Ajout d'un pipeline Lighthouse

+ améliorations/corrections sur le pipeline d'audit W3AF

resources/com/cadoles/w3af/Dockerfile

@@ -94,9 +94,17 @@ RUN git clone --depth=1 \
   && rm -rf /home/w3af/w3af/.git \
   && chown -R w3af /home/w3af/w3af
 
+COPY run-audit.sh /usr/local/bin/run-audit
+RUN chmod +x /usr/local/bin/run-audit
+
 USER w3af
 WORKDIR /home/w3af/w3af
 
 COPY audit.w3af.tmpl /home/w3af/w3af/audit.w3af.tmpl
 
+ENV HTTP_PROXY=
+ENV HTTPS_PROXY=
+ENV http_proxy=
+ENV https_proxy=
+
 CMD ["./w3af_console"]

resources/com/cadoles/w3af/audit.w3af.tmpl

@@ -4,7 +4,7 @@
 
 # Configure HTTP settings
 http-settings
-set timeout {{ default 10 .W3AF_TIMEOUT }}
+set timeout {{ default 60 .W3AF_TIMEOUT }}
 {{ if .W3AF_BASIC_AUTH_USERNAME }}
 set basic_auth_user {{ .W3AF_BASIC_AUTH_USERNAME }}
 set basic_auth_passwd {{ .W3AF_BASIC_AUTH_PASSWORD }}
@@ -41,15 +41,23 @@ back
 # Configure target authentication
 auth detailed
 auth config detailed
-set username {{ .W3AF_AUTH_FORM_USERNAME }}
-set password {{ .W3AF_AUTH_FORM_PASSWORD }}
+set username '{{ .W3AF_AUTH_FORM_USERNAME }}'
+set password '{{ .W3AF_AUTH_FORM_PASSWORD }}'
 set method POST
 set auth_url {{ .W3AF_AUTH_FORM_URL }}
-set username_field {{ default "username" .W3AF_AUTH_FORM_USERNAME_FIELD }}
-set password_field {{ default "password" .W3AF_AUTH_FORM_PASSWORD_FIELD }}
-set data_format {{ default "username=%U&password=%P" .W3AF_AUTH_FORM_DATA_FORMAT }}
+set username_field '{{ default "username" .W3AF_AUTH_FORM_USERNAME_FIELD }}'
+set password_field '{{ default "password" .W3AF_AUTH_FORM_PASSWORD_FIELD }}'
+set data_format '{{ default "%u=%U&%p=%P" .W3AF_AUTH_FORM_DATA_FORMAT }}'
 set check_url {{ .W3AF_AUTH_FORM_CHECK_URL }}
-set check_string '{{- default "connected" .W3AF_AUTH_FORM_CHECK_STRING -}}'
+set check_string '{{ default "connected" .W3AF_AUTH_FORM_CHECK_STRING }}'
+set follow_redirects True
+back
+{{end}}
+
+{{ if .W3AF_AUTH_LOGOUT_URL_REGEX }}
+crawl web_spider
+crawl config web_spider
+set ignore_regex {{ .W3AF_AUTH_LOGOUT_URL_REGEX }}
 back
 {{end}}
 

resources/com/cadoles/w3af/run-audit.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+mkdir -p reports
+rm -f reports/*
+envtpl -o audit.w3af /home/w3af/w3af/audit.w3af.tmpl
+/home/w3af/w3af/w3af_console -y -n -s audit.w3af