From 15cd88ff3dd4957ba0295d8cee9faabc355566f7 Mon Sep 17 00:00:00 2001 From: Scott Gerlach Date: Tue, 13 Jun 2023 22:53:22 -0600 Subject: [PATCH 1/7] Updates to app ID --- stackhawk.d/stackhawk-auth-json-token.yml | 6 +++--- stackhawk.d/stackhawk-custom-params.yml | 7 ++++++- stackhawk.d/stackhawk.yml | 2 +- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/stackhawk.d/stackhawk-auth-json-token.yml b/stackhawk.d/stackhawk-auth-json-token.yml index 4b65bef..f23c8f2 100644 --- a/stackhawk.d/stackhawk-auth-json-token.yml +++ b/stackhawk.d/stackhawk-auth-json-token.yml @@ -1,11 +1,11 @@ app: - applicationId: ${APP_ID:44d63acb-a50b-4ab5-baa3-9508bb12691f} + applicationId: ${APP_ID:52565685-666d-4da7-b9d2-034af780217c} env: ${APP_ENV:custom-test} host: ${APP_HOST:https://localhost:9000} excludePaths: - "/logout" -# openApiConf: -# path: /openapi + openApiConf: + path: /openapi authentication: usernamePassword: type: JSON diff --git a/stackhawk.d/stackhawk-custom-params.yml b/stackhawk.d/stackhawk-custom-params.yml index 18b5c56..1eb2d7c 100644 --- a/stackhawk.d/stackhawk-custom-params.yml +++ b/stackhawk.d/stackhawk-custom-params.yml @@ -1,5 +1,5 @@ app: - applicationId: ${APP_ID:44d63acb-a50b-4ab5-baa3-9508bb12691f} + applicationId: ${APP_ID:52565685-666d-4da7-b9d2-034af780217c} env: ${APP_ENV:custom-params} host: ${APP_HOST:https://localhost:9000} excludePaths: @@ -55,3 +55,8 @@ hawkAddOn: type: active path: stackhawk.d language: JAVASCRIPT +tags: + - name: _STACKHAWK_GIT_COMMIT_SHA + value: ${COMMIT_SHA} + - name: _STACKHAWK_GIT_BRANCH + value: ${BRANCH_NAME} diff --git a/stackhawk.d/stackhawk.yml b/stackhawk.d/stackhawk.yml index e6bed8c..7e3806d 100644 --- a/stackhawk.d/stackhawk.yml +++ b/stackhawk.d/stackhawk.yml @@ -1,4 +1,4 @@ app: - applicationId: ${APP_ID:dacc7d3e-babc-47d2-b040-ab117ab04526} + applicationId: ${APP_ID:52565685-666d-4da7-b9d2-034af780217c} env: ${APP_ENV:dev} host: ${APP_HOST:https://localhost:9000} From 5aa837569c4f9f488f4a1c09f3df7160ea22817b Mon Sep 17 00:00:00 2001 From: Scott Gerlach Date: Tue, 13 Jun 2023 23:02:28 -0600 Subject: [PATCH 2/7] Update GHA --- .github/workflows/demo-hawkscan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/demo-hawkscan.yml b/.github/workflows/demo-hawkscan.yml index 0ea2d9c..d9b52a5 100644 --- a/.github/workflows/demo-hawkscan.yml +++ b/.github/workflows/demo-hawkscan.yml @@ -19,7 +19,7 @@ jobs: - name: Checkout code uses: actions/checkout@v3 - name: Build and Run Vulny! - run: docker-compose build && docker-compose up -d + run: docker-compose build && docker-compose up -d javavulny - name: HawkScan uses: stackhawk/hawkscan-action@v2.0.0 with: From 9e2915ee4f0590c02da6553e955d9b2bdf9a21b7 Mon Sep 17 00:00:00 2001 From: Scott Gerlach Date: Tue, 13 Jun 2023 23:18:31 -0600 Subject: [PATCH 3/7] DB Service fixes --- .github/workflows/demo-hawkscan.yml | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/.github/workflows/demo-hawkscan.yml b/.github/workflows/demo-hawkscan.yml index d9b52a5..4fb8dce 100644 --- a/.github/workflows/demo-hawkscan.yml +++ b/.github/workflows/demo-hawkscan.yml @@ -6,20 +6,11 @@ jobs: build-and-test: name: Build and test runs-on: ubuntu-latest - services: - postgres-db: - image: postgres - ports: - - 5432:5432 - env: - POSTGRES_DB: postgresql - POSTGRES_USER: postgresql - POSTGRES_PASSWORD: postgresql steps: - name: Checkout code uses: actions/checkout@v3 - name: Build and Run Vulny! - run: docker-compose build && docker-compose up -d javavulny + run: docker-compose build && docker-compose up -d - name: HawkScan uses: stackhawk/hawkscan-action@v2.0.0 with: From 995cfb6ce8e69e2acd120b5377f6d59431057393 Mon Sep 17 00:00:00 2001 