diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index ee102aed3c..f96f4df581 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -652,6 +652,8 @@ jobs: helm -n demo-apps install unsafe-https ./demo-apps/unsafe-https/ --wait # Install bodgeit app helm -n demo-apps install bodgeit ./demo-apps/bodgeit/ --wait + # Install old-wordpress app + helm -n demo-apps install old-wordpress ./demo-apps/old-wordpress/ --wait # Install plain nginx server kubectl create deployment --image nginx:alpine nginx --namespace demo-apps kubectl expose deployment nginx --port 80 --namespace demo-apps @@ -769,6 +771,18 @@ jobs: cd tests/integration/ npx jest --ci --color scanner/sslyze.test.js + # ---- WPScan Integration Tests ---- + + - name: "WPScan Integration Tests" + run: | + kubectl -n integration-tests delete scans --all + helm -n integration-tests install wpscan ./scanners/wpscan/ \ + --set="parserImage.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/parser-wpscan" \ + --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" + cd tests/integration/ + npx jest --ci --color scanner/wpscan.test.js + + # ---- Zap Integration Tests ---- - name: "zap Integration Tests" diff --git a/scanners/wpscan/Chart.yaml b/scanners/wpscan/Chart.yaml index 9e0b9acb59..836e009f75 100644 --- a/scanners/wpscan/Chart.yaml +++ b/scanners/wpscan/Chart.yaml @@ -5,7 +5,7 @@ description: A Helm chart for the WordPress security scanner that integrates wit type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: v2.7.0-alpha1 -appVersion: latest +appVersion: 3.8.17 kubeVersion: ">=v1.11.0-0" keywords: diff --git a/scanners/wpscan/README.md b/scanners/wpscan/README.md index 3469b12459..74606dd4ec 100644 --- a/scanners/wpscan/README.md +++ b/scanners/wpscan/README.md @@ -73,7 +73,7 @@ Incompatible choices (only one of each group/s can be used): | Key | Type | Default | Description | |-----|------|---------|-------------| | image.repository | string | `"wpscanteam/wpscan"` | Container Image to run the scan | -| image.tag | string | defaults to latest because WPscan didn't offer tagged image versions | defaults to the charts appVersion | +| image.tag | string | `nil` | defaults to the charts appVersion | | parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | | parserImage.repository | string | `"docker.io/securecodebox/parser-wpscan"` | Parser image repository | | parserImage.tag | string | defaults to the charts version | Parser image tag | diff --git a/scanners/wpscan/helm2.Chart.yaml b/scanners/wpscan/helm2.Chart.yaml index 3a54d12f17..6e6efedfc4 100644 --- a/scanners/wpscan/helm2.Chart.yaml +++ b/scanners/wpscan/helm2.Chart.yaml @@ -5,7 +5,7 @@ description: A Helm chart for the WordPress security scanner that integrates wit type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: v2.7.0-alpha1 -appVersion: v3.8.15 +appVersion: 3.8.17 kubeVersion: ">=v1.11.0-0" keywords: diff --git a/scanners/wpscan/values.yaml b/scanners/wpscan/values.yaml index 2a7cec9b8c..2ed80473ec 100644 --- a/scanners/wpscan/values.yaml +++ b/scanners/wpscan/values.yaml @@ -2,8 +2,7 @@ image: # image.repository -- Container Image to run the scan repository: wpscanteam/wpscan # image.tag -- defaults to the charts appVersion - # @default -- defaults to latest because WPscan didn't offer tagged image versions - tag: latest + tag: null parserImage: # parserImage.repository -- Parser image repository diff --git a/tests/integration/scanner/wpscan.test.js b/tests/integration/scanner/wpscan.test.js new file mode 100644 index 0000000000..01e98b2ce8 --- /dev/null +++ b/tests/integration/scanner/wpscan.test.js @@ -0,0 +1,15 @@ +const {scan} = require('../helpers'); + +test( + 'WPScan should find at least 1 finding regarding the old-wordpress demo app', + async () => { + const {count} = await scan( + 'wpscan-scanner-dummy-scan', + 'wpscan', + ['--url', 'old-wordpress.demo-apps.svc'], + 90 + ); + expect(count).toBeGreaterThanOrEqual(1); + }, + 3 * 60 * 1000 +);