Skip to content

API integration test #63

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
J12934 merged 20 commits into from
Feb 13, 2019
Merged

API integration test #63

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
a29bc47
Adds simple api test ensuring all default processes work correctly
J12934 Feb 1, 2019
f24dae5
Fixed node version
J12934 Feb 1, 2019
3451df9
Copy env file instead of moving it
J12934 Feb 1, 2019
40101e3
Added environment file for integration test
J12934 Feb 1, 2019
93fe27b
Install dependencies
J12934 Feb 1, 2019
f26fc99
Removed global setup file
J12934 Feb 1, 2019
2b3b911
Added default admin user
J12934 Feb 1, 2019
2ab8427
Add an additional sleep to test if the wait script works correctly
J12934 Feb 1, 2019
027d637
Added config to specify the admin user in env file
J12934 Feb 1, 2019
06da228
Dowgraded docker-compose file reference to support depends on conditions
J12934 Feb 1, 2019
8574153
Ensured that variables are in the right format for docker-compose
J12934 Feb 1, 2019
b455f72
Removed waiting in travis. This is handled by docker-compose conditions
J12934 Feb 1, 2019
407d5da
Run tests against latest docker tags if build refers to master
J12934 Feb 1, 2019
ec5dc9e
Corrected condition
J12934 Feb 1, 2019
1d589e7
Run tests against both develop and latest tag
J12934 Feb 1, 2019
61c2cc8
Force exit so test dont hang if failed
J12934 Feb 1, 2019
7cc799d
Disable latest tag
J12934 Feb 1, 2019
6b421b7
Removed wait-for-it script from gitignore as it isnt required anymore
J12934 Feb 1, 2019
f73b61b
Log basic docker information after failure to help debugging build fa…
J12934 Feb 1, 2019
aa3ae29
Log all container logs
J12934 Feb 1, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion .env
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,10 @@ DEFAULT_TAG=latest
# Even when they are disabled here they might still be started (depending on the way you start your compose stack)
# This flag just changes if the engine writes results into the providers
ENABLE_ELASTICSEARCH=true
ENABLE_DEFECT_DOJO=true
ENABLE_DEFECT_DOJO=true

# Admin User Configuration
# By default you will be asked to set the admin password on first login.
# It can be set automatically by filling the following env vars.
CAMUNDA_BPM_ADMIN_USER_ID=-
CAMUNDA_BPM_ADMIN_USER_PASSWORD=-
37 changes: 37 additions & 0 deletions .travis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
language: node_js
node_js:
- '10'
services:
- docker
env:
# - DEFAULT_TAG=latest
- DEFAULT_TAG=develop
script:
- cp test/.env.test .env
- docker-compose -f docker-compose.yml -f docker-compose.demo.yml up -d engine camundadb bodgeit juice-shop nginx scanner-infrastructure-nmap scanner-webapplication-arachni scanner-webapplication-zap scanner-infrastructure-amass scanner-webapplication-sslyze scanner-webserver-nikto
- cd test
- npm ci
- npm test -- --verbose --forceExit
after_failure:
- docker ps -a
- echo -en "travis_fold:start:EngineLogs\r"
- docker logs securecodebox_engine_1
- echo -en "travis_fold:end:EngineLogs\r"
- echo -en "travis_fold:start:ZapLogs\r"
- docker logs securecodebox_scanner-webapplication-zap_1
- echo -en "travis_fold:end:ZapLogs\r"
- echo -en "travis_fold:start:ArachniLogs\r"
- docker logs securecodebox_scanner-webapplication-arachni_1
- echo -en "travis_fold:end:ArachniLogs\r"
- echo -en "travis_fold:start:AmassLogs\r"
- docker logs securecodebox_scanner-infrastructure-amass_1
- echo -en "travis_fold:end:AmassLogs\r"
- echo -en "travis_fold:start:NmapLogs\r"
- docker logs securecodebox_scanner-infrastructure-nmap_1
- echo -en "travis_fold:end:NmapLogs\r"
- echo -en "travis_fold:start:SSLyzeLogs\r"
- docker logs securecodebox_scanner-webapplication-sslyze_1
- echo -en "travis_fold:end:SSLyzeLogs\r"
- echo -en "travis_fold:start:NiktoLogs\r"
- docker logs securecodebox_scanner-webserver-nikto_1
- echo -en "travis_fold:end:NiktoLogs\r"
2 changes: 1 addition & 1 deletion docker-compose.demo.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
version: '3'
version: '2.1'
services:
juice-shop:
image: bkimminich/juice-shop
Expand Down
23 changes: 16 additions & 7 deletions docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
version: '3'
version: '2.1'
services:
engine:
image: securecodebox/engine:${DEFAULT_TAG}
Expand Down Expand Up @@ -34,6 +34,9 @@ services:
- SECURECODEBOX_DEFAULT_CONTEXT=JuiceShop Test Scan
- SECURECODEBOX_USER_SCANNER=${ENGINE_SCANNERSERVICES_USER}
- SECURECODEBOX_USER_SCANNER_PW=${ENGINE_SCANNERSERVICES_PASSWORD}
# Admin User setup
- CAMUNDA_BPM_ADMIN-USER_ID=${CAMUNDA_BPM_ADMIN_USER_ID}
- CAMUNDA_BPM_ADMIN-USER_PASSWORD=${CAMUNDA_BPM_ADMIN_USER_PASSWORD}
restart: on-failure:3

