Skip to content

DevSlop/pixi-crs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

152 Commits

.circleci

.circleci

 
 

.github/workflows

.github/workflows

 
 

img

img

 
 

testcafe

testcafe

 
 

zap

zap

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf

RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf

 
 

SECURITY.md

SECURITY.md

 
 

azure-pipelines.yml

azure-pipelines.yml

 
 

buildspec.yml

buildspec.yml

 
 

cloudbuild.yaml

cloudbuild.yaml

 
 

compose-aws.env

compose-aws.env

 
 

compose-gcp.env

compose-gcp.env

 
 

compose-local.env

compose-local.env

 
 

docker-compose-without-crs.yaml

docker-compose-without-crs.yaml

 
 

docker-compose.yaml

docker-compose.yaml

 
 

Repository files navigation

DevSlop pixi-crs - Integration of OWASP ModSecurity CRS into a CI Pipeline

This repository is one of DevSlop's modules as described in devslop.github.io.

This repository integrates the WAF ModSecurity with the OWASP ModSecurity Core Rule Set (CRS) and its testing into different CI Pipelines.
Currently the following Pipelines are implemented:

  • CircleCI
  • AWS
  • Google Cloud Provider
  • Azure Pipeline
  • GitHub Actions

The CI Pipelines test (with TestCafe) DevSlop's vulnerable web application Pixi without and with the CRS.

By adding and testing the WAF in the Continuous Integration (CI) pipeline, we provide the application developer early feedback. The application developers get feedback about how their application will react when behind a WAF. We assure that Pixi’s legitimate traffic is not blocked by the WAF, and that illegitimate traffic is.

Building Blocks of the pixi-crs Pipelines and how they are implemented

CircleCI AWS GCP Azure GitHub Actions
Code File .circleci/config.yml buildspec.yml cloudbuild.yaml azure-pipelines.yml .github/workflows/pixi-crs-ci.yml
Start Pixi docker-compose up docker-compose up docker-compose up docker-compose up docker-compose up
Start CRS docker run same docker-compose same docker-compose same docker-compose same docker-compose
ModSec Tuning docker cp Volume docker-compose Volume docker-compose Volume docker-compose Volume docker-compose
Start Testcafe Testcafe Docker npm install testcafe Testcafe Docker Testcafe Docker Testcafe Docker
Log Analysis docker exec cat logfile docker exec cat logfile docker exec cat logfile docker exec cat logfile docker exec cat logfile

Local Startup of Pixi and CRS

If you want to start Pixi and the CRS locally you can run:

docker-compose --env-file compose-local.env up -d

Then you can reach Pixi directly: http://localhost:8000/. And the WAF with Pixi as the backend: http://localhost:8080/.

Further Reading

Description of the CI Pipeline

Blog Post about Pixi's vulnerabilities and the CRS

Also see Testcafe tests of known vulnerabilities in Pixi in this branch.

Description of first CRS RP Docker Container

About

CI Pipeline with Pixi, the WAF OWASP Core Rule Set and TestCafe tests.

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity
Custom properties

Stars

15 stars

Watchers

9 watching

Forks

12 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages