Skip to content

Commit

Permalink
New system tests for Kics and GitLeaks #2771 (#2783)
Browse files Browse the repository at this point in the history 
* New system tests for Kics and GitLeaks #2771

- add wrong secrets and sanity check to GitLeaks test suite
- add system tests for Kics #2771w

* Changes from review #2771
  • Loading branch information
@Jeeppler
Jeeppler authored Jan 4, 2024
1 parent 55204f5 commit ff2f6d1
Show file tree
Hide file tree
Showing 10 changed files with 482 additions and 111 deletions.
14 changes: 11 additions & 3 deletions sechub-pds-solutions/gitleaks/tests/README.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,18 @@

. Download `sechub-pds-tools-cli-x.y.z.jar` from the releases: https://github.com/mercedes-benz/sechub/releases/.
. Copy `sechub-pds-tools-cli-x.y.z.jar` into this folder.
. Run system test
. Run system tests
+
Example:
Run all tests example:
+
----
java -jar sechub-pds-tools-cli-1.1.0.jar systemtest --file systemtest_local.json --pds-solutions-rootfolder ../../ --sechub-solution-rootfolder ../../../sechub-solution
java -jar sechub-pds-tools-cli-1.2.0.jar systemtest --file systemtest_local.json --pds-solutions-rootfolder ../../ --sechub-solution-rootfolder ../../../sechub-solution
----
+
Run specific tests:
+
----
java -jar sechub-pds-tools-cli-1.2.0.jar systemtest --file systemtest_local.json --pds-solutions-rootfolder ../../ --sechub-solution-rootfolder ../../../sechub-solution --run-tests wrongsecrets
----


2 changes: 1 addition & 1 deletion sechub-pds-solutions/gitleaks/tests/clone_repo.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ fi
if [[ -z "$vulnerable_repo" ]]
then
echo "No vulnerable application repository provided"
exit 1
exit 2
fi

cd "$current_test_folder"
Expand Down
16 changes: 16 additions & 0 deletions sechub-pds-solutions/gitleaks/tests/copy_sanitycheck_files.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/usr/bin/env bash
# SPDX-License-Identifier: MIT

current_test_folder="$1"

if [[ ! -d "$current_test_folder" ]]
then
echo "Target folder is empty"
exit 1
fi

cd `dirname $0`

echo "copy sanity check testdata folder"
cp -r sanity-check-testdata/ "$current_test_folder/sanity-check"

35 changes: 35 additions & 0 deletions sechub-pds-solutions/gitleaks/tests/sanity-check-testdata/my-readme.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Et malesuada fames ac turpis egestas integer. Sapien et ligula ullamcorper malesuada. Lacus laoreet non curabitur gravida arcu ac tortor. myPassword="Mzc5OGFlZTMyOWFhOWY3NDZjMjY2YjliYTk5MmVlZGFkYTI2ODFiMjA0MGM0ZWQ4M2NmOWJkMjE4
NjlhMmEwYzRkOTAzMmYxOWNhN2ZmZjkxMjM1ODA0MmNhYjRmZWE2YjAwYzBlNDBiNmM1N2Y3M2Uw"
NTFlYTVjMWYyMjAzMjUgIC0K Diam in arcu cursus euismod. Sem fringilla ut morbi tincidunt. Sed enim ut sem viverra. Cras sed felis eget velit aliquet sagittis id consectetur purus. Laoreet suspendisse interdum consectetur libero id faucibus nisl tincidunt eget.
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCm+uKpK6vB4RZx
KKi8u/JMixIjh7c1pCOdXEqTAIZ0//rNOIHGodeD8PtRejA+KpAM1IcY191G+x3y
vsZzwoXWq9dRBIB3pj0mzwveRUuLIr1cnA8Beb4tonh5+Z/L+HvwuVK45mhYOYyS
VPd3BeiMCRPFmWdGG0meJHn7wHJKeEYNLg8QLcVEUBe/dzmZ3KR5MVVERG2qofYC
5HzXtbmq9AVjHzYgoXc+r6oD/8XDqXnhLqlTfhWRn1TgE47SeCXoZfnqyFQBhQ1f
rGBR1xRhd9TIehFlGyPQv2AHTxfrLNhIIP72BIwZR+XW6jTJ3mucqmUmdFFAIJoF
KlFzW/ZlAgMBAAECggEADyo566NLtg/7Ocu3h2yKVOlMfG2W9ggyM9ht7WveykF1
Ra4cGy4XpKP+LygpuXukGYYzvs3cCtZDoggxfdHs1dJFe9Ys1LEEXMHxEf65HanK
CN8jfb7QxtQ6nNlO6fdnSjWKjcBfOaQAYEnXL7gZpp4sbYXBG1zfEr29Vl/kAV9F
QevkrTkzHsjtf1DH2KvvKDEyHVQkmld2WRZe0kWVZ0uHs5fjRXtrJskMC65/YqCn
rxwxyjrGPxwZPrGR7DtaMY6htpyJ0Cac5Vqh8uEvtFc2iGEpSA6KtLOw/dPXYB93
P4OkIQTgWf+gSIUi59a5AmVEfDaGxtT8QF4cCJ1/AQKBgQC7mL4whiOEseSikQyd
7FjSkn18B+UOe9jj7aAEao2J6UQQKIVahyun1PoIBi4ibT9Zn/GVh9FpQ89smRy/
20jOEatp3+RE+EVajso790yX6g5xvZ3Kv13DMr+5B1kkfZvSOsrSyUKhesT4nVWq
S/2rrXoePNUR4NqDxgFqmy2tcwKBgQDj3a2FX3b3+HBvUkaD35bAhPeIyH2RfAeq
JTyPc9lnof3Dt92xC8DLMGkfuTyEUkimdV9yfK63k+eiTsHK7lscGco//TPeUX0S
pTRolvcbMkwEF5rUA67Olc88RJHxMWa6ZaR3rF7CwOvGVkAXsnP7acHfn4OXkmF7
LYKE1bTWxwKBgQCeEsPX8X/GVXvZfC3MeJYTwXpZY/Gf9b25ucaHUh234sYGc46C
zLl9b1nMHyEKw1GJPNv9aveLIqeK063FAIrlkUAGM7GOaEFQYFeKlgSFUaUgNG3c
pMnmLEIfMFDuDaWaTQ4Q9aPem6uT7kd7+xJicggfqJTFvtmCBfu1j9K6fwKBgFdb
dBuutqhoSYqUC06hWGUkVNXOrz0oRLP5JJeGfXGai/QNuGMYs2fyfkrYNBgyh4Gx
e88jd8QPYv05nlgTO0CxrnULuGfh68ZLKaVzQvbdOIFVH1lqtAilLFbZnu3N16lc
MEpk/ctCNOHLzTSIiKh5Kgd2Wvev+clEcEZGu9afAoGAbYNkz04UgVz2S4iFjcxh
EAk9jSoebzkn3HgWyHPzPXkTLtqRl34WdbFne45blC1IXj6sHp9+alj8BAEUdHys
9SNUD3Sk4H3AzcFbo1gI9R7adFouDC6VdqMaquhaqZwDlSTritC9WJx6F8jdQlPl
AF+FBitzrTxC4BHuRMLzvbc=
-----END PRIVATE KEY-----
Augue interdum velit euismod in pellentesque massa placerat duis. Eu mi bibendum neque egestas congue quisque egestas diam in. Eget nunc lobortis mattis aliquam faucibus purus in massa.

