diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..25be194 --- /dev/null +++ b/Makefile @@ -0,0 +1,21 @@ + +image-w3af: + docker build \ + --build-arg=HTTP_PROXY=$(HTTP_PROXY) \ + --build-arg=HTTPS_PROXY=$(HTTPS_PROXY) \ + --build-arg=http_proxy=$(http_proxy) \ + --build-arg=https_proxy=$(https_proxy) \ + -t jenkins-w3af \ + ./resources/com/cadoles/w3af + +interactive-w3af: + docker run \ + -it --rm \ + -e HTTP_PROXY=$(HTTP_PROXY) \ + -e HTTPS_PROXY=$(HTTPS_PROXY) \ + -e http_proxy=$(http_proxy) \ + -e https_proxy=$(https_proxy) \ + jenkins-w3af:latest \ + /bin/sh + +.PHONY: image-w3af \ No newline at end of file diff --git a/misc/build-package-with-tamarin b/misc/build-package-with-tamarin new file mode 100755 index 0000000..694efb6 --- /dev/null +++ b/misc/build-package-with-tamarin @@ -0,0 +1,161 @@ +#!/usr/bin/env bash + +set -e + +# build-package-from-git - Job handler for Marang +# Author: Willam Petit +# +# Dependencies: +# +# - jq - https://stedolan.github.io/jq/ - apt-get install jq +# - git +# +# Arguments: +# +# - $1: Docker distribution to use for building package - Default: debian:jessie +# - $2: Limit the build for commits in this specified branch - Default: No branch limitation + +#---------Config--------- + +TAMARIN_PATH=$(readlink -f ../../tamarin) +#------------------------ + +#---------Functions--------- + +function get_payload_opt { + echo "$MARANG_PAYLOAD" | jq -r "$1" +} + +function clean_workspace { + # Clean workspace + echo "Cleaning workspace $workdir..." + rm -rf "$workdir" +} + +#--------------------------- + +# Get handlers arguments +DISTRIB=$1 +LIMIT_TO_BRANCH=$2 +OUTPUT_DIR=$3 + +# Create temporary workspace +workdir=$(mktemp -d) +cd "$workdir" +trap clean_workspace EXIT + +echo "Using workspace $workdir..." + +# Create temporary dist directory +mkdir -p "$workdir/dist" + +# Extract project info +project_name=$(get_payload_opt ".repository.name" | tr '[:upper:]' '[:lower:]') +repo_url=$(get_payload_opt ".repository.clone_url") +commit=$(get_payload_opt ".ref") + +# Fetch project sources +GIT_SSL_NO_VERIFY=true git clone "$repo_url" "$project_name" +cd "$project_name" + +# Limit the build to a specific branch if needed +if [ ! -z "$LIMIT_TO_BRANCH" ]; then + + echo "The build processus is limited to $LIMIT_TO_BRANCH..." + + git checkout "$LIMIT_TO_BRANCH" + + branches_containing_commit=$(git branch --contains $commit) + + if [[ ! "${branches_containing_commit[@]}" =~ "$LIMIT_TO_BRANCH" ]]; then + echo "The commit $commit is not part of $LIMIT_TO_BRANCH !" + clean_workspace + exit + fi + +fi + +# Checkout specified commit +git checkout "$commit" +git submodule init +git submodule update + +echo "Building package..." + +# Build on package per version +set +e +COMMIT_TAGS=$(git describe --exact-match --abbrev=0) #git tag -l --contains HEAD | grep "^pkg") +set -e +if [[ -z ${COMMIT_TAGS} ]] +then + echo "Nothing to build :" + echo " - No build build tags on last commit" + clean_workspace + exit +fi + +for tag in ${COMMIT_TAGS} +do + PACKAGE_ENV=$(echo ${tag} | cut -d '/' -f 2) + PACKAGE_DISTRIB=$(echo ${tag} | cut -d '/' -f 3) + PKGVERSION=$(echo ${tag} | cut -d '/' -f 4) + + # Setting package version + [[ -z ${PKGVERSION} ]] && PKGVERSION="NO-VERSION" + + cd ${workdir}/${project_name} + tamarinrc="${workdir}/${project_name}/.tamarinrc" + [[ ! -f ${tamarinrc} ]] && touch ${tamarinrc} + set +e + grep -q "^project_version=.*" ${tamarinrc} + if [[ ${?} -eq 0 ]] + then + sed -i -e "s/^project_version=.*/project_version=${PKGVERSION}/" ${workdir}/${project_name}/.tamarinrc + else + echo "project_version=${PKGVERSION}" > ${tamarinrc} + fi + + if [[ ${PACKAGE_ENV} =~ ^(staging|stable) ]] + then + grep -q "^no_version_suffix=.*" ${tamarinrc} + if [[ ${?} -eq 0 ]] + then + sed -i -e "s/no_version_suffix=.*/no_version_suffix=yes/" ${tamarinrc} + else + echo "no_version_suffix=yes" >> ${tamarinrc} + fi + fi + set -e + + # Build package with Tamarin for specified distrib + echo + echo "Building package with $TAMARIN_PATH/package (${tag})" + echo + "$TAMARIN_PATH/package" "$workdir/$project_name" -o "$workdir/dist" -b "$DISTRIB" + + # Copy debian packages to destination directory if arguments is specified + if [ ! -z $OUTPUT_DIR ]; then + DEST_DIR="$OUTPUT_DIR/$LIMIT_TO_BRANCH/$project_name" + mkdir -p "$DEST_DIR" + echo "Copying packages to $DEST_DIR/..." + cp $workdir/dist/*.deb "$DEST_DIR/" + else + echo "No output directory specified." + fi + + # Deploy packages automatically based on tags + + # Check that the package environment matches the expected ones + if [[ "$PACKAGE_ENV" =~ ^(dev|staging|stable)$ ]]; then + echo + echo "Pushing packages to matching '$PACKAGE_ENV' repository ..." + echo + ssh aptly@vulcain.cadoles.com mkdir -p "/home/aptly/packages/$PACKAGE_ENV/$LIMIT_TO_BRANCH" + scp -r $workdir/dist/*.deb "aptly@vulcain.cadoles.com:/home/aptly/packages/$PACKAGE_ENV/$LIMIT_TO_BRANCH/" + echo "Cleaning builded package" + rm -rf $workdir/dist/* + else + echo "Packaging tag prefix 'pkg' found but the environment token does not match any of 'dev', 'staging' or 'stable'. Ignoring..." + fi +done + diff --git a/misc/creolelint.html b/misc/creolelint.html new file mode 100644 index 0000000..cf7b468 --- /dev/null +++ b/misc/creolelint.html @@ -0,0 +1,9 @@ + + +
root@eolebase-2:~# CreoleLint -t haproxy_00-global.cfg 
+
+Template Non valide (valid_parse_tmpl:ERROR:error)
+ \-- /usr/share/eole/creole/distrib/haproxy_00-global.cfg
+('/usr/share/eole/creole/distrib/haproxy_00-global.cfg', ':', Exception('Il manque une option', NotFound(u"cannot find 'haStatPort'",), 'avec le dictionnaire', {'activer_haproxy': u'oui', 'haIpPublique': u'192.168.0.1', 'activer_haproxy_stats': u'non'}))
+root@eolebase-2:~# 
+
\ No newline at end of file diff --git a/misc/templates_formatted.xml b/misc/templates_formatted.xml new file mode 100644 index 0000000..e18de41 --- /dev/null +++ b/misc/templates_formatted.xml @@ -0,0 +1,2897 @@ + + + + 0 + 2 + 1 + eoleone + users + Install-eole-2.6.0-10G + + 1 + 1 + 0 + 1 + 0 + 0 + 0 + 0 + 0 + + 1485254775 + + + + 1 + 2 + 1 + eoleone + users + eolebase-2.6.0-amd64-fresh + + 1 + 1 + 0 + 1 + 0 + 0 + 0 + 0 + 0 + + 1485261232 + + + + 4 + 2 + 1 + eoleone + users + Alpine Linux 3.5.2 + + 1 + 1 + 0 + 1 + 0 + 0 + 0 + 0 + 0 + + 1488810222 + + + + 6 + 3 + 1 + pcaseiro + users + test + + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + 1488882614 + + + + 9 + 5 + 1 + wpetit + users + faketools + + 1 + 1 + 0 + 1 + 0 + 0 + 0 + 0 + 0 + + 1490622404 + + + + 10 + 3 + 1 + pcaseiro + users + SETH + + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + 1496931671 + + + + 17 + 3 + 1 + pcaseiro + users + Alpine Linux 3.5.2-copy + + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + 1499181433 + + + + 20 + 10 + 1 + bbohard + users + Windows10 + + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + 1500477980 + + + + 21 + 10 + 1 + bbohard + users + amonecole-2.4.2.1 + + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + 1500480420 + + + + 22 + 10 + 1 + bbohard + users + Windows10-1703-Pro + + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + 1500535603 + + + + 23 + 10 + 1 + bbohard + users + Amonecole-2.5.2 + + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + 1500562959 + + + + 25 + 2 + 1 + eoleone + users + Ubuntu 16.04.2 + + 1 + 1 + 0 + 1 + 0 + 0 + 0 + 0 + 0 + + 1500651324 + + + + 26 + 10 + 1 + bbohard + users + Amonecole-2.6.1 + + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + 1500878834 + + + + 27 + 10 + 1 + bbohard + users + install_pitaya_os + + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + 1500982221 + + + + 33 + 2 + 1 + eoleone + users + ubuntu-server-16.04-cadoles + + 1 + 1 + 0 + 1 + 0 + 0 + 0 + 0 + 0 + + 1501059937 + + + + 34 + 2 + 1 + eoleone + users + alpine-3.6-cadoles + + 1 + 1 + 0 + 1 + 0 + 0 + 0 + 0 + 0 + + 1503412403 + + + + 35 + 3 + 1 + pcaseiro + users + FreeIPA + + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + 1511946345 + + + + 36 + 7 + 1 + vfebvre + users + Etherpad + + 1 + 1 + 0 + 1 + 1 + 0 + 0 + 0 + 0 + + 1512639936 + + + + 37 + 13 + 1 + afornerot + users + Demo + + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + 1513949907 + + + + 39 + 6 + 1 + gloaec + users + Etherpad + + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + 1515425634 + + + + 41 + 13 + 1 + afornerot + users + sso.cadol.es + + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + 1515764929 + + + + 44 + 3 + 1 + pcaseiro + users + Desktop Ubuntu + + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + 1517220763 + + + + 45 + 6 + 1 + gloaec + users + Ateliers + + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + 1517221877 + + + + 47 + 6 + 1 + gloaec + users + Polynum + + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + 1519316601 + + + + 48 + 6 + 1 + gloaec + users + Polynum-copy + + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + 1519316656 + + + + 49 + 2 + 1 + eoleone + users + mse-portal-cadoles + + 1 + 1 + 0 + 1 + 0 + 0 + 0 + 0 + 0 + + 1519656420 + + + + 50 + 2 + 1 + eoleone + users + mse-mysql-cadoles + + 1 + 1 + 0 + 1 + 0 + 0 + 0 + 0 + 0 + + 1519727803 + + + + 51 + 2 + 1 + eoleone + users + mse-ldap-cadoles + + 1 + 1 + 0 + 1 + 0 + 0 + 0 + 0 + 0 + + 1519727854 + + + + 52 + 6 + 1 + gloaec + users + rhel-polynum + + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + 1519808942 + + + + 60 + 6 + 1 + gloaec + users + rhel-polynum-copy + + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + 1519814383 + + + + 61 + 2 + 1 + eoleone + users + eolebase-2.6.2-cadoles + + 1 + 1 + 0 + 1 + 0 + 0 + 0 + 0 + 0 + + 1519981626 + + + + 63 + 7 + 1 + vfebvre + users + draaf-annuaire-2.6.2 + + 1 + 1 + 0 + 1 + 0 + 0 + 1 + 0 + 0 + + 1519983537 + + + + 64 + 7 + 1 + vfebvre + users + draaf-lemonLDAP-2.6.2 + + 1 + 1 + 0 + 1 + 0 + 0 + 0 + 0 + 0 + + 1520347845 + + + + 65 + 2 + 1 + eoleone + users + alpine-virt-3.7-cadoles + + 1 + 1 + 0 + 1 + 0 + 0 + 0 + 0 + 0 + + 1520501483 + + + + 67 + 6 + 1 + gloaec + users + Tuleap + + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + 1522313641 + + + + 71 + 6 + 1 + gloaec + users + Tuleap-copy + + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + 1522314193 + + + + 72 + 14 + 1 + gdemedeiros + users + Odoo + + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + 1522315655 + + + + 73 + 8 + 1 + bgaude + users + MSE-eole-2.5.2 + + 1 + 1 + 0 + 1 + 0 + 0 + 0 + 0 + 0 + + 1525422156 + + + + 74 + 2 + 1 + eoleone + users + ubuntu-16.04-light-cadoles + + 1 + 1 + 0 + 1 + 0 + 0 + 0 + 0 + 0 + + 1526482854 + + + + 75 + 2 + 1 + eoleone + users + crous-sympa-cadoles + + 1 + 1 + 0 + 1 + 0 + 0 + 0 + 0 + 0 + + 1526569782 + + + + 76 + 2 + 1 + eoleone + users + centos-7-mini-cadoles + + 1 + 1 + 0 + 1 + 0 + 0 + 0 + 0 + 0 + + 1526634955 + + + + 77 + 7 + 1 + vfebvre + users + scribe-2.6.2-FI + + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + 1530608517 + + + + 78 + 7 + 1 + vfebvre + users + Wallis-scribe-ldap1 + + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + 1530621192 + + + + 83 + 2 + 1 + eoleone + users + jenkins-master-cadoles + + 1 + 1 + 0 + 1 + 0 + 0 + 0 + 0 + 0 + + 1532273024 + + + + 84 + 2 + 1 + eoleone + users + jenkins-slave-cadoles + + 1 + 1 + 0 + 1 + 0 + 0 + 0 + 0 + 0 + + 1532273111 + + + + 85 + 2 + 1 + eoleone + users + zephir2-cadoles + + 1 + 1 + 0 + 1 + 0 + 0 + 0 + 0 + 0 + + 1534845479 + + + + 88 + 19 + 1 + egarette + users + VM-Zephir-PVE + + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + 1548861248 + + + + 91 + 2 + 1 + eoleone + users + eolebase-2.7.0-cadoles + + 1 + 1 + 0 + 1 + 0 + 0 + 0 + 0 + 0 + + 1549554116 + + + diff --git a/misc/vm.xml b/misc/vm.xml new file mode 100644 index 0000000..95f861e --- /dev/null +++ b/misc/vm.xml @@ -0,0 +1,3 @@ +346201****usersone-34611000000001000015505707050 \ No newline at end of file diff --git a/misc/vm_formatted.xml b/misc/vm_formatted.xml new file mode 100644 index 0000000..3f6e72c --- /dev/null +++ b/misc/vm_formatted.xml @@ -0,0 +1,141 @@ + + + 346 + 20 + 1 + **** + users + one-346 + + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + 0 + 1 + 0 + 0 + 0 + 0 + 1550570705 + 0 + + + + + + + + + + + + + + + + diff --git a/pipelines/w3af-pentest.jenkinsfile b/pipelines/w3af-pentest.jenkinsfile new file mode 100644 index 0000000..47d1b24 --- /dev/null +++ b/pipelines/w3af-pentest.jenkinsfile @@ -0,0 +1,87 @@ +@Library("cadoles") _ + +pipeline { + + agent { + label 'common' + } + + parameters { + string( + name: 'packageName', + description: 'Nom du paquet à installer' + ) + string( + name: 'packageVersion', + defaultValue: '', + description: 'Version du paquet à installer' + ) + string( + name: 'packageRepository', + description: 'Dépôt de paquets à utiliser sur Vulcain' + ) + string( + name: 'vmTemplate', + description: 'Template OpenNebula de la VM à utiliser pour le test d\'installation' + ) + } + + stages { + + stage("Check parameters") { + steps { + script { + if (!params.url?.trim()) { + error("L'URL du paquet n'est pas définie !") + } + } + } + } + + stage("Test URL") { + steps { + script { + def w3afImage = buildDockerImage() + def dockerArgs = """ + """ + tamarinImage.inside(dockerArgs) { + sh './w3af_console ' + } + } + } + } + } + + post { + failure { + wrap([$class: 'BuildUser']) { + rocketSend ( + avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png', + message: """ + Le test de sécurité sur l'URL `${params.url}` a échoué: + + [Voir le job](${env.RUN_DISPLAY_URL}) + + @${env.BUILD_USER_ID ? env.BUILD_USER_ID : 'here'} + """.stripIndent(), + rawMessage: true + ) + } + } + } + +} + +def buildDockerImage() { + dir ('.w3af') { + def dockerfile = libraryResource 'com/cadoles/w3af/Dockerfile' + writeFile file:'Dockerfile', text:dockerfile + + def audit = libraryResource 'com/cadoles/w3af/audit.w3af' + writeFile file:'audit.w3af', text:audit + + def safeJobName = URLDecoder.decode(env.JOB_NAME).toLowerCase().replace('/', '-').replace(' ', '-') + def imageTag = "${safeJobName}-${env.BUILD_ID}" + return docker.build("w3af:${imageTag}", ".") + } +} \ No newline at end of file diff --git a/resources/com/cadoles/w3af/Dockerfile b/resources/com/cadoles/w3af/Dockerfile new file mode 100644 index 0000000..cba3277 --- /dev/null +++ b/resources/com/cadoles/w3af/Dockerfile @@ -0,0 +1,81 @@ +FROM alpine:3.9 + +ARG HTTP_PROXY= +ARG HTTPS_PROXY= +ARG http_proxy= +ARG https_proxy= + +RUN apk --no-cache add \ + build-base \ + git \ + libffi-dev \ + libxslt-dev \ + linux-headers \ + openssl-dev \ + py-pillow \ + py-pip \ + py-setuptools \ + python \ + python-dev \ + sqlite-dev \ + yaml-dev \ + nodejs \ + npm + +RUN pip install --upgrade pip \ + && pip install \ + pyClamd==0.4.0 \ + GitPython==2.1.3 \ + chardet==3.0.4 \ + futures==3.2.0 \ + pyOpenSSL==18.0.0 \ + ndg-httpsclient==0.4.0 \ + pyasn1==0.4.2 \ + scapy==2.4.0 \ + msgpack==0.5.6 \ + Jinja2==2.10 \ + vulndb==0.1.1 \ + psutil==5.4.8 \ + ds-store==1.1.2 \ + pebble==4.3.8 \ + acora==2.1 \ + diff-match-patch==20121119 \ + bravado-core==5.0.2 \ + lz4==1.1.0 \ + vulners==1.3.0 \ + ipaddresses==0.0.2 \ + PyGithub==1.21.0 \ + pybloomfiltermmap==0.3.14 \ + phply==0.9.1 nltk==3.0.1 \ + tblib==0.2.0 \ + pdfminer==20140328 \ + lxml==3.4.4 \ + guess-language==0.2 \ + cluster==1.1.1b3 \ + python-ntlm==1.0.1 \ + halberd==0.2.4 \ + darts.util.lru==0.5 \ + markdown==2.6.1 \ + termcolor==1.1.0 \ + mitmproxy==0.13 \ + ruamel.ordereddict==0.4.8 \ + Flask==0.10.1 \ + PyYAML==3.12 \ + tldextract==1.7.2 \ + esmre==0.3.1 \ + && npm install -g retire \ + && rm -rf /root/.cache/pip \ + && apk del build-base linux-headers + +RUN adduser -D w3af + +RUN git clone --depth=1 \ + --branch=master \ + https://github.com/andresriancho/w3af.git /home/w3af/w3af \ + && rm -rf /home/w3af/w3af/.git \ + && chown -R w3af /home/w3af/w3af + +USER w3af +WORKDIR /home/w3af/w3af + +CMD ["./w3af_console"] \ No newline at end of file diff --git a/resources/com/cadoles/w3af/audit.w3af b/resources/com/cadoles/w3af/audit.w3af new file mode 100644 index 0000000..81a7ef5 --- /dev/null +++ b/resources/com/cadoles/w3af/audit.w3af @@ -0,0 +1,65 @@ +# ----------------------------------------------------------------------------------------------------------- +# W3AF AUDIT SCRIPT FOR WEB APPLICATION +# ----------------------------------------------------------------------------------------------------------- +#Configure HTTP settings +http-settings +set timeout 30 +back +#Configure scanner global behaviors +misc-settings +set max_discovery_time 20 +set fuzz_cookies True +set fuzz_form_files True +set fuzz_url_parts True +set fuzz_url_filenames True +back +plugins +#Configure entry point (CRAWLING) scanner +crawl web_spider +crawl config web_spider +set only_forward False +set ignore_regex (?i)(logout|disconnect|signout|exit)+ +back +#Configure vulnerability scanners +##Specify list of AUDIT