RedHatTraining/rht-labs-ci-cd.git

parent: a7da28db | patch | commit | ignore whitespace

donal

2018-04-26 88cc91cac77cb702cb70e3d7661cbd5d107bf9c5

ADD dockerfile for arachni

1 files deleted

5 files added

1 files renamed

	docker/jenkins-slave-arachni/Dockerfile	27 ●●●●● patch \| view \| raw \| blame \| history
	docker/jenkins-slave-arachni/README.md	17 ●●●●● patch \| view \| raw \| blame \| history
	docker/jenkins-slave-arachni/reporters/xml/hudson_junit-4.xsd	95 ●●●●● patch \| view \| raw \| blame \| history
	docker/jenkins-slave-arachni/reporters/xunit.rb	94 ●●●●● patch \| view \| raw \| blame \| history
	params/arachni-build-pod	6 ●●●●● patch \| view \| raw \| blame \| history
	params/jenkins-slave-arachni	6 ●●●●● patch \| view \| raw \| blame \| history
	params/jenkins-slave-zap	2 ●●●●● patch \| view \| raw \| blame \| history

 docker/jenkins-slave-arachni/Dockerfile

New file
@@ -0,0 +1,27 @@
FROM openshift/jenkins-slave-base-centos7:latest

ARG VERSION=1.5.1
ARG WEB_VERSION=0.5.12

RUN yum install -y wget ca-certificates

WORKDIR /arachni

RUN wget -qO- https://github.com/Arachni/arachni/releases/download/v${VERSION}/arachni-${VERSION}-${WEB_VERSION}-linux-x86_64.tar.gz | tar xvz -C /arachni --strip-components=1

EXPOSE 9292

COPY reporters ./system/gems/gems/arachni-${VERSION}/components/reporters

USER root

# NOTE - THIS IS THE STANDARD THING FOR OCP PERMISSION ISSUES
# ENV FIX_FILES /arachni
# RUN find $FIX_FILES -exec chgrp 0 {} \;  && \
#     find $FIX_FILES -exec chmod g+rw {} \; && \
#     find $FIX_FILES -type d -exec chmod g+x {} +

RUN chown -R root:root /arachni && \
    chmod -R 775 /arachni

USER 1001

 docker/jenkins-slave-arachni/README.md

New file
@@ -0,0 +1,17 @@
# jenkins-slave-arachni
Provides a docker image of the arachni security tool with an additional reporter for generating xunit reports. These can be parsed into test results for failing builds using JUnit parser in Bamboo and Jenkins.

## Build
`docker build -t jenkins-slave-arachni .`

## Run
For local running and experimentation run `docker run -i -t --rm jenkins-slave-arachni /bin/bash` and have a play once inside the container. `/arachni` is where the product is and  `/arachni/bin/arachni` for the binary

## Jenkins running
Creates a HTML web report and xml report once website has been scanned. Add a new Kubernetes Container template called `jenkins-slave-arachni` and specify this as the node when running builds

```bash
/arachni/bin/arachni ${URL_TO_TEST} --report-save-path=arachni-report.afr
/arachni/bin/arachni_reporter arachni-report.afr  --reporter=xunit:outfile=report.xml  --reporter=html:outfile=web-report.zip
unzip web-report.zip -d arachni-web-report
```

 docker/jenkins-slave-arachni/reporters/xml/hudson_junit-4.xsd

New file
@@ -0,0 +1,95 @@
<?xml version="1.0" encoding="UTF-8" ?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">

    <xs:element name="failure">
        <xs:complexType mixed="true">
            <xs:attribute name="type" type="xs:string" use="optional"/>
            <xs:attribute name="message" type="xs:string" use="optional"/>
        </xs:complexType>
    </xs:element>

    <xs:element name="error">
        <xs:complexType mixed="true">
            <xs:attribute name="type" type="xs:string" use="optional"/>
            <xs:attribute name="message" type="xs:string" use="optional"/>
        </xs:complexType>
    </xs:element>

    <xs:element name="properties">
        <xs:complexType>
            <xs:sequence>
                <xs:element ref="property" maxOccurs="unbounded"/>
            </xs:sequence>
        </xs:complexType>
    </xs:element>

