Skip to content

Commit

Permalink
feat: Base64 encode authentication values
Browse files Browse the repository at this point in the history
  • Loading branch information
binarymist committed Jun 13, 2023
1 parent 559a9e5 commit e687817
Show file tree
Hide file tree
Showing 4 changed files with 20 additions and 18 deletions.
15 changes: 10 additions & 5 deletions jobs/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,13 @@ Documentation around the _Job_ file structure can be found at https://docs.guard

Examples of _Job_ files can be found at https://github.com/guardrailsio/runtime-resources/tree/main/jobs

* advanced-BrowserApp-job-example: This _Job_ file targets the [NodeGoat](https://github.com/OWASP/NodeGoat) SUT, which we host using [purpleteam-iac-sut](https://github.com/purpleteam-labs/purpleteam-iac-sut). You can use this _Job_ file and just update the `sutHost` to point to your hosted copy of NodeGoat as well as the `username` and `password` properties
* simple-BrowserApp-job-example: This _Job_ file is good for most browser applications that don't require authentication. If using this _Job_ file, you will need to provide a valid `sutHost` property value. As it is, it will inform the _Application Testing Engine_ to scan the specified host from the root. If you want to be more specific, you can add routes to be scanned.
If you are using a forwarding proxy, between the engine and your SUT, configure the `forwardingProxy` object properties with valid values. If you are not using a fowarding proxy, just remove the `forwardingProxy` object
* simple-BrowserApp-job-fast-example: This _Job_ file extends simple-BrowserApp-job-example by adding a single route, this will inform the _Application Testing Engine_ to only scan the specified route of the specified host. You will need to provide a valid `sutHost` property value, and a valid `route.id` property value. By using this _Job_, the [_Test Run_](https://docs.guardrails.io/docs/glossary#test-run) should be faster because it is not scanning from the root.
If you are using a forwarding proxy, between the engine and your SUT, configure the `forwardingProxy` object properties with valid values. If you are not using a fowarding proxy, just remove the `forwardingProxy` object
* advanced-BrowserApp-job-example: This _Job_ file targets the [NodeGoat](https://github.com/OWASP/NodeGoat) SUT, which we host using [purpleteam-iac-sut](https://github.com/purpleteam-labs/purpleteam-iac-sut). You can use this _Job_ file and just update the `sutHost` to point to your hosted copy of NodeGoat as well as the `username` and `passwordBase64` properties

If you are using a forwarding proxy, between the engine and your SUT, configure the `forwardingProxy` object properties with valid values. If you are not using a fowarding proxy, just remove the `forwardingProxy` object
* simple-BrowserApp-job-example: This _Job_ file is good for most browser applications that don't require authentication. If using this _Job_ file, you will need to provide a valid `sutHost` property value. As it is, it will inform the _Application Testing Engine_ to scan the specified host from the root. If you want to be more specific, you can add routes to be scanned.

If you are using a forwarding proxy, between the engine and your SUT, configure the `forwardingProxy` object properties with valid values. If you are not using a fowarding proxy, just remove the `forwardingProxy` object
* simple-BrowserApp-job-fast-example: This _Job_ file extends simple-BrowserApp-job-example by adding a single route, this will inform the _Application Testing Engine_ to only scan the specified route of the specified host. You will need to provide a valid `sutHost` property value, and a valid `route.id` property value. By using this _Job_, the [_Test Run_](https://docs.guardrails.io/docs/glossary#test-run) should be faster because it is not scanning from the root.

If you are using a forwarding proxy, between the engine and your SUT, configure the `forwardingProxy` object properties with valid values. If you are not using a fowarding proxy, just remove the `forwardingProxy` object

13 changes: 6 additions & 7 deletions jobs/advanced-BrowserApp-job-example
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"data": {
"type": "BrowserApp",
"attributes": {
"version": "0.1.0",
"version": "1.0.0",
"sutAuthentication": {
"sitesTreeSutAuthenticationPopulationStrategy": "FormStandard",
"emissaryAuthenticationStrategy": "FormStandard",
Expand All @@ -18,8 +18,7 @@
"browser": "chrome",
"forwardingProxy": {
"protocol": "[http|https]",
"username": "<proxy-username>",
"password": "<proxy-password>",
"authorizationBase64": "<base64-encoded-username:password>",
"hostname": "<proxy-hostname>",
"port": <proxy-port>
}
Expand Down Expand Up @@ -59,8 +58,8 @@
"scanningStrategy": "BrowserAppStandard",
"postScanningStrategy": "BrowserAppStandard",
"reportingStrategy": "Standard",
"username": "[your-user]",
"password": "[your-password]",
"username": "<your-user>",
"passwordBase64": "<your-base64-encoded-password>",
"aScannerAttackStrength": "HIGH",
"aScannerAlertThreshold": "LOW",
"alertThreshold": 12
Expand All @@ -82,8 +81,8 @@
"scanningStrategy": "BrowserAppStandard",
"postScanningStrategy": "BrowserAppStandard",
"reportingStrategy": "Standard",
"username": "[admin-user]",
"password": "[admin-password]"
"username": "<admin-user>",
"passwordBase64": "<base64-encoded-admin-password>"
},
"relationships": {
"data": [{
Expand Down
5 changes: 2 additions & 3 deletions jobs/simple-BrowserApp-job-example
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"data": {
"type": "BrowserApp",
"attributes": {
"version": "0.1.0",
"version": "1.0.0",
"sutAuthentication": {
"sitesTreeSutAuthenticationPopulationStrategy": "NoAuthentication",
"emissaryAuthenticationStrategy": "NoAuthentication"
Expand All @@ -13,8 +13,7 @@
"browser": "chrome",
"forwardingProxy": {
"protocol": "[http|https]",
"username": "<proxy-username>",
"password": "<proxy-password>",
"authorizationBase64": "<base64-encoded-username:password>",
"hostname": "<proxy-hostname>",
"port": <proxy-port>
}
Expand Down
5 changes: 2 additions & 3 deletions jobs/simple-BrowserApp-job-fast-example
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"data": {
"type": "BrowserApp",
"attributes": {
"version": "0.1.0",
"version": "1.0.0",
"sutAuthentication": {
"sitesTreeSutAuthenticationPopulationStrategy": "NoAuthentication",
"emissaryAuthenticationStrategy": "NoAuthentication"
Expand All @@ -13,8 +13,7 @@
"browser": "chrome",
"forwardingProxy": {
"protocol": "[http|https]",
"username": "<proxy-username>",
"password": "<proxy-password>",
"authorizationBase64": "<base64-encoded-username-password>",
"hostname": "<proxy-hostname>",
"port": <proxy-port>
}
Expand Down

0 comments on commit e687817

Please sign in to comment.