Not using config-example by default. TARGET has to be set if config file is...

Not using config-example by default. TARGET has to be set if config file is not mounted. basic-config.json is used in that case.

Not using config-example by default. TARGET has to be set if config file is...
554d0647 · Zitnik, Anze · f252699c · 554d0647 · 554d0647 · 554d0647
Commit 554d0647 authored 5 years ago by Zitnik, Anze
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -18,9 +18,9 @@ test:
    script:
    - docker network create test-genscan
    - docker run --rm -d --network=test-genscan --name dvwa vulnerables/web-dvwa
-    - cp "${CI_PROJECT_DIR}/config-example.json" /tmp/
+    - echo '{"target":{"url":"http://dvwa/","ip":"dvwa"},"config":{"w3af":{"profile":"fast_scan"},"zap":{"profile":"basic"},"nmap":{"profile":"basic_discovery"}}}' > /tmp/config-genscan.json
    - mkdir /tmp/out
-    - docker run --rm --network=test-genscan -v /tmp/config-example.json:/root/config.json -v /tmp/out:/root/out registry-gitlab.xlab.si/cyberwiser/$SERVICE:$VERSION
+    - docker run --rm --network=test-genscan -v /tmp/config-genscan.json:/root/config.json -v /tmp/out:/root/out registry-gitlab.xlab.si/cyberwiser/$SERVICE:$VERSION
    - cat /tmp/out/cscan-log.txt
    - grep -q "W3af" /tmp/out/genscan-out.json
    - grep -q "OWASP ZAP" /tmp/out/genscan-out.json
@@ -28,6 +28,7 @@ test:
    after_script:
    - docker kill dvwa || docker network rm test-genscan
    - docker network rm test-genscan
+    - rm /tmp/config-genscan.json || true
    - rm /tmp/genscan-out.json || true
    - rm -rf /tmp/out


--- a/MANIFEST
+++ b/MANIFEST
-VERSION=v1.4.0
+VERSION=v1.4.1
 SERVICE=vat-genscan

--- a/Makefile
+++ b/Makefile
@@ -5,8 +5,6 @@
 SERVICE = $(shell grep SERVICE MANIFEST | cut -d '=' -f2)
 VERSION = $(shell grep VERSION MANIFEST | cut -d '=' -f2)

-CONFIG ?= $(shell pwd)/config-example.json
-
 TEST_DIR = /tmp/test-$(SERVICE)-$(VERSION)-$(shell date +%s)/

 build:
@@ -16,7 +14,8 @@ test:
 	docker network create test-genscan
 	docker run --rm -d --network=test-genscan --name dvwa vulnerables/web-dvwa
 	mkdir $(TEST_DIR)
-	docker run --rm --network=test-genscan -v $(CONFIG):/root/config.json -v $(TEST_DIR):/root/out/ registry-gitlab.xlab.si/cyberwiser/$(SERVICE):$(VERSION)
+	echo '{"target":{"url":"http://dvwa/","ip":"dvwa"},"config":{"w3af":{"profile":"fast_scan"},"zap":{"profile":"basic"},"nmap":{"profile":"basic_discovery"}}}' > $(TEST_DIR)config.json
+	docker run --rm --network=test-genscan -v $(TEST_DIR)config.json:/root/config.json -v $(TEST_DIR):/root/out/ registry-gitlab.xlab.si/cyberwiser/$(SERVICE):$(VERSION)
 	docker kill dvwa
 	docker network rm test-genscan
 	grep -q "W3af" $(TEST_DIR)genscan-out.json
@@ -25,7 +24,7 @@ test:

 start:
 ifdef OUTPUT_DIR
-	docker run -v $(CONFIG):/root/config.json -v $(OUTPUT_DIR):/root/out/ registry-gitlab.xlab.si/cyberwiser/$(SERVICE):$(VERSION)
+	docker run -e TARGET=$(TARGET) -v $(OUTPUT_DIR):/root/out/ registry-gitlab.xlab.si/cyberwiser/$(SERVICE):$(VERSION)
 else
-	docker run -v $(CONFIG):/root/config.json registry-gitlab.xlab.si/cyberwiser/$(SERVICE):$(VERSION)
+	docker run -e TARGET=$(TARGET) registry-gitlab.xlab.si/cyberwiser/$(SERVICE):$(VERSION)
 endif
--- a/config-example.json
+++ b/config-example.json
 {
    "target": {
-        "url": "http://dvwa/",
-        "ip": "dvwa"
+        "url": ""
    },
    "config": {
        "w3af": {
@@ -9,9 +8,6 @@
        },
        "zap": {
            "profile": "basic"
-        },
-        "nmap": {
-            "profile": "basic_discovery"
        }
    }
 }
--- a/configure.py
+++ b/configure.py
@@ -73,7 +73,7 @@ def main():
        target = os.environ.get('TARGET')
        if target is None:
            raise UndefinedTargetException()
-        config = load_config("/service/config-example.json")
+        config = load_config("/service/basic-config.json")
        config["target"]["url"] = target
        with open("/root/config.json", "w") as outfile:
            json.dump(config, outfile)

--- a/wiser-wcs-reports/main.py
+++ b/wiser-wcs-reports/main.py
@@ -63,9 +63,9 @@ def list_vulnerabilities(reports):
 if __name__ == "__main__":
 	config = parse_config_file('wiser-wcs.cfg')
 	reports = reports_json(config['cscan_config']['cscan_output'])
-	print("printing vulnerabilities: ")
 	vulnerabilities = list_vulnerabilities(reports)
 	vulnerabilities_list = list()
+	print("printing vulnerabilities:")
 	for vulnerability in vulnerabilities:
 		print(vulnerability)
 		vulnerabilities_list.append(vulnerability.__dict__)