secureCodeBox · J12934 · Apr 19, 2021 · Mar 8, 2021 · Mar 8, 2021 · Mar 8, 2021
diff --git a/.codeclimate.yml b/.codeclimate.yml
@@ -41,6 +41,7 @@ exclude_patterns:
   - "**/*_test.go"
   - "**/*.deepcopy.go"
   - "**/*.test.js"
+  - "**/*.test.ts"
   - "**/*.d.ts"
   # Auto Generated by kubernetes java client
   - "**/hooks/persistence-defectdojo/src/main/java/io/securecodebox/models/"
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -14,25 +14,25 @@ env:
 
 jobs:
   # ---- Unit-Test ----
-  
+
   # ---- Unit-Test | Java ----
-  
+
   unit-java:
     name: "Unit-Test | Java"
     runs-on: ubuntu-latest
     strategy:
       matrix:
         unit: ["persistence-defectdojo"]
     steps:
-    - uses: actions/checkout@v2
-    - uses: actions/setup-java@v1
-      with:
-        java-version: '11' # The JDK version to make available on the path.
-        java-package: jdk # (jre, jdk, or jdk+fx) - defaults to jdk
-        architecture: x64 # (x64 or x86) - defaults to x64
-    - run: |
-        cd hooks/${{ matrix.unit }}/
-        ./gradlew test
+      - uses: actions/checkout@v2
+      - uses: actions/setup-java@v1
+        with:
+          java-version: "11" # The JDK version to make available on the path.
+          java-package: jdk # (jre, jdk, or jdk+fx) - defaults to jdk
+          architecture: x64 # (x64 or x86) - defaults to x64
+      - run: |
+          cd hooks/${{ matrix.unit }}/
+          ./gradlew test
 
   # ---- Unit-Test | Python ----
 
@@ -227,6 +227,7 @@ jobs:
           - declarative-subsequent-scans
           - finding-post-processing
           - generic-webhook
+          - notification-hook
           - persistence-elastic
           - persistence-defectdojo
           - update-field
@@ -414,9 +415,9 @@ jobs:
     strategy:
       matrix:
         scanner:
-        - git-repo-scanner
-        - screenshooter
-        - test-scan
+          - git-repo-scanner
+          - screenshooter
+          - test-scan
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -544,10 +545,10 @@ jobs:
     strategy:
       matrix:
         k8sVersion:
-        - 1.20.0
-        - 1.19.4
-        - 1.18.8
-        - 1.17.11
+          - 1.20.0
+          - 1.19.4
+          - 1.18.8
+          - 1.17.11
     steps:
       - uses: actions/checkout@master
       - name: "Start kind cluster"
@@ -749,6 +750,25 @@ jobs:
           cd tests/integration/
           npx jest --ci --color scanner/nmap.test.js
 
+      # ---- Notification Hook Tests ----
+
+      - name: "Notification Hook Tests"
+        run: |
+          helm -n integration-tests install test-scan ./scanners/test-scan/ \
+            --set="image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/scanner-test-scan" \
+            --set="parserImage.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/parser-test-scan" \
+            --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" \
+            --set="image.tag=sha-$(git rev-parse --short HEAD)"
+          helm -n integration-tests install http-webhook ./demo-apps/http-webhook --wait
+
+          helm -n integration-tests install notification-hook ./hooks/notification-hook --values tests/integration/hooks/__testFiles__/notification-hook-values.yaml \
+            --set="image.repository=docker.io/${{env.DOCKER_NAMESPACE }}/notification-hook" \
+            --set="image.tag=sha-$(git rev-parse --short HEAD)"
+
+          cd tests/integration/
+          npx jest --ci --color ./hooks/notification-hook.test.js
+          helm -n integration-tests uninstall test-scan http-webhook notification-hook
+
       # ---- SSH_SCAN Integration Tests ----
 
       - name: "ssh-scan Integration Tests"

diff --git a/hooks/generic-webhook/__mocks__/axios.js b/hooks/generic-webhook/__mocks__/axios.js
diff --git a/hooks/generic-webhook/hook.js b/hooks/generic-webhook/hook.js
@@ -1,9 +1,9 @@
-const axios = require("axios");
 
 async function handle({
   getFindings,
   scan,
   webhookUrl = process.env["WEBHOOK_URL"],
+  axios = require('axios')
 }) {
   const findings = await getFindings();
 
