Docker updates and luanch webhook.

c31d38c9 · Aaron Weaver · a7ec9189 · c31d38c9 · c31d38c9 · c31d38c9
Commit c31d38c9 authored 7 years ago by Aaron Weaver
--- a/controller/secpipeline-config.yaml
+++ b/controller/secpipeline-config.yaml
@@ -183,7 +183,7 @@ checkmarx:
  description: "Checkmarx is a source code analysis product that allows organization to scan uncompiled code and identify vulnerabilities."
  url: https://www.checkmarx.com/technology/static-code-analysis-sca/
  documentation: https://checkmarx.atlassian.net/wiki/spaces/KC/overview
-  docker: appsecpipeline/base:1.0
+  docker: "appsecpipeline/base-tools:1.0"
  parameters:
    LOC:
      type: runtime

--- a/dockers/base/dockerfile-base-tools
+++ b/dockers/base/dockerfile-base-tools
@@ -63,6 +63,9 @@ ARG SSLLAB=1.4.0

 RUN wget -qO- https://github.com/ssllabs/ssllabs-scan/releases/download/v${SSLLAB}/ssllabs-scan_${SSLLAB}-linux64.tgz | tar xvz -C /usr/bin --strip-components=1

+########## Checkmarx Install ##########
+RUN pip install -r /usr/bin/appsecpipeline/tools/checkmarx/requirements.txt
+
 ########## Change to appsecpipeline user ##########
 USER appsecpipeline


--- a/dockers/base/dockerfile-node
+++ b/dockers/base/dockerfile-node
@@ -2,6 +2,8 @@ FROM node:9.4.0

 # ASPTAG = appsecpipeline/node:1.0

+USER root
+
 RUN apt-get update \
    && apt-get upgrade -y \
    && apt-get install -y \
@@ -11,6 +13,8 @@ RUN apt-get update \
    python-pip \
    python2.7 \
    python2.7-dev \
+    && apt-get remove python-pip -y \
+    && easy_install pip \
    && usermod -u 2000 node \
    && groupmod -g 2000 node \
    && find / /proc -prune  -group 1000 -exec chgrp -h node {} \; \
@@ -29,6 +33,9 @@ RUN npm install -g retire
 ########## Install Synk Install ##########
 RUN npm install -g snyk

+########## Change to appsecpipeline user ##########
+USER appsecpipeline
+
 ENTRYPOINT ["launch.py"]

 HEALTHCHECK --interval=1m --retries=2 --timeout=5s CMD python /usr/bin/appsecpipeline/tools/health.py
--- a/dockers/base/dockerfile-ruby
+++ b/dockers/base/dockerfile-ruby
@@ -31,6 +31,9 @@ RUN gem install wpscan
 #Update WPScanner DB
 RUN wpscan --update

+########## Change to appsecpipeline user ##########
+USER appsecpipeline
+
 ENTRYPOINT ["launch.py"]

 HEALTHCHECK --interval=1m --retries=2 --timeout=5s CMD python /usr/bin/appsecpipeline/tools/health.py
--- a/tools/checkmarx/config.yaml
+++ b/tools/checkmarx/config.yaml
@@ -9,7 +9,7 @@ checkmarx:
  description: "Checkmarx is a source code analysis product that allows organization to scan uncompiled code and identify vulnerabilities."
  url: https://www.checkmarx.com/technology/static-code-analysis-sca/
  documentation: https://checkmarx.atlassian.net/wiki/spaces/KC/overview
-  docker: "appsecpipeline/base:1.0"
+  docker: "appsecpipeline/base-tools:1.0"
  parameters:
    LOC:
      type: runtime

--- a/tools/git/config.yaml
+++ b/tools/git/config.yaml
@@ -4,7 +4,7 @@ git:
    - "Utility"
  type: "utility"
  description: "Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency."
-  docker: "appsecpipeline/base:1.0"
+  docker: "appsecpipeline/base:1.1"
  url: https://git-scm.com/
  documentation: https://git-scm.com/docs/git
  parameters:

--- a/tools/launch.py
+++ b/tools/launch.py
@@ -35,6 +35,7 @@ def getYamlConfig(toolName):
    return yamlLoc

 def getParameterAttribs(toolName, command, authFile, key):
+    toolYaml = None
    with open(authFile, 'r') as stream:
        try:
            #Tool configuration
@@ -45,16 +46,16 @@ def getParameterAttribs(toolName, command, authFile, key):

            if toolName in config:
                #Set the object to the tool yaml section
-                tool = config[toolName]
-                toolParms = tool["parameters"]
-                for parameter in toolParms:
-                    if parameter in command:
-                        command = command.replace("$" + parameter, f.decrypt(toolParms[parameter]["value"]))
+                toolYaml = config[toolName]
+                #toolParms = tool["parameters"]
+                #for parameter in toolParms:
+                #    if parameter in command:
+                #        command = command.replace("$" + parameter, f.decrypt(toolParms[parameter]["value"]))

        except yaml.YAMLError as exc:
            logging.warning(exc)

-    return command
+    return toolYaml

 #Allow for dynamic arguments to support a wide variety of tools
 #Format URL=Value, YAML Definition for substitution $URL
@@ -267,20 +268,26 @@ def executeTool(toolName, profile_run, credentialedScan, test_mode, auth=None, k
        return toolStatus

 def webhook(url, tool, toolStatus, runeveryTool, runeveryToolStatus):
-    logging.info("Launching webhook for URL: " + url)
-    logging.info("Tool" + tool)
-    logging.info("toolStatus" + str(toolStatus))
+    logging.info("Launching Webhook for URL: " + url)

    method = "POST"
    params = {}

+    if toolStatus == None:
+        toolStatus = 99 #Unknown error occured
+
    params['tool'] = tool
    params['toolStatus'] = toolStatus

    if runeveryTool:
        params['runeveryTool'] = runeveryTool
+        if runeveryToolStatus == None:
+            runeveryToolStatus = 99
        params['runeveryToolStatus'] = runeveryToolStatus

+    logging.info("Tool" + tool)
+    logging.info("toolStatus" + str(toolStatus))
+
    headers = {
        'User-Agent': 'AppSecPipeline_Container_Tool',
        'Content-Type': 'application/json',