feat(jobs-strategies):

Author: binarymist

.gitignore

@@ -0,0 +1,6 @@
+jobs/*
+
+!jobs/README.md
+!jobs/simple-BrowserApp-job-example
+!jobs/advanced-BrowserApp-job-example
+

jobs/README.md

@@ -0,0 +1,4 @@
+Documentation around the _Job_ file structure can be found at https://docs.guardrails.io/docs/category/job-file
+
+Examples of _Job_ files can be found at https://github.com/guardrailsio/runtime-resources/tree/main/jobs
+

jobs/advanced-BrowserApp-job-example

@@ -0,0 +1,129 @@
+{
+  "data": {
+    "type": "BrowserApp",
+    "attributes": {
+      "version": "0.0.1",
+      "sutAuthentication": {
+        "sitesTreeSutAuthenticationPopulationStrategy": "FormStandard",
+        "emissaryAuthenticationStrategy": "FormStandard",
+        "route": "/login",
+        "usernameFieldLocater": "userName",
+        "passwordFieldLocater": "password",
+        "submit": "btn btn-danger",
+        "expectedPageSourceSuccess": "Log Out"
+      },
+      "sutHost": "nodegoat.sut.purpleteam-labs.com",
+      "sutPort": 443,
+      "sutProtocol": "https",
+      "browser": "chrome",
+      "loggedInIndicator": "<p>Found. Redirecting to <a href=\"\/dashboard\">\/dashboard<\/a><\/p>"
+    },
+    "relationships": {
+      "data": [{
+        "type": "tlsScanner",
+        "id": "NA"
+      },
+      {
+        "type": "appScanner",
+        "id": "lowPrivUser"
+      },
+      {
+        "type": "appScanner",
+        "id": "adminUser"
+      }]
+    }
+  },
+  "included": [
+    {
+      "type": "tlsScanner",
+      "id": "NA",
+      "attributes": {
+        "tlsScannerSeverity": "LOW",
+        "alertThreshold": 3
+      }
+    },
+    {
+      "type": "appScanner",
+      "id": "lowPrivUser",
+      "attributes": {
+        "sitesTreePopulationStrategy": "WebDriverStandard",
+        "spiderStrategy": "Standard",
+        "scannersStrategy": "BrowserAppStandard",
+        "scanningStrategy": "BrowserAppStandard",
+        "postScanningStrategy": "BrowserAppStandard",
+        "reportingStrategy": "Standard",
+        "reports": {
+          "templateThemes": [{
+            "name": "traditionalJson"
+          }]
+        },
+        "username": "[your-user]",
+        "password": "[your-password]",
+        "aScannerAttackStrength": "HIGH",
+        "aScannerAlertThreshold": "LOW",
+        "alertThreshold": 12
+      },
+      "relationships": {
+        "data": [{
+          "type": "route",
+          "id": "/profile"
+        }]
+      }
+    },
+    {
+      "type": "appScanner",
+      "id": "adminUser",
+      "attributes": {
+        "sitesTreePopulationStrategy": "WebDriverStandard",
+        "spiderStrategy": "Standard",
+        "scannersStrategy": "BrowserAppStandard",
+        "scanningStrategy": "BrowserAppStandard",
+        "postScanningStrategy": "BrowserAppStandard",
+        "reportingStrategy": "Standard",
+        "username": "[admin-user]",
+        "password": "[admin-password]"
+      },
+      "relationships": {
+        "data": [{
+          "type": "route",
+          "id": "/memos"
+        },
+        {
+          "type": "route",
+          "id": "/profile"
+        }]
+      }
+    },
+    {
+      "type": "route",
+      "id": "/profile",
+      "attributes": {
+        "attackFields": [
+          {"name": "firstName", "value": "PurpleJohn", "visible": true},
+          {"name": "lastName", "value": "PurpleDoe", "visible": true},
+          {"name": "ssn", "value": "PurpleSSN", "visible": true},
+          {"name": "dob", "value": "12235678", "visible": true},
+          {"name": "bankAcc", "value": "PurpleBankAcc", "visible": true},
+          {"name": "bankRouting", "value": "0198212#", "visible": true},
+          {"name": "address", "value": "PurpleAddress", "visible": true},
+          {"name": "website", "value": "https://purpleteam-labs.com", "visible": true},
+          {"name": "_csrf", "value": ""},
+          {"name": "submit", "value": ""}
+        ],
+        "method": "POST",
+        "submit": "submit"
+      }
+    },
+    {
+      "type": "route",
+      "id": "/memos",
+      "attributes": {
+        "attackFields": [
+          {"name": "memo", "value": "PurpleMemo", "visible": true}
+        ],
+        "method": "POST",
+        "submit": "btn btn-primary"
+      }
+    }
+  ]
+}

