SecurityUniversalOrg · bkaiserinfosec · Apr 4, 2024 · Mar 13, 2024 · Mar 13, 2024 · Mar 13, 2024
diff --git a/pipeline-config.yaml b/pipeline-config.yaml
@@ -9,21 +9,21 @@ stages:
     branches:
       - release
   unitTesting:
-    enabled: false
+    enabled: true
     branches: []
   secretScanning:
-    enabled: false
+    enabled: true
     branches:
       - release
   sca:
-    enabled: false
+    enabled: true
     branches:
       - release
     codeLanguages:
       - Python
       - Javascript
   sast:
-    enabled: false
+    enabled: true
     branches:
       - release
     codeLanguages:
@@ -43,20 +43,20 @@ stages:
     containerName: secusphere
     containerTag: latest
   releaseToTest:
-    enabled: false
+    enabled: true
     branches:
       - release
     serviceName: secusphere
     containerTag: latest
   testRelease:
-    enabled: false
+    enabled: true
     branches:
       - release
     targetUrl: 'https://secusphere.securityuniversal.com'
     dastTestType: full
     apiTargetUrl: 'https://secusphere.securityuniversal.com/api/openapi.yaml'
   securityQualityGate:
-    enabled: false
+    enabled: true
     branches:
       - release
   deploy:

@@ -263,23 +263,23 @@ def _determine_stages_for_app(app_name):
     stage_str = ""
     app_str = app_name.split('--')[0]
     component_str = app_name.split('--')[1]
-    app_obj = BusinessApplications.query.filter(text(f"BusinessApplications.ApplicationName='{app_str}' AND BusinessApplications.ApplicationAcronym='{component_str.lower()}'")).first()
+    app_obj = BusinessApplications.query.filter(text(f"BusinessApplications.ApplicationName='{app_str.upper()}' AND BusinessApplications.ApplicationAcronym='{component_str.lower()}'")).first()
     profile = ApplicationProfiles.query.filter_by(AppID=app_obj.ID).first()
-    if profile.SecretScanReq == 1:
+    if str(profile.SecretScanReq) == "1":
         stage_str += "SECRET,"
-    if profile.SCAReq == 1:
+    if str(profile.SCAReq) == "1":
         stage_str += "SCA,"
-    if profile.SASTReq == 1:
+    if str(profile.SASTReq) == "1":
         stage_str += "SAST,"
-    if profile.IACReq == 1:
+    if str(profile.IACReq) == "1":
         stage_str += "IAC,"
-    if profile.ContainerReq == 1:
+    if str(profile.ContainerReq) == "1":
         stage_str += "DOCKER,"
-    if profile.InfrastructureScanReq == 1:
+    if str(profile.InfrastructureScanReq) == "1":
         stage_str += "INFRA,"
-    if profile.DASTReq == 1:
+    if str(profile.DASTReq) == "1":
         stage_str += "DAST,"
-    if profile.DASTApiReq == 1:
+    if str(profile.DASTApiReq) == "1":
         stage_str += "DAPIST,"
     if stage_str.endswith(","):
         stage_str = stage_str[:-1]

@@ -237,6 +237,7 @@
         <a href="{{ url_for('vulns.global_KPIs') }}" class="menu_child_btn reg">Application KPIs</a>
         {% if user.is_admin %}
           <a href="{{ url_for('assets.add_application') }}" class="menu_child_btn reg">Add Application</a>
+          <a href="{{ url_for('vulns.opensource_testing') }}" class="menu_child_btn reg">Add Open Source</a>
         {% endif %}
         <a href="{{ url_for('sourcecode.cheatsheets', sheet_name='Index') }}" class="menu_child_btn reg">Cheat Sheets</a>
       </div>

@@ -0,0 +1,57 @@
+{% extends 'base_auth.html' %}
+
+{% block app_content %}
+<style>
+    .container { max-width: 600px; margin: auto; padding: 20px; border: 1px solid #ccc; border-radius: 5px; }
+    h2 { text-align: center; color: white; }
+    form { display: flex; flex-direction: column; }
+    .form-group { margin-bottom: 15px; }
+    .form-group label { margin-bottom: 5px; color: white; }
+    .form-group input { padding: 10px; font-size: 16px; border-radius: 5px; border: 1px solid #ccc; }
+    button { background-color: #007bff; color: white; padding: 10px 20px; font-size: 16px; border: none; border-radius: 5px; cursor: pointer; }
+    button:hover { background-color: #0056b3; }
+</style>
+
+    <div class="container-fluid">
+        <!-- start of tabs -->
+
+
+        <div class="row hidden-xs">
+
+
+            <div class="container">
+                <h2>Open Source Libraries Security Testing</h2>
+                <form action="/start_opensource_testing" method="post">
+                    <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
+                    <div class="form-group">
+                        <label for="gitUrl">Git URL:</label>
+                        <input type="text" id="gitUrl" name="gitUrl" required>
+                    </div>
+                    <div class="form-group">
+                        <label for="gitBranch">Git Branch:</label>
+                        <input type="text" id="gitBranch" name="gitBranch" required>
+                    </div>
+                    <div class="form-group">
+                        <label for="app_name">Application Name:</label>
+                        <input type="text" id="app_name" name="app_name" required>
+                    </div>
+                    <button type="submit">Submit for Testing</button>
+                </form>
+            </div>
+
+        </div>
+
+
+        <!-- end of tabs -->
+        <div class="row">
+            <div class="col-lg-12">
+
+            </div>
+            <!-- /.col-lg-12 -->
+        </div>
+        <!-- /.row -->
+
+    </div>
+
+
+{% endblock %}
@@ -16,7 +16,7 @@
 
 
 NAV = {
-    'CAT': { "name": "Vulnerabilities", "url": "sourcecode.dashboard"}
+    'CAT': { "name": "Testing", "url": "sourcecode.dashboard"}
 }
 
 @vulns.route("/vulnerability_scans/<id>", methods=['GET', 'POST'])
@@ -126,6 +126,59 @@ def on_demand_testing():
 
     return redirect(request.referrer)
 
+@vulns.route("/opensource_testing")
+@login_required
+def opensource_testing():
+    try:
+        NAV['curpage'] = {"name": "Open Source Testing"}
+        user, status, user_roles = _auth_user(session, 'No Role')
+        if status == 401:
+            return redirect(url_for('admin.login'))
+        elif status == 403:
+            return render_template('403.html', user=user, NAV=NAV)
+
+        return render_template('testing/opensource_testing.html', user=user, NAV=NAV)
+    except RuntimeError:
+        return render_template('500.html'), 500
+
+
+
+@vulns.route("/start_opensource_testing", methods=['POST'])
+@login_required
+def start_opensource_testing():
+    NAV['curpage'] = {"name": "Vulnerability Scans"}
+    admin_role = 'Application Admin'
+    role_req = ['Application Admin', 'Application Viewer']
+    perm_entity = 'Application'
+    user, status, user_roles = _auth_user(session, NAV['CAT']['name'], role_requirements=role_req,
+                                          permissions_entity=perm_entity)
+    status = _entity_page_permissions_filter(id, user_roles, session, admin_role)
+
+    if status == 401:
+        return redirect(url_for('admin.login'))
+    elif status == 403:
+        return render_template('403.html', user=user, NAV=NAV)
+
+    git_url = request.form.get('gitUrl')
+    git_branch = request.form.get('gitBranch')
+    app_name = request.form.get('app_name')
+
+    headers = {
+        "Accept": "application/json",
+        "Content-Type": "application/x-www-form-urlencoded"
+    }
+    data = {
+        'token': app.config['JENKINS_TOKEN'],
+        'GIT_URL': git_url,
+        'GIT_BRANCH': git_branch,
+        'APP_NAME': app_name,
+        'PROFILE_APPLICATION': 'Y'
+    }
+    url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
+    resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
+
+    return redirect(url_for('assets.all_applications'))
+
 
 @vulns.route("/update_application_profile", methods=['POST'])
 @login_required