-
Notifications
You must be signed in to change notification settings - Fork 787
/
create_addon_owasp.go
128 lines (115 loc) · 3.41 KB
/
create_addon_owasp.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
package cmd
import (
"io"
"github.com/spf13/cobra"
"gopkg.in/AlecAivazis/survey.v1/terminal"
batchv1 "k8s.io/api/batch/v1"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/jenkins-x/jx/pkg/apis/jenkins.io/v1"
"github.com/jenkins-x/jx/pkg/jx/cmd/templates"
"github.com/jenkins-x/jx/pkg/kube"
"github.com/jenkins-x/jx/pkg/log"
"github.com/jenkins-x/jx/pkg/util"
)
var (
createAddonOwaspLong = templates.LongDesc(`
Creates the Owasp dynamic security testing addon
`)
createAddonOwaspExample = templates.Examples(`
# Create the owasp addon
jx create addon owasp-zap
`)
)
type CreateAddonOwaspOptions struct {
CreateAddonOptions
BackoffLimit int32
Image string
}
func NewCmdCreateAddonOwasp(f Factory, in terminal.FileReader, out terminal.FileWriter, errOut io.Writer) *cobra.Command {
options := &CreateAddonOwaspOptions{
CreateAddonOptions: CreateAddonOptions{
CreateOptions: CreateOptions{
CommonOptions: CommonOptions{
Factory: f,
In: in,
Out: out,
Err: errOut,
},
},
},
}
cmd := &cobra.Command{
Use: "owasp-zap",
Short: "Create the OWASP Zed Attack Proxy addon for dynamic security checks against running apps",
Aliases: []string{"env"},
Long: createAddonOwaspLong,
Example: createAddonOwaspExample,
Run: func(cmd *cobra.Command, args []string) {
err := options.Run()
CheckErr(err)
},
}
cmd.Flags().Int32VarP(&options.BackoffLimit, "backoff-limit", "l", int32(2), "The backoff limit: how many times to retry the job before considering it failed) to run in the Job")
cmd.Flags().StringVarP(&options.Image, "image", "i", "owasp/zap2docker-live:latest", "The OWASP image to use to run the ZA Proxy baseline scan")
return cmd
}
// Create the addon
func (o *CreateAddonOwaspOptions) Run() error {
name := "owasp-zap"
commands := []string{"zap-baseline.py", "-I", "-t", "$(JX_PREVIEW_URL)"}
image := o.Image
if name == "" {
return util.MissingOption(optionName)
}
if image == "" {
return util.MissingOption(optionImage)
}
labels := map[string]string{
kube.LabelCreatedBy: kube.ValueCreatedByJX,
kube.LabelJobKind: kube.ValueJobKindPostPreview,
}
firstContainer := corev1.Container{
Name: name,
Image: image,
Command: commands,
}
callback := func(env *v1.Environment) error {
settings := &env.Spec.TeamSettings
for i, _ := range settings.PostPreviewJobs {
job := &settings.PostPreviewJobs[i]
if job.Name == name {
podSpec := &job.Spec.Template.Spec
if len(podSpec.Containers) == 0 {
podSpec.Containers = []corev1.Container{firstContainer}
} else {
container := &podSpec.Containers[0]
container.Name = name
container.Image = image
container.Command = commands
}
job.Spec.BackoffLimit = &o.BackoffLimit
log.Infof("Updating the post Preview Job: %s\n", util.ColorInfo(name))
return nil
}
}
settings.PostPreviewJobs = append(settings.PostPreviewJobs, batchv1.Job{
ObjectMeta: metav1.ObjectMeta{
Name: name,
Labels: labels,
},
Spec: batchv1.JobSpec{
Template: corev1.PodTemplateSpec{
Spec: corev1.PodSpec{
Containers: []corev1.Container{firstContainer},
RestartPolicy: corev1.RestartPolicyNever,
},
},
BackoffLimit: &o.BackoffLimit,
},
})
log.Infof("Added the post Preview Job: %s\n", util.ColorInfo(name))
return nil
}
return o.ModifyDevEnvironment(callback)
}