jobs/simple-BrowserApp-job-example

@@ -0,0 +1,59 @@
+{
+  "data": {
+    "type": "BrowserApp",
+    "attributes": {
+      "version": "0.0.1",
+      "sutAuthentication": {
+        "sitesTreeSutAuthenticationPopulationStrategy": "NoAuthentication",
+        "emissaryAuthenticationStrategy": "NoAuthentication"
+      },
+      "sutHost": "[targetdomain.com]",
+      "sutPort": 443,
+      "sutProtocol": "https",
+      "browser": "chrome"
+    },
+    "relationships": {
+      "data": [{
+        "type": "tlsScanner",
+        "id": "NA"
+      },
+      {
+        "type": "appScanner",
+        "id": "NA"
+      }]
+    }
+  },
+  "included": [
+    {
+      "type": "tlsScanner",
+      "id": "NA",
+      "attributes": {
+        "tlsScannerSeverity": "LOW",
+        "alertThreshold": 3
+      }
+    },
+    {
+      "type": "appScanner",
+      "id": "NA",
+      "attributes": {
+        "sitesTreePopulationStrategy": "WebDriverStandard",
+        "spiderStrategy": "Standard",
+        "scannersStrategy": "BrowserAppStandard",
+        "scanningStrategy": "BrowserAppStandard",
+        "postScanningStrategy": "BrowserAppStandard",
+        "reportingStrategy": "Standard",
+        "reports": {
+          "templateThemes": [{
+            "name": "traditionalJson"
+          }]
+        },
+        "aScannerAttackStrength": "HIGH",
+        "aScannerAlertThreshold": "LOW",
+        "alertThreshold": 12
+      },
+      "relationships": {
+        "data": []
+      }
+    }
+  ]
+}

sUtAndEmissaryStrategies/1_sitesTreeSutAuthenticationPopulation/formStandard.js

@@ -0,0 +1,39 @@
+// Copyright (C) 2017-2022 BinaryMist Limited. All rights reserved.
+
+// Use of this software is governed by the Business Source License
+// included in the file /licenses/bsl.md
+
+// As of the Change Date specified in that file, in accordance with
+// the Business Source License, use of this software will be governed
+// by the Apache License, Version 2.0
+
+import SitesTreeSutAuthenticationPopulation from './strategy.js';
+
+class FormStandard extends SitesTreeSutAuthenticationPopulation {
+  #fileName = 'formStandard';
+
+  constructor({ log, baseUrl, browser, sutPropertiesSubSet }) {
+    super({ log, baseUrl, browser, sutPropertiesSubSet });
+  }
+
+  async authenticate() {
+    const methodName = 'authenticate';
+    const { findElementThenClick, findElementThenSendKeys, checkAndNotifyBuildUserIfAnyKnownBrowserErrors } = this.browser;
+    const {
+      authentication: { route: loginRoute, usernameFieldLocater, passwordFieldLocater, submit, expectedPageSourceSuccess },
+      testSession: { attributes: { username, password } }
+    } = this.sutPropertiesSubSet;
+
+    this.log.info(`The ${methodName}() method of the ${super.constructor.name} strategy "${this.constructor.name}" has been invoked.`, { tags: [this.#fileName, methodName] });
+
+    const webDriver = this.browser.getWebDriver();
+    await webDriver.getWindowHandle();
+    await webDriver.get(`${this.baseUrl}${loginRoute}`);
+    await checkAndNotifyBuildUserIfAnyKnownBrowserErrors();
+    await findElementThenSendKeys({ name: usernameFieldLocater, value: username, visible: true });
+    await findElementThenSendKeys({ name: passwordFieldLocater, value: password, visible: true });
+    await findElementThenClick(submit, expectedPageSourceSuccess);
+  }
+}
+
+export default FormStandard;

