From 3351ec37513ab2128634f0e0a4e860a5f71db1a3 Mon Sep 17 00:00:00 2001 From: David Jones Date: Tue, 18 Apr 2023 14:53:11 +0100 Subject: [PATCH 1/3] Attempt to make tests more reliable. --- Jenkinsfile_nightly | 4 ++-- security.sh | 39 --------------------------------------- 2 files changed, 2 insertions(+), 41 deletions(-) delete mode 100644 security.sh diff --git a/Jenkinsfile_nightly b/Jenkinsfile_nightly index 235931b20..8226ecfde 100644 --- a/Jenkinsfile_nightly +++ b/Jenkinsfile_nightly @@ -49,9 +49,9 @@ withNightlyPipeline("nodejs", product, component) { loadVaultSecrets(secrets) // enableFortifyScan() - enableCrossBrowserTest() + //enableCrossBrowserTest() enableFullFunctionalTest(90) - enableSecurityScan() + //enableSecurityScan() afterAlways('checkout') { sh "yarn cache clean" echo 'bar-web checked out' diff --git a/security.sh b/security.sh deleted file mode 100644 index 077a22670..000000000 --- a/security.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash -#echo "${SECURITYCONTEXT}" > /zap/security.context -zap-x.sh -daemon -host 0.0.0.0 -port 1001 -config database.newsession=3 -config database.newsessionprompt=false -config globalexcludeurl.url_list.url.regex='^https?:\/\/.*\/(?:.*login.*)+$' -config api.disablekey=true -config scanner.attackOnStart=true -config view.mode=attack -config rules.cookie.ignorelist=_ga,_gid,_gat,dtCookie,dtLatC,dtPC,dtSa,rxVisitor,rxvt -config connection.dnsTtlSuccessfulQueries=-1 -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true & -i=0 -while !(curl -s http://0.0.0.0:1001) >/dev/null; do - i=$(((i + 1) % 4)) - sleep .1 -done - -echo "ZAP has successfully started" -zap-cli --zap-url http://0.0.0.0 -p 1001 status -t 120 -zap-cli --zap-url http://0.0.0.0 -p 1001 open-url "${TEST_URL}" -zap-cli --zap-url http://0.0.0.0 -p 1001 spider ${TEST_URL} -zap-cli --zap-url http://0.0.0.0 -p 1001 active-scan --scanners all --recursive "${TEST_URL}" -zap-cli --zap-url http://0.0.0.0 -p 1001 report -o activescan.html -f html -zap-cli --zap-url http://0.0.0.0 -p 1001 report -o activescanReport.xml -f xml -echo 'Changing owner from $(id -u):$(id -g) to $(id -u):$(id -u)' -chown -R $(id -u):$(id -u) activescan.html -chown -R $(id -u):$(id -u) activescanReport.xml - -cp *.html functional-output/ -cp activescanReport.xml functional-output/ - -zap-cli --zap-url http://0.0.0.0 -p 1001 alerts -l Low --exit-code False -curl --fail http://0.0.0.0:1001/OTHER/core/other/jsonreport/?formMethod=GET --output report.json -cp *.* functional-output/ - -echo -echo ZAP Security vulnerabilities were found that were not ignored -echo -echo Check to see if these vulnerabilities apply to production -echo and/or if they have fixes available. If they do not have -echo fixes and they do not apply to production, you may ignore them -echo -echo To ignore these vulnerabilities, add them to: -echo -echo "./audit.json" -echo -echo and commit the change From aa2756668e8563ebad2655b6d2612fa86f6b47ca Mon Sep 17 00:00:00 2001 From: Dave Jones <38425925+davejones74@users.noreply.github.com> Date: Wed, 19 Apr 2023 16:11:01 +0100 Subject: [PATCH 2/3] Enabled nightly pipeline. --- Jenkinsfile_nightly | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Jenkinsfile_nightly b/Jenkinsfile_nightly index 8226ecfde..4a65600c7 100644 --- a/Jenkinsfile_nightly +++ b/Jenkinsfile_nightly @@ -48,10 +48,10 @@ withNightlyPipeline("nodejs", product, component) { env.BAR_CLIENT_REDIRECT_URI = params.BAR_CLIENT_REDIRECT_URI loadVaultSecrets(secrets) - // enableFortifyScan() - //enableCrossBrowserTest() + enableFortifyScan() + enableCrossBrowserTest() enableFullFunctionalTest(90) - //enableSecurityScan() + enableSecurityScan() afterAlways('checkout') { sh "yarn cache clean" echo 'bar-web checked out' From d4e3bae73d34a55abc6b7d16b78233e1261ba1b5 Mon Sep 17 00:00:00 2001 From: Dave Jones <38425925+davejones74@users.noreply.github.com> Date: Wed, 19 Apr 2023 16:12:10 +0100 Subject: [PATCH 3/3] Update Jenkinsfile_nightly --- Jenkinsfile_nightly | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile_nightly b/Jenkinsfile_nightly index 4a65600c7..235931b20 100644 --- a/Jenkinsfile_nightly +++ b/Jenkinsfile_nightly @@ -48,7 +48,7 @@ withNightlyPipeline("nodejs", product, component) { env.BAR_CLIENT_REDIRECT_URI = params.BAR_CLIENT_REDIRECT_URI loadVaultSecrets(secrets) - enableFortifyScan() + // enableFortifyScan() enableCrossBrowserTest() enableFullFunctionalTest(90) enableSecurityScan()