New rapidast tests

common/src/main/java/io/brokerqe/claire/Constants.java

@@ -170,6 +170,7 @@ public interface Constants {
     // https://hub.docker.com/_/microsoft-mssql-server
     String IMAGE_MSSQL = "mcr.microsoft.com/mssql/server:2022-latest";
     String IMAGE_ORACLE = "container-registry.oracle.com/database/free:latest";
+    String IMAGE_RAPIDAST = "quay.io/redhatproductsecurity/rapidast:latest";
 
     // Openshift related
     String MONITORING_NAMESPACE = "openshift-monitoring";

standalone-suite/src/main/java/io/brokerqe/claire/container/RapidastContainer.java

@@ -0,0 +1,70 @@
+/*
+ * Copyright Broker QE authors.
+ * License: Apache License 2.0 (see the file LICENSE or http://apache.org/licenses/LICENSE-2.0.html).
+ */
+package io.brokerqe.claire.container;
+
+import io.brokerqe.claire.TestUtils;
+import io.brokerqe.claire.container.database.DatabaseContainer;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.testcontainers.containers.BindMode;
+import io.brokerqe.claire.Constants;
+import org.testcontainers.containers.startupcheck.OneShotStartupCheckStrategy;
+import java.time.Duration;
+
+
+public class RapidastContainer extends AbstractGenericContainer {
+
+    protected static final Logger LOGGER = LoggerFactory.getLogger(DatabaseContainer.class);
+
+    public static final String RAPIDAST_DIR = "/tmp/rapidast";
+    public static final String RESULTS_DIR = "/tmp/rapidast/results";
+    public static final String RAPIDAST_CONFIG = "/tmp/rapidast/config.yaml";
+
+    public RapidastContainer(String name, String consoleURL, String scanName, int timeout) {
+        super(name, Constants.IMAGE_RAPIDAST);
+        container.withFileSystemBind(RAPIDAST_DIR, RAPIDAST_DIR, BindMode.READ_WRITE);
+        container.withFileSystemBind(RESULTS_DIR, "/opt/rapidast/results", BindMode.READ_WRITE);
+        container.withCreateContainerCmdModifier(cmd -> cmd.withUser("root"));
+        container.withCommand("rapidast.py --config " + RAPIDAST_CONFIG);
+        container.withStartupCheckStrategy(
+                new OneShotStartupCheckStrategy().withTimeout(Duration.ofSeconds(timeout))
+        );
+
+        LOGGER.info("Preparing Rapidast scan environment");
+        TestUtils.createDirectory(RAPIDAST_DIR);
+        TestUtils.createDirectory(RESULTS_DIR);
+        String config = generateConfigString(consoleURL, scanName);
+        LOGGER.debug("Generated config: " + config);
+        TestUtils.createFile(RAPIDAST_CONFIG, config);
+    }
+
+    private static String generateConfigString(String consoleURL, String shortName) {
+        return String.format(
+                """
+                    config:
+                      configVersion: 4
+                    application:
+                      shortName: %s
+                      url: %s
+                    general:
+                      authentication:
+                        type: http_basic
+                        parameters:
+                          username: "admin"
+                          password: "admin"
+                    scanners:
+                      zap:
+                        spiderAjax:
+                          maxDuration: 10 # in minutes, default: 0 unlimited
+                          browserId: firefox-headless
+                        passiveScan:
+                        activeScan:
+                        report:
+                          format: ["json","html"]
+                        miscOptions:
+                          updateAddons: False""", shortName, consoleURL);
+    }
+
+}

standalone-suite/src/test/java/io/brokerqe/claire/security/RapidastDefaultTests.java

