forked from OWASP-Benchmark/BenchmarkJava
-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Move rarely used scripts out of the root directory.
- Loading branch information
1 parent
5b0dcc4
commit 079b7ba
Showing
5 changed files
with
22 additions
and
11 deletions.
There are no files selected for viewing
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,7 @@ | ||
| DISCLAIMER: OWASP does not endorse any commercial tools, including this one. Benchmark support for this tool is simply for user convienience and should not be considered an endorsement of this tool. | ||
|
|
||
| Contrast is a commercial tool. If you are interested in running Contrast on the Benchmark, you'll have to get a license for it from the vendor just like you would for any commercial tool. Once you have it, you need to place the contrast.jar file in this directory in order to run the Benchmark with Contrast using one of the runBenchmark_wContrast scripts, and then crawl the Benchmark to generate scan results with one of the runCrawler scripts. | ||
|
|
||
| See the Tool Scanning Tips page at OWASP (https://www.owasp.org/index.php/Benchmark#tab=Tool_Scanning_Tips) for the latest instructions on how to scan the Benchmark with any vulnerability detection tool, including Contrast. | ||
|
|
||
| Contrast has released Contrast Community Edition (CE), which is free, subject to the terms of its use. If you don't have a commercial license for Contrast, it is likely you can use Contrast CE on Benchmark. See: https://www.contrastsecurity.com/community-edition-lp for more information. |
15 changes: 10 additions & 5 deletions
15
runBenchmark_wContrast.bat → tools/Contrast/runBenchmark_wContrast.bat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,22 +1,27 @@ | ||
| @ECHO OFF | ||
| IF EXIST tools\Contrast\contrast.jar ( | ||
| IF EXIST tools\Contrast\working ( | ||
| DEL \F \Q tools\Contrast\contrast.log | ||
| IF EXIST .\contrast.jar ( | ||
| IF EXIST .\working ( | ||
| DEL \F \Q .\working\contrast.log | ||
|
|
||
| RMDIR \S tools\Contrast\cache | ||
| RMDIR \S .\working\cache | ||
|
|
||
| ECHO "" | ||
|
|
||
| ECHO Previous Contrast results have been removed | ||
|
|
||
| ECHO "" | ||
| ) | ||
|
|
||
| CWD ..\.. | ||
|
|
||
| CALL mvn clean package cargo:run -Pdeploywcontrast | ||
|
|
||
| ECHO Copying Contrast reports to results directory | ||
|
|
||
| COPY tools\Contrast\working\contrast.log results\Benchmark_1.2-Contrast.log | ||
|
|
||
| CWD tools\Contrast | ||
|
|
||
| ) ELSE ( | ||
| ECHO Contrast is a commercial product, so you need a licensed version of Contrast in order to run it on the Benchmark. If you have access to Contrast, download the Contrast Agent for Java (contrast.jar^) from the Team Server and put it into the /tools/Contrast folder, and then rerun this script. | ||
| ECHO Contrast is a commercial product, so you need a licensed version of Contrast in order to run it on the Benchmark. If you have access to Contrast, download the Contrast Agent for Java (contrast.jar^) from the Team Server and put it into the /tools/Contrast folder, and then rerun this script. If you don't have access to Contrast, you can likely use the free Contrast Community Edition on Benchmark. See: https://www.contrastsecurity.com/community-edition-lp | ||
| ) |
14 changes: 8 additions & 6 deletions
14
runBenchmark_wContrast.sh → tools/Contrast/runBenchmark_wContrast.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,25 +1,27 @@ | ||
| #!/bin/sh | ||
|
|
||
| if [ -f tools/Contrast/contrast.jar ]; then | ||
| if [ -f ./contrast.jar ]; then | ||
|
|
||
| if [ -d tools/Contrast/working ]; then | ||
| if [ -d ./working ]; then | ||
|
|
||
| rm -r tools/Contrast/working/cache | ||
| rm -r tools/Contrast/working/contrast.log | ||
| rm -r ./working/cache | ||
| rm -r ./working/contrast.log | ||
| echo "" | ||
| echo "Previous Contrast results in tools/Contrast/findings removed" | ||
| echo "Previous Contrast results in tools/Contrast/working removed" | ||
| echo "" | ||
|
|
||
| fi | ||
|
|
||
| cd ../.. | ||
| chmod 755 target/classes/insecureCmd.sh | ||
| mvn clean package cargo:run -Pdeploywcontrast | ||
|
|
||
| echo "Copying Contrast report to results directory" | ||
| cp tools/Contrast/working/contrast.log results/Benchmark_1.2-Contrast.log | ||
| cd tools/Contrast | ||
|
|
||
| else | ||
|
|
||
| echo "Contrast is a commercial product, so you need a licensed version of Contrast in order to run it on the Benchmark. If you have access to Contrast, download the Contrast Agent for Java (contrast.jar) from the Team Server and put it into the /tools/Contrast folder, and then rerun this script." | ||
| echo "Contrast is a commercial product, so you need a licensed version of Contrast in order to run it on the Benchmark. If you have access to Contrast, download the Contrast Agent for Java (contrast.jar) from the Team Server and put it into the /tools/Contrast folder, and then rerun this script. If you don't have a license for Contrast, you can probably use the free Contrast Community Edition (CE) on Benchmark. See: https://www.contrastsecurity.com/community-edition-lp" | ||
|
|
||
| fi |