@@ -12,4 +12,3 @@ async function handle({
   await axios.post(webhookUrl, { scan, findings });
 }
 module.exports.handle = handle;
-module.exports.axios = axios;
diff --git a/hooks/generic-webhook/hook.test.js b/hooks/generic-webhook/hook.test.js
@@ -1,7 +1,8 @@
-const { handle, axios } = require("./hook");
+const { handle } = require("./hook");
+const axios = jest.createMockFromModule('axios')
 
 beforeEach(() => {
-  axios.post.mockClear();
+  jest.clearAllMocks();
 });
 
 test("should send a post request to the url when fired", async () => {
@@ -25,7 +26,7 @@ test("should send a post request to the url when fired", async () => {
 
   const webhookUrl = "http://example.com/foo/bar";
 
-  await handle({ getFindings, scan, webhookUrl });
+  await handle({ getFindings, scan, webhookUrl, axios });
 
   expect(axios.post).toBeCalledWith(webhookUrl, {
     scan,

diff --git a/hooks/jest.config.js b/hooks/jest.config.js
@@ -0,0 +1,4 @@
+module.exports = {
+  preset: 'ts-jest',
+  testEnvironment: 'node',
+}
diff --git a/hooks/notification-hook/.dockerignore b/hooks/notification-hook/.dockerignore
@@ -0,0 +1,2 @@
+node_modules/
+
diff --git a/hooks/notification-hook/.gitignore b/hooks/notification-hook/.gitignore
@@ -0,0 +1,2 @@
+node_modules
+
diff --git a/hooks/notification-hook/.helmignore b/hooks/notification-hook/.helmignore
@@ -0,0 +1,31 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# Node.js files
+node_modules/*
+package.json
+package-lock.json
+src/*
+config/*
+Dockerfile
+.dockerignore
+
diff --git a/hooks/notification-hook/Chart.lock b/hooks/notification-hook/Chart.lock
@@ -0,0 +1,3 @@
+dependencies: []
+digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
+generated: "2020-05-26T16:56:03.119255+02:00"
diff --git a/hooks/notification-hook/Chart.yaml b/hooks/notification-hook/Chart.yaml
@@ -0,0 +1,24 @@
+# Copyright 2020 iteratec GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+name: notification-hook
+description: Lets you send a findings result summary as hook to MS Teams, Slack, e-mail and others after a scan is completed.
+type: application
+
+# version - gets automatically set to the secureCodeBox release version when the helm charts gets published
+version: v2.7.0-alpha1
+kubeVersion: ">=v1.11.0-0"
+
+dependencies: []
diff --git a/hooks/notification-hook/Dockerfile b/hooks/notification-hook/Dockerfile
@@ -0,0 +1,34 @@
+# Copyright 2020 iteratec GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ARG namespace
+ARG baseImageTag
+FROM node:12-alpine as install
+RUN mkdir -p /home/app
+WORKDIR /home/app
+COPY package.json package-lock.json ./
+RUN npm ci --production
+
+FROM node:12-alpine as build
+RUN mkdir -p /home/app
+WORKDIR /home/app
+COPY package.json package-lock.json ./
+RUN npm ci
+COPY ./ ./
+RUN npm run build && rm -rf node_modules
+
+FROM ${namespace:-securecodebox}/hook-sdk-nodejs:${baseImageTag:-latest}
+WORKDIR /home/app/hook-wrapper/hook/
+COPY --from=install --chown=app:app /home/app/node_modules/ ./node_modules/
+COPY --from=build --chown=app:app /home/app/ ./
diff --git a/hooks/notification-hook/Notifier.ts b/hooks/notification-hook/Notifier.ts
@@ -0,0 +1,8 @@
+import { Finding } from "./model/Finding"
+
+export interface Notifier {
+  /**
+   * Sends a Notification Message to the desired End-Point (e.g. Slack or MS Teams) 
+   */
+  sendMessage(): Promise<void>
+}
diff --git a/hooks/notification-hook/NotifierFactory.test.ts b/hooks/notification-hook/NotifierFactory.test.ts
@@ -0,0 +1,89 @@
