From 93bf26cff85051ab69937ca67a9c83e53c33c2b0 Mon Sep 17 00:00:00 2001 From: Matus Bursa Date: Sun, 8 Dec 2024 12:48:31 +0100 Subject: [PATCH 1/5] added sonarcloud scan for ghauri --- .github/workflows/ghauri.yml | 70 +++++++++++++++++++--- .github/workflows/metasploit-framework.yml | 1 - files/ghauri/Dockerfile | 9 ++- 3 files changed, 69 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ghauri.yml b/.github/workflows/ghauri.yml index 33b8923..abf0f30 100644 --- a/.github/workflows/ghauri.yml +++ b/.github/workflows/ghauri.yml @@ -4,15 +4,19 @@ on: push: branches: - main # Change to your default branch if not main + - sonarcloud-ghauri pull_request: - branches: - - main # Change to your default branch if not main + types: [opened, synchronize, reopened] permissions: contents: read packages: write security-events: write +env: + PYTHON_VERSION: "3.13" + RELEASE_VERSION: "1.4.1" + jobs: build-and-push: runs-on: ${{ matrix.os }} @@ -21,13 +25,9 @@ jobs: os: [ubuntu-latest] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: snyk/actions/setup@master - - name: Set release version - id: set_version - run: echo "RELEASE_VERSION=1.4.1" >> $GITHUB_ENV - - name: Log in to GitHub Container Registry uses: docker/login-action@v3 with: @@ -49,6 +49,7 @@ jobs: - name: Build and push Docker image run: | docker buildx build --push \ + --build-arg PYTHON_VERSION=${{ env.PYTHON_VERSION }} --build-arg RELEASE_VERSION=${{ env.RELEASE_VERSION }} \ --tag ghcr.io/${{ github.repository_owner }}/ghauri:${{ env.RELEASE_VERSION }} \ --tag ghcr.io/${{ github.repository_owner }}/ghauri:latest \ --platform linux/amd64,linux/arm64 ./files/ghauri @@ -74,4 +75,57 @@ jobs: - name: Upload SARIF Report to GitHub Code Scanning uses: github/codeql-action/upload-sarif@v3 with: - sarif_file: snyk.sarif \ No newline at end of file + sarif_file: snyk.sarif + + sonarcloud-ghauri: + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [ubuntu-latest] + + steps: + # Checkout the kiterunner repository + - name: Checkout kiterunner Repository + uses: actions/checkout@v4 + with: + repository: r0oth3x49/ghauri + path: ghauri # Optional: Clone into a specific directory + ref: ${{ env.RELEASE_VERSION }} + + # Set up Python 3.13 + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: ${{ env.PYTHON_VERSION }} + + # Install dependencies + - name: Install dependencies + run: | + cd ghauri + sudo apt update && sudo apt install -y \ + build-essential \ + git \ + autoconf \ + automake \ + libtool-bin \ + pkg-config \ + libcurl4-openssl-dev \ + libusb-1.0-0-dev \ + libssl-dev \ + udev \ + && sudo rm -rf /var/lib/apt/lists/* + + # SonarCloud Scan + - name: SonarCloud Scan + uses: sonarsource/sonarqube-scan-action@v4 + continue-on-error: true + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + with: + args: > + -Dsonar.organization=matusso + -Dsonar.projectKey=docker-builds:ghauri + -Dsonar.verbose=true + -Dsonar.python.version=${{ env.PYTHON_VERSION }} + -Dsonar.projectName=ghauri + -Dsonar.sources=ghauri diff --git a/.github/workflows/metasploit-framework.yml b/.github/workflows/metasploit-framework.yml index 5a46e04..f519981 100644 --- a/.github/workflows/metasploit-framework.yml +++ b/.github/workflows/metasploit-framework.yml @@ -13,7 +13,6 @@ permissions: packages: write security-events: write - env: RELEASE_VERSION: "6.4.39" RUBY_VERSION: "3.2.5" diff --git a/files/ghauri/Dockerfile b/files/ghauri/Dockerfile index 9c7baf6..f801b10 100644 --- a/files/ghauri/Dockerfile +++ b/files/ghauri/Dockerfile @@ -1,6 +1,11 @@ +ARG PYTHON_VERSION=${PYTHON_VERSION} \ + RELEASE_VERSION=${RELEASE_VERSION} + # Use an official Python runtime as a parent image -FROM python:3.13-alpine +FROM python:${PYTHON_VERSION}-alpine +ENV PYTHON_VERSION=${PYTHON_VERSION} \ + RELEASE_VERSION=${RELEASE_VERSION} # Install git RUN apk update && apk add --no-cache git @@ -8,7 +13,7 @@ RUN apk update && apk add --no-cache git WORKDIR /app # Clone the Ghauri repository -RUN git clone --branch 1.4.1 https://github.com/r0oth3x49/ghauri.git . +RUN RELEASE_VERSION="$RELEASE_VERSION" git clone --branch "$RELEASE_VERSION" https://github.com/r0oth3x49/ghauri.git . # Install any needed packages specified in requirements.txt RUN pip install setuptools From ac440dddc9cdb7948e905c35533a7ec6922c1f85 Mon Sep 17 00:00:00 2001 From: Matus Bursa Date: Sun, 8 Dec 2024 17:01:32 +0100 Subject: [PATCH 2/5] added quotes in ghauri build --- .github/workflows/ghauri.yml | 2 +- .github/workflows/kiterunner.yml | 2 +- files/ghauri/Dockerfile | 1 - 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ghauri.yml b/.github/workflows/ghauri.yml index abf0f30..1cc7615 100644 --- a/.github/workflows/ghauri.yml +++ b/.github/workflows/ghauri.yml @@ -49,7 +49,7 @@ jobs: - name: Build and push Docker image run: | docker buildx build --push \ - --build-arg PYTHON_VERSION=${{ env.PYTHON_VERSION }} --build-arg RELEASE_VERSION=${{ env.RELEASE_VERSION }} \ + --build-arg "PYTHON_VERSION=${{ env.PYTHON_VERSION }}" --build-arg æRELEASE_VERSION=${{ env.RELEASE_VERSION }}" \ --tag ghcr.io/${{ github.repository_owner }}/ghauri:${{ env.RELEASE_VERSION }} \ --tag ghcr.io/${{ github.repository_owner }}/ghauri:latest \ --platform linux/amd64,linux/arm64 ./files/ghauri diff --git a/.github/workflows/kiterunner.yml b/.github/workflows/kiterunner.yml index 8da3783..2bfcb66 100644 --- a/.github/workflows/kiterunner.yml +++ b/.github/workflows/kiterunner.yml @@ -49,7 +49,7 @@ jobs: - name: Build and push Docker image run: | docker buildx build --push \ - --build-arg KR_DIR=${{ env.KR_DIR }} --build-arg RELEASE_VERSION=${{ env.RELEASE_VERSION }} \ + --build-arg "KR_DIR=${{ env.KR_DIR }}" --build-arg "RELEASE_VERSION=${{ env.RELEASE_VERSION }}" \ --tag ghcr.io/${{ github.repository_owner }}/kiterunner:${{ env.RELEASE_VERSION }} \ --tag ghcr.io/${{ github.repository_owner }}/kiterunner:latest \ --platform linux/amd64,linux/arm64 ./files/kiterunner diff --git a/files/ghauri/Dockerfile b/files/ghauri/Dockerfile index f801b10..7c600e8 100644 --- a/files/ghauri/Dockerfile +++ b/files/ghauri/Dockerfile @@ -1,7 +1,6 @@ ARG PYTHON_VERSION=${PYTHON_VERSION} \ RELEASE_VERSION=${RELEASE_VERSION} -# Use an official Python runtime as a parent image FROM python:${PYTHON_VERSION}-alpine ENV PYTHON_VERSION=${PYTHON_VERSION} \ From 5d88fc861c13e5aefc95883754a71db3e4dfa405 Mon Sep 17 00:00:00 2001 From: Matus Bursa Date: Sun, 8 Dec 2024 19:32:06 +0100 Subject: [PATCH 3/5] fixed quote in ghauri --- .github/workflows/ghauri.