@@ -0,0 +1,59 @@
+/*
+ * Copyright Broker QE authors.
+ * License: Apache License 2.0 (see the file LICENSE or http://apache.org/licenses/LICENSE-2.0.html).
+ */
+package io.brokerqe.claire.security;
+
+import io.brokerqe.claire.AbstractSystemTests;
+import io.brokerqe.claire.ResourceManager;
+import io.brokerqe.claire.TestUtils;
+import io.brokerqe.claire.container.ArtemisContainer;
+import io.brokerqe.claire.container.RapidastContainer;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+
+public class RapidastDefaultTests extends AbstractSystemTests {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(RapidastDefaultTests.class);
+
+    protected String consoleURL;
+
+    protected String getScanName() {
+        return "default-spider";
+    }
+
+    @BeforeAll
+    void setupEnv() {
+        String artemisName = "artemis";
+        LOGGER.info("Creating artemis instance: " + artemisName);
+        ArtemisContainer artemis = getArtemisInstance(artemisName);
+        consoleURL = artemis.getConsoleUrl();
+    }
+
+    @AfterAll
+    public void tearDownEnv() {
+        ResourceManager.stopAllContainers();
+    }
+
+    @Test
+    void rapidastConsoleTest() {
+        LOGGER.info("[RAPIDAST] {}, Spider method: {}", consoleURL, getScanName());
+
+        LOGGER.info("Creating rapidast container");
+        RapidastContainer rapidast = new RapidastContainer("rapidast", consoleURL, getScanName(), 1000);
+
+        LOGGER.info("Starting rapidast container");
+        rapidast.start();
+
+        LOGGER.info("Ensuring results from scanner are in results directory");
+        boolean resultsDirExists = TestUtils.directoryExists(RapidastContainer.RESULTS_DIR + "/" + getScanName());
+        assertThat(resultsDirExists).isTrue();
+    }
+
+}

standalone-suite/src/test/java/io/brokerqe/claire/security/RapidastSecuredTests.java

@@ -0,0 +1,79 @@
+/*
+ * Copyright Broker QE authors.
+ * License: Apache License 2.0 (see the file LICENSE or http://apache.org/licenses/LICENSE-2.0.html).
+ */
+package io.brokerqe.claire.security;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+import io.brokerqe.claire.ResourceManager;
+import io.brokerqe.claire.TestUtils;
+import io.brokerqe.claire.Constants;
+import io.brokerqe.claire.ArtemisConstants;
+import io.brokerqe.claire.container.ArtemisContainer;
+import org.junit.jupiter.api.BeforeAll;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import org.testcontainers.containers.BindMode;
+
+
+public class RapidastSecuredTests extends RapidastDefaultTests {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(RapidastSecuredTests.class);
+
+
+    protected String getScanName() {
+        return "secured-spider";
+    }
+    @BeforeAll
+    void setupEnv() {
+        String artemisName = "artemis";
+        LOGGER.info("Generating certificates: " + artemisName);
+        CertificateData rootCACertData = new CertificateData("rootca", "C=CZ, L=Brno, O=ArtemisCloud, OU=CertificateAuthority, CN=rootca", null);
+        CertificateData myCACertData = new CertificateData("myca", "C=CZ, L=Brno, O=ArtemisCloud, OU=tls-tests, CN=myca", rootCACertData);
+
+        Map<String, KeyStoreData> keystores = CertificateManager.generateDefaultCertificateKeystores(
+                "C=CZ, L=Brno, O=ArtemisCloud, OU=Broker CN=localhost",
+                "C=CZ, L=Brno, O=ArtemisCloud, OU=Client CN=*",
+                null,
+                myCACertData
+        );
+        CertificateData producerCertData = new CertificateData("producer", CertificateManager.generateArtemisCloudDN("tls-tests", "producer"), null, 30, myCACertData);
+        KeyStoreData truststoreBrokerData = keystores.get(Constants.BROKER_TRUSTSTORE_ID);
+        CertificateManager.addToTruststore(truststoreBrokerData, producerCertData.getCertificate(), producerCertData.getAlias());
+
+        KeyStoreData keystoreBrokerData = keystores.get(Constants.BROKER_KEYSTORE_ID);
+        String keyStoreContainerPath = ArtemisContainer.ARTEMIS_INSTANCE_DIR + "/" + keystoreBrokerData.getKeyStorePathFileName();
+        String trustStoreContainerPath = ArtemisContainer.ARTEMIS_INSTANCE_DIR + "/" + truststoreBrokerData.getKeyStorePathFileName();
+        LOGGER.info("Creating artemis instance: " + artemisName);
+        String tuneFileName = TestUtils.getProjectRelativeFile("https_console_tune.yaml");
+        String tuneFileContent = String.format("""
+                boostrap_xml_bindings:
+                  - name: 'artemis'
+                    uri: https://0.0.0.0:8161
+                    sniHostCheck: "false"
+                    sniRequired: "false"
+                    clientAuth: "false"
+                    keyStorePath: %s
+                    keyStorePassword: brokerPass
+                    trustStorePath: %s
+                    trustStorePassword: brokerPass
+                """, keyStoreContainerPath,  trustStoreContainerPath);
+
+        TestUtils.createFile(tuneFileName, tuneFileContent);
+        ArtemisContainer artemis = ResourceManager.getArtemisContainerInstance(ArtemisConstants.ARTEMIS_STRING);
+        artemis.withFileSystemBind(keystoreBrokerData.