From c31d38c9fd03f96b6761997c724f9c228e70eef4 Mon Sep 17 00:00:00 2001
From: Aaron Weaver <aaronweaver@users.noreply.github.com>
Date: Tue, 6 Feb 2018 15:43:02 -0500
Subject: [PATCH] Docker updates and luanch webhook.
---
controller/secpipeline-config.yaml | 2 +-
dockers/base/dockerfile-base-tools | 3 +++
dockers/base/dockerfile-node | 9 ++++++++-
dockers/base/dockerfile-ruby | 3 +++
tools/checkmarx/config.yaml | 2 +-
tools/git/config.yaml | 2 +-
tools/launch.py | 25 ++++++++++++++++---------
7 files changed, 33 insertions(+), 13 deletions(-)
diff --git a/controller/secpipeline-config.yaml b/controller/secpipeline-config.yaml
index a39ff3d..2fa50fc 100644
--- a/controller/secpipeline-config.yaml
+++ b/controller/secpipeline-config.yaml
@@ -183,7 +183,7 @@ checkmarx:
description: "Checkmarx is a source code analysis product that allows organization to scan uncompiled code and identify vulnerabilities."
url: https://www.checkmarx.com/technology/static-code-analysis-sca/
documentation: https://checkmarx.atlassian.net/wiki/spaces/KC/overview
- docker: appsecpipeline/base:1.0
+ docker: "appsecpipeline/base-tools:1.0"
parameters:
LOC:
type: runtime
diff --git a/dockers/base/dockerfile-base-tools b/dockers/base/dockerfile-base-tools
index 20847c5..2e0e134 100644
--- a/dockers/base/dockerfile-base-tools
+++ b/dockers/base/dockerfile-base-tools
@@ -63,6 +63,9 @@ ARG SSLLAB=1.4.0
RUN wget -qO- https://github.com/ssllabs/ssllabs-scan/releases/download/v${SSLLAB}/ssllabs-scan_${SSLLAB}-linux64.tgz | tar xvz -C /usr/bin --strip-components=1
+########## Checkmarx Install ##########
+RUN pip install -r /usr/bin/appsecpipeline/tools/checkmarx/requirements.txt
+
########## Change to appsecpipeline user ##########
USER appsecpipeline
diff --git a/dockers/base/dockerfile-node b/dockers/base/dockerfile-node
index 50b1316..5a667a5 100644
--- a/dockers/base/dockerfile-node
+++ b/dockers/base/dockerfile-node
@@ -2,6 +2,8 @@ FROM node:9.4.0
# ASPTAG = appsecpipeline/node:1.0
+USER root
+
RUN apt-get update \
&& apt-get upgrade -y \
&& apt-get install -y \
@@ -11,6 +13,8 @@ RUN apt-get update \
python-pip \
python2.7 \
python2.7-dev \
+ && apt-get remove python-pip -y \
+ && easy_install pip \
&& usermod -u 2000 node \
&& groupmod -g 2000 node \
&& find / /proc -prune -group 1000 -exec chgrp -h node {} \; \
@@ -22,13 +26,16 @@ COPY dockers/base/setupdocker.sh /tmp
ENV PATH="/usr/bin/appsecpipeline/tools:${PATH}"
RUN sh /tmp/setupdocker.sh
RUN rm /tmp/setupdocker.sh
-
+
########## Retire.js Install ##########
RUN npm install -g retire
########## Install Synk Install ##########
RUN npm install -g snyk
+########## Change to appsecpipeline user ##########
+USER appsecpipeline
+
ENTRYPOINT ["launch.py"]
HEALTHCHECK --interval=1m --retries=2 --timeout=5s CMD python /usr/bin/appsecpipeline/tools/health.py
diff --git a/dockers/base/dockerfile-ruby b/dockers/base/dockerfile-ruby
index f2dfa2d..521a658 100644
--- a/dockers/base/dockerfile-ruby
+++ b/dockers/base/dockerfile-ruby
@@ -31,6 +31,9 @@ RUN gem install wpscan
#Update WPScanner DB
RUN wpscan --update
+########## Change to appsecpipeline user ##########
+USER appsecpipeline
+
ENTRYPOINT ["launch.py"]
HEALTHCHECK --interval=1m --retries=2 --timeout=5s CMD python /usr/bin/appsecpipeline/tools/health.py
diff --git a/tools/checkmarx/config.yaml b/tools/checkmarx/config.yaml
index e08eec8..affa826 100644
--- a/tools/checkmarx/config.yaml
+++ b/tools/checkmarx/config.yaml
@@ -9,7 +9,7 @@ checkmarx:
description: "Checkmarx is a source code analysis product that allows organization to scan uncompiled code and identify vulnerabilities."
