Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add:framework-zap #42

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
170 changes: 170 additions & 0 deletions Authentication_ZAP_GT_CRIVO/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,170 @@
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class

# C extensions
*.so

# Distribution / packaging
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
share/python-wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST

# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec

# Installer logs
pip-log.txt
pip-delete-this-directory.txt

# Unit test / coverage reports
htmlcov/
.tox/
.nox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
*.py,cover
.hypothesis/
.pytest_cache/
cover/

# Translations
*.mo
*.pot

# Django stuff:
*.log
local_settings.py
db.sqlite3
db.sqlite3-journal

# Flask stuff:
instance/
.webassets-cache

# Scrapy stuff:
.scrapy

# Sphinx documentation
docs/_build/

# PyBuilder
.pybuilder/
target/

# Jupyter Notebook
.ipynb_checkpoints

# IPython
profile_default/
ipython_config.py

# pyenv
# For a library or package, you might want to ignore these files since the code is
# intended to run in multiple environments; otherwise, check them in:
# .python-version

# pipenv
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
# However, in case of collaboration, if having platform-specific dependencies or dependencies
# having no cross-platform support, pipenv may install dependencies that don't work, or not
# install all needed dependencies.
#Pipfile.lock

# poetry
# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
# This is especially recommended for binary packages to ensure reproducibility, and is more
# commonly ignored for libraries.
# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
#poetry.lock

# pdm
# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
#pdm.lock
# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
# in version control.
# https://pdm.fming.dev/latest/usage/project/#working-with-version-control
.pdm.toml
.pdm-python
.pdm-build/

# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
__pypackages__/

# Celery stuff
celerybeat-schedule
celerybeat.pid

# SageMath parsed files
*.sage.py

# Environments
.env
.venv
env/
venv/
ENV/
env.bak/
venv.bak/

# Spyder project settings
.spyderproject
.spyproject

# Rope project settings
.ropeproject

# mkdocs documentation
/site

# mypy
.mypy_cache/
.dmypy.json
dmypy.json

# Pyre type checker
.pyre/

# pytype static type analyzer
.pytype/

# Cython debug symbols
cython_debug/

# PyCharm
# JetBrains specific template is maintained in a separate JetBrains.gitignore that can
# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
# and can be added to the global gitignore or merged into this file. For a more nuclear
# option (not recommended) you can uncomment the following to ignore the entire idea folder.
#.idea/

# arquivos
user_data_test.py
tests/
notas.txt
contexto.py
test.py
Command_container.txt
21 changes: 21 additions & 0 deletions Authentication_ZAP_GT_CRIVO/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
generate_key:
Sacramento-20 marked this conversation as resolved.
Show resolved Hide resolved
@echo "Generating API key..."
@python3 -c 'import random; import string; key = "".join(random.choices(string.ascii_lowercase + string.digits, k=26)); print(key)' > apikey.txt

update_env:
@key=$$(cat apikey.txt); \
echo "Key to be used: $$key"; \
if grep -q '^ZAP_API_KEY=' file.env; then \
sed -i "s/^ZAP_API_KEY=.*/ZAP_API_KEY=$$key/" file.env; \
else \
echo "ZAP_API_KEY=$$key" >> file.env; \
fi
@echo "file.env updated successfully!"
rm apikey.txt


run: generate_key update_env
@echo "Starting services with new API key..."
docker compose --env-file file.env up --build --force-recreate -d
./copy.sh $(DIR)
rm file.env
183 changes: 183 additions & 0 deletions Authentication_ZAP_GT_CRIVO/README.md

Large diffs are not rendered by default.

35 changes: 35 additions & 0 deletions Authentication_ZAP_GT_CRIVO/copy.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
#!/bin/bash
Sacramento-20 marked this conversation as resolved.
Show resolved Hide resolved
set -eu

# Check if only 1 argument was passed
if [ "$#" -ne 1 ]; then
echo "Usage: $0 <source_directory>"
exit 1
fi

# Argument for the directory to be copied
SOURCE=$1

DEST_DIR="input_config"
# volume in compose
DESTINATION="/shared_data/$DEST_DIR"

# Check if the source directory exists
if [ ! -d "$SOURCE" ]; then
echo "Error: Source directory '$SOURCE' does not exist."
exit 1
Sacramento-20 marked this conversation as resolved.
Show resolved Hide resolved
fi

# Check if the destination directory exists, if not, create it
docker compose exec framework bash -c "mkdir -p $DESTINATION && rm -rf $DESTINATION/*"

