fixup! Web security audit base pipeline
This commit is contained in:
parent
a61c9485c3
commit
36165719d4
5
Makefile
5
Makefile
@ -11,10 +11,7 @@ image-w3af:
|
||||
interactive-w3af:
|
||||
docker run \
|
||||
-it --rm \
|
||||
-e HTTP_PROXY=$(HTTP_PROXY) \
|
||||
-e HTTPS_PROXY=$(HTTPS_PROXY) \
|
||||
-e http_proxy=$(http_proxy) \
|
||||
-e https_proxy=$(https_proxy) \
|
||||
--net host \
|
||||
-v "$(PWD)/resources/com/cadoles/w3af/audit.w3af.tmpl:/home/w3af/w3af/audit.w3af.tmpl:ro" \
|
||||
jenkins-w3af:latest \
|
||||
/bin/sh
|
||||
|
@ -1,87 +0,0 @@
|
||||
@Library("cadoles") _
|
||||
|
||||
pipeline {
|
||||
|
||||
agent {
|
||||
label 'common'
|
||||
}
|
||||
|
||||
parameters {
|
||||
string(
|
||||
name: 'packageName',
|
||||
description: 'Nom du paquet à installer'
|
||||
)
|
||||
string(
|
||||
name: 'packageVersion',
|
||||
defaultValue: '',
|
||||
description: 'Version du paquet à installer'
|
||||
)
|
||||
string(
|
||||
name: 'packageRepository',
|
||||
description: 'Dépôt de paquets à utiliser sur Vulcain'
|
||||
)
|
||||
string(
|
||||
name: 'vmTemplate',
|
||||
description: 'Template OpenNebula de la VM à utiliser pour le test d\'installation'
|
||||
)
|
||||
}
|
||||
|
||||
stages {
|
||||
|
||||
stage("Check parameters") {
|
||||
steps {
|
||||
script {
|
||||
if (!params.url?.trim()) {
|
||||
error("L'URL du paquet n'est pas définie !")
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
stage("Test URL") {
|
||||
steps {
|
||||
script {
|
||||
def w3afImage = buildDockerImage()
|
||||
def dockerArgs = """
|
||||
"""
|
||||
tamarinImage.inside(dockerArgs) {
|
||||
sh './w3af_console '
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
post {
|
||||
failure {
|
||||
wrap([$class: 'BuildUser']) {
|
||||
rocketSend (
|
||||
avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png',
|
||||
message: """
|
||||
Le test de sécurité sur l'URL `${params.url}` a échoué:
|
||||
|
||||
[Voir le job](${env.RUN_DISPLAY_URL})
|
||||
|
||||
@${env.BUILD_USER_ID ? env.BUILD_USER_ID : 'here'}
|
||||
""".stripIndent(),
|
||||
rawMessage: true
|
||||
)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
def buildDockerImage() {
|
||||
dir ('.w3af') {
|
||||
def dockerfile = libraryResource 'com/cadoles/w3af/Dockerfile'
|
||||
writeFile file:'Dockerfile', text:dockerfile
|
||||
|
||||
def audit = libraryResource 'com/cadoles/w3af/audit.w3af'
|
||||
writeFile file:'audit.w3af', text:audit
|
||||
|
||||
def safeJobName = URLDecoder.decode(env.JOB_NAME).toLowerCase().replace('/', '-').replace(' ', '-')
|
||||
def imageTag = "${safeJobName}-${env.BUILD_ID}"
|
||||
return docker.build("w3af:${imageTag}", ".")