    <xs:element name="property">
        <xs:complexType>
            <xs:attribute name="name" type="xs:string" use="required"/>
            <xs:attribute name="value" type="xs:string" use="required"/>
        </xs:complexType>
    </xs:element>

    <xs:element name="skipped">
        <xs:complexType mixed="true">
            <xs:attribute name="message" type="xs:string" use="optional"/>
        </xs:complexType>
    </xs:element>

    <xs:element name="system-err" type="xs:string"/>
    <xs:element name="system-out" type="xs:string"/>

    <xs:element name="testcase">
        <xs:complexType>
            <xs:sequence>
                <xs:element ref="skipped" minOccurs="0" maxOccurs="1"/>
                <xs:element ref="error" minOccurs="0" maxOccurs="unbounded"/>
                <xs:element ref="failure" minOccurs="0" maxOccurs="unbounded"/>
                <xs:element ref="system-out" minOccurs="0" maxOccurs="unbounded"/>
                <xs:element ref="system-err" minOccurs="0" maxOccurs="unbounded"/>
            </xs:sequence>
            <xs:attribute name="name" type="xs:string" use="required"/>
            <xs:attribute name="assertions" type="xs:string" use="optional"/>
            <xs:attribute name="time" type="xs:string" use="optional"/>
            <xs:attribute name="classname" type="xs:string" use="optional"/>
            <xs:attribute name="status" type="xs:string" use="optional"/>
        </xs:complexType>
    </xs:element>

    <xs:element name="testsuite">
        <xs:complexType>
            <xs:sequence>
                <xs:element ref="properties" minOccurs="0" maxOccurs="1"/>
                <xs:element ref="testcase" minOccurs="0" maxOccurs="unbounded"/>
                <xs:element ref="system-out" minOccurs="0" maxOccurs="1"/>
                <xs:element ref="system-err" minOccurs="0" maxOccurs="1"/>
            </xs:sequence>
            <xs:attribute name="name" type="xs:string" use="required"/>
            <xs:attribute name="tests" type="xs:string" use="required"/>
            <xs:attribute name="failures" type="xs:string" use="optional"/>
            <xs:attribute name="errors" type="xs:string" use="optional"/>
            <xs:attribute name="time" type="xs:string" use="optional"/>
            <xs:attribute name="disabled" type="xs:string" use="optional"/>
            <xs:attribute name="skipped" type="xs:string" use="optional"/>
            <xs:attribute name="timestamp" type="xs:string" use="optional"/>
            <xs:attribute name="hostname" type="xs:string" use="optional"/>
            <xs:attribute name="id" type="xs:string" use="optional"/>
            <xs:attribute name="package" type="xs:string" use="optional"/>
        </xs:complexType>
    </xs:element>

    <xs:element name="testsuites">
        <xs:complexType>
            <xs:sequence>
                <xs:element ref="testsuite" minOccurs="0" maxOccurs="unbounded"/>
            </xs:sequence>
            <xs:attribute name="name" type="xs:string" use="optional"/>
            <xs:attribute name="time" type="xs:string" use="optional"/>
            <xs:attribute name="tests" type="xs:string" use="optional"/>
            <xs:attribute name="failures" type="xs:string" use="optional"/>
            <xs:attribute name="disabled" type="xs:string" use="optional"/>
            <xs:attribute name="errors" type="xs:string" use="optional"/>
        </xs:complexType>
    </xs:element>

</xs:schema>

 docker/jenkins-slave-arachni/reporters/xunit.rb

New file
@@ -0,0 +1,94 @@
=begin
    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>

    This file is part of the Arachni Framework project and is subject to
    redistribution and commercial restrictions. Please see the Arachni Framework
    web site for more information on licensing and terms of use.
=end

require 'nokogiri'

