Merge pull request #4 from 42Crunch/azuredevops-integration

Addig Azure Devops integration instructions
42Crunch · Feb 9, 2024 · 083f69b · 083f69b
2 parents 1fb31a5 + 162b906
commit 083f69b
Show file tree

Hide file tree

Showing 9 changed files with 553 additions and 78 deletions.
diff --git a/.42c/scan/openweather-map/scanconf.json b/.42c/scan/openweather-map/scanconf.json
@@ -0,0 +1,125 @@
+{
+    "version": "2.0.0",
+    "runtimeConfiguration": {
+        "environment": "default",
+        "logLevel": "error",
+        "logDestination": "stdout+platform",
+        "logMaxFileSize": 2147483648,
+        "requestHeaderNameRequestId": "x-scan-request-id",
+        "requestHeaderNameScenarioId": "x-scan-scenario-id",
+        "requestFlowrate": 100,
+        "requestTimeout": 30,
+        "requestTlsInsecureSkipVerify": true,
+        "responseFollowRedirection": false,
+        "responseMaxBodySizeScan": 10485760,
+        "happyPathOnly": false,
+        "maxScanDuration": 1600,
+        "memoryLimit": 2147483648,
+        "memoryTimeSpan": 10,
+        "reportMaxHttpResponseSizeHappyPath": 8092,
+        "reportMaxBodySizeHappyPath": 8092,
+        "reportMaxHttpResponseSizeTest": 8092,
+        "reportMaxBodySizeTest": 8092,
+        "reportIssuesOnly": false,
+        "reportMaxIssues": 1000,
+        "reportMaxSize": 20971520,
+        "reportGenerateCurlCommand": true
+    },
+    "customizations": {
+        "happyPaths": {
+            "retry": 1,
+            "responsePolicy": {
+                "httpStatusExpected": true,
+                "mustBeConformant": true
+            },
+            "httpStatusExpected": [
+                "2XX",
+                "400",
+                "404"
+            ]
+        },
+        "tests": {
+            "responsePolicy": {
+                "httpStatusExpected": true,
+                "mustBeConformant": true
+            }
+        }
+    },
+    "authenticationDetails": [
+        {
+            "apikey": {
+                "type": "apiKey",
+                "in": "query",
+                "name": "APPID",
+                "default": "apikey",
+                "credentials": {
+                    "apikey": {
+                        "description": "apikey security",
+                        "credential": "{{apikey}}"
+                    }
+                }
+            }
+        }
+    ],
+    "operations": {
+        "GetWeatherByCityName": {
+            "operationId": "GetWeatherByCityName",
+            "scenarios": [
+                {
+                    "key": "happy.path",
+                    "fuzzing": true,
+                    "requests": [
+                        {
+                            "$ref": "#/operations/GetWeatherByCityName/request",
+                            "fuzzing": true
+                        }
+                    ]
+                }
+            ],
+            "request": {
+                "operationId": "GetWeatherByCityName",
+                "auth": [
+                    "apikey"
+                ],
+                "request": {
+                    "type": "42c",
+                    "details": {
+                        "url": "{{host}}/weather",
+                        "method": "GET",
+                        "queries": [
+                            {
+                                "key": "q",
+                                "value": "qwvdojmliivrkznacwdavdtemziygisc"
+                            }
+                        ]
+                    }
+                },
+                "defaultResponse": "200",
+                "responses": {
+                    "200": {
+                        "expectations": {
+                            "httpStatus": 200
+                        }
+                    }
+                }
+            }
+        }
+    },
+    "environments": {
+        "default": {
+            "variables": {
+                "apikey": {
+                    "from": "environment",
+                    "name": "SCAN42C_SECURITY_APIKEY",
+                    "required": true
+                },
+                "host": {
+                    "from": "environment",
+                    "name": "SCAN42C_HOST",
+                    "required": false,
+                    "default": "https://api.openweathermap.org/data/2.5"
+                }
+            }
+        }
+    }
+}
diff --git a/.42c/scan/photo-manager/scanconf.json b/.42c/scan/photo-manager/scanconf.json
@@ -225,52 +225,6 @@
           }
         }
       }
-    },
-    "ViewPicturesList": {
-      "operationId": "ViewPicturesList",
-      "scenarios": [
-        {
-          "key": "happy.path",
-          "fuzzing": true,
-          "requests": [
-            {
-              "$ref": "#/operations/ViewPicturesList/request",
-              "fuzzing": true
-            }
-          ]
-        }
-      ],
-      "request": {
-        "operationId": "ViewPicturesList",
-        "auth": [
-          "access-token"
-        ],
-        "request": {
-          "type": "42c",
-          "details": {
-            "url": "{{host}}/user/pictures",
-            "method": "GET"
-          }
-        },
-        "defaultResponse": "200",
-        "responses": {
-          "200": {
-            "expectations": {
-              "httpStatus": 200
-            }
-          },
-          "403": {
-            "expectations": {
-              "httpStatus": 403
-            }
-          },
-          "default": {
-            "expectations": {
-              "httpStatus": "default"
-            }
-          }
-        }
-      }
     }
   },
   "environments": {

diff --git a/.42c/scripts/pixi-login.py b/.42c/scripts/pixi-login.py
@@ -6,6 +6,7 @@
 import argparse
 import urllib.error
 import urllib.request
+import subprocess
 
 # Obtain a JWT token using login to PhtoManager app. 
 # API comes with pre-loaded users we use from the 42c-scan workflow.
@@ -64,12 +65,16 @@ def main():
                         default=False,
                         action="store_true",
                         help="debug level")
+    parser.add_argument ('-c','--cicd',
+                         required=True,
+                         help="One of GITHUB/AZURE")
     parsed_cli = parser.parse_args()
 
     quiet = parsed_cli.quiet
     debug = parsed_cli.debug
     user = parsed_cli.user_name
     password = parsed_cli.user_pass
+    cicd_platform = parsed_cli.cicd 
 
     user_token = obtain_token(user, password, target_url=parsed_cli.target, quiet=quiet, debug=debug)
     # Uncomment this for integration with Azure DevOps
@@ -81,8 +86,13 @@ def main():
         sys.exit(1)
 
     else:
-        print(user_token)
-
+        match cicd_platform:
+            case "GITHUB":
+                print(user_token)
+            case "AZURE":
+                subprocess.Popen(["echo", "##vso[task.setvariable variable=PIXI_TOKEN;isoutput=true]{0}".format(user_token)])  
+            case _:
+                print ("Unsupported CICD option")
 
 # -------------- Main Section ----------------------
 if __name__ == '__main__':

diff --git a/.github/workflows/42c-scan.yaml b/.github/workflows/42c-scan.yaml
@@ -49,7 +49,7 @@ jobs:
       - name: get_photoapi_token
         id: get_photoapi_token
         run: |
-          login_response=$(python .42c/scripts/pixi-login.py -u ${{ env.USER_NAME }} -p ${{ env.USER_PASS }} -t ${{ env.TARGET_URL }})
+          login_response=$(python .42c/scripts/pixi-login.py -c GITHUB -u ${{ env.USER_NAME }} -p ${{ env.USER_PASS }} -t ${{ env.TARGET_URL }})
           echo "PHOTO_API_TOKEN=$login_response" >> $GITHUB_OUTPUT
       - name: Scan API for vulnerabilities
         uses: 42Crunch/[email protected]

diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -0,0 +1,7 @@
+{
+    "openapi.docker": {
+        "replaceLocalhost": true,
+        "useHostNetwork": true
+    },
+    "openapi.platformConformanceScanRuntime": "cli"
+}