feat: Base64 encode authentication values

guardrailsio · Jun 13, 2023 · e687817 · e687817
1 parent 559a9e5
commit e687817
Showing 4 changed files with 20 additions and 18 deletions.
diff --git a/jobs/README.md b/jobs/README.md
@@ -2,8 +2,13 @@ Documentation around the _Job_ file structure can be found at https://docs.guard
 
 Examples of _Job_ files can be found at https://github.com/guardrailsio/runtime-resources/tree/main/jobs
 
-* advanced-BrowserApp-job-example: This _Job_ file targets the [NodeGoat](https://github.com/OWASP/NodeGoat) SUT, which we host using [purpleteam-iac-sut](https://github.com/purpleteam-labs/purpleteam-iac-sut). You can use this _Job_ file and just update the `sutHost` to point to your hosted copy of NodeGoat as well as the `username` and `password` properties
-* simple-BrowserApp-job-example: This _Job_ file is good for most browser applications that don't require authentication. If using this _Job_ file, you will need to provide a valid `sutHost` property value. As it is, it will inform the _Application Testing Engine_ to scan the specified host from the root. If you want to be more specific, you can add routes to be scanned.
-If you are using a forwarding proxy, between the engine and your SUT, configure the `forwardingProxy` object properties with valid values. If you are not using a fowarding proxy, just remove the `forwardingProxy` object
-* simple-BrowserApp-job-fast-example: This _Job_ file extends simple-BrowserApp-job-example by adding a single route, this will inform the _Application Testing Engine_ to only scan the specified route of the specified host. You will need to provide a valid `sutHost` property value, and a valid `route.id` property value. By using this _Job_, the [_Test Run_](https://docs.guardrails.io/docs/glossary#test-run) should be faster because it is not scanning from the root.
-If you are using a forwarding proxy, between the engine and your SUT, configure the `forwardingProxy` object properties with valid values. If you are not using a fowarding proxy, just remove the `forwardingProxy` object
+* advanced-BrowserApp-job-example: This _Job_ file targets the [NodeGoat](https://github.com/OWASP/NodeGoat) SUT, which we host using [purpleteam-iac-sut](https://github.com/purpleteam-labs/purpleteam-iac-sut). You can use this _Job_ file and just update the `sutHost` to point to your hosted copy of NodeGoat as well as the `username` and `passwordBase64` properties
+
+  If you are using a forwarding proxy, between the engine and your SUT, configure the `forwardingProxy` object properties with valid values. If you are not using a fowarding proxy, just remove the `forwardingProxy` object
+* simple-BrowserApp-job-example: This _Job_ file is good for most browser applications that don't require authentication. If using this _Job_ file, you will need to provide a valid `sutHost` property value. As it is, it will inform the _Application Testing Engine_ to scan the specified host from the root. If you want to be more specific, you can add routes to be scanned.  
+
+  If you are using a forwarding proxy, between the engine and your SUT, configure the `forwardingProxy` object properties with valid values. If you are not using a fowarding proxy, just remove the `forwardingProxy` object
+* simple-BrowserApp-job-fast-example: This _Job_ file extends simple-BrowserApp-job-example by adding a single route, this will inform the _Application Testing Engine_ to only scan the specified route of the specified host. You will need to provide a valid `sutHost` property value, and a valid `route.id` property value. By using this _Job_, the [_Test Run_](https://docs.guardrails.io/docs/glossary#test-run) should be faster because it is not scanning from the root.  
+
+  If you are using a forwarding proxy, between the engine and your SUT, configure the `forwardingProxy` object properties with valid values. If you are not using a fowarding proxy, just remove the `forwardingProxy` object
+
diff --git a/jobs/advanced-BrowserApp-job-example b/jobs/advanced-BrowserApp-job-example
@@ -2,7 +2,7 @@
   "data": {
     "type": "BrowserApp",
     "attributes": {
-      "version": "0.1.0",
+      "version": "1.0.0",
       "sutAuthentication": {
         "sitesTreeSutAuthenticationPopulationStrategy": "FormStandard",
         "emissaryAuthenticationStrategy": "FormStandard",
@@ -18,8 +18,7 @@
       "browser": "chrome",
       "forwardingProxy": {
         "protocol": "[http|https]",
-        "username": "<proxy-username>",
-        "password": "<proxy-password>",
+        "authorizationBase64": "<base64-encoded-username:password>",
         "hostname": "<proxy-hostname>",
         "port": <proxy-port>
       }
@@ -59,8 +58,8 @@
         "scanningStrategy": "BrowserAppStandard",
         "postScanningStrategy": "BrowserAppStandard",
         "reportingStrategy": "Standard",
-        "username": "[your-user]",
-        "password": "[your-password]",
+        "username": "<your-user>",
+        "passwordBase64": "<your-base64-encoded-password>",
         "aScannerAttackStrength": "HIGH",
         "aScannerAlertThreshold": "LOW",
         "alertThreshold": 12
@@ -82,8 +81,8 @@
         "scanningStrategy": "BrowserAppStandard",
         "postScanningStrategy": "BrowserAppStandard",
         "reportingStrategy": "Standard",
-        "username": "[admin-user]",
-        "password": "[admin-password]"
+        "username": "<admin-user>",
+        "passwordBase64": "<base64-encoded-admin-password>"
       },
       "relationships": {
         "data": [{

diff --git a/jobs/simple-BrowserApp-job-example b/jobs/simple-BrowserApp-job-example
@@ -2,7 +2,7 @@
   "data": {
     "type": "BrowserApp",
     "attributes": {
-      "version": "0.1.0",
+      "version": "1.0.0",
       "sutAuthentication": {
         "sitesTreeSutAuthenticationPopulationStrategy": "NoAuthentication",
         "emissaryAuthenticationStrategy": "NoAuthentication"
@@ -13,8 +13,7 @@
       "browser": "chrome",
       "forwardingProxy": {
         "protocol": "[http|https]",
-        "username": "<proxy-username>",
-        "password": "<proxy-password>",
+        "authorizationBase64": "<base64-encoded-username:password>",
         "hostname": "<proxy-hostname>",
         "port": <proxy-port>
       }

diff --git a/jobs/simple-BrowserApp-job-fast-example b/jobs/simple-BrowserApp-job-fast-example
@@ -2,7 +2,7 @@
   "data": {
     "type": "BrowserApp",
     "attributes": {
-      "version": "0.1.0",
+      "version": "1.0.0",
       "sutAuthentication": {
         "sitesTreeSutAuthenticationPopulationStrategy": "NoAuthentication",
         "emissaryAuthenticationStrategy": "NoAuthentication"
@@ -13,8 +13,7 @@
       "browser": "chrome",
       "forwardingProxy": {
         "protocol": "[http|https]",
-        "username": "<proxy-username>",
-        "password": "<proxy-password>",
+        "authorizationBase64": "<base64-encoded-username-password>",
         "hostname": "<proxy-hostname>",
         "port": <proxy-port>
       }