Password generated with: echo -n "mashed potato" | sha512sum - | base64
Private key generated with: openssl genrsa 2048
300 changes: 193 additions & 107 deletions sechub-pds-solutions/gitleaks/tests/systemtest_local.json
View file
Original file line number Diff line number Diff line change
@@ -1,116 +1,202 @@
{
"setup": {
"local": {
"secHub": {
"admin": {
"userId": "admin",
"apiToken": "myTop$ecret!"
},
"start": [
{
"script": {
"path": "./01-start-single-docker-compose.sh"
}
}
],
"configure": {
"executors": [
{
"pdsProductId": "PDS_GITLEAKS",
"name": "system-test-gitleakes",
"parameters": {
"sechub.productexecutor.pds.adapter.resilience.retry.wait.milliseconds": 3000,
"sechub.productexecutor.pds.adapter.resilience.retry.max": 20,
"pds.config.use.sechub.storage": false
}
}
]
},
"stop": [
{
"script": {
"path": "./01-stop-single-docker-compose.sh"
}
}
]
},
"pdsSolutions": [
{
"name": "gitleaks",
"url": "https://pds-gitleaks:8444/",
"waitForAvailable": false,
"start": [
{
"script": {
"path": "./05-start-single-sechub-network-docker-compose.sh"
}
}
],
"stop": [
{
"script": {
"path": "./05-stop-single-sechub-network-docker-compose.sh"
}
}
],
"techUser": {
"userId": "techuser",
"apiToken": "pds-apitoken"
}
"setup": {
"local": {
"secHub": {
"start": [
{
"script": {
"path": "./01-start-single-docker-compose.sh"
}
}
],
"configure": {
"executors": [
{
"pdsProductId": "PDS_GITLEAKS",
"name": "system-test-gitleakes",
"parameters": {
"sechub.productexecutor.pds.adapter.resilience.retry.wait.milliseconds": 3000,
"sechub.productexecutor.pds.adapter.resilience.retry.max": 20,
"pds.config.use.sechub.storage": false
}
}
]
},
"stop": [
{
"script": {
"path": "./01-stop-single-docker-compose.sh"
}
}
]
},
"pdsSolutions": [
{
"name": "gitleaks",
"url": "https://pds-gitleaks:8444/",
"waitForAvailable": false,
"start": [
{
"script": {
"path": "./05-start-single-sechub-network-docker-compose.sh"
}
}
],
"stop": [
{
"script": {
"path": "./05-stop-single-sechub-network-docker-compose.sh"
}
}
]
}
]
}
]
}
},
"tests": [
{
"name": "unsafe-bank",
"prepare": [
},
"tests": [
{
"script": {
"arguments": [
"${runtime.currentTestFolder}",
"https://github.com/lucideus-repo/UnSAFE_Bank"
"name": "sanity-check",
"comment": "This checks if the solution works at all. It is very fast. Can be used to test if system testframework has some problems at all.",
"prepare": [
{
"script": {
"arguments": [
"${runtime.currentTestFolder}"
],
"path": "./copy_sanitycheck_files.sh"
}
}
],
"path": "./clone_repo.sh"
}
}
],
"execute": {
"runSecHubJob": {
"uploads": [
{
"sourceFolder": "UnSAFE_Bank",
"referenceId": "code"
}
],
"secretScan": {
"use": [
"code"
"execute": {
"runSecHubJob": {
"uploads": [
{
"sourceFolder": "sanity-check",
"referenceId": "files"
}
],
"secretScan": {
"use": [
"files"
]
}
}
},
"assert": [
{
"sechubResult": {
"hasTrafficLight": "YELLOW",
"containsStrings": {
"values": [
"result",
"SUCCESS",
"jobUUID",
"reportVersion",
"MEDIUM",
"severity",
"my-readme.md"
]
}
}
}
]
}
}
},
"assert": [
},
{
"name": "wrongsecrets",
"prepare": [
{
"script": {
"arguments": [
"${runtime.currentTestFolder}",
"https://github.com/OWASP/wrongsecrets.git"
],
"path": "./clone_repo.sh"
}
}
],
"execute": {
"runSecHubJob": {
"uploads": [
{
"sourceFolder": "wrongsecrets",
"referenceId": "application"
}
],
"secretScan": {
"use": [
"application"
]
}
}
},
"assert": [
{
"sechubResult": {
"hasTrafficLight": "YELLOW",
"containsStrings": {
"values": [
"result",
"SUCCESS",
"jobUUID",
"reportVersion",
"MEDIUM",
"severity",
"wrongsecrets/src/main/resources/application.properties"
]
}
}
}
]
},
{
"sechubResult": {
"hasTrafficLight": "YELLOW",
"containsStrings": {
"values": [
"result",
"SUCCESS",
"jobUUID",
"reportVersion",
"MEDIUM",
"severity",
"UnSAFE_Bank/Backend/src/api/application/config/database.php"
]
"name": "unsafe-bank",
"prepare": [
{
"script": {
"arguments": [
"${runtime.currentTestFolder}",
"https://github.com/lucideus-repo/UnSAFE_Bank"
],
"path": "./clone_repo.sh"
}
}
],
"execute": {
"runSecHubJob": {
"uploads": [
{
"sourceFolder": "UnSAFE_Bank",
"referenceId": "code"
}
],
"secretScan": {
"use": [
"code"
]
}
}
},
"equalsFile": {
"path": "sechub-report-UnSAFE_Bank.json"
}
}
"assert": [
{
"sechubResult": {
"hasTrafficLight": "YELLOW",
"containsStrings": {
"values": [
"result",
"SUCCESS",
"jobUUID",
"reportVersion",
"MEDIUM",
"severity",
"UnSAFE_Bank/Backend/src/api/application/config/database.php"
]
},
"equalsFile": {
"path": "sechub-report-UnSAFE_Bank.json"
}
}
}
]
}
]
}
]
]
}
Loading

0 comments on commit ff2f6d1

Please sign in to comment.