generated from SAP/repository-template
-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
5 changed files
with
191 additions
and
19 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,62 @@ | ||
| # Time taken for 10000 requests, 1 injected decoy (replace) | ||
|
|
||
| # Configure decoys | ||
| config=' | ||
| { | ||
| "filters": [ | ||
| { | ||
| "decoy": { | ||
| "key": "admin1234" | ||
| }, | ||
| "inject": { | ||
| "store": { | ||
| "inResponse": "/robots.txt", | ||
| "withVerb": "GET", | ||
| "as": "body", | ||
| "at": { | ||
| "method": "replace", | ||
| "property": "((.|\n)*)" | ||
| } | ||
| } | ||
| } | ||
| } | ||
| ] | ||
| } | ||
| ' | ||
|
|
||
| # connect to configmanager, update /data/cad-default.json | ||
| echo "$config" | docker exec -i configmanager sh -c 'cat > /data/cad-default.json' | ||
| # wait a few seconds for the proxy to read the new config | ||
| sleep 5 | ||
|
|
||
|
|
||
| # Start timing | ||
| start_time=$(date +%s.%N) | ||
|
|
||
| # Temporary file for curl output | ||
| tempfile=$(uuidgen -r) | ||
|
|
||
| # Do relevant action(s) | ||
| for ((i=1; i<=9999; i++)); do | ||
| curl -v http://localhost:8000/robots.txt >/dev/null 2>&1 | ||
| done | ||
| # Check in the 1000th iteration that the decoy is properly injected | ||
| curl -v http://localhost:8000/robots.txt >$tempfile 2>&1 | ||
|
|
||
| # Check INJECTION (in $tempfile) | ||
| status=$(grep "admin1234" $tempfile) | ||
|
|
||
| # Output result & time | ||
| if [ -z "$status" ]; then | ||
| echo -e "\033[0;31mFAIL\033[0m" | ||
| else | ||
| echo -e "\033[0;32mPASS\033[0m" | ||
| fi | ||
|
|
||
| check_1_time=$(date +%s.%N) | ||
| execution_time=$(echo "$check_1_time - $start_time" | bc) | ||
| echo "Execution time: $execution_time seconds" | ||
|
|
||
| # Cleanup | ||
| rm $tempfile | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,23 +1,55 @@ | ||
| # check if the default config is working | ||
| # (e.g. checks that the HTTP Response header 'x-cloud-active-defense' is set) | ||
|
|
||
| tempfile=`uuidgen -r` | ||
| # Configure decoys | ||
| config=' | ||
| { | ||
| "filters": [ | ||
| { | ||
| "decoy": { | ||
| "key": "x-cloud-active-defense", | ||
| "separator": "=", | ||
| "value": "ACTIVE" | ||
| }, | ||
| "inject": { | ||
| "store": { | ||
| "inResponse": ".*", | ||
| "as": "header" | ||
| } | ||
| } | ||
| } | ||
| ] | ||
| } | ||
| ' | ||
|
|
||
| # connect to configmanager, update /data/cad-default.json | ||
| echo "$config" | docker exec -i configmanager sh -c 'cat > /data/cad-default.json' | ||
| # wait a few seconds for the proxy to read the new config | ||
| sleep 5 | ||
|
|
||
| # Start timing | ||
| start_time=$(date +%s.%N) | ||
|
|
||
| # Temporary file for curl output | ||
| tempfile=$(uuidgen -r) | ||
|
|
||
| # Do relevant action(s) | ||
| curl -v http://localhost:8000 >$tempfile 2>&1 | ||
|
|
||
| # check INJECTION (in $tempfile) | ||
| status=`grep "< x-cloud-active-defense: ACTIVE" $tempfile` | ||
| # Check INJECTION (in $tempfile) | ||
| status=$(grep "< x-cloud-active-defense: ACTIVE" $tempfile) | ||
|
|
||
| # check DETECTION (in docker logs) | ||
|
|
||
| # output result | ||
| if [ "$status" == "" ]; then | ||
| # Output result & time | ||
| if [ -z "$status" ]; then | ||
| echo -e "\033[0;31mFAIL\033[0m" | ||
| else | ||
| echo -e "\033[0;32mPASS\033[0m" | ||
| fi | ||
|
|
||
| # cleanup | ||
| check_1_time=$(date +%s.%N) | ||
| execution_time=$(echo "$check_1_time - $start_time" | bc) | ||
| echo "Execution time: $execution_time seconds" | ||
|
|
||
| # Cleanup | ||
| rm $tempfile | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,73 @@ | ||
| # TEMPLATE FOR YOUR OWN TESTS | ||
|
|
||
| # Configure decoys | ||
| config=' | ||
| { | ||
| "filters": [ | ||
| { | ||
| "decoy": { | ||
| "key": "forbidden" | ||
| }, | ||
| "detect": { | ||
| "seek": { | ||
| "inRequest": ".*", | ||
| "withVerb": "GET", | ||
| "in": "url" | ||
| }, | ||
| "alert": { | ||
| "severity": "LOW", | ||
| "whenSeen": true | ||
| } | ||
| } | ||
| } | ||
| ] | ||
| } | ||
| ' | ||
|
|
||
| # connect to configmanager, update /data/cad-default.json | ||
| echo "$config" | docker exec -i configmanager sh -c 'cat > /data/cad-default.json' | ||
| # wait a few seconds for the proxy to read the new config | ||
| sleep 5 | ||
|
|
||
|
|
||
| # Start timing | ||
| start_time=$(date +%s.%N) | ||
|
|
||
| # Temporary file for curl output | ||
| tempfile=$(uuidgen -r) | ||
|
|
||
| # Do relevant action(s) | ||
| #curl -v http://localhost:8000/ >$tempfile 2>&1 | ||
|
|
||
| # Check INJECTION (in $tempfile) | ||
| #status=$(grep "<SOMETHING>" $tempfile) | ||
|
|
||
| # Output result & time | ||
| if [ -z "$status" ]; then | ||
| echo -e "\033[0;31mFAIL\033[0m" | ||
| else | ||
| echo -e "\033[0;32mPASS\033[0m" | ||
| fi | ||
|
|
||
| check_1_time=$(date +%s.%N) | ||
| execution_time=$(echo "$check_1_time - $start_time" | bc) | ||
| echo "Execution time: $execution_time seconds" | ||
|
|
||
|
|
||
| # Check DETECTION (in docker logs) | ||
| #status=`docker-compose logs | grep '<SOMETHING>'` | ||
|
|
||
| # Output result & time | ||
| if [ -z "$status" ]; then | ||
| echo -e "\033[0;31mFAIL\033[0m" | ||
| else | ||
| echo -e "\033[0;32mPASS\033[0m" | ||
| fi | ||
|
|
||
| check_2_time=$(date +%s.%N) | ||
| execution_time=$(echo "$check_2_time - $check_2_time" | bc) | ||
| echo "Execution time: $execution_time seconds" | ||
|
|
||
| # Cleanup | ||
| rm $tempfile | ||
|
|