+import { Finding } from "./model/Finding";
+import { NotificationChannel } from "./model/NotificationChannel";
+import { Scan } from "./model/Scan";
+import { NotifierFactory } from "./NotifierFactory"
+import { SlackNotifier } from "./Notifiers/SlackNotifier";
+import { NotifierType } from "./NotifierType";
+
+const finding: Finding = {
+  name: "test finding",
+  location: "hostname",
+  category: "Open Port",
+  severity: "high",
+  osi_layer: "asdf",
+  attributes: new Map(),
+};
+
+const scan: Scan = {
+  metadata: {
+    uid: "09988cdf-1fc7-4f85-95ee-1b1d65dbc7cc",
+    name: "demo-scan-1601086432",
+    namespace: "my-scans",
+    creationTimestamp: new Date("2021-01-01T14:29:25Z"),
+    labels: {
+      company: "iteratec",
+      "attack-surface": "external",
+    },
+  },
+  spec: {
+    scanType: "Nmap",
+    parameters: ["-Pn", "localhost"],
+  },
+  status: {
+    findingDownloadLink:
+      "https://my-secureCodeBox-instance.com/scan-b9as-sdweref--sadf-asdfsdf-dasdgf-asdffdsfa7/findings.json",
+    findings: {
+      categories: {
+        "A Client Error response code was returned by the server": 1,
+        "Information Disclosure - Sensitive Information in URL": 1,
+        "Strict-Transport-Security Header Not Set": 1,
+      },
+      count: 3,
+      severities: {
+        high: 10,
+        medium: 5,
+        low: 2,
+        informational: 1,
+      },
+    },
+    finishedAt: new Date("2020-05-25T02:38:13Z"),
+    rawResultDownloadLink:
+      "https://my-secureCodeBox-instance.com/scan-blkfsdg-sdgfsfgd-sfg-sdfg-dfsg-gfs98-e8af2172caa7/zap-results.json?Expires=1601691232",
+    rawResultFile: "zap-results.json",
+    rawResultType: "zap-json",
+    state: "Done",
+  },
+};
+
+test("Should Create Slack Notifier", async () => {
+  const chan: NotificationChannel = {
+    name: "slack",
+    type: NotifierType.SLACK,
+    template: "template",
+    rules: [],
+    endPoint: "some.endpoint"
+  }
+  const findings: Finding[] = []
+  findings.push(finding)
+  const s = NotifierFactory.create(chan, scan, findings, []);
+
+  expect(s instanceof SlackNotifier).toBe(true);
+})
+
+test("Should Create MS Teams Notifier", async () => {
+  const chan: NotificationChannel = {
+    name: "slack",
+    type: NotifierType.MS_TEAMS,
+    template: "template",
+    rules: [],
+    endPoint: "some.endpoint"
+  }
+  const findings: Finding[] = []
+  findings.push(finding)
+
+  const t = () => {
+    NotifierFactory.create(chan, scan, findings, []);
+  }
+
+  expect(t).toThrow("This Type is not Implemented :(");
+})
diff --git a/hooks/notification-hook/NotifierFactory.ts b/hooks/notification-hook/NotifierFactory.ts
@@ -0,0 +1,17 @@
+import { Notifier } from "./Notifier"
+import { NotifierType } from "./NotifierType";
+import { SlackNotifier } from "./Notifiers/SlackNotifier"
+import { NotificationChannel } from "./model/NotificationChannel";
+import { Scan } from "./model/Scan";
+import { Finding } from "./model/Finding";
+
+export class NotifierFactory {
+  static create(channel: NotificationChannel, scan: Scan, findings: Finding[], args: Object): Notifier {
+    switch (channel.type) {
+      case NotifierType.SLACK:
+        return new SlackNotifier(channel, scan, findings, args);
+      default:
+        throw new Error("This Type is not Implemented :(")
+    }
+  }
+}
diff --git a/hooks/notification-hook/NotifierType.ts b/hooks/notification-hook/NotifierType.ts
@@ -0,0 +1,4 @@
+export enum NotifierType {
+  SLACK = "slack",
+  MS_TEAMS = "ms-teams"
+}