{% if key == 'SMTP_PASSWORD' %}
-
+
{% else %}
{% endif %}
@@ -199,10 +199,10 @@
Jenkins Settings
{% elif key == 'JENKINS_KEY' %}
-
+
{% elif key == 'JENKINS_TOKEN' %}
-
+
{% else %}
@@ -229,10 +229,10 @@
ServiceNOW Settings
{% elif key == 'SNOW_CLIENT_SECRET' %}
-
+
{% elif key == 'SNOW_PASSWORD' %}
-
+
{% else %}
diff --git a/src/vr/vulns/web/findings.py b/src/vr/vulns/web/findings.py
index 8c9938c8..06d44322 100644
--- a/src/vr/vulns/web/findings.py
+++ b/src/vr/vulns/web/findings.py
@@ -25,7 +25,6 @@
import base64
from io import StringIO
from flask import Response
-from config_engine import ENV
from vr.functions.ml_functions import predict_vuln_validity
from vr.vulns.model.cvssbasescoresv3 import CVSSBaseScoresV3
from vr.vulns.model.cvssbasescoresv3extensions import CVSSBaseScoresV3Extensions
@@ -42,7 +41,7 @@
UNAUTH_STATUS = "403.html"
SERVER_ERR_STATUS = "500.html"
VULN_STATUS_IS_NOT_CLOSED = "Vulnerabilities.Status NOT LIKE 'Closed-%' AND Vulnerabilities.Status NOT LIKE 'Open-RiskAccepted-%'"
-test = ENV
+test = app.config['ENV']
if test == 'test':
ISO_FORMAT = "%Y-%m-%dT%H:%M:%S.%f"
else:
diff --git a/src/vr/vulns/web/testing.py b/src/vr/vulns/web/testing.py
index 32e604b8..c69f7122 100644
--- a/src/vr/vulns/web/testing.py
+++ b/src/vr/vulns/web/testing.py
@@ -11,8 +11,8 @@
from vr.vulns.model.vulnerabilityscans import VulnerabilityScans, VulnerabilityScansSchema
from vr.functions.table_functions import load_table, update_table
from requests.auth import HTTPBasicAuth
-from config_engine import JENKINS_USER, JENKINS_KEY, JENKINS_PROJECT, JENKINS_HOST, JENKINS_TOKEN
from vr.assets.model.applicationprofiles import ApplicationProfiles, ApplicationProfilesSchema
+from vr import app
NAV = {
@@ -115,14 +115,14 @@ def on_demand_testing():
"Content-Type": "application/x-www-form-urlencoded"
}
data = {
- 'token': JENKINS_TOKEN,
+ 'token': app.config['JENKINS_TOKEN'],
'GIT_URL': git_url,
'TESTS': tests_to_run.upper(),
'GIT_BRANCH': git_branch,
'APP_NAME': app_name
}
- url = f'{JENKINS_HOST}/job/{JENKINS_PROJECT}/buildWithParameters'
- resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(JENKINS_USER, JENKINS_KEY))
+ url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
+ resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
return redirect(request.referrer)
From d0f7120c34e3a58c60e82404516a9b7282bbf59e Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 07:48:21 -0700
Subject: [PATCH 12/29] Update run.py
---
src/run.py | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/run.py b/src/run.py
index 7f0f15c7..b67be678 100644
--- a/src/run.py
+++ b/src/run.py
@@ -4,10 +4,9 @@
import datetime
import os
from vr.admin.oauth2 import config_oauth
-from config_engine import ENV, INSECURE_OAUTH
-if ENV == 'test' or INSECURE_OAUTH:
+if app.config['ENV'] == 'test' or app.config['INSECURE_OAUTH']:
os.environ['AUTHLIB_INSECURE_TRANSPORT'] = '1'
else:
os.environ['AUTHLIB_INSECURE_TRANSPORT'] = '0'
From ba8b3dc8fed4570fc4e9877a3cfae8a5e4260632 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 07:58:31 -0700
Subject: [PATCH 13/29] Update pipeline-config.yaml
---
pipeline-config.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pipeline-config.yaml b/pipeline-config.yaml
index 2a9eb073..d19730b0 100644
--- a/pipeline-config.yaml
+++ b/pipeline-config.yaml
@@ -9,7 +9,7 @@ stages:
branches:
- release
unitTesting:
- enabled: false
+ enabled: true
branches: []
secretScanning:
enabled: false
From 42f91fddcc01ba9cb8c2be4fe8bd6ef1cdd8549a Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 10:30:49 -0700
Subject: [PATCH 14/29] Update __init__.py
---
src/vr/__init__.py | 85 ++++++++++++++++++++++------------------------
1 file changed, 41 insertions(+), 44 deletions(-)
diff --git a/src/vr/__init__.py b/src/vr/__init__.py
index 2f3ccf73..90fe1b09 100644
--- a/src/vr/__init__.py
+++ b/src/vr/__init__.py
@@ -214,50 +214,47 @@ def connect_to_db():
return cur, db
def getPersistentConfig():
- try:
- cur, db = connect_to_db()
- sql = 'SELECT * FROM AppConfig WHERE 1=1'
- cur.execute(sql)
- row = cur.fetchone()
- if row[2]:
- app.config['APP_EXT_URL'] = row[3]
- app.config['AUTH_TYPE'] = row[4]
- app.config['AZAD_AUTHORITY'] = row[5]
- app.config['AZAD_CLIENT_ID'] = row[6]
- app.config['AZAD_CLIENT_SECRET'] = row[7]
- app.config['AZURE_KEYVAULT_NAME'] = row[8]
- app.config['ENV'] = row[9]
- app.config['INSECURE_OAUTH'] = row[10]
- app.config['JENKINS_ENABLED'] = row[37]
- app.config['JENKINS_HOST'] = row[11]
- app.config['JENKINS_KEY'] = row[12]
- app.config['JENKINS_PROJECT'] = row[13]
- app.config['JENKINS_STAGING_PROJECT'] = row[14]
- app.config['JENKINS_TOKEN'] = row[15]
- app.config['JENKINS_USER'] = row[16]
- app.config['LDAP_BASE_DN'] = row[17]
- app.config['LDAP_BIND_USER_DN'] = row[18]
- app.config['LDAP_BIND_USER_PASSWORD'] = row[19]
- app.config['LDAP_GROUP_DN'] = row[20]
- app.config['LDAP_HOST'] = row[21]
- app.config['LDAP_PORT'] = row[22]
- app.config['LDAP_USER_DN'] = row[23]
- app.config['LDAP_USER_LOGIN_ATTR'] = row[24]
- app.config['LDAP_USER_RDN_ATTR'] = row[25]
- app.config['PROD_DB_URI'] = row[26]
- app.config['SMTP_ADMIN_EMAIL'] = row[27]
- app.config['SMTP_HOST'] = row[28]
- app.config['SMTP_PASSWORD'] = row[29]
- app.config['SMTP_USER'] = row[30]
- app.config['SNOW_ENABLED'] = row[38]
- app.config['SNOW_CLIENT_ID'] = row[31]
- app.config['SNOW_CLIENT_SECRET'] = row[32]
- app.config['SNOW_INSTANCE_NAME'] = row[33]
- app.config['SNOW_PASSWORD'] = row[34]
- app.config['SNOW_USERNAME'] = row[35]
- app.config['VERSION'] = row[36]
- except:
- print('AppConfig Database table is either unreachable or not setup.')
+ cur, db = connect_to_db()
+ sql = 'SELECT * FROM AppConfig WHERE 1=1'
+ cur.execute(sql)
+ row = cur.fetchone()
+ if row[2]:
+ app.config['APP_EXT_URL'] = row[3]
+ app.config['AUTH_TYPE'] = row[4]
+ app.config['AZAD_AUTHORITY'] = row[5]
+ app.config['AZAD_CLIENT_ID'] = row[6]
+ app.config['AZAD_CLIENT_SECRET'] = row[7]
+ app.config['AZURE_KEYVAULT_NAME'] = row[8]
+ app.config['ENV'] = row[9]
+ app.config['INSECURE_OAUTH'] = row[10]
+ app.config['JENKINS_ENABLED'] = row[37]
+ app.config['JENKINS_HOST'] = row[11]
+ app.config['JENKINS_KEY'] = row[12]
+ app.config['JENKINS_PROJECT'] = row[13]
+ app.config['JENKINS_STAGING_PROJECT'] = row[14]
+ app.config['JENKINS_TOKEN'] = row[15]
+ app.config['JENKINS_USER'] = row[16]
+ app.config['LDAP_BASE_DN'] = row[17]
+ app.config['LDAP_BIND_USER_DN'] = row[18]
+ app.config['LDAP_BIND_USER_PASSWORD'] = row[19]
+ app.config['LDAP_GROUP_DN'] = row[20]
+ app.config['LDAP_HOST'] = row[21]
+ app.config['LDAP_PORT'] = row[22]
+ app.config['LDAP_USER_DN'] = row[23]
+ app.config['LDAP_USER_LOGIN_ATTR'] = row[24]
+ app.config['LDAP_USER_RDN_ATTR'] = row[25]
+ app.config['PROD_DB_URI'] = row[26]
+ app.config['SMTP_ADMIN_EMAIL'] = row[27]
+ app.config['SMTP_HOST'] = row[28]
+ app.config['SMTP_PASSWORD'] = row[29]
+ app.config['SMTP_USER'] = row[30]
+ app.config['SNOW_ENABLED'] = row[38]
+ app.config['SNOW_CLIENT_ID'] = row[31]
+ app.config['SNOW_CLIENT_SECRET'] = row[32]
+ app.config['SNOW_INSTANCE_NAME'] = row[33]
+ app.config['SNOW_PASSWORD'] = row[34]
+ app.config['SNOW_USERNAME'] = row[35]
+ app.config['VERSION'] = row[36]
getPersistentConfig()
From 89ec1bae8abd87053f176526a1b7e07a73dabbab Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 11:12:34 -0700
Subject: [PATCH 15/29] Update __init__.py
---
src/vr/__init__.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/vr/__init__.py b/src/vr/__init__.py
index 90fe1b09..e184511e 100644
--- a/src/vr/__init__.py
+++ b/src/vr/__init__.py
@@ -218,7 +218,7 @@ def getPersistentConfig():
sql = 'SELECT * FROM AppConfig WHERE 1=1'
cur.execute(sql)
row = cur.fetchone()
- if row[2]:
+ if row and row[2]:
app.config['APP_EXT_URL'] = row[3]
app.config['AUTH_TYPE'] = row[4]
app.config['AZAD_AUTHORITY'] = row[5]
From 9f3a6d2a4b60d8629c1a5612e6f8fc67ae246a12 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 11:58:20 -0700
Subject: [PATCH 16/29] Update jenkins_webhook.py
---
src/vr/api/vulns/jenkins_webhook.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/vr/api/vulns/jenkins_webhook.py b/src/vr/api/vulns/jenkins_webhook.py
index 0b2e8b2d..f5698ae3 100644
--- a/src/vr/api/vulns/jenkins_webhook.py
+++ b/src/vr/api/vulns/jenkins_webhook.py
@@ -219,14 +219,14 @@ def add_new_scan(git_url, branch_name, report_id):
"Content-Type": "application/x-www-form-urlencoded"
}
data = {
- 'token': JENKINS_TOKEN,
+ 'token': app.config['JENKINS_TOKEN'],
'GIT_URL': git_url,
'TESTS': stage_str,
'GIT_BRANCH': branch_name,
'REPORT_ID': report_id
}
- url = f'{JENKINS_HOST}/job/{JENKINS_PROJECT}/buildWithParameters'
- resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(JENKINS_USER, JENKINS_KEY))
+ url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
+ resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
response = jsonify({"Status": resp.status_code}), 200
except requests.exceptions.Timeout:
print('Processing Error')
From 68b71893ec0b35924933a7f14c79e0e7459ae4fd Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 12:11:40 -0700
Subject: [PATCH 17/29] Update jenkins_webhook.py
---
src/vr/api/vulns/jenkins_webhook.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/vr/api/vulns/jenkins_webhook.py b/src/vr/api/vulns/jenkins_webhook.py
index f5698ae3..0e7ca0aa 100644
--- a/src/vr/api/vulns/jenkins_webhook.py
+++ b/src/vr/api/vulns/jenkins_webhook.py
@@ -227,7 +227,7 @@ def add_new_scan(git_url, branch_name, report_id):
}
url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
- response = jsonify({"Status": resp.status_code}), 200
+ # response = jsonify({"Status": resp.status_code}), 200
except requests.exceptions.Timeout:
print('Processing Error')
From 685167e7145fb84729f151311d253651b2630e9f Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 13:01:12 -0700
Subject: [PATCH 18/29] Update jenkins_webhook.py
---
src/vr/api/vulns/jenkins_webhook.py | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/vr/api/vulns/jenkins_webhook.py b/src/vr/api/vulns/jenkins_webhook.py
index 0e7ca0aa..f3c40868 100644
--- a/src/vr/api/vulns/jenkins_webhook.py
+++ b/src/vr/api/vulns/jenkins_webhook.py
@@ -21,6 +21,7 @@
from vr.vulns.model.sgglobalthresholds import SgGlobalThresholds
from vr.admin.functions import db_connection_handler
import traceback
+import time
@api.route('/api/jenkins_webhook', methods=['POST'])
@@ -46,13 +47,13 @@ def jenkins_webhook():
"Content-Type": "application/x-www-form-urlencoded"
}
data = {
- 'token': JENKINS_TOKEN,
+ 'token': app.config['JENKINS_TOKEN'],
'GIT_URL': git_url,
'TESTS': tests_to_run.upper(),
'GIT_BRANCH': git_branch
}
- url = f'{JENKINS_HOST}/job/{JENKINS_PROJECT}/buildWithParameters'
- resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(JENKINS_USER, JENKINS_KEY))
+ url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
+ resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
response = jsonify({"Status": resp.status_code}), 200
else:
response = jsonify({"Status": "Not Applicable"}), 200
@@ -227,6 +228,7 @@ def add_new_scan(git_url, branch_name, report_id):
}
url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
+ time.sleep(10) # sleep for 10 seconds to allow time for response
# response = jsonify({"Status": resp.status_code}), 200
except requests.exceptions.Timeout:
print('Processing Error')
From 9f243931220ea066c4c50a368e336844e293fc63 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 13:40:52 -0700
Subject: [PATCH 19/29] Update jenkins_webhook.py
---
src/vr/api/vulns/jenkins_webhook.py | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/src/vr/api/vulns/jenkins_webhook.py b/src/vr/api/vulns/jenkins_webhook.py
index f3c40868..2411defe 100644
--- a/src/vr/api/vulns/jenkins_webhook.py
+++ b/src/vr/api/vulns/jenkins_webhook.py
@@ -21,7 +21,7 @@
from vr.vulns.model.sgglobalthresholds import SgGlobalThresholds
from vr.admin.functions import db_connection_handler
import traceback
-import time
+import logging
@api.route('/api/jenkins_webhook', methods=['POST'])
@@ -213,6 +213,9 @@ def add_application_sla_policy(app_id):
report_statuses = {}
def add_new_scan(git_url, branch_name, report_id):
+ # Configure logging
+ logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
+
try:
stage_str = _determine_stages_for_app(git_url, branch_name)
headers = {
@@ -228,10 +231,14 @@ def add_new_scan(git_url, branch_name, report_id):
}
url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
- time.sleep(10) # sleep for 10 seconds to allow time for response
- # response = jsonify({"Status": resp.status_code}), 200
+ # Log the response details
+ logging.info(f"Request URL: {url}")
+ logging.info(f"Response Status Code: {resp.status_code}")
+ logging.info(f"Response Text: {resp.text}")
except requests.exceptions.Timeout:
- print('Processing Error')
+ logging.error('Processing Error: Timeout')
+ except Exception as e:
+ logging.error(f'Unexpected error: {str(e)}')
def _determine_stages_for_app(git_url, branch_name):
From a843f29df1c55176b2bb5520ca5a70fa1c36a3f4 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 14:49:15 -0700
Subject: [PATCH 20/29] Update jenkins_webhook.py
---
src/vr/api/vulns/jenkins_webhook.py | 26 +++++++++++++++++++-------
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/src/vr/api/vulns/jenkins_webhook.py b/src/vr/api/vulns/jenkins_webhook.py
index 2411defe..73a9bd23 100644
--- a/src/vr/api/vulns/jenkins_webhook.py
+++ b/src/vr/api/vulns/jenkins_webhook.py
@@ -212,9 +212,21 @@ def add_application_sla_policy(app_id):
# Global dictionary to keep track of report statuses
report_statuses = {}
+# Create a logger object for this module or function
+logger = logging.getLogger('add_new_scan')
+logger.setLevel(logging.INFO) # Set the desired log level
+
+# Create a stream handler to output logs to stdout
+stream_handler = logging.StreamHandler()
+stream_handler.setLevel(logging.INFO)
+
+# Optionally, set a formatter for the handler
+formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
+stream_handler.setFormatter(formatter)
+
+# Add the handler to the logger
+logger.addHandler(stream_handler)
def add_new_scan(git_url, branch_name, report_id):
- # Configure logging
- logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
try:
stage_str = _determine_stages_for_app(git_url, branch_name)
@@ -232,13 +244,13 @@ def add_new_scan(git_url, branch_name, report_id):
url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
# Log the response details
- logging.info(f"Request URL: {url}")
- logging.info(f"Response Status Code: {resp.status_code}")
- logging.info(f"Response Text: {resp.text}")
+ logger.info(f"Request URL: {url}")
+ logger.info(f"Response Status Code: {resp.status_code}")
+ logger.info(f"Response Text: {resp.text}")
except requests.exceptions.Timeout:
- logging.error('Processing Error: Timeout')
+ logger.error('Processing Error: Timeout')
except Exception as e:
- logging.error(f'Unexpected error: {str(e)}')
+ logger.error(f'Unexpected error: {str(e)}')
def _determine_stages_for_app(git_url, branch_name):
From c3d91bece57ac6eec9eed0418dbac1727ad2de8e Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Sat, 23 Mar 2024 08:17:27 -0700
Subject: [PATCH 21/29] add new route for updating application profile
---
.../templates/vulns/application_profile.html | 20 ++++++---
src/vr/vulns/web/testing.py | 41 ++++++++++++++++++-
2 files changed, 54 insertions(+), 7 deletions(-)
diff --git a/src/vr/templates/vulns/application_profile.html b/src/vr/templates/vulns/application_profile.html
index 558b0f04..139c4e67 100644
--- a/src/vr/templates/vulns/application_profile.html
+++ b/src/vr/templates/vulns/application_profile.html
@@ -38,10 +38,6 @@
Application Profile
-
-
-
-
@@ -57,7 +53,18 @@