url: https://www.checkmarx.com/technology/static-code-analysis-sca/
documentation: https://checkmarx.atlassian.net/wiki/spaces/KC/overview
- docker: "appsecpipeline/base:1.0"
+ docker: "appsecpipeline/base-tools:1.0"
parameters:
LOC:
type: runtime
diff --git a/tools/git/config.yaml b/tools/git/config.yaml
index e938ff5..c2cb238 100644
--- a/tools/git/config.yaml
+++ b/tools/git/config.yaml
@@ -4,7 +4,7 @@ git:
- "Utility"
type: "utility"
description: "Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency."
- docker: "appsecpipeline/base:1.0"
+ docker: "appsecpipeline/base:1.1"
url: https://git-scm.com/
documentation: https://git-scm.com/docs/git
parameters:
diff --git a/tools/launch.py b/tools/launch.py
index c9dadc2..ed5689b 100644
--- a/tools/launch.py
+++ b/tools/launch.py
@@ -35,6 +35,7 @@ def getYamlConfig(toolName):
return yamlLoc
def getParameterAttribs(toolName, command, authFile, key):
+ toolYaml = None
with open(authFile, 'r') as stream:
try:
#Tool configuration
@@ -45,16 +46,16 @@ def getParameterAttribs(toolName, command, authFile, key):
if toolName in config:
#Set the object to the tool yaml section
- tool = config[toolName]
- toolParms = tool["parameters"]
- for parameter in toolParms:
- if parameter in command:
- command = command.replace("$" + parameter, f.decrypt(toolParms[parameter]["value"]))
+ toolYaml = config[toolName]
+ #toolParms = tool["parameters"]
+ #for parameter in toolParms:
+ # if parameter in command:
+ # command = command.replace("$" + parameter, f.decrypt(toolParms[parameter]["value"]))
except yaml.YAMLError as exc:
logging.warning(exc)
- return command
+ return toolYaml
#Allow for dynamic arguments to support a wide variety of tools
#Format URL=Value, YAML Definition for substitution $URL
@@ -267,20 +268,26 @@ def executeTool(toolName, profile_run, credentialedScan, test_mode, auth=None, k
return toolStatus
def webhook(url, tool, toolStatus, runeveryTool, runeveryToolStatus):
- logging.info("Launching webhook for URL: " + url)
- logging.info("Tool" + tool)
- logging.info("toolStatus" + str(toolStatus))
+ logging.info("Launching Webhook for URL: " + url)
method = "POST"
params = {}
+ if toolStatus == None:
+ toolStatus = 99 #Unknown error occured
+
params['tool'] = tool
params['toolStatus'] = toolStatus
if runeveryTool:
params['runeveryTool'] = runeveryTool
+ if runeveryToolStatus == None:
+ runeveryToolStatus = 99
params['runeveryToolStatus'] = runeveryToolStatus
+ logging.info("Tool" + tool)
+ logging.info("toolStatus" + str(toolStatus))
+
headers = {
'User-Agent': 'AppSecPipeline_Container_Tool',
'Content-Type': 'application/json',
--
GitLab