# ISAF (إسعاف)  
## Integrate Security Assessments in your dev Flow
```
    EeeiiiiiEEiiiii.....                                             
       \|/                                                           
        n______     .....iiiiiEEiiiieeEE                             
       :~;     :                  \|/                                
-----;``~'  +  ;------------ ______n --------------------------------
     `-@-----@-=            :     :~:                                
=========================== ;  +  '~``; =============================
                            =-@-----@-'                              
jgs------------------------------------------------------------------
                                                                     
                   DEVSECOPS IN A PYTHON NUTSHELL        
```

## Environment Build

### Testing Application
Screenshots de l'application + Explications

### Deploy Application

In [None]:
!git clone https://github.com/h-a-t/RedPill

In [None]:
!pip install docker

In [4]:
import docker
import io
import tarfile
import os

cli = docker.from_env()
cli.containers.list()

In [None]:
## Build app image and pull dependencies
os.chdir('/home/jovyan/RedPill/')
cli.images.build(path='./src/php', tag='hat/app')
#zap_img = cli.images.pull('owasp/zap2docker-weekly:latest')
db_img = cli.images.pull('mariadb:latest')
alpine = cli.images.pull('alpine:latest')


In [None]:
## Create a dedicated network
cli.networks.create("app_net", driver="bridge") ## cant join overlay network. maybe bridging to isolate?
cli.networks.list()

In [None]:
## Create Volumes
cli.volumes.create(name='db_data', driver='local')
cli.volumes.create(name='db_init', driver='local')
cli.volumes.create(name='app_data', driver='local')

In [None]:
## Database provisionning
os.chdir('/home/jovyan/RedPill/src/sql')
tarstream = io.BytesIO()
tar = tarfile.TarFile(fileobj=tarstream, mode='w')
tar.add('staging.sql')
tar.close()

## https://gist.github.com/zbyte64/6800eae10ce082bb78f0b7a2cca5cbc2
tmp=cli.containers.create(
    image='alpine', 
    volumes={'db_init':{'bind': '/data/', 'mode' : 'rw'}})

tarstream.seek(0)
tmp.put_archive(
    path='/data/',
    data=tarstream
)

## Database run
db_cont = cli.containers.run(
    image='mariadb:latest',
    volumes={'db_init':{'bind': '/docker-entrypoint-initdb.d/', 'mode' : 'rw'},
             'db_data':{'bind': '/var/lib/mysql/', 'mode' : 'rw'}
            },
    detach=True,
    name='app_db',
    environment=['MYSQL_RANDOM_ROOT_PASSWORD=yes','MYSQL_USER=user',
                  'MYSQL_PASSWORD=password','MYSQL_DATABASE=sqli']
        )
db_cont?

In [None]:
## Webserver provisionning

os.chdir('/home/jovyan/RedPill/src/php')
tarstream = io.BytesIO()
tar = tarfile.TarFile(fileobj=tarstream, mode='w')
tar.add('.')
tar.close()

tmp=cli.containers.create(
    image='alpine', 
    volumes={'app_data':{'bind': '/data/', 'mode' : 'rw'}})

tarstream.seek(0)
tmp.put_archive(
    path='/data/',
    data=tarstream
)

## webserver run
app_cont = cli.containers.run(
    image='hat/app',
    volumes={'app_data':{'bind': '/var/www/html', 'mode' : 'rw'}
            },
    detach=True,
    name='app_web',
    environment=['DB_ENV_MYSQL_USER=user','DB_ENV_MYSQL_PASSWORD=password','BUILD_STAGE=Python'],
    ports={'80/tcp':80},
    links=[('app_db','db')]
        )
app_cont?

# Security Assessment in a Synchronous Execution Flow

## Static Code Analysis


### Push code to SonarQube for code analysis

In [None]:
## Download Sonarqube scanner
!wget https://sonarsource.bintray.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-3.0.3.778-linux.zip
!unzip sonar-scanner-cli-3.0.3.778-linux.zip

In [None]:
!./sonar-scanner-3.0.3.778-linux/bin/sonar-scanner -Dsonar.host.url=http://sonarqube:9000 -Dsonar.projectKey=Redpill:latest -Dsonar.sources=RedPill/src/php -Dsonar.language=php

### Push to Clair for a container layer scan

TODO : reg de Jess + Pop instance Clair

## Dynamic Runtime Analysis

### Using the Web-GUI of your favorite Pentesting tool from OWASP: ZAP
- Let L33t do the testing by running a GUI instance of ZAP, just browse localhost:8666/?anonym=true&app=ZAP to start :) 
- Warning, image size: 1,52 Go  
- Cf. https://github.com/zaproxy/zaproxy/wiki/WebSwing  

In [None]:
zap_img = cli.images.pull('owasp/zap2docker-stable:latest')
scan_cont = cli.containers.run(
    image=zap_img,
    name='app_scan',
    detach=True,
    command="sh -c 'zap-webswing.sh'",
    ports={'8080/tcp':8666, '8090/tcp':8777},
    links=[('app_web','app')]
        )
scan_cont?

### Using the flexibility of your favorite cutting-edge technology: OpenFaas

Dockerfile:  

```
FROM alexellis2/faas-alpinefunction:latest
RUN apk update && apk add nmap
ENV fprocess="xargs nmap"
CMD ["fwatchdog"]
```

nmap_stack:   

```yaml
provider:
  name: faas
  gateway: http://gateway:8080

functions:
  nmap:
    lang: Dockerfile
    handler: ./Dockerfile
    image: hat/nmap
```

In [None]:
import tarfile
import time
from io import BytesIO
os.chdir('/home/jovyan/work')
Dockerfile ='''
FROM alexellis2/faas-alpinefunction:latest
RUN apk update && apk add nmap
ENV fprocess="xargs nmap"
CMD ["fwatchdog"]
'''
with open("Dockerfile", "w") as stack:
    stack.write("%s" % Dockerfile)

#write the Dockerfile to a tarred archive
pw_tarstream = BytesIO()
pw_tar = tarfile.TarFile(fileobj=pw_tarstream, mode='w')
file_data = Dockerfile.encode('utf8')
tarinfo = tarfile.TarInfo(name='Dockerfile')
tarinfo.size = len(file_data)
tarinfo.mtime = time.time()
#tarinfo.mode = 0600
pw_tar.addfile(tarinfo, BytesIO(file_data))
pw_tar.close()

pw_tarstream.seek(0)
nmap = cli.images.build(
    fileobj=pw_tarstream,
    custom_context=True,
    tag='hat/nmap'
)
nmap?

In [None]:
## nmap Stack
os.chdir('/home/jovyan/work')
func_stack='''
provider:
  name: faas
  gateway: http://gateway:8080

functions:
  nmap:
    lang: Dockerfile
    handler: ./Dockerfile
    image: hat/nmap
'''
with open("nmap_func.yml", "w") as stack:
    stack.write("%s" % func_stack)

In [None]:
!faas-cli build -f nmap_func.yml

In [None]:
!faas-cli deploy -f nmap_func.yml

In [None]:
## Testing
!curl -v http://gateway:8080/system/functions

In [None]:
## Executing nmap \o/
!curl -v --data "-T4 172.17.0.3" http://gateway:8080/function/nmap