From: Scott Gerlach Date: Tue, 13 Jun 2023 23:21:28 -0600 Subject: [PATCH 4/7] Config files --- .github/workflows/demo-hawkscan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/demo-hawkscan.yml b/.github/workflows/demo-hawkscan.yml index 4fb8dce..cfa5b21 100644 --- a/.github/workflows/demo-hawkscan.yml +++ b/.github/workflows/demo-hawkscan.yml @@ -15,7 +15,7 @@ jobs: uses: stackhawk/hawkscan-action@v2.0.0 with: apiKey: ${{ secrets.HAWK_API_KEY }} - configurationFiles: stackhawk.d/stackhawk-custom-params.yml stackhawk-github-pr.yml + configurationFiles: stackhawk.d/stackhawk-custom-params.yml stackhawk.d/stackhawk-github-pr.yml env: COMMIT_SHA: ${{ github.event.pull_request.head.sha }} BRANCH_NAME: ${{ github.head_ref }} \ No newline at end of file From 25049e549df049ac8bed1148007297afd8fe97e9 Mon Sep 17 00:00:00 2001 From: Scott Gerlach Date: Tue, 13 Jun 2023 23:28:38 -0600 Subject: [PATCH 5/7] Updates to stackhawk.yml --- stackhawk.d/stackhawk-custom-params.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/stackhawk.d/stackhawk-custom-params.yml b/stackhawk.d/stackhawk-custom-params.yml index 1eb2d7c..c05c2b1 100644 --- a/stackhawk.d/stackhawk-custom-params.yml +++ b/stackhawk.d/stackhawk-custom-params.yml @@ -45,10 +45,10 @@ app: hawk: failureThreshold: high + spider: + base: false hawkAddOn: - spider: false - maxDurationMinutes: 10 scripts: - name: api1:2019-tennant-check.js id: 1000012 From 074fc612efde18ebcead70462b6702d4d8717f10 Mon Sep 17 00:00:00 2001 From: Scott Gerlach Date: Tue, 13 Jun 2023 23:40:49 -0600 Subject: [PATCH 6/7] Ahh demos --- .github/workflows/demo-hawkscan.yml | 2 +- Dockerfile | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/demo-hawkscan.yml b/.github/workflows/demo-hawkscan.yml index cfa5b21..e4f6545 100644 --- a/.github/workflows/demo-hawkscan.yml +++ b/.github/workflows/demo-hawkscan.yml @@ -12,7 +12,7 @@ jobs: - name: Build and Run Vulny! run: docker-compose build && docker-compose up -d - name: HawkScan - uses: stackhawk/hawkscan-action@v2.0.0 + uses: stackhawk/hawkscan-action@v2.0.3 with: apiKey: ${{ secrets.HAWK_API_KEY }} configurationFiles: stackhawk.d/stackhawk-custom-params.yml stackhawk.d/stackhawk-github-pr.yml diff --git a/Dockerfile b/Dockerfile index 70f44dc..ccdc5e8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,6 +2,7 @@ FROM openjdk:11.0.10-jdk-slim RUN mkdir /javavulny /app COPY . /javavulny/ +RUN sed -i 's/localhost\:5432/db\:5432/' /javavulny/src/main/resources/application-postgresql.properties RUN cd /javavulny \ && ./gradlew --no-daemon build \ From eab4024a60abe764dd733f92548de58a3fb6c7c2 Mon Sep 17 00:00:00 2001 From: Scott Gerlach Date: Wed, 14 Jun 2023 09:43:50 -0600 Subject: [PATCH 7/7] updates to docker compose --- docker-compose.yml | 1 - src/main/resources/application-postgresql.properties | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index c3b8b99..91afb5d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,7 +12,6 @@ services: javavulny: build: . image: stackhawk/javavulny:latest - container_name: javavulny environment: SPRING_PROFILES_ACTIVE: postgresql ports: diff --git a/src/main/resources/application-postgresql.properties b/src/main/resources/application-postgresql.properties index 587a5d2..54e7835 100644 --- a/src/main/resources/application-postgresql.properties +++ b/src/main/resources/application-postgresql.properties @@ -1,5 +1,5 @@ spring.datasource.platform=postgres -spring.datasource.url=jdbc:postgresql://localhost/postgres +spring.datasource.url=jdbc:postgresql://localhost:5432/postgres spring.datasource.username=postgresql spring.datasource.password=postgresql spring.datasource.driverClassName=org.postgresql.Driver