From 3426a2c4f757b70a114c768abbffb4fed4f5b433 Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Mon, 12 Apr 2021 23:17:06 +0200 Subject: [PATCH 1/5] Upgraded to newest wpscan version WIP. --- scanners/wpscan/Chart.yaml | 2 +- scanners/wpscan/helm2.Chart.yaml | 2 +- scanners/wpscan/values.yaml | 3 +-- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/scanners/wpscan/Chart.yaml b/scanners/wpscan/Chart.yaml index dfa30c56f0..50bb4abf5f 100644 --- a/scanners/wpscan/Chart.yaml +++ b/scanners/wpscan/Chart.yaml @@ -5,7 +5,7 @@ description: A Helm chart for the WordPress security scanner that integrates wit type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: v2.6.0-alpha1 -appVersion: latest +appVersion: 3.8.17 kubeVersion: ">=v1.11.0-0" keywords: diff --git a/scanners/wpscan/helm2.Chart.yaml b/scanners/wpscan/helm2.Chart.yaml index 051984703a..f77225b2cf 100644 --- a/scanners/wpscan/helm2.Chart.yaml +++ b/scanners/wpscan/helm2.Chart.yaml @@ -5,7 +5,7 @@ description: A Helm chart for the WordPress security scanner that integrates wit type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: v2.6.0-alpha1 -appVersion: v3.8.15 +appVersion: 3.8.17 kubeVersion: ">=v1.11.0-0" keywords: diff --git a/scanners/wpscan/values.yaml b/scanners/wpscan/values.yaml index 2a7cec9b8c..2ed80473ec 100644 --- a/scanners/wpscan/values.yaml +++ b/scanners/wpscan/values.yaml @@ -2,8 +2,7 @@ image: # image.repository -- Container Image to run the scan repository: wpscanteam/wpscan # image.tag -- defaults to the charts appVersion - # @default -- defaults to latest because WPscan didn't offer tagged image versions - tag: latest + tag: null parserImage: # parserImage.repository -- Parser image repository From 910b18b82cc3f1fea960f9a9a970b3c32a201194 Mon Sep 17 00:00:00 2001 From: rseedorff Date: Mon, 12 Apr 2021 21:17:34 +0000 Subject: [PATCH 2/5] Updating Helm Docs --- scanners/wpscan/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scanners/wpscan/README.md b/scanners/wpscan/README.md index 3469b12459..74606dd4ec 100644 --- a/scanners/wpscan/README.md +++ b/scanners/wpscan/README.md @@ -73,7 +73,7 @@ Incompatible choices (only one of each group/s can be used): | Key | Type | Default | Description | |-----|------|---------|-------------| | image.repository | string | `"wpscanteam/wpscan"` | Container Image to run the scan | -| image.tag | string | defaults to latest because WPscan didn't offer tagged image versions | defaults to the charts appVersion | +| image.tag | string | `nil` | defaults to the charts appVersion | | parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | | parserImage.repository | string | `"docker.io/securecodebox/parser-wpscan"` | Parser image repository | | parserImage.tag | string | defaults to the charts version | Parser image tag | From caee6396275e2250ef29e2a6708a18d030a25f86 Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Fri, 16 Apr 2021 01:13:57 +0200 Subject: [PATCH 3/5] Added WPScan End-2-End test. --- .github/workflows/ci.yaml | 14 ++++++++++++++ tests/integration/scanner/wpscan.test.js | 18 ++++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 tests/integration/scanner/wpscan.test.js diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 0216a0128e..7f7cf06453 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -652,6 +652,8 @@ jobs: helm -n demo-apps install unsafe-https ./demo-apps/unsafe-https/ --wait # Install bodgeit app helm -n demo-apps install bodgeit ./demo-apps/bodgeit/ --wait + # Install old-wordpress app + helm -n demo-apps install old-wordpress ./demo-apps/old-wordpress/ --wait # Install plain nginx server kubectl create deployment --image nginx:alpine nginx --namespace demo-apps kubectl expose deployment nginx --port 80 --namespace demo-apps @@ -756,6 +758,18 @@ jobs: cd tests/integration/ npx jest --ci --color scanner/sslyze.test.js + # ---- WPScan Integration Tests ---- + + - name: "WPScan Integration Tests" + run: | + kubectl -n integration-tests delete scans --all + helm -n integration-tests install wpscan ./scanners/wpscan/ \ + --set="parserImage.