Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added a Typo3 Scanner (closes #568) #608

Merged
merged 45 commits into from
Aug 27, 2021
Merged

Added a Typo3 Scanner (closes #568) #608

merged 45 commits into from
Aug 27, 2021

Conversation

Ilyesbdlala
Copy link
Member

@Ilyesbdlala Ilyesbdlala commented Aug 24, 2021
edited

Description

Added a new Scannner that that scans websites using TYPO3 content management system: typo3scan. It detects core vulnerabilities and scans for installed extensions. From these extensions, the vulnerable ones can be identified.

Checklist

  • Test your changes as thoroughly as possible before you commit them. Preferably, automate your test by unit/integration tests.
  • Make sure npm test runs for the whole project.
  • Make codeclimate checks happy

Ilyesbdlala and others added 13 commits August 19, 2021 12:57
@Ilyesbdlala Ilyesbdlala added the scanner Implement or update a security scanner label Aug 24, 2021
@Ilyesbdlala Ilyesbdlala self-assigned this Aug 24, 2021
@Ilyesbdlala Ilyesbdlala added this to In progress in secureCodeBox v3 via automation Aug 24, 2021
@Ilyesbdlala Ilyesbdlala moved this from In progress to To Review in secureCodeBox v3 Aug 24, 2021
J12934 and others added 13 commits August 24, 2021 11:07
@J12934 @Ilyesbdlala
Update Kubernetes Versions used in CI
4bd88b2 
Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
@J12934 @Ilyesbdlala
Add back wait flag
01b0715 
Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
@J12934 @Ilyesbdlala
Revert helmignore to include the scripts again
16b185f 
This cas caused the configmaps to contain a empty list of scripts as the scipts weren't included in the chart anymore :(

Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
@J12934 @Ilyesbdlala
Fix missing new line
6ec459c 
Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
@Ilyesbdlala
Created Dockerfile of the Typo3Scanner
df3696b 
Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
@Ilyesbdlala
Added Typo3Scanner Parser (parser.js)
7cc30c3 
Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
@Ilyesbdlala
Updating Helm Docs
fe26011 
Signed-off-by: GitHub Actions <securecodebox@iteratec.com>
Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
@Ilyesbdlala
Added parser tests and templates folder
2fb51c8 
Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
@Ilyesbdlala
added gitkeep to add docs folder
f5d3486 
Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
@Ilyesbdlala
Fixed parser.js and added unit tests
0eb1ef0 
Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
@Ilyesbdlala
Added example scan output
bec1c34 
Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
@Ilyesbdlala
Minor fixes
eb444d9 
Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
@Ilyesbdlala
Added .helm-docs.gotml file for documentation
cb79311 
Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
@Ilyesbdlala
Changed variables in parser.js to const when reasonable
06ab19b 
Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
@Ilyesbdlala
Changed typo3 scanner dockerfile to multistage
c27e1f1 
Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
Ilyesbdlala and others added 3 commits August 25, 2021 17:03
@Ilyesbdlala @SebieF
Fix typo in helm-docs.gotmpl
cf39b0b 
Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>

Co-authored-by: Sebastian Franz <32578476+SebieF@users.noreply.github.com>
@Ilyesbdlala @secureCodeBoxBot
Updating Helm Docs
fe36bb3 
Signed-off-by: GitHub Actions <securecodebox@iteratec.com>
@Ilyesbdlala @SebieF
Update typ3scan-parse-definition.yaml
19f09c3 
Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>

Co-authored-by: Sebastian Franz <32578476+SebieF@users.noreply.github.com>
J12934
J12934 requested changes Aug 27, 2021
View reviewed changes
scanners/typo3scan/examples/scan.yaml Outdated Show resolved Hide resolved
scanners/typo3scan/parser/parser.js Outdated Show resolved Hide resolved
scanners/typo3scan/parser/parser.js Outdated Show resolved Hide resolved
scanners/typo3scan/examples/scan.yaml Outdated Show resolved Hide resolved
scanners/typo3scan/docs/README.ArtifactHub.md Show resolved Hide resolved
scanners/typo3scan/scanner/Dockerfile Outdated Show resolved Hide resolved
J12934 and others added 5 commits August 27, 2021 14:13
@J12934 @Ilyesbdlala
Fix example
35b3817 
Co-authored-by: Ilyes Bendlala <ilyes.bendlala@iteratec.com>
Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
@J12934 @Ilyesbdlala
Improve / fix parser
3d79196 
- Didn't need the dependencies
- Fixed issue of automatically parsed json results

Co-authored-by: Ilyes Bendlala <ilyes.bendlala@iteratec.com>
Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
@J12934 @Ilyesbdlala
Improve scanner docker file
791996a 
- Removing wrapper script, not needed when workdir is set to scb dir
- Chowning files while copying

Co-authored-by: Ilyes Bendlala <ilyes.bendlala@iteratec.com>
Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
@J12934 @Ilyesbdlala
Add missing template vars
a8a73b7 
Co-authored-by: Ilyes Bendlala <ilyes.bendlala@iteratec.com>
Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
@J12934 @Ilyesbdlala
Add copyright header
f5bcab9 
Co-authored-by: Ilyes Bendlala <ilyes.bendlala@iteratec.com>
Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
J12934
J12934 previously approved these changes Aug 27, 2021
View reviewed changes
secureCodeBox v3 automation moved this from To Review to Reviewer approved Aug 27, 2021
@Ilyesbdlala Ilyesbdlala removed a link to an issue Aug 27, 2021
Add a typo3 security vulnerability scanner #568
Closed
11 tasks
@J12934
Copy link
Member

J12934 commented Aug 27, 2021

merging now, some small followup tasks have been added to the typo3 issue

@J12934 J12934 enabled auto-merge August 27, 2021 12:19
@J12934 J12934 disabled auto-merge August 27, 2021 12:28
secureCodeBox v3 automation moved this from Reviewer approved to To Review Aug 27, 2021
@J12934 J12934 enabled auto-merge August 27, 2021 12:32
secureCodeBox v3 automation moved this from To Review to Reviewer approved Aug 27, 2021
@J12934 J12934 merged commit a6e3aa4 into main Aug 27, 2021
@J12934 J12934 deleted the typo3_scanner branch August 27, 2021 18:17
secureCodeBox v3 automation moved this from Reviewer approved to Done Aug 27, 2021
@SebieF SebieF moved this from Done to counter in secureCodeBox v3 Sep 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rseedorff rseedorff rseedorff left review comments

@SebieF SebieF SebieF left review comments

@J12934 J12934 J12934 approved these changes

Assignees

@Ilyesbdlala Ilyesbdlala

Labels
scanner Implement or update a security scanner
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@Ilyesbdlala @J12934 @rseedorff @SebieF