From 554d064730d8c8c5a0e26bbaec1edf5df76b37d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?An=C5=BEe=20=C5=BDitnik?= <anze.zitnik@xlab.si>
Date: Thu, 19 Mar 2020 12:46:47 +0100
Subject: [PATCH] Not using config-example by default. TARGET has to be set if
 config file is not mounted. basic-config.json is used in that case.

---
 .gitlab-ci.yml                           | 5 +++--
 MANIFEST                                 | 2 +-
 Makefile                                 | 9 ++++-----
 config-example.json => basic-config.json | 6 +-----
 configure.py                             | 2 +-
 wiser-wcs-reports/main.py                | 4 ++--
 6 files changed, 12 insertions(+), 16 deletions(-)
 rename config-example.json => basic-config.json (58%)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 695f951..570b65a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -18,9 +18,9 @@ test:
     script:
     - docker network create test-genscan
     - docker run --rm -d --network=test-genscan --name dvwa vulnerables/web-dvwa
-    - cp "${CI_PROJECT_DIR}/config-example.json" /tmp/
+    - echo '{"target":{"url":"http://dvwa/","ip":"dvwa"},"config":{"w3af":{"profile":"fast_scan"},"zap":{"profile":"basic"},"nmap":{"profile":"basic_discovery"}}}' > /tmp/config-genscan.json
     - mkdir /tmp/out
-    - docker run --rm --network=test-genscan -v /tmp/config-example.json:/root/config.json -v /tmp/out:/root/out registry-gitlab.xlab.si/cyberwiser/$SERVICE:$VERSION
+    - docker run --rm --network=test-genscan -v /tmp/config-genscan.json:/root/config.json -v /tmp/out:/root/out registry-gitlab.xlab.si/cyberwiser/$SERVICE:$VERSION
     - cat /tmp/out/cscan-log.txt
     - grep -q "W3af" /tmp/out/genscan-out.json
     - grep -q "OWASP ZAP" /tmp/out/genscan-out.json
@@ -28,6 +28,7 @@ test:
     after_script:
     - docker kill dvwa || docker network rm test-genscan
     - docker network rm test-genscan
+    - rm /tmp/config-genscan.json || true
     - rm /tmp/genscan-out.json || true
     - rm -rf /tmp/out
 
diff --git a/MANIFEST b/MANIFEST
index f5fd3aa..b445243 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -1,3 +1,3 @@
-VERSION=v1.4.0
+VERSION=v1.4.1
 SERVICE=vat-genscan
 
diff --git a/Makefile b/Makefile
index c221fc9..b7846c1 100644
--- a/Makefile
+++ b/Makefile
@@ -5,8 +5,6 @@
 SERVICE = $(shell grep SERVICE MANIFEST | cut -d '=' -f2)
 VERSION = $(shell grep VERSION MANIFEST | cut -d '=' -f2)
 
-CONFIG ?= $(shell pwd)/config-example.json
-
 TEST_DIR = /tmp/test-$(SERVICE)-$(VERSION)-$(shell date +%s)/
 
 build:
@@ -16,7 +14,8 @@ test:
 	docker network create test-genscan
 	docker run --rm -d --network=test-genscan --name dvwa vulnerables/web-dvwa
 	mkdir $(TEST_DIR)
-	docker run --rm --network=test-genscan -v $(CONFIG):/root/config.json -v $(TEST_DIR):/root/out/ registry-gitlab.xlab.si/cyberwiser/$(SERVICE):$(VERSION)
+	echo '{"target":{"url":"http://dvwa/","ip":"dvwa"},"config":{"w3af":{"profile":"fast_scan"},"zap":{"profile":"basic"},"nmap":{"profile":"basic_discovery"}}}' > $(TEST_DIR)config.json
+	docker run --rm --network=test-genscan -v $(TEST_DIR)config.json:/root/config.json -v $(TEST_DIR):/root/out/ registry-gitlab.xlab.si/cyberwiser/$(SERVICE):$(VERSION)
 	docker kill dvwa
 	docker network rm test-genscan
 	grep -q "W3af" $(TEST_DIR)genscan-out.json
@@ -25,7 +24,7 @@ test:
 
 start:
 ifdef OUTPUT_DIR
-	docker run -v $(CONFIG):/root/config.json -v $(OUTPUT_DIR):/root/out/ registry-gitlab.xlab.si/cyberwiser/$(SERVICE):$(VERSION)
+	docker run -e TARGET=$(TARGET) -v $(OUTPUT_DIR):/root/out/ registry-gitlab.xlab.si/cyberwiser/$(SERVICE):$(VERSION)
 else
-	docker run -v $(CONFIG):/root/config.json registry-gitlab.xlab.si/cyberwiser/$(SERVICE):$(VERSION)
+	docker run -e TARGET=$(TARGET) registry-gitlab.xlab.si/cyberwiser/$(SERVICE):$(VERSION)
 endif
diff --git a/config-example.json b/basic-config.json
similarity index 58%
rename from config-example.json
rename to basic-config.json
index 9f61d52..83396cf 100644
--- a/config-example.json
+++ b/basic-config.json
@@ -1,7 +1,6 @@
 {
     "target": {
-        "url": "http://dvwa/",
-        "ip": "dvwa"
+        "url": ""
     },
     "config": {
         "w3af": {
@@ -9,9 +8,6 @@
         },
         "zap": {
             "profile": "basic"
-        },
-        "nmap": {
-            "profile": "basic_discovery"
         }
     }
 }
diff --git a/configure.py b/configure.py
index 6e27c98..f56f95c 100644
--- a/configure.py
+++ b/configure.py
@@ -73,7 +73,7 @@ def main():
         target = os.environ.get('TARGET')
         if target is None:
             raise UndefinedTargetException()
-        config = load_config("/service/config-example.json")
+        config = load_config("/service/basic-config.json")
         config["target"]["url"] = target
         with open("/root/config.json", "w") as outfile:
             json.dump(config, outfile)
diff --git a/wiser-wcs-reports/main.py b/wiser-wcs-reports/main.py
index 60e3d00..ad9698f 100644
--- a/wiser-wcs-reports/main.py
+++ b/wiser-wcs-reports/main.py
@@ -63,13 +63,13 @@ def list_vulnerabilities(reports):
 if __name__ == "__main__":
 	config = parse_config_file('wiser-wcs.cfg')
 	reports = reports_json(config['cscan_config']['cscan_output'])
-	print("printing vulnerabilities: ")
 	vulnerabilities = list_vulnerabilities(reports)
 	vulnerabilities_list = list()
+	print("printing vulnerabilities:")
 	for vulnerability in vulnerabilities:
 		print(vulnerability)
 		vulnerabilities_list.append(vulnerability.__dict__)
 
 	vulnerabilities_json = json.dumps({ "reports": vulnerabilities_list})
-	print("printing vulnerabilities JSON: ")
+	print("printing vulnerabilities JSON:")
 	print(vulnerabilities_json)
-- 
GitLab