plugins type to use +audit blind_sqli, buffer_overflow, cors_origin, csrf, eval, file_upload, ldapi, lfi, os_commanding, phishing_vector, redos, response_splitting, sqli, xpath, xss, xst +##Customize behavior of each audit plugin when needed +audit config file_upload +set extensions jsp,php,php2,php3,php4,php5,asp,aspx,pl,cfm,rb,py,sh,ksh,csh,bat,ps,exe +back +##Specify list of GREP plugins type to use (grep plugin is a type of plugin that can find also vulnerabilities or informations disclosure) +grep analyze_cookies, click_jacking, code_disclosure, cross_domain_js, csp, directory_indexing, dom_xss, error_500, error_pages, +html_comments, objects, path_disclosure, private_ip, strange_headers, strange_http_codes, strange_parameters, strange_reason, url_session, xss_protection_header +##Specify list of INFRASTRUCTURE plugins type to use (infrastructure plugin is a type of plugin that can find informations disclosure) +infrastructure server_header, server_status, domain_dot, dot_net_errors +#Configure target authentication +auth detailed +auth config detailed +set username admin +set password password +set method POST +set auth_url http://pcdom/dvwa/login.php +set username_field user +set password_field pass +set check_url http://pcdom/dvwa/index.php +set check_string 'admin' +set data_format username=%U&password=%P&Login=Login +back +#Configure reporting in order to generate an HTML report +output console, html_file +output config html_file +set output_file /tmp/W3afReport.html +set verbose False +back +output config console +set verbose False +back +back +#Set target informations, do a cleanup and run the scan +target +set target http://pcdom/dvwa +set target_os windows +set target_framework php +back +cleanup +start \ No newline at end of file diff --git a/vars/audit.groovy b/vars/audit.groovy new file mode 100644 index 0000000..ad4c0cf --- /dev/null +++ b/vars/audit.groovy @@ -0,0 +1,75 @@ +// Pipeline de construction des images Docker des services Zéphir +def call() { + pipeline { + + agent { + label 'common' + } + + parameters { + string( + name: 'url', + description: 'URL d\'entrée pour l\'audit' + ) + } + + stages { + + stage("Check parameters") { + steps { + script { + if (!params.url?.trim()) { + error("L'URL du paquet n'est pas définie !") + } + } + } + } + + stage("Test URL") { + steps { + script { + def w3afImage = buildDockerImage() + def dockerArgs = """ + """ + w3afImage.inside(dockerArgs) { + sh './w3af_console ' + } + } + } + } + } + + post { + failure { + wrap([$class: 'BuildUser']) { + rocketSend ( + avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png', + message: """ + Le test de sécurité pour `${params.url}` a échoué: + + [Voir le job](${env.RUN_DISPLAY_URL}) + + @${env.BUILD_USER_ID ? env.BUILD_USER_ID : 'here'} + """.stripIndent(), + rawMessage: true + ) + } + } + } + + } +} + +def buildDockerImage() { + dir ('.w3af') { + def dockerfile = libraryResource 'com/cadoles/w3af/Dockerfile' + writeFile file:'Dockerfile', text:dockerfile + + def audit = libraryResource 'com/cadoles/w3af/audit.w3af' + writeFile file:'audit.w3af', text:audit + + def safeJobName = URLDecoder.decode(env.JOB_NAME).toLowerCase().replace('/', '-').replace(' ', '-') + def imageTag = "${safeJobName}-${env.BUILD_ID}" + return docker.build("w3af:${imageTag}", ".") + } +} \ No newline at end of file