Dump configuration in the results directory #227
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Crawl fail openshift (#187) * Scanners: group temporary dirs into a same parent RapidastScanner._create_temp_dir now gather all the temporary directories under a single one. Easier cleanup * ZAP: change HOME if it is not writable Firefox requires a home directory. When crawling (Ajax spider), in Openshift, Firefox is unable to start if it can't write a ~/.firefox This is an issue in Openshift, where the user is created on the fly and its home directory is '/'. In that case, create a temporary directory, and assign HOME to it. * undo pre-commit change, to run on older pythong * Updated ZAP image url with the latest one (#189) updated ZAP image url with the latest one * updated zap default image url with the latest one in ZapPodman (#190) * require pre-commit for dev (#191) * Export to Google Cloud Storage (#192) * Export to Google Cloud Storage This commit adds a new export. It re-uses the original DefectDojo export. configuration: ```yaml config: googleCloudStorage: keyFile: "<path-to-ondisk-GCS-key>" bucketName: "<bucket-name>" directory: "<optional-directory-name>" general: defectDojoExport: parameters: # values for defectdojo's import-scan endpoint ``` Note: the generic scanner hasn't been tested yet * remove test description, rephrase example comments * removed some comment refering to DeDo in GCS * reworked defectdojo data to make it optional Latest changes: Now the defectDojoExport is no longer needed: data will still be exported if either googleCloudStorage or defectDojo are set. Note: It is still possible to prevent a particular scan to be exported by setting defectDojoExport: False for that scan (e.g.: RapiDAST runs 2 scans, out of which only 1 should be exported) As explained in the README: if defectDojoExport is missing: product_name will be derived from either application.productName or application.shortName engagement_name will be RapiDAST-{product_name}-<date> * updated the ZAP path in the config template for MacOS since ZAP no longer belong to OWASP (#193) updated the path since ZAP no longer belong to OWASP * Gcs tests (#194) * [unittests] GCS export * Added unittests for exports/gcs Note/todo: ideally, it would be great to test the content of the tarball created. * [gcs unittest] added engagement and product to unittest * Readme updated (#195) readme updated: 1. separated GCS export from DefectDojo 2. removed 'OWASP' in the binary path for MacOS * [ZAP] Ajax spider requires a lot of shared memory (#196) * [ZAP] Ajax spider requires a lot of shared memory The Selenium environment set up by ZAP for the Ajax Spider requires a lot of shared memory (/dev/shm in Linux) This commit does the following: - Update the README troubleshooting section, for when the RapiDAST image is used - In Podman mode: if Ajax is used, automatically ask podman to have 2GB of shared memory - Added corresponding pytest - Fixed `find_context()`, which broke when context was not found (that should happen only in pytest) --------- Co-authored-by: Cedric Buissart <[email protected]> Co-authored-by: Jeremy Bonghwan Choi <[email protected]>
…_config_creates_destination_dir_when_config_file_not_found
ccronca
changed the title
jeremychoi
reviewed
Oct 20, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds functionality to create a redacted version of a YAML configuration file by removing sensitive information under the path
*.authentication.parameters. If a default Rapidast configuration exists, it will also be copied to the target directory.The directory where the redacted config is saved is determined by the configuration file itself, so the config must be loaded first. If loading fails, the redaction can't proceed, and the file won't be dumped to avoid exposing sensitive information.
If the config can't be dumped due to file system or parsing issues, the scan process will stop, as this signals a critical problem.