sUtAndEmissaryStrategies/1_sitesTreeSutAuthenticationPopulation/index.js

@@ -0,0 +1,15 @@
+// Copyright (C) 2017-2022 BinaryMist Limited. All rights reserved.
+
+// Use of this software is governed by the Business Source License
+// included in the file /licenses/bsl.md
+
+// As of the Change Date specified in that file, in accordance with
+// the Business Source License, use of this software will be governed
+// by the Apache License, Version 2.0
+
+import FormStandard from './formStandard.js';
+import Link from './link.js';
+import NoAuthentication from './noAuthentication.js';
+
+export default { FormStandard, Link, NoAuthentication };
+

sUtAndEmissaryStrategies/1_sitesTreeSutAuthenticationPopulation/link.js

@@ -0,0 +1,34 @@
+// Copyright (C) 2017-2022 BinaryMist Limited. All rights reserved.
+
+// Use of this software is governed by the Business Source License
+// included in the file /licenses/bsl.md
+
+// As of the Change Date specified in that file, in accordance with
+// the Business Source License, use of this software will be governed
+// by the Apache License, Version 2.0
+
+import SitesTreeSutAuthenticationPopulation from './strategy.js';
+
+class Link extends SitesTreeSutAuthenticationPopulation {
+  #fileName = 'link';
+
+  constructor({ log, baseUrl, browser, sutPropertiesSubSet }) {
+    super({ log, baseUrl, browser, sutPropertiesSubSet });
+  }
+
+  async authenticate() {
+    const methodName = 'authenticate';
+    const { checkAndNotifyBuildUserIfAnyKnownBrowserErrors, checkUserIsAuthenticated } = this.browser;
+    const { authentication: { route: loginRoute, expectedPageSourceSuccess } } = this.sutPropertiesSubSet;
+
+    this.log.info(`The ${methodName}() method of the ${super.constructor.name} strategy "${this.constructor.name}" has been invoked.`, { tags: [this.#fileName, methodName] });
+
+    const webDriver = this.browser.getWebDriver();
+    await webDriver.getWindowHandle();
+    await webDriver.get(`${this.baseUrl}${loginRoute}`);
+    await checkAndNotifyBuildUserIfAnyKnownBrowserErrors();
+    await checkUserIsAuthenticated(expectedPageSourceSuccess);
+  }
+}
+
+export default Link;

sUtAndEmissaryStrategies/1_sitesTreeSutAuthenticationPopulation/noAuthentication.js

@@ -0,0 +1,17 @@
+import SitesTreeSutAuthenticationPopulation from './strategy.js';
+
+class NoAuthentication extends SitesTreeSutAuthenticationPopulation {
+  #fileName = 'noAuthentication';
+
+  constructor({ log, baseUrl, browser, sutPropertiesSubSet }) {
+    super({ log, baseUrl, browser, sutPropertiesSubSet });
+  }
+
+  async authenticate() {
+    const methodName = 'authenticate';
+
+    this.log.info(`The ${methodName}() method of the ${super.constructor.name} strategy "${this.constructor.name}" has been invoked.`, { tags: [this.#fileName, methodName] });
+  }
+}
+
+export default NoAuthentication;

sUtAndEmissaryStrategies/1_sitesTreeSutAuthenticationPopulation/strategy.js

@@ -0,0 +1,25 @@
+// Copyright (C) 2017-2022 BinaryMist Limited. All rights reserved.
+
+// Use of this software is governed by the Business Source License
+// included in the file /licenses/bsl.md
+
+// As of the Change Date specified in that file, in accordance with
+// the Business Source License, use of this software will be governed
+// by the Apache License, Version 2.0
+
+// Probably BrowserApp only.
+class SitesTreeSutAuthenticationPopulation {
+  constructor({ log, baseUrl, browser, sutPropertiesSubSet }) {
+    if (this.constructor === SitesTreeSutAuthenticationPopulation) throw new Error('Abstract classes can\'t be instantiated.');
+    this.log = log;
+    this.baseUrl = baseUrl;
+    this.browser = browser;
+    this.sutPropertiesSubSet = sutPropertiesSubSet;
+  }
+
+  async authenticate() {
+    throw new Error(`Method "authenticate()" of ${this.constructor.name} is abstract.`);
+  }
+}
+
+export default SitesTreeSutAuthenticationPopulation;