# Creates an XUnit XML report of the audit.
#
# @author Me
class Arachni::Reporters::XUNIT < Arachni::Reporter::Base

    LOCAL_SCHEMA  = File.dirname( __FILE__ ) + '/xml/hudson_junit-4.xsd'
    REMOTE_SCHEMA = 'https://raw.githubusercontent.com/Arachni/arachni/' <<
        "v#{Arachni::VERSION}/components/reporters/xml/hudson_junit-4.xsd"
    NULL          = '[ARACHNI_NULL]'

    def run
        builder = Nokogiri::XML::Builder.new do |xml|
            xml.testsuite(
                'name' => report.options[:url],
                'timestamp' => report.finish_datetime.xmlschema,
                'tests' => report.issues.count
            ) {
                report.issues.each do |issue|
                xml.testcase(
                    'name' => issue.name,
                    'classname' => report.options[:url]
                ) {
                    xml.failure(
                        'message' => issue.description
                    )
                }
                end
            }
        end

        xml = builder.to_xml

        xsd = Nokogiri::XML::Schema( IO.read( LOCAL_SCHEMA ) )
        has_errors = false
        xsd.validate( Nokogiri::XML( xml ) ).each do |error|
            puts error.message
            puts " -- Line #{error.line}, column #{error.column}, level #{error.level}."
            puts '-' * 100

            justify = (error.line+10).to_s.size
            lines = xml.lines
            ((error.line-10)..(error.line+10)).each do |i|
                line = lines[i]
                next if i < 0 || !line
                i = i + 1

                printf( "%#{justify}s | %s", i, line )

                if i == error.line
                    printf( "%#{justify}s |", i )
                    line.size.times.each do |c|
                        print error.column == c ? '^' : '-'
                    end
                    puts
                end
            end

            puts '-' * 100
            puts

            has_errors = true
        end

        if has_errors
            print_error 'Report could not be validated against the XSD due to the above errors.'
            return
        end

        IO.binwrite( outfile, xml )

        print_status "Saved in '#{outfile}'."
    end

    def self.info
        {
            name:         'XUNIT',
            description:  %q{Exports the audit results as an XUNIT XML (.xml) file.},
            content_type: 'text/xml',
            author:       'Me',
            version:      '0.0.1',
            options:      [ Options.outfile( '-xunit.xml' )]
        }
    end
end

 params/arachni-build-pod

File was deleted

 params/jenkins-slave-arachni

New file
@@ -0,0 +1,6 @@

SOURCE_REPOSITORY_URL=
SOURCE_CONTEXT_DIR=docker/jenkins-slave-arachni
BUILDER_IMAGE_NAME=registry.access.redhat.com/openshift3/jenkins-slave-base-rhel7:latest
NAME=jenkins-slave-arachni
SOURCE_REPOSITORY_REF=master

 params/jenkins-slave-zap

File was renamed from params/zap-build-pod
@@ -1,5 +1,5 @@
SOURCE_REPOSITORY_URL=https://github.com/rht-labs/owasp-zap-openshift.git
SOURCE_CONTEXT_DIR=./
BUILDER_IMAGE_NAME=centos:centos7
NAME=zap-build-pod
NAME=jenkins-slave-zap
SOURCE_REPOSITORY_REF=master

New file
			@@ -0,0 +1,27 @@
			FROM openshift/jenkins-slave-base-centos7:latest

			ARG VERSION=1.5.1
			ARG WEB_VERSION=0.5.12

			RUN yum install -y wget ca-certificates

			WORKDIR /arachni

			RUN wget -qO- https://github.com/Arachni/arachni/releases/download/v${VERSION}/arachni-${VERSION}-${WEB_VERSION}-linux-x86_64.tar.gz \| tar xvz -C /arachni --strip-components=1

			EXPOSE 9292

			COPY reporters ./system/gems/gems/arachni-${VERSION}/components/reporters

			USER root

			# NOTE - THIS IS THE STANDARD THING FOR OCP PERMISSION ISSUES
			# ENV FIX_FILES /arachni
			# RUN find $FIX_FILES -exec chgrp 0 {} \; && \
			# find $FIX_FILES -exec chmod g+rw {} \; && \
			# find $FIX_FILES -type d -exec chmod g+x {} +

			RUN chown -R root:root /arachni && \
			chmod -R 775 /arachni

			USER 1001

New file
			@@ -0,0 +1,17 @@
			# jenkins-slave-arachni
			Provides a docker image of the arachni security tool with an additional reporter for generating xunit reports. These can be parsed into test results for failing builds using JUnit parser in Bamboo and Jenkins.

