Skip to content

Migrate Zap Advanced to ZAPs new Reporting Addon #1005

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
J12934 merged 5 commits into from
Mar 3, 2022
Merged

Migrate Zap Advanced to ZAPs new Reporting Addon #1005

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
986d571
Update ZAP python client to latest release for 2.11.1
J12934 Feb 25, 2022
db0dee5
Update python version used in image
J12934 Feb 25, 2022
ffb008d
Migrate to new reporting addon
J12934 Feb 25, 2022
d795f47
Correct position of port and extraContainers
J12934 Mar 1, 2022
96bce01
Mount results volume into zap-sidecar
J12934 Mar 1, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion scanners/zap-advanced/scanner/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
#
# SPDX-License-Identifier: Apache-2.0

FROM python:3.9.0-alpine
FROM python:3.10.2-alpine
COPY . /zap-client/
RUN pip3 install -r /zap-client/requirements.txt
RUN addgroup --system --gid 1001 zap-client && adduser zap-client --system --uid 1001 --ingroup zap-client
Expand Down
4 changes: 2 additions & 2 deletions scanners/zap-advanced/scanner/requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,6 @@
#
# SPDX-License-Identifier: Apache-2.0

python-owasp-zap-v2.4==0.0.18
python-owasp-zap-v2.4==0.0.20
HiYaPyCo==0.4.16
MarkupSafe==2.0.1
MarkupSafe==2.0.1
59 changes: 24 additions & 35 deletions scanners/zap-advanced/scanner/zapclient/zap_automation.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -143,45 +143,34 @@ def __start_scanner(self, target: str):
# Search for the corresponding context based on the given targetUrl which should correspond to defined the spider url
self.__zap_scanner.start_scan_by_url(target)

def get_report_template_for_file_type(self, file_type: str):
if file_type == "XML":
return "traditional-xml"
elif file_type == "JSON":
return "traditional-json"
elif file_type == "HTML":
return "traditional-html"
elif file_type == "MD":
return "traditional-md"
else:
raise RuntimeError(
"Report file type: '" + file_type + "' hasn't been implemented. Available: XML, JSON, HTML or MD")

def generate_report_file(self, file_path: str, report_type: str):
# To retrieve ZAP report in XML or HTML format
logging.info("Creating a new ZAP Report file with type '%s' at location: '%s'", report_type, file_path)

# To retrieve ZAP report in XML or HTML format
logging.info('Creating a new ZAP Report with type %s', report_type)
if report_type is None or report_type == "XML":
# Save the XML report (default)
self.__write_report(
self.__zap.core.xmlreport(),
file_path,
"xml"
)
if report_type is None or report_type == "HTML":
# Get the HTML report
self.__write_report(
self.__zap.core.htmlreport(),
file_path,
"html"
)
if report_type is None or report_type == "JSON":
# Get the JSON report
self.__write_report(
self.__zap.core.jsonreport(),
file_path,
"json"
)
if report_type is None or report_type == "MD":
# Get the Markdown report
self.__write_report(
self.__zap.core.mdreport(),
file_path,
"md"
)

def __write_report(self, report, file_path:str, filetype:str):
Path(file_path).mkdir(parents=True, exist_ok=True)
with open(f'{file_path}/zap-results.{filetype}', mode='w') as f:
f.write(report)
if report_type is None:
report_type = "XML"

report_file = "zap-results." + report_type.lower()
self.__zap.reports.generate(
title="ZAP Report",
template=self.get_report_template_for_file_type(report_type),
reportdir=file_path,
contexts=self.__config.get_active_context_config["name"],
reportfilename=report_file
)

def wait_for_zap_start(self, timeout_in_secs = 600):
version = None
Expand Down
15 changes: 10 additions & 5 deletions scanners/zap-advanced/templates/zap-advanced-scan-type.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ metadata:
spec:
extractResults:
type: zap-advanced-xml
location: "/home/securecodebox/results/zap-results.xml"
location: "/home/securecodebox/zap-results.xml"
jobTemplate:
spec:
{{- if .Values.scanner.ttlSecondsAfterFinished }}
Expand Down Expand Up @@ -65,7 +65,7 @@ spec:
- "--config-folder"
- "/home/securecodebox/configs/"
- "--output-folder"
- "/home/securecodebox/results/"
- "/home/securecodebox/"
resources:
{{- toYaml .Values.scanner.resources | nindent 16 }}
securityContext:
Expand Down Expand Up @@ -111,11 +111,16 @@ spec:
envFrom:
{{- toYaml .Values.zapContainer.envFrom | nindent 16 }}
volumeMounts:
- mountPath: /home/securecodebox/
name: scan-results
readOnly: false
{{ if .Values.zapContainer.extraVolumeMounts }}
{{- toYaml .Values.zapContainer.extraVolumeMounts | nindent 16 }}
{{- if .Values.zapContainer.extraContainers }}
{{- toYaml .Values.zapContainer.extraContainers | nindent 12 }}
{{- end }}
{{- end }}
ports:
- containerPort: 8080
{{- if .Values.zapContainer.extraContainers }}
{{- toYaml .Values.zapContainer.extraContainers | nindent 12 }}
{{- end }}
volumes:
{{- toYaml .Values.scanner.extraVolumes | nindent 12 }}