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ghauri.yml b/.github/workflows/ghauri.yml index 1cc7615..1b806a2 100644 --- a/.github/workflows/ghauri.yml +++ b/.github/workflows/ghauri.yml @@ -49,7 +49,7 @@ jobs: - name: Build and push Docker image run: | docker buildx build --push \ - --build-arg "PYTHON_VERSION=${{ env.PYTHON_VERSION }}" --build-arg æRELEASE_VERSION=${{ env.RELEASE_VERSION }}" \ + --build-arg "PYTHON_VERSION=${{ env.PYTHON_VERSION }}" --build-arg "RELEASE_VERSION=${{ env.RELEASE_VERSION }}" \ --tag ghcr.io/${{ github.repository_owner }}/ghauri:${{ env.RELEASE_VERSION }} \ --tag ghcr.io/${{ github.repository_owner }}/ghauri:latest \ --platform linux/amd64,linux/arm64 ./files/ghauri From 14484e8722882790b735f17c4bdc3290f3c42d17 Mon Sep 17 00:00:00 2001 From: Matus Bursa Date: Sun, 8 Dec 2024 19:47:00 +0100 Subject: [PATCH 4/5] added quotes in ghauri build --- files/ghauri/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/files/ghauri/Dockerfile b/files/ghauri/Dockerfile index 7c600e8..f863fe9 100644 --- a/files/ghauri/Dockerfile +++ b/files/ghauri/Dockerfile @@ -1,7 +1,7 @@ -ARG PYTHON_VERSION=${PYTHON_VERSION} \ - RELEASE_VERSION=${RELEASE_VERSION} +ARG PYTHON_VERSION="${PYTHON_VERSION}" \ + RELEASE_VERSION="${RELEASE_VERSION}" -FROM python:${PYTHON_VERSION}-alpine +FROM python:"${PYTHON_VERSION}-alpine" ENV PYTHON_VERSION=${PYTHON_VERSION} \ RELEASE_VERSION=${RELEASE_VERSION} From 5a75ae016bc69fb60935db4e424020d8a0ae06cf Mon Sep 17 00:00:00 2001 From: Matus Bursa Date: Sun, 8 Dec 2024 19:56:25 +0100 Subject: [PATCH 5/5] added docker build context for using specific docker image --- .github/workflows/ghauri.yml | 4 ++-- files/ghauri/Dockerfile | 8 +++----- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ghauri.yml b/.github/workflows/ghauri.yml index 1b806a2..fe6c73f 100644 --- a/.github/workflows/ghauri.yml +++ b/.github/workflows/ghauri.yml @@ -48,8 +48,8 @@ jobs: - name: Build and push Docker image run: | - docker buildx build --push \ - --build-arg "PYTHON_VERSION=${{ env.PYTHON_VERSION }}" --build-arg "RELEASE_VERSION=${{ env.RELEASE_VERSION }}" \ + docker buildx build --push --build-context python=docker-image://python:${{ env.PYTHON_VERSION }}-alpine \ + --build-arg "RELEASE_VERSION=${{ env.RELEASE_VERSION }}" \ --tag ghcr.io/${{ github.repository_owner }}/ghauri:${{ env.RELEASE_VERSION }} \ --tag ghcr.io/${{ github.repository_owner }}/ghauri:latest \ --platform linux/amd64,linux/arm64 ./files/ghauri diff --git a/files/ghauri/Dockerfile b/files/ghauri/Dockerfile index f863fe9..eb93442 100644 --- a/files/ghauri/Dockerfile +++ b/files/ghauri/Dockerfile @@ -1,10 +1,8 @@ -ARG PYTHON_VERSION="${PYTHON_VERSION}" \ - RELEASE_VERSION="${RELEASE_VERSION}" +FROM python -FROM python:"${PYTHON_VERSION}-alpine" +ARG RELEASE_VERSION="${RELEASE_VERSION}" -ENV PYTHON_VERSION=${PYTHON_VERSION} \ - RELEASE_VERSION=${RELEASE_VERSION} +ENV RELEASE_VERSION=${RELEASE_VERSION} # Install git RUN apk update && apk add --no-cache git