secureCodeBox · J12934 · May 20, 2022 · May 12, 2022 · May 12, 2022 · May 12, 2022
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -9,11 +9,14 @@ on:
   schedule:
     - cron: "15 2 * * *" # Nightly-Build at 2:15 AM UTC
 
+# The CI runs on ubuntu-20.04; More info about the installed software is found here:
+# https://github.com/actions/virtual-environments/blob/main/images/linux/Ubuntu2004-Readme.md
+
 env:
   # ---- Language Versions ----
 
   GO_VERSION: "1.17"
-  PYTHON_VERSION: "3.9"
+  PYTHON_VERSION: "3.8.10"
   NODE_VERSION: "16"
   NPM_VERSION: "7"
 
@@ -24,7 +27,7 @@ jobs:
 
   unit-java:
     name: "Unit-Test | Java"
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     strategy:
       matrix:
         unit: ["persistence-defectdojo"]
@@ -45,7 +48,7 @@ jobs:
 
   operator:
     name: "Build | Operator"
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     strategy:
       matrix:
         component: ["operator", "lurker"]
@@ -83,7 +86,7 @@ jobs:
 
   auto-discovery-kubernetes:
     name: "AutoDiscovery | Kubernetes"
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -122,7 +125,7 @@ jobs:
 
   sdk:
     name: "Build | SDKs"
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     strategy:
       matrix:
         sdk:
@@ -154,7 +157,7 @@ jobs:
     needs:
       - sdk
       - operator
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     strategy:
       fail-fast: false
       matrix:
@@ -305,7 +308,7 @@ jobs:
     needs:
       - sdk
       - operator
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -426,7 +429,7 @@ jobs:
     name: Integration Tests Hook ${{ matrix.hook }} | k8s ${{ matrix.k8sVersion }}
     needs:
       - operator
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     strategy:
       matrix:
         k8sVersion:
@@ -560,7 +563,7 @@ jobs:
 
       # ---- Integration-Test ----
 
-      - name: Deploy ${{ matrix.unit }}
+      - name: Deploy ${{ matrix.hook }}
         working-directory: ./hooks/${{ matrix.hook }}
         run: make deploy
 

diff --git a/scanners/zap-advanced/Makefile b/scanners/zap-advanced/Makefile
@@ -37,7 +37,7 @@ deploy-with-scanner:
 		--set="scanner.image.repository=docker.io/$(IMG_NS)/$(scanner-prefix)-$(scanner)" \
 		--set="scanner.image.tag=$(IMG_TAG)"
 
-deploy-test-deps: deploy-test-dep-nginx deploy-test-dep-bodgeit deploy-test-dep-juiceshop deploy-test-dep-petstore
+deploy-test-deps: deploy-test-dep-bodgeit deploy-test-dep-juiceshop deploy-test-dep-petstore
 
 integration-tests:
 	@echo ".: 🩺 Starting integration test in kind namespace 'integration-tests'."

diff --git a/scanners/zap-advanced/integration-tests/zap-advanced.test.js b/scanners/zap-advanced/integration-tests/zap-advanced.test.js
@@ -6,22 +6,6 @@ const {scan} = require("../../helpers");
 
 jest.retryTimes(3);
 
-test(
-  "ZAP-advanced scan without config YAML against a plain 'nginx container' should only find couple findings",
-  async () => {
-    const { count } = await scan(
-      "zap-advanced-scan-nginx-demo",
-      "zap-advanced-scan",
-      ["-t", "http://nginx.demo-targets.svc"],
-      60 * 15
-    );
-
-    // There must be at least one finding
-    expect(count).toBeGreaterThanOrEqual(1);
-  },
-  60 * 16 * 1000
-);
-
 test(
   "ZAP-advanced scan without config YAML against 'bodgeit' container should only find couple findings",
   async () => {

diff --git a/scanners/zap-advanced/scanner/zapclient/configuration/zap_configuration.py b/scanners/zap-advanced/scanner/zapclient/configuration/zap_configuration.py
@@ -11,6 +11,8 @@
 import glob
 import hiyapyco
 
+from typing import List
+
 # set up logging to file - see previous section for more details
 logging.basicConfig(
     level=logging.INFO,
@@ -88,7 +90,7 @@ def get_global(self) -> collections.OrderedDict:
         return result
 
     @property
-    def get_all_contexts(self) -> list[collections.OrderedDict]:
+    def get_all_contexts(self) -> List[collections.OrderedDict]:
         return self.__config["contexts"] if "contexts" in self.__config else []
 
     def _get_active_config_from(self, configs: collections.OrderedDict, key: str):

diff --git a/scanners/zap-advanced/scanner/zapclient/context/zap_context.py b/scanners/zap-advanced/scanner/zapclient/context/zap_context.py
@@ -10,6 +10,7 @@
 import logging
 
 from zapv2 import ZAPv2
+from typing import List
 
 from .. import ZapClient
 from ..configuration import ZapConfiguration
@@ -308,7 +309,7 @@ def _get_level(self, level: str):
         logging.warn("AlertFilter configured with unknown level: '%s'. This rule will be ignored!", level)
         return None
 
-    def _configure_alert_filters(self, alert_filters: list[collections.OrderedDict], context_id: int):
+    def _configure_alert_filters(self, alert_filters: List[collections.OrderedDict], context_id: int):
         """Protected method to configure the ZAP 'Context / Alert Filters' Settings based on a given ZAP config.
 
         Parameters