +deploy-test-deps: deploy-test-dep-old-wordpress diff --git a/scanners/zap-advanced/.gitignore b/scanners/zap-advanced/.gitignore index c342664f17..c8d3087d64 100644 --- a/scanners/zap-advanced/.gitignore +++ b/scanners/zap-advanced/.gitignore @@ -2,4 +2,5 @@ # # SPDX-License-Identifier: Apache-2.0 -/scanner/tests/results/* \ No newline at end of file +*.tar +/scanner/tests/results/* diff --git a/scanners/zap-advanced/.helmignore b/scanners/zap-advanced/.helmignore index b887daa2e3..fb9c1d2d6f 100644 --- a/scanners/zap-advanced/.helmignore +++ b/scanners/zap-advanced/.helmignore @@ -1,21 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 - +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -# this doesn't look too good but is required so that the scanners/scripts folder is included -scanner/*.* -scanner/zapclient/ -scanner/tests/ -scanner/venv/ -scanner/.pytest_cache/ -scanner/.idea/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile - -*.monopic diff --git a/scanners/zap-advanced/Makefile b/scanners/zap-advanced/Makefile new file mode 100644 index 0000000000..0e1d9be283 --- /dev/null +++ b/scanners/zap-advanced/Makefile @@ -0,0 +1,40 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = zap-advanced +custom_scanner = set + +include ../../scanners.mk + +unit-tests: + @$(MAKE) -s unit-test-py + +unit-tests-parser: + $(MAKE) -s -f ../../scanners.mk unit-tests-parser include_guard=set scanner=zap + +install-deps: + cd ../zap/ && $(MAKE) -s install-deps + +docker-build-parser: + cd ../zap/ && $(MAKE) -s docker-build-parser + +docker-export-parser: + cd ../zap/ && $(MAKE) -s docker-export-parser + +kind-import-parser: + cd ../zap/ && $(MAKE) -s kind-import-parser + +deploy-with-scanner: + @echo ".: 💾 Deploying custom '$(scanner)' scanner HelmChart with the docker tag '$(IMG_TAG)' into kind namespace 'integration-tests'." + helm -n integration-tests upgrade --install $(scanner) ./ --wait \ + --set="parser.image.repository=docker.io/$(IMG_NS)/$(parser-prefix)-zap" \ + --set="parser.image.tag=$(IMG_TAG)" \ + --set="scanner.image.repository=docker.io/$(IMG_NS)/$(scanner-prefix)-$(scanner)" \ + --set="scanner.image.tag=$(IMG_TAG)" + +deploy-test-deps: deploy-test-dep-nginx deploy-test-dep-bodgeit deploy-test-dep-juiceshop deploy-test-dep-petstore diff --git a/scanners/zap/.gitignore b/scanners/zap/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/zap/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/zap/.helmignore b/scanners/zap/.helmignore index e661d8214b..fb9c1d2d6f 100644 --- a/scanners/zap/.helmignore +++ b/scanners/zap/.helmignore @@ -1,13 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 - +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile diff --git a/scanners/zap/Makefile b/scanners/zap/Makefile new file mode 100644 index 0000000000..ade80a24c3 --- /dev/null +++ b/scanners/zap/Makefile @@ -0,0 +1,13 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = zap + +include ../../scanners.mk + +deploy-test-deps: deploy-test-dep-nginx diff --git a/tests/integration/helpers.js b/tests/integration/helpers.js index 66fafae9a5..10028f3285 100644 --- a/tests/integration/helpers.js +++ b/tests/integration/helpers.js @@ -173,8 +173,6 @@ async function scan(name, scanType, parameters = [], timeout = 180) { * @returns {scan.findings} returns findings { categories, severities, count } */ async function cascadingScan(name, scanType, parameters = [], { nameCascade, matchLabels }, timeout = 180) { - namespace = "cascading-tests"; - const scanDefinition = { apiVersion: "execution.securecodebox.io/v1", kind: "Scan", diff --git a/tests/integration/scanner/cascade-nmap-sslyze.test.js b/tests/integration/scanner/cascade-nmap-sslyze.test.js index 2ddb83995c..1d4eab7737 100644 --- a/tests/integration/scanner/cascade-nmap-sslyze.test.js +++ b/tests/integration/scanner/cascade-nmap-sslyze.test.js @@ -12,7 +12,7 @@ test( const { categories, severities, count } = await cascadingScan( "nmap-unsafe-https-sslyze", "nmap", - ["-Pn", "-sV", "unsafe-https", "-p", "443"], + ["-Pn", "-sV", "unsafe-https.demo-targets.svc", "-p", "443"], { nameCascade: "https-tls-scan", matchLabels: {