# command that deletes all configuration files if any before copying the new ones.

# Copy only the .json content from the source directory to the volume
for file in "$SOURCE"/*.json; do
if [ -f "$file" ]; then
docker compose cp "$file" framework:"$DESTINATION/$(basename "$file")"
fi
done

echo "Content copied from $SOURCE to $DESTINATION successfully."
34 changes: 34 additions & 0 deletions Authentication_ZAP_GT_CRIVO/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
services:
zaproxy:
image: zaproxy/zap-weekly
command: ["zap.sh", "-config", "api.key=${ZAP_API_KEY}", "-daemon", "-host", "0.0.0.0", "-port", "8080", "-config", "api.addrs.addr.name=.*", "-config", "api.addrs.addr.regex=true"]
ports:
- "8080:8080"
networks:
- zapnet
environment:
- ZAP_API_KEY=${ZAP_API_KEY}
volumes:
- shared_data:/shared_data

framework:
build: ./framework
environment:
- FIREFOX=/usr/local/bin/geckodriver
- ZAP_API_KEY=${ZAP_API_KEY}
- ZAP_PROXY_ADDRESS=zaproxy
- ZAP_PROXY_PORT=8080
networks:
- zapnet
depends_on:
- zaproxy
volumes:
- ./framework:/app
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The framework directory is already copied inside the container at /app by the Dockerfile, is this doing something different or the same thing?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, can you please elaborate?

- shared_data:/shared_data
Sacramento-20 marked this conversation as resolved.
Show resolved Hide resolved

networks:
zapnet:
driver: bridge

volumes:
shared_data:
8 changes: 8 additions & 0 deletions Authentication_ZAP_GT_CRIVO/example.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{
"context": "",
"url": [],
"url_login": "",
"report_title": "Report",
"login": "",
"password": ""
}
35 changes: 35 additions & 0 deletions Authentication_ZAP_GT_CRIVO/framework/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
FROM python:3.12.5-slim

# Install necessary dependencies
RUN apt-get update && \
apt-get install -y \
wget \
unzip \
libxi6 \
libgconf-2-4 \
default-jdk \
python3-pip \
firefox-esr \
curl && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*

# Install geckodriver
RUN wget https://github.com/mozilla/geckodriver/releases/download/v0.29.1/geckodriver-v0.29.1-linux64.tar.gz -O /tmp/geckodriver.tar.gz && \
tar -xzf /tmp/geckodriver.tar.gz -C /usr/local/bin/ && \
rm /tmp/geckodriver.tar.gz

# Install Python dependencies
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

# Copy your application code to the container
COPY . /app
WORKDIR /app

# Set environment variables
ENV FIREFOX="/usr/local/bin/geckodriver"
ENV ZAP_PROXY_ADDRESS="zaproxy"

# Command to start the application after zap started
CMD sleep 30 && python3 main.py
Sacramento-20 marked this conversation as resolved.
Show resolved Hide resolved
Empty file.
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
from selenium.common.exceptions import NoSuchElementException
from selenium.webdriver.common.by import By
import logging

logging.basicConfig(level=logging.INFO, format='%(message)s')

def find_element_by_attribute(driver, attribute, value):
"""

Find an element on the website based on the specified attribute.

"""
try:
if attribute == "name":
element = driver.find_element(By.NAME, value)
elif attribute == "type":
element = driver.find_element(By.CSS_SELECTOR, f"input[type='{value}']")
elif attribute == "placeholder":
element = driver.find_element(
By.CSS_SELECTOR, f"input[placeholder='{value}']"
)
else:
raise ValueError(f"Atributo inválido: {attribute}")
logging.info(f"Element found successfully.")
return element
except NoSuchElementException:
logging.info(f"Element not found based on attribute '{attribute}'.")
return None


def validate_by_attribute(driver, attribute, value):
"""

Validate if an element with the given attribute and value is displayed on the page.

"""
try:
if attribute == "name":
if driver.find_element(By.NAME, value).is_displayed():
pass
elif attribute == "type":
if driver.find_element(
By.CSS_SELECTOR, f"input[type='{value}']"
).is_displayed():
pass
elif attribute == "placeholder":
if driver.find_element(
By.CSS_SELECTOR, f"input[placeholder='{value}']"
).is_displayed():
pass
logging.info("Failed to log in!")
driver.refresh()
return
except:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Avoid naked except clauses. It doesn't seem like the text above raises any exception, and the code seems also unclear how the function "returns" information to the caller (it either prints "failed to log in" or "login done"). How do we know what has happened outside the function?). Maybe rewrite the code so the intent is clearer or write some documentation.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Commit seems unrelated to the issue here

logging.info("Login successful!")


def check_credentials(request, credencial_login, credencial_passsword):
"""

This function receives a string and two credentials and checks if both credentials are present in the request body string.
The function can check if the credentials are the same by verifying the number of occurrences in the string.
And it checks if both credentials are present in the string.

"""
if credencial_login == credencial_passsword:
return request.count(credencial_login) >= 2
else:
return credencial_login in request and credencial_passsword in request
Loading