|
||||
}
|
||||
}
|
@ -2,7 +2,7 @@
|
||||
# W3AF AUDIT SCRIPT FOR WEB APPLICATION
|
||||
# -----------------------------------------------------------------------------------------------------------
|
||||
|
||||
#Configure HTTP settings
|
||||
# Configure HTTP settings
|
||||
http-settings
|
||||
set timeout {{ default 10 .W3AF_TIMEOUT }}
|
||||
{{ if .W3AF_BASIC_AUTH_USERNAME }}
|
||||
@ -14,7 +14,7 @@ set basic_auth_domain {{ .W3AF_BASIC_AUTH_DOMAIN }}
|
||||
{{ end }}
|
||||
back
|
||||
|
||||
#Configure scanner global behaviors
|
||||
# Configure scanner global behaviors
|
||||
misc-settings
|
||||
set max_discovery_time {{ default 10 .W3AF_MAX_DISCOVERY_TIME }}
|
||||
set fuzz_cookies True
|
||||
@ -29,8 +29,16 @@ back
|
||||
|
||||
plugins
|
||||
|
||||
# Configure rfi plugin
|
||||
audit rfi
|
||||
audit config rfi
|
||||
set listen_address "0.0.0.0"
|
||||
set listen_port 44449
|
||||
set use_w3af_site True
|
||||
back
|
||||
|
||||
{{ if .W3AF_AUTH_FORM_URL }}
|
||||
#Configure target authentication
|
||||
# Configure target authentication
|
||||
auth detailed
|
||||
auth config detailed
|
||||
set username {{ .W3AF_AUTH_FORM_USERNAME }}
|
||||
@ -46,7 +54,7 @@ back
|
||||
{{end}}
|
||||
|
||||
|
||||
#Configure reporting in order to generate an HTML report
|
||||
# Configure reporting in order to generate an HTML report
|
||||
output console, html_file
|
||||
output config html_file
|
||||
set output_file reports/report{{- if .W3AF_REPORT_SUFFIX -}}_{{- .W3AF_REPORT_SUFFIX -}}{{- end -}}.html
|
||||
@ -58,7 +66,7 @@ set verbose {{ default "False" .W3AF_VERBOSE }}
|
||||
back
|
||||
back
|
||||
|
||||
#Set target informations, do a cleanup and run the scan
|
||||
# Set target informations, do a cleanup and run the scan
|
||||
target
|
||||
set target {{ .W3AF_TARGET_URL }}
|
||||
set target_os {{ default "unix" .W3AF_TARGET_OS }}
|
||||
|
@ -86,6 +86,7 @@ def call() {
|
||||
-e W3AF_AUTH_FORM_USERNAME_FIELD='${params.authFormUsernameField}'
|
||||
-e W3AF_AUTH_FORM_PASSWORD_FIELD='${params.authFormPasswordField}'
|
||||
"""
|
||||
|
||||
w3afImage.inside(dockerArgs) {
|
||||
sh 'mkdir -p reports'
|
||||
sh 'rm -f reports/*'
|
||||
@ -95,6 +96,44 @@ def call() {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
stage("Check discovered vulnerabilities") {
|
||||
steps {
|
||||
script {
|
||||
|
||||
def totalMediumVulnerabilities = sh(
|
||||
script: "grep 'MEDIUM' report.html | wc -l",
|
||||
returnStdout: true
|
||||
).toInteger()
|
||||
|
||||
def totalHighVulnerabilities = sh(
|
||||
script: "grep 'HIGH' report.html | wc -l",
|
||||
returnStdout: true
|
||||
).toInteger()
|
||||
|
||||
if (totalHighVulnerabilities == 0 && totalMediumVulnerabilities == 0) {
|
||||
return
|
||||
}
|
||||
|
||||
wrap([$class: 'BuildUser']) {
|
||||
rocketSend (
|
||||
avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png',
|
||||
message: """
|
||||
Des vulnérabilités ont été trouvées lors de l'audit de l'URL `${params.targetUrl}`:
|
||||
|
||||
- Criticité HAUTE: ${totalHighVulnerabilities} vulnérabilité(s) trouvée(s)
|
||||
- Criticité MOYENNNE: ${totalMediumVulnerabilities} vulnérabilité(s) trouvée(s)
|
||||
|
||||
[Voir le job](${env.RUN_DISPLAY_URL})
|
||||
|
||||
@${env.BUILD_USER_ID ? env.BUILD_USER_ID : 'here'}
|
||||
""".stripIndent(),
|
||||
rawMessage: true
|
||||
)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
post {
|
||||
@ -108,21 +147,19 @@ def call() {
|
||||
reportName: "Rapport d'audit"
|
||||
]
|
||||
}
|
||||
// failure {
|
||||
// wrap([$class: 'BuildUser']) {
|
||||
// rocketSend (
|
||||
// avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png',
|
||||
// message: """
|
||||
// Le test de sécurité pour `${params.targetUrl}` a échoué:
|
||||
|
||||
// [Voir le job](${env.RUN_DISPLAY_URL})
|
||||
|
||||
// @${env.BUILD_USER_ID ? env.BUILD_USER_ID : 'here'}
|
||||
// """.stripIndent(),
|
||||
// rawMessage: true
|
||||
// )
|
||||
// }
|
||||
// }
|
||||
failure {
|
||||
rocketSend (
|
||||
avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png',
|
||||
message: """
|
||||
Le test de sécurité pour `${params.targetUrl}` a échoué:
|
||||
|
||||
[Voir le job](${env.RUN_DISPLAY_URL})
|
||||
|
||||
@${env.BUILD_USER_ID ? env.BUILD_USER_ID : 'here'}
|
||||
""".stripIndent(),
|
||||
rawMessage: true
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user