Skip to content
Snippets Groups Projects
Commit 554d0647 authored by Zitnik, Anze's avatar Zitnik, Anze
Browse files

Not using config-example by default. TARGET has to be set if config file is...

Not using config-example by default. TARGET has to be set if config file is not mounted. basic-config.json is used in that case.
parent f252699c
No related branches found
No related tags found
No related merge requests found
......@@ -18,9 +18,9 @@ test:
script:
- docker network create test-genscan
- docker run --rm -d --network=test-genscan --name dvwa vulnerables/web-dvwa
- cp "${CI_PROJECT_DIR}/config-example.json" /tmp/
- echo '{"target":{"url":"http://dvwa/","ip":"dvwa"},"config":{"w3af":{"profile":"fast_scan"},"zap":{"profile":"basic"},"nmap":{"profile":"basic_discovery"}}}' > /tmp/config-genscan.json
- mkdir /tmp/out
- docker run --rm --network=test-genscan -v /tmp/config-example.json:/root/config.json -v /tmp/out:/root/out registry-gitlab.xlab.si/cyberwiser/$SERVICE:$VERSION
- docker run --rm --network=test-genscan -v /tmp/config-genscan.json:/root/config.json -v /tmp/out:/root/out registry-gitlab.xlab.si/cyberwiser/$SERVICE:$VERSION
- cat /tmp/out/cscan-log.txt
- grep -q "W3af" /tmp/out/genscan-out.json
- grep -q "OWASP ZAP" /tmp/out/genscan-out.json
......@@ -28,6 +28,7 @@ test:
after_script:
- docker kill dvwa || docker network rm test-genscan
- docker network rm test-genscan
- rm /tmp/config-genscan.json || true
- rm /tmp/genscan-out.json || true
- rm -rf /tmp/out
......
VERSION=v1.4.0
VERSION=v1.4.1
SERVICE=vat-genscan
......@@ -5,8 +5,6 @@
SERVICE = $(shell grep SERVICE MANIFEST | cut -d '=' -f2)
VERSION = $(shell grep VERSION MANIFEST | cut -d '=' -f2)
CONFIG ?= $(shell pwd)/config-example.json
TEST_DIR = /tmp/test-$(SERVICE)-$(VERSION)-$(shell date +%s)/
build:
......@@ -16,7 +14,8 @@ test:
docker network create test-genscan
docker run --rm -d --network=test-genscan --name dvwa vulnerables/web-dvwa
mkdir $(TEST_DIR)
docker run --rm --network=test-genscan -v $(CONFIG):/root/config.json -v $(TEST_DIR):/root/out/ registry-gitlab.xlab.si/cyberwiser/$(SERVICE):$(VERSION)
echo '{"target":{"url":"http://dvwa/","ip":"dvwa"},"config":{"w3af":{"profile":"fast_scan"},"zap":{"profile":"basic"},"nmap":{"profile":"basic_discovery"}}}' > $(TEST_DIR)config.json
docker run --rm --network=test-genscan -v $(TEST_DIR)config.json:/root/config.json -v $(TEST_DIR):/root/out/ registry-gitlab.xlab.si/cyberwiser/$(SERVICE):$(VERSION)
docker kill dvwa
docker network rm test-genscan
grep -q "W3af" $(TEST_DIR)genscan-out.json
......@@ -25,7 +24,7 @@ test:
start:
ifdef OUTPUT_DIR
docker run -v $(CONFIG):/root/config.json -v $(OUTPUT_DIR):/root/out/ registry-gitlab.xlab.si/cyberwiser/$(SERVICE):$(VERSION)
docker run -e TARGET=$(TARGET) -v $(OUTPUT_DIR):/root/out/ registry-gitlab.xlab.si/cyberwiser/$(SERVICE):$(VERSION)
else
docker run -v $(CONFIG):/root/config.json registry-gitlab.xlab.si/cyberwiser/$(SERVICE):$(VERSION)
docker run -e TARGET=$(TARGET) registry-gitlab.xlab.si/cyberwiser/$(SERVICE):$(VERSION)
endif
{
"target": {
"url": "http://dvwa/",
"ip": "dvwa"
"url": ""
},
"config": {
"w3af": {
......@@ -9,9 +8,6 @@
},
"zap": {
"profile": "basic"
},
"nmap": {
"profile": "basic_discovery"
}
}
}
......@@ -73,7 +73,7 @@ def main():
target = os.environ.get('TARGET')
if target is None:
raise UndefinedTargetException()
config = load_config("/service/config-example.json")
config = load_config("/service/basic-config.json")
config["target"]["url"] = target
with open("/root/config.json", "w") as outfile:
json.dump(config, outfile)
......
......@@ -63,9 +63,9 @@ def list_vulnerabilities(reports):
if __name__ == "__main__":
config = parse_config_file('wiser-wcs.cfg')
reports = reports_json(config['cscan_config']['cscan_output'])
print("printing vulnerabilities: ")
vulnerabilities = list_vulnerabilities(reports)
vulnerabilities_list = list()
print("printing vulnerabilities:")
for vulnerability in vulnerabilities:
print(vulnerability)
vulnerabilities_list.append(vulnerability.__dict__)
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment