feat: Merge schemas and add API

Author: binarymist

.gitignore

@@ -4,4 +4,5 @@ jobs/*
 !jobs/simple-BrowserApp-job-example
 !jobs/simple-BrowserApp-job-fast-example
 !jobs/advanced-BrowserApp-job-example
+!jobs/job_crAPI-example
 

jobs/README.md

@@ -2,13 +2,10 @@ Documentation around the _Job_ file structure can be found at https://docs.guard
 
 Examples of _Job_ files can be found at https://github.com/guardrailsio/runtime-resources/tree/main/jobs
 
-* advanced-BrowserApp-job-example: This _Job_ file targets the [NodeGoat](https://github.com/OWASP/NodeGoat) SUT, which we host using [purpleteam-iac-sut](https://github.com/purpleteam-labs/purpleteam-iac-sut). You can use this _Job_ file and just update the `sutHost` to point to your hosted copy of NodeGoat as well as the `username` and `passwordBase64` properties
+* **advanced-BrowserApp-job-example**: This _Job_ file targets the [NodeGoat](https://github.com/OWASP/NodeGoat) SUT, which we host using [purpleteam-iac-sut](https://github.com/purpleteam-labs/purpleteam-iac-sut). You can use this _Job_ file and just update the `sutHost` to point to your hosted copy of NodeGoat as well as the `username` and `passwordBase64` properties
+* **job_crAPI-example**: This _Job_ file targets the [crAPI](https://github.com/OWASP/crAPI) SUT, which our devops team hosts for us. If using this _Job_ file, you will need to provide a valid `sutHost` property value. The `username` and `passwordBase64` properties will need updating with the values you entered when you created your user in a hosted copy of the crAPI project. The `openApi.importFileContentBase64` value will need to be updated
+* **simple-BrowserApp-job-example**: This _Job_ file is good for most browser applications that don't require authentication. If using this _Job_ file, you will need to provide a valid `sutHost` property value. As it is, it will inform the _Application Testing Engine_ to scan the specified host from the root. If you want to be more specific, you can add routes to be scanned
+* **simple-BrowserApp-job-fast-example**: This _Job_ file extends simple-BrowserApp-job-example by adding a single route, this will inform the _Application Testing Engine_ to only scan the specified route of the specified host. You will need to provide a valid `sutHost` property value, and a valid `route.id` property value. By using this _Job_, the [_Test Run_](https://docs.guardrails.io/docs/glossary#test-run) should be faster because it is not scanning from the root
 
-  If you are using a forwarding proxy, between the engine and your SUT, configure the `forwardingProxy` object properties with valid values. If you are not using a fowarding proxy, just remove the `forwardingProxy` object
-* simple-BrowserApp-job-example: This _Job_ file is good for most browser applications that don't require authentication. If using this _Job_ file, you will need to provide a valid `sutHost` property value. As it is, it will inform the _Application Testing Engine_ to scan the specified host from the root. If you want to be more specific, you can add routes to be scanned.  
-
-  If you are using a forwarding proxy, between the engine and your SUT, configure the `forwardingProxy` object properties with valid values. If you are not using a fowarding proxy, just remove the `forwardingProxy` object
-* simple-BrowserApp-job-fast-example: This _Job_ file extends simple-BrowserApp-job-example by adding a single route, this will inform the _Application Testing Engine_ to only scan the specified route of the specified host. You will need to provide a valid `sutHost` property value, and a valid `route.id` property value. By using this _Job_, the [_Test Run_](https://docs.guardrails.io/docs/glossary#test-run) should be faster because it is not scanning from the root.  
-
-  If you are using a forwarding proxy, between the engine and your SUT, configure the `forwardingProxy` object properties with valid values. If you are not using a fowarding proxy, just remove the `forwardingProxy` object
+If you are using a forwarding proxy, between the engine and your SUT, configure the `forwardingProxy` object properties with valid values. If you are not using a fowarding proxy, just remove the `forwardingProxy` object
 

jobs/advanced-BrowserApp-job-example

@@ -1,8 +1,8 @@
 {
   "data": {
-    "type": "BrowserApp",
+    "type": "Job",
     "attributes": {
-      "version": "1.0.0",
+      "version": "2.0.0",
       "sutAuthentication": {
         "sitesTreeSutAuthenticationPopulationStrategy": "FormStandard",
         "emissaryAuthenticationStrategy": "FormStandard",
@@ -44,8 +44,7 @@
       "type": "tlsScanner",
       "id": "NA",
       "attributes": {
-        "tlsScannerSeverity": "LOW",
-        "alertThreshold": 3
+        "tlsScannerSeverity": "LOW"
       }
     },
     {
@@ -61,8 +60,7 @@
         "username": "<your-user>",
         "passwordBase64": "<your-base64-encoded-password>",
         "aScannerAttackStrength": "HIGH",
-        "aScannerAlertThreshold": "LOW",
-        "alertThreshold": 12
+        "aScannerAlertThreshold": "LOW"
       },
       "relationships": {
         "data": [{

jobs/job_crAPI-example

@@ -0,0 +1,66 @@
+{
+  "data": {
+    "type": "Job",
+    "attributes": {
+      "version": "2.0.0",
+      "sutAuthentication": {
+        "emissaryAuthenticationStrategy": "MaintainJwtJsonBasedBespokeCrApi",
+        "route": "/identity/api/auth/login",
+        "usernameFieldLocater": "email",
+        "passwordFieldLocater": "password"
+      },
+      "sutHost": "<targetdomain.com>",
+      "sutPort": 443,
+      "sutProtocol": "https",
+      "loggedOutIndicator": "\\b(Unauthorized|Forbidden|Invalid Token)\\b",
+      "forwardingProxy": {
+        "protocol": "[http|https]",
+        "authorizationBase64": "<base64-encoded-username:password>",
+        "hostname": "<proxy-hostname>",
+        "port": <proxy-port>
+      }
+    },
+    "relationships": {
+      "data": [{
+        "type": "tlsScanner",
+        "id": "NA"
+      },
+      {
+        "type": "appScanner",
+        "id": "noUser1"
+      }]
+    }
+  },
+  "included": [
+    {
+      "type": "tlsScanner",
+      "id": "NA",
+      "attributes": {
+        "tlsScannerSeverity": "LOW"
+      }
+    },
+    {
+      "type": "appScanner",
+      "id": "noUser1",
+      "attributes": {
+        "sitesTreePopulationStrategy": "OpenApi",
+        "spiderStrategy": "Standard",
+        "scannersStrategy": "ApiStandard",
+        "scanningStrategy": "ApiStandard",
+        "postScanningStrategy": "ApiStandard",
+        "reportingStrategy": "Standard",
+        "username": "<your-user>",
+        "passwordBase64": "<your-base64-encoded-password>",
+        "openApi": {
+          "importFileContentBase64": "<your-base64-encoded-openapi-spec>"
+        },
+        "aScannerAttackStrength": "MEDIUM",
+        "aScannerAlertThreshold": "LOW",
+        "excludedRoutes": [
+          "^.*change-email.*$",
+          "^.*reset-password.*$"
+        ]
+      }
+    }
+  ]
+}

jobs/simple-BrowserApp-job-example

@@ -1,8 +1,8 @@
 {
   "data": {
-    "type": "BrowserApp",
+    "type": "Job",
     "attributes": {
-      "version": "1.0.0",
+      "version": "2.0.0",
       "sutAuthentication": {
         "sitesTreeSutAuthenticationPopulationStrategy": "NoAuthentication",
         "emissaryAuthenticationStrategy": "NoAuthentication"
@@ -34,8 +34,7 @@
       "type": "tlsScanner",
       "id": "NA",
       "attributes": {
-        "tlsScannerSeverity": "LOW",
-        "alertThreshold": 3
+        "tlsScannerSeverity": "LOW"
       }
     },
     {
@@ -49,8 +48,7 @@
         "postScanningStrategy": "BrowserAppStandard",
         "reportingStrategy": "Standard",
         "aScannerAttackStrength": "HIGH",
-        "aScannerAlertThreshold": "LOW",
-        "alertThreshold": 12
+        "aScannerAlertThreshold": "LOW"
       },
       "relationships": {
         "data": []

jobs/simple-BrowserApp-job-fast-example

@@ -1,8 +1,8 @@
 {
   "data": {
-    "type": "BrowserApp",
+    "type": "Job",
     "attributes": {
-      "version": "1.0.0",
+      "version": "2.0.0",
       "sutAuthentication": {
         "sitesTreeSutAuthenticationPopulationStrategy": "NoAuthentication",
         "emissaryAuthenticationStrategy": "NoAuthentication"
@@ -13,7 +13,7 @@
       "browser": "chrome",
       "forwardingProxy": {
         "protocol": "[http|https]",
-        "authorizationBase64": "<base64-encoded-username-password>",
+        "authorizationBase64": "<base64-encoded-username:password>",
         "hostname": "<proxy-hostname>",
         "port": <proxy-port>
       }
@@ -34,8 +34,7 @@
       "type": "tlsScanner",
       "id": "NA",
       "attributes": {
-        "tlsScannerSeverity": "LOW",
-        "alertThreshold": 3
+        "tlsScannerSeverity": "LOW"
       }
     },
     {
@@ -49,8 +48,7 @@
         "postScanningStrategy": "BrowserAppStandard",
         "reportingStrategy": "Standard",
         "aScannerAttackStrength": "HIGH",
-        "aScannerAlertThreshold": "LOW",
-        "alertThreshold": 12
+        "aScannerAlertThreshold": "LOW"
       },
       "relationships": {
         "data": [{"type": "route", "id": "</my-route>"}]