			## Build
			`docker build -t jenkins-slave-arachni .`

			## Run
			For local running and experimentation run `docker run -i -t --rm jenkins-slave-arachni /bin/bash` and have a play once inside the container. `/arachni` is where the product is and `/arachni/bin/arachni` for the binary

			## Jenkins running
			Creates a HTML web report and xml report once website has been scanned. Add a new Kubernetes Container template called `jenkins-slave-arachni` and specify this as the node when running builds

			```bash
			/arachni/bin/arachni ${URL_TO_TEST} --report-save-path=arachni-report.afr
			/arachni/bin/arachni_reporter arachni-report.afr --reporter=xunit:outfile=report.xml --reporter=html:outfile=web-report.zip
			unzip web-report.zip -d arachni-web-report
			```

New file
			@@ -0,0 +1,95 @@
			<?xml version="1.0" encoding="UTF-8" ?>
			<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">

			<xs:element name="failure">
			<xs:complexType mixed="true">
			<xs:attribute name="type" type="xs:string" use="optional"/>
			<xs:attribute name="message" type="xs:string" use="optional"/>
			</xs:complexType>
			</xs:element>

			<xs:element name="error">
			<xs:complexType mixed="true">
			<xs:attribute name="type" type="xs:string" use="optional"/>
			<xs:attribute name="message" type="xs:string" use="optional"/>
			</xs:complexType>
			</xs:element>

			<xs:element name="properties">
			<xs:complexType>
			<xs:sequence>
			<xs:element ref="property" maxOccurs="unbounded"/>
			</xs:sequence>
			</xs:complexType>
			</xs:element>

			<xs:element name="property">
			<xs:complexType>
			<xs:attribute name="name" type="xs:string" use="required"/>
			<xs:attribute name="value" type="xs:string" use="required"/>
			</xs:complexType>
			</xs:element>

			<xs:element name="skipped">
			<xs:complexType mixed="true">
			<xs:attribute name="message" type="xs:string" use="optional"/>
			</xs:complexType>
			</xs:element>

			<xs:element name="system-err" type="xs:string"/>
			<xs:element name="system-out" type="xs:string"/>

			<xs:element name="testcase">
			<xs:complexType>
			<xs:sequence>
			<xs:element ref="skipped" minOccurs="0" maxOccurs="1"/>
			<xs:element ref="error" minOccurs="0" maxOccurs="unbounded"/>
			<xs:element ref="failure" minOccurs="0" maxOccurs="unbounded"/>
			<xs:element ref="system-out" minOccurs="0" maxOccurs="unbounded"/>
			<xs:element ref="system-err" minOccurs="0" maxOccurs="unbounded"/>
			</xs:sequence>
			<xs:attribute name="name" type="xs:string" use="required"/>
			<xs:attribute name="assertions" type="xs:string" use="optional"/>
			<xs:attribute name="time" type="xs:string" use="optional"/>
			<xs:attribute name="classname" type="xs:string" use="optional"/>
			<xs:attribute name="status" type="xs:string" use="optional"/>
			</xs:complexType>
			</xs:element>

			<xs:element name="testsuite">
			<xs:complexType>
			<xs:sequence>
			<xs:element ref="properties" minOccurs="0" maxOccurs="1"/>
			<xs:element ref="testcase" minOccurs="0" maxOccurs="unbounded"/>
			<xs:element ref="system-out" minOccurs="0" maxOccurs="1"/>
			<xs:element ref="system-err" minOccurs="0" maxOccurs="1"/>
			</xs:sequence>
			<xs:attribute name="name" type="xs:string" use="required"/>
			<xs:attribute name="tests" type="xs:string" use="required"/>
			<xs:attribute name="failures" type="xs:string" use="optional"/>
			<xs:attribute name="errors" type="xs:string" use="optional"/>
			<xs:attribute name="time" type="xs:string" use="optional"/>
			<xs:attribute name="disabled" type="xs:string" use="optional"/>
			<xs:attribute name="skipped" type="xs:string" use="optional"/>
			<xs:attribute name="timestamp" type="xs:string" use="optional"/>
			<xs:attribute name="hostname" type="xs:string" use="optional"/>
			<xs:attribute name="id" type="xs:string" use="optional"/>
			<xs:attribute name="package" type="xs:string" use="optional"/>
			</xs:complexType>
			</xs:element>

			<xs:element name="testsuites">
			<xs:complexType>
			<xs:sequence>
			<xs:element ref="testsuite" minOccurs="0" maxOccurs="unbounded"/>
			</xs:sequence>
			<xs:attribute name="name" type="xs:string" use="optional"/>
			<xs:attribute name="time" type="xs:string" use="optional"/>
			<xs:attribute name="tests" type="xs:string" use="optional"/>
			<xs:attribute name="failures" type="xs:string" use="optional"/>
			<xs:attribute name="disabled" type="xs:string" use="optional"/>
			<xs:attribute name="errors" type="xs:string" use="optional"/>
			</xs:complexType>
			</xs:element>

			</xs:schema>

New file
			@@ -0,0 +1,94 @@
			=begin
			Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>

			This file is part of the Arachni Framework project and is subject to
			redistribution and commercial restrictions. Please see the Arachni Framework
			web site for more information on licensing and terms of use.
			=end

			require 'nokogiri'

			# Creates an XUnit XML report of the audit.
			#
			# @author Me
			class Arachni::Reporters::XUNIT < Arachni::Reporter::Base

			LOCAL_SCHEMA = File.dirname( __FILE__ ) + '/xml/hudson_junit-4.xsd'
			REMOTE_SCHEMA = 'https://raw.githubusercontent.com/Arachni/arachni/' <<
			"v#{Arachni::VERSION}/components/reporters/xml/hudson_junit-4.xsd"
			NULL = '[ARACHNI_NULL]'

			def run
			builder = Nokogiri::XML::Builder.new do \|xml\|
			xml.testsuite(
			'name' => report.options[:url],
			'timestamp' => report.finish_datetime.xmlschema,
			'tests' => report.issues.count
			) {
			report.issues.each do \|issue\|
			xml.testcase(
			'name' => issue.name,
			'classname' => report.options[:url]
			) {
			xml.failure(
			'message' => issue.description
			)
			}
			end
			}
			end

			xml = builder.to_xml

			xsd = Nokogiri::XML::Schema( IO.read( LOCAL_SCHEMA ) )
			has_errors = false
			xsd.validate( Nokogiri::XML( xml ) ).each do \|error\|
			puts error.message
			puts " -- Line #{error.line}, column #{error.column}, level #{error.level}."
			puts '-' * 100

			justify = (error.line+10).to_s.size
			lines = xml.lines
			((error.line-10)..(error.line+10)).each do \|i\|
			line = lines[i]
			next if i < 0 \|\| !line
			i = i + 1

			printf( "%#{justify}s \| %s", i, line )

			if i == error.line
			printf( "%#{justify}s \|", i )
			line.size.times.each do \|c\|
			print error.column == c ? '^' : '-'
			end
			puts
			end
			end

			puts '-' * 100
			puts

			has_errors = true
			end

			if has_errors
			print_error 'Report could not be validated against the XSD due to the above errors.'
			return
			end

			IO.binwrite( outfile, xml )

			print_status "Saved in '#{outfile}'."
			end

			def self.info
			{
			name: 'XUNIT',
			description: %q{Exports the audit results as an XUNIT XML (.xml) file.},
			content_type: 'text/xml',
			author: 'Me',
			version: '0.0.1',
			options: [ Options.outfile( '-xunit.xml' )]
			}
			end
			end

New file
			@@ -0,0 +1,6 @@

			SOURCE_REPOSITORY_URL=
			SOURCE_CONTEXT_DIR=docker/jenkins-slave-arachni
			BUILDER_IMAGE_NAME=registry.access.redhat.com/openshift3/jenkins-slave-base-rhel7:latest
			NAME=jenkins-slave-arachni
			SOURCE_REPOSITORY_REF=master

File was renamed from params/zap-build-pod
			@@ -1,5 +1,5 @@
			SOURCE_REPOSITORY_URL=https://github.com/rht-labs/owasp-zap-openshift.git
			SOURCE_CONTEXT_DIR=./
			BUILDER_IMAGE_NAME=centos:centos7
			NAME=zap-build-pod
			NAME=jenkins-slave-zap
			SOURCE_REPOSITORY_REF=master