feat(engine_dast): new dast scanning engine. #140
Conversation
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py
Fixed
Show fixed
Hide fixed
tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py
Fixed
Show resolved
Hide resolved
tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py
Fixed
Show fixed
Hide fixed
tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py
Fixed
Show fixed
Hide fixed
tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py
Fixed
Show fixed
Hide fixed
tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py
Fixed
Show fixed
Hide fixed
|
russbelln
changed the title
russbelln
changed the title
russbelln
changed the title
Solve comments and improve engine dast unit test
Update JWT unit tests
Update nuclei tool tests
Update nuclei tool tests
test run_tool was updated
Refactor test_nuclei_tool
|
There was a problem hiding this comment.
Update the file example_remote_config_local/engine_core/ConfigTool.json with the EXTRA_TOOLS property in the ENGINE_DAST block
There was a problem hiding this comment.
Delete .gitkeep files where it is not needed
| "MESSAGE_INFO_DAST": "If you have doubts, visit https://forum.example", | ||
| "NUCLEI": { | ||
| "VERSION": "2.3.296", | ||
| "EXCLUSIONS_PATH": "/engine_dast/Exclusions.json", |
There was a problem hiding this comment.
delete EXCLUSIONS_PATH, it not used
| class ConfigTool: | ||
| def __init__(self, json_data, tool): | ||
| self.version = json_data[tool].get("VERSION") | ||
| self.exclusions_path = json_data[tool].get("EXCLUSIONS_PATH") |
There was a problem hiding this comment.
delete exclusions_path, it not used
|
|
||
| def check_install_tool(self) -> any: | ||
| command = "nuclei --version" | ||
| result = subprocess.run(command, capture_output=True, shell=True) |
There was a problem hiding this comment.
check the installation with subprocess.run( ["nuclei", "./trivy"] and handle the response with the return code.
| return 0 | ||
|
|
||
| def run_install(self): | ||
| download = subprocess.run( |
There was a problem hiding this comment.
download with requests.get and release according to platform.system()
| logger.error(f"Error downloading {self.TOOL} binary") | ||
| return -1 | ||
|
|
||
| unzip = subprocess.run( |
There was a problem hiding this comment.
instead use Utils.unzip_file
| logger.error(f"Error Unzipping {self.TOOL} binary") | ||
| return -1 | ||
|
|
||
| make_exe = subprocess.run( |
There was a problem hiding this comment.
run it only with unix operating systems
|
|
||
|
|
||
| def generate_file_from_tool(tool, result_list, rules_doc): | ||
| if tool.lower() == "nuclei": |
There was a problem hiding this comment.
nuclei not it necesary. If this is for JWT, use a generic format or SARIF to send to defect dojo
.../devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py
Show resolved
Hide resolved
Description
Checklist: