docker/jenkins-slave-arachni/Dockerfile | ●●●●● patch | view | raw | blame | history | |
docker/jenkins-slave-arachni/README.md | ●●●●● patch | view | raw | blame | history | |
docker/jenkins-slave-arachni/reporters/xml/hudson_junit-4.xsd | ●●●●● patch | view | raw | blame | history | |
docker/jenkins-slave-arachni/reporters/xunit.rb | ●●●●● patch | view | raw | blame | history | |
params/arachni-build-pod | ●●●●● patch | view | raw | blame | history | |
params/jenkins-slave-arachni | ●●●●● patch | view | raw | blame | history | |
params/jenkins-slave-zap | ●●●●● patch | view | raw | blame | history |
docker/jenkins-slave-arachni/Dockerfile
New file @@ -0,0 +1,27 @@ FROM openshift/jenkins-slave-base-centos7:latest ARG VERSION=1.5.1 ARG WEB_VERSION=0.5.12 RUN yum install -y wget ca-certificates WORKDIR /arachni RUN wget -qO- https://github.com/Arachni/arachni/releases/download/v${VERSION}/arachni-${VERSION}-${WEB_VERSION}-linux-x86_64.tar.gz | tar xvz -C /arachni --strip-components=1 EXPOSE 9292 COPY reporters ./system/gems/gems/arachni-${VERSION}/components/reporters USER root # NOTE - THIS IS THE STANDARD THING FOR OCP PERMISSION ISSUES # ENV FIX_FILES /arachni # RUN find $FIX_FILES -exec chgrp 0 {} \; && \ # find $FIX_FILES -exec chmod g+rw {} \; && \ # find $FIX_FILES -type d -exec chmod g+x {} + RUN chown -R root:root /arachni && \ chmod -R 775 /arachni USER 1001 docker/jenkins-slave-arachni/README.md
New file @@ -0,0 +1,17 @@ # jenkins-slave-arachni Provides a docker image of the arachni security tool with an additional reporter for generating xunit reports. These can be parsed into test results for failing builds using JUnit parser in Bamboo and Jenkins. ## Build `docker build -t jenkins-slave-arachni .` ## Run For local running and experimentation run `docker run -i -t --rm jenkins-slave-arachni /bin/bash` and have a play once inside the container. `/arachni` is where the product is and `/arachni/bin/arachni` for the binary ## Jenkins running Creates a HTML web report and xml report once website has been scanned. Add a new Kubernetes Container template called `jenkins-slave-arachni` and specify this as the node when running builds ```bash /arachni/bin/arachni ${URL_TO_TEST} --report-save-path=arachni-report.afr /arachni/bin/arachni_reporter arachni-report.afr --reporter=xunit:outfile=report.xml --reporter=html:outfile=web-report.zip unzip web-report.zip -d arachni-web-report ``` docker/jenkins-slave-arachni/reporters/xml/hudson_junit-4.xsd
New file @@ -0,0 +1,95 @@ <?xml version="1.0" encoding="UTF-8" ?> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:element name="failure"> <xs:complexType mixed="true"> <xs:attribute name="type" type="xs:string" use="optional"/> <xs:attribute name="message" type="xs:string" use="optional"/> </xs:complexType> </xs:element> <xs:element name="error"> <xs:complexType mixed="true"> <xs:attribute name="type" type="xs:string" use="optional"/> <xs:attribute name="message" type="xs:string" use="optional"/> </xs:complexType> </xs:element> <xs:element name="properties"> <xs:complexType> <xs:sequence> <xs:element ref="property" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="property"> <xs:complexType> <xs:attribute name="name" type="xs:string" use="required"/> <xs:attribute name="value" type="xs:string" use="required"/> </xs:complexType> </xs:element> <xs:element name="skipped"> <xs:complexType mixed="true"> <xs:attribute name="message" type="xs:string" use="optional"/> </xs:complexType> </xs:element> <xs:element name="system-err" type="xs:string"/> <xs:element name="system-out" type="xs:string"/> <xs:element name="testcase"> <xs:complexType> <xs:sequence> <xs:element ref="skipped" minOccurs="0" maxOccurs="1"/> <xs:element ref="error" minOccurs="0" maxOccurs="unbounded"/> <xs:element ref="failure" minOccurs="0" maxOccurs="unbounded"/> <xs:element ref="system-out" minOccurs="0" maxOccurs="unbounded"/> <xs:element ref="system-err" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:attribute name="name" type="xs:string" use="required"/> <xs:attribute name="assertions" type="xs:string" use="optional"/> <xs:attribute name="time" type="xs:string" use="optional"/> <xs:attribute name="classname" type="xs:string" use="optional"/> <xs:attribute name="status" type="xs:string" use="optional"/> </xs:complexType> </xs:element> <xs:element name="testsuite"> <xs:complexType> <xs:sequence> <xs:element ref="properties" minOccurs="0" maxOccurs="1"/> <xs:element ref="testcase" minOccurs="0" maxOccurs="unbounded"/> <xs:element ref="system-out" minOccurs="0" maxOccurs="1"/> <xs:element ref="system-err" minOccurs="0" maxOccurs="1"/> </xs:sequence> <xs:attribute name="name" type="xs:string" use="required"/> <xs:attribute name="tests" type="xs:string" use="required"/> <xs:attribute name="failures" type="xs:string" use="optional"/> <xs:attribute name="errors" type="xs:string" use="optional"/> <xs:attribute name="time" type="xs:string" use="optional"/> <xs:attribute name="disabled" type="xs:string" use="optional"/> <xs:attribute name="skipped" type="xs:string" use="optional"/> <xs:attribute name="timestamp" type="xs:string" use="optional"/> <xs:attribute name="hostname" type="xs:string" use="optional"/> <xs:attribute name="id" type="xs:string" use="optional"/> <xs:attribute name="package" type="xs:string" use="optional"/> </xs:complexType> </xs:element> <xs:element name="testsuites"> <xs:complexType> <xs:sequence> <xs:element ref="testsuite" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:attribute name="name" type="xs:string" use="optional"/> <xs:attribute name="time" type="xs:string" use="optional"/> <xs:attribute name="tests" type="xs:string" use="optional"/> <xs:attribute name="failures" type="xs:string" use="optional"/> <xs:attribute name="disabled" type="xs:string" use="optional"/> <xs:attribute name="errors" type="xs:string" use="optional"/> </xs:complexType> </xs:element> </xs:schema> docker/jenkins-slave-arachni/reporters/xunit.rb
New file @@ -0,0 +1,94 @@ =begin Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com> This file is part of the Arachni Framework project and is subject to redistribution and commercial restrictions. Please see the Arachni Framework web site for more information on licensing and terms of use. =end require 'nokogiri' # Creates an XUnit XML report of the audit. # # @author Me class Arachni::Reporters::XUNIT < Arachni::Reporter::Base LOCAL_SCHEMA = File.dirname( __FILE__ ) + '/xml/hudson_junit-4.xsd' REMOTE_SCHEMA = 'https://raw.githubusercontent.com/Arachni/arachni/' << "v#{Arachni::VERSION}/components/reporters/xml/hudson_junit-4.xsd" NULL = '[ARACHNI_NULL]' def run builder = Nokogiri::XML::Builder.new do |xml| xml.testsuite( 'name' => report.options[:url], 'timestamp' => report.finish_datetime.xmlschema, 'tests' => report.issues.count ) { report.issues.each do |issue| xml.testcase( 'name' => issue.name, 'classname' => report.options[:url] ) { xml.failure( 'message' => issue.description ) } end } end xml = builder.to_xml xsd = Nokogiri::XML::Schema( IO.read( LOCAL_SCHEMA ) ) has_errors = false xsd.validate( Nokogiri::XML( xml ) ).each do |error| puts error.message puts " -- Line #{error.line}, column #{error.column}, level #{error.level}." puts '-' * 100 justify = (error.line+10).to_s.size lines = xml.lines ((error.line-10)..(error.line+10)).each do |i| line = lines[i] next if i < 0 || !line i = i + 1 printf( "%#{justify}s | %s", i, line ) if i == error.line printf( "%#{justify}s |", i ) line.size.times.each do |c| print error.column == c ? '^' : '-' end puts end end puts '-' * 100 puts has_errors = true end if has_errors print_error 'Report could not be validated against the XSD due to the above errors.' return end IO.binwrite( outfile, xml ) print_status "Saved in '#{outfile}'." end def self.info { name: 'XUNIT', description: %q{Exports the audit results as an XUNIT XML (.xml) file.}, content_type: 'text/xml', author: 'Me', version: '0.0.1', options: [ Options.outfile( '-xunit.xml' )] } end end params/arachni-build-pod
File was deleted params/jenkins-slave-arachni
New file @@ -0,0 +1,6 @@ SOURCE_REPOSITORY_URL= SOURCE_CONTEXT_DIR=docker/jenkins-slave-arachni BUILDER_IMAGE_NAME=registry.access.redhat.com/openshift3/jenkins-slave-base-rhel7:latest NAME=jenkins-slave-arachni SOURCE_REPOSITORY_REF=master params/jenkins-slave-zap
File was renamed from params/zap-build-pod @@ -1,5 +1,5 @@ SOURCE_REPOSITORY_URL=https://github.com/rht-labs/owasp-zap-openshift.git SOURCE_CONTEXT_DIR=./ BUILDER_IMAGE_NAME=centos:centos7 NAME=zap-build-pod NAME=jenkins-slave-zap SOURCE_REPOSITORY_REF=master