diff --git a/pipeline-config.yaml b/pipeline-config.yaml index dfc9364..3340b73 100644 --- a/pipeline-config.yaml +++ b/pipeline-config.yaml @@ -9,21 +9,21 @@ stages: branches: - release unitTesting: - enabled: false + enabled: true branches: [] secretScanning: - enabled: false + enabled: true branches: - release sca: - enabled: false + enabled: true branches: - release codeLanguages: - Python - Javascript sast: - enabled: false + enabled: true branches: - release codeLanguages: @@ -43,20 +43,20 @@ stages: containerName: secusphere containerTag: latest releaseToTest: - enabled: false + enabled: true branches: - release serviceName: secusphere containerTag: latest testRelease: - enabled: false + enabled: true branches: - release targetUrl: 'https://secusphere.securityuniversal.com' dastTestType: full apiTargetUrl: 'https://secusphere.securityuniversal.com/api/openapi.yaml' securityQualityGate: - enabled: false + enabled: true branches: - release deploy: diff --git a/src/vr/api/vulns/jenkins_webhook.py b/src/vr/api/vulns/jenkins_webhook.py index 09ade2a..3d86b95 100644 --- a/src/vr/api/vulns/jenkins_webhook.py +++ b/src/vr/api/vulns/jenkins_webhook.py @@ -263,23 +263,23 @@ def _determine_stages_for_app(app_name): stage_str = "" app_str = app_name.split('--')[0] component_str = app_name.split('--')[1] - app_obj = BusinessApplications.query.filter(text(f"BusinessApplications.ApplicationName='{app_str}' AND BusinessApplications.ApplicationAcronym='{component_str.lower()}'")).first() + app_obj = BusinessApplications.query.filter(text(f"BusinessApplications.ApplicationName='{app_str.upper()}' AND BusinessApplications.ApplicationAcronym='{component_str.lower()}'")).first() profile = ApplicationProfiles.query.filter_by(AppID=app_obj.ID).first() - if profile.SecretScanReq == 1: + if str(profile.SecretScanReq) == "1": stage_str += "SECRET," - if profile.SCAReq == 1: + if str(profile.SCAReq) == "1": stage_str += "SCA," - if profile.SASTReq == 1: + if str(profile.SASTReq) == "1": stage_str += "SAST," - if profile.IACReq == 1: + if str(profile.IACReq) == "1": stage_str += "IAC," - if profile.ContainerReq == 1: + if str(profile.ContainerReq) == "1": stage_str += "DOCKER," - if profile.InfrastructureScanReq == 1: + if str(profile.InfrastructureScanReq) == "1": stage_str += "INFRA," - if profile.DASTReq == 1: + if str(profile.DASTReq) == "1": stage_str += "DAST," - if profile.DASTApiReq == 1: + if str(profile.DASTApiReq) == "1": stage_str += "DAPIST," if stage_str.endswith(","): stage_str = stage_str[:-1] diff --git a/src/vr/templates/base_auth.html b/src/vr/templates/base_auth.html index df697bc..b0d95ae 100644 --- a/src/vr/templates/base_auth.html +++ b/src/vr/templates/base_auth.html @@ -237,6 +237,7 @@ Application KPIs {% if user.is_admin %} Add Application + Add Open Source {% endif %} Cheat Sheets diff --git a/src/vr/templates/testing/opensource_testing.html b/src/vr/templates/testing/opensource_testing.html new file mode 100644 index 0000000..289e0e9 --- /dev/null +++ b/src/vr/templates/testing/opensource_testing.html @@ -0,0 +1,57 @@ +{% extends 'base_auth.html' %} + +{% block app_content %} + + +
+ + + + + + + +
+
+ +
+ +
+ + +
+ + +{% endblock %} \ No newline at end of file diff --git a/src/vr/vulns/web/testing.py b/src/vr/vulns/web/testing.py index 64afeb7..a281baa 100644 --- a/src/vr/vulns/web/testing.py +++ b/src/vr/vulns/web/testing.py @@ -16,7 +16,7 @@ NAV = { - 'CAT': { "name": "Vulnerabilities", "url": "sourcecode.dashboard"} + 'CAT': { "name": "Testing", "url": "sourcecode.dashboard"} } @vulns.route("/vulnerability_scans/", methods=['GET', 'POST']) @@ -126,6 +126,59 @@ def on_demand_testing(): return redirect(request.referrer) +@vulns.route("/opensource_testing") +@login_required +def opensource_testing(): + try: + NAV['curpage'] = {"name": "Open Source Testing"} + user, status, user_roles = _auth_user(session, 'No Role') + if status == 401: + return redirect(url_for('admin.login')) + elif status == 403: + return render_template('403.html', user=user, NAV=NAV) + + return render_template('testing/opensource_testing.html', user=user, NAV=NAV) + except RuntimeError: + return render_template('500.html'), 500 + + + +@vulns.route("/start_opensource_testing", methods=['POST']) +@login_required +def start_opensource_testing(): + NAV['curpage'] = {"name": "Vulnerability Scans"} + admin_role = 'Application Admin' + role_req = ['Application Admin', 'Application Viewer'] + perm_entity = 'Application' + user, status, user_roles = _auth_user(session, NAV['CAT']['name'], role_requirements=role_req, + permissions_entity=perm_entity) + status = _entity_page_permissions_filter(id, user_roles, session, admin_role) + + if status == 401: + return redirect(url_for('admin.login')) + elif status == 403: + return render_template('403.html', user=user, NAV=NAV) + + git_url = request.form.get('gitUrl') + git_branch = request.form.get('gitBranch') + app_name = request.form.get('app_name') + + headers = { + "Accept": "application/json", + "Content-Type": "application/x-www-form-urlencoded" + } + data = { + 'token': app.config['JENKINS_TOKEN'], + 'GIT_URL': git_url, + 'GIT_BRANCH': git_branch, + 'APP_NAME': app_name, + 'PROFILE_APPLICATION': 'Y' + } + url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters" + resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY'])) + + return redirect(url_for('assets.all_applications')) + @vulns.route("/update_application_profile", methods=['POST']) @login_required