camundadb:
Expand All @@ -54,7 +57,8 @@ services:
scanner-infrastructure-nmap:
image: securecodebox/nmap:${DEFAULT_TAG}
depends_on:
- engine
engine:
condition: service_healthy
networks:
- frontend
labels:
Expand All @@ -67,7 +71,8 @@ services:
scanner-webserver-nikto:
image: securecodebox/nikto:${DEFAULT_TAG}
depends_on:
- engine
engine:
condition: service_healthy
networks:
- frontend
labels:
Expand All @@ -80,7 +85,8 @@ services:
scanner-webapplication-zap:
image: securecodebox/zap:${DEFAULT_TAG}
depends_on:
- engine
engine:
condition: service_healthy
networks:
- frontend
labels:
Expand All @@ -94,7 +100,8 @@ services:
scanner-webapplication-sslyze:
image: securecodebox/sslyze:${DEFAULT_TAG}
depends_on:
- engine
engine:
condition: service_healthy
networks:
- frontend
labels:
Expand All @@ -107,7 +114,8 @@ services:
scanner-webapplication-arachni:
image: securecodebox/arachni:${DEFAULT_TAG}
depends_on:
- engine
engine:
condition: service_healthy
networks:
- frontend
labels:
Expand All @@ -122,7 +130,8 @@ services:
scanner-infrastructure-amass:
image: securecodebox/amass:${DEFAULT_TAG}
depends_on:
- engine
engine:
condition: service_healthy
networks:
- frontend
labels:
Expand Down
24 changes: 24 additions & 0 deletions test/.env.test
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
CAMUNDADB_DATABASE=camundadb
CAMUNDADB_ROOT_PW=root
CAMUNDADB_USER=camunda
CAMUNDADB_PW=secret

ENGINE_SCANNERSERVICES_USER=defaultScanner
ENGINE_SCANNERSERVICES_PASSWORD=scan

DEFECT_DOJO_API_KEY=your-defect-dojo-api-key-here

# Default Image Tag. Latest will always be the most recent stable release.
DEFAULT_TAG=develop

# Enabling the Persistence Providers inside then Engine Container
# Even when they are disabled here they might still be started (depending on the way you start your compose stack)
# This flag just changes if the engine writes results into the providers
ENABLE_ELASTICSEARCH=false
ENABLE_DEFECT_DOJO=false

# Admin User Configuration
# By default you will be asked to set the admin password on first login.
# It can be set automatically by filling the following env vars.
CAMUNDA_BPM_ADMIN_USER_ID=kermit
CAMUNDA_BPM_ADMIN_USER_PASSWORD=a
1 change: 1 addition & 0 deletions test/.gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
node_modules/
32 changes: 32 additions & 0 deletions test/amass.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
const { startSecurityTest, Time } = require('./sdk');

test(
'finds subdomains for securecodebox.io',
async () => {
const securityTest = await startSecurityTest({
context: 'securecodebox.io subdomains',
metaData: {},
name: 'amass',
target: {
name: 'securecodebox.io',
location: 'securecodebox.io',
attributes: {},
},
});

const {
report: { findings },
} = securityTest;

// Should find at least a couple of subdomains
expect(findings.length).toBeGreaterThan(5);

// Should all end on "*.securecodebox.io"
for (const finding of findings) {
expect(finding.location).toEqual(
expect.stringMatching(/.*\.securecodebox.io$/)
);
}
},
5 * Time.Minute
);
40 changes: 40 additions & 0 deletions test/arachni.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
const { startSecurityTest, Time } = require('./sdk');

test(
'finds a few findings for a bare nginx container',
async () => {
const securityTest = await startSecurityTest({
context: 'nginx bare',
metaData: {},
name: 'arachni',
target: {
name: 'nginx bare',
location: 'http://nginx',
attributes: {},
},
});

const { report } = securityTest;

const findings = report.findings.map(({ name, category, severity }) => ({
name,
category,
severity,
}));

expect(findings).toContainEqual({
name: "Missing 'X-Frame-Options' header",
category: 'Missing X-Frame-Options header',
severity: 'LOW',
});

expect(findings).toContainEqual({
name: 'Interesting response',
category: 'Interesting responses',
severity: 'INFORMATIONAL',
});

expect(findings.length).toEqual(2);
},
5 * Time.Minute
);
30 changes: 30 additions & 0 deletions test/nikto.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
const { startSecurityTest, Time } = require('./sdk');

test.skip(
'finds a few findings for juice-shop',
async () => {
const securityTest = await startSecurityTest({
context: 'bodgeit webserver',
metaData: {},
name: 'nikto',
target: {
name: 'BodgeIt',
location: 'bodgeit',
attributes: {
NIKTO_PORTS: '8080',
},
},
});

const { report } = securityTest;

const findings = report.findings.map(({ name, category, severity }) => ({
name,
category,
severity,
}));

console.log(report.findings);
},
5 * Time.Minute
);
84 changes: 84 additions & 0 deletions test/nmap.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
const { startSecurityTest, Time } = require('./sdk');

test(
'finds open 3000 port of juiceshop',
async () => {
const securityTest = await startSecurityTest({
context: 'JuiceShopPortScan',
metaData: {},
name: 'nmap',
target: {
name: 'JuiceShop Container',
location: 'juice-shop',
attributes: {
NMAP_PARAMETER: '-Pn',
},
},
});

const { report } = securityTest;

const findings = report.findings.map(
({ description, category, name, osi_layer, severity }) => ({
description,
category,
name,
osi_layer,
severity,
})
);

expect(findings).toContainEqual({
description: 'Port 3000 is open using tcp protocol.',
category: 'Open Port',
name: 'ppp',
osi_layer: 'NETWORK',
severity: 'INFORMATIONAL',
});

expect(findings.length).toBe(1);
},
1 * Time.Minute
);

test(
'finds 3 open ports of bodgeit',
async () => {
const securityTest = await startSecurityTest({
context: 'BodgeItPortScan',
metaData: {},
name: 'nmap',
target: {
name: 'BodgeIt Container',
location: 'bodgeit',
attributes: {
NMAP_PARAMETER: '-Pn',
},
},
});

const { report } = securityTest;
const [finding1, finding2, finding3, ...otherFindings] = report.findings;

expect(finding1).toMatchObject({
description: 'Port 8009 is open using tcp protocol.',
category: 'Open Port',
severity: 'INFORMATIONAL',
});

expect(finding2).toMatchObject({
description: 'Port 8080 is open using tcp protocol.',
category: 'Open Port',
severity: 'INFORMATIONAL',
});

expect(finding3).toMatchObject({
description: 'Port 8443 is open using tcp protocol.',
category: 'Open Port',
severity: 'INFORMATIONAL',
});

expect(otherFindings).toEqual([]);
},
1 * Time.Minute
);
Loading