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/parser-wpscan" \ + --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" + cd tests/integration/ + npx jest --ci --color scanner/wpscan.test.js + + # ---- Zap Integration Tests ---- - name: "zap Integration Tests" diff --git a/tests/integration/scanner/wpscan.test.js b/tests/integration/scanner/wpscan.test.js new file mode 100644 index 0000000000..302f04802b --- /dev/null +++ b/tests/integration/scanner/wpscan.test.js @@ -0,0 +1,18 @@ +const {scan} = require('../helpers'); + +test( + 'gitleaks should find at least 1 repository in the GitHub secureCodeBox organisation', + async () => { + // This integration tests runs about 30min because of the GitHub Public API call rate limit. + // If you want to speed up you need to add an valid access token like: ['--git-type', 'github', '--organization', 'secureCodeBox', '--access-token', '23476VALID2345TOKEN'], + const {count} = await scan( + 'wpscan-scanner-dummy-scan', + 'wpscan', + ['--url', 'old-wordpress.demo-apps.svc'], + 90 + ); + // There must be >= 28 Repositories found in the GitHub secureCodeBox organisation. + expect(count).toBeGreaterThanOrEqual(1); + }, + 3 * 60 * 1000 +); From f38a96244da49189c9202a6ddfe44d5fac47e2bc Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Fri, 16 Apr 2021 01:34:51 +0200 Subject: [PATCH 4/5] Fixed WPScan e-2-e test name --- tests/integration/scanner/wpscan.test.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/scanner/wpscan.test.js b/tests/integration/scanner/wpscan.test.js index 302f04802b..48310fa2d0 100644 --- a/tests/integration/scanner/wpscan.test.js +++ b/tests/integration/scanner/wpscan.test.js @@ -1,7 +1,7 @@ const {scan} = require('../helpers'); test( - 'gitleaks should find at least 1 repository in the GitHub secureCodeBox organisation', + 'WPScan should find at least 1 finding regarding the old-wordpress demo app', async () => { // This integration tests runs about 30min because of the GitHub Public API call rate limit. // If you want to speed up you need to add an valid access token like: ['--git-type', 'github', '--organization', 'secureCodeBox', '--access-token', '23476VALID2345TOKEN'], From 2bbcfc2a90da2add263bbad6f3b50d275d79b1f5 Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Fri, 16 Apr 2021 10:59:08 +0200 Subject: [PATCH 5/5] Removed wrong comments --- tests/integration/scanner/wpscan.test.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/integration/scanner/wpscan.test.js b/tests/integration/scanner/wpscan.test.js index 48310fa2d0..01e98b2ce8 100644 --- a/tests/integration/scanner/wpscan.test.js +++ b/tests/integration/scanner/wpscan.test.js @@ -3,15 +3,12 @@ const {scan} = require('../helpers'); test( 'WPScan should find at least 1 finding regarding the old-wordpress demo app', async () => { - // This integration tests runs about 30min because of the GitHub Public API call rate limit. - // If you want to speed up you need to add an valid access token like: ['--git-type', 'github', '--organization', 'secureCodeBox', '--access-token', '23476VALID2345TOKEN'], const {count} = await scan( 'wpscan-scanner-dummy-scan', 'wpscan', ['--url', 'old-wordpress.demo-apps.svc'], 90 ); - // There must be >= 28 Repositories found in the GitHub secureCodeBox organisation. expect(count).toBeGreaterThanOrEqual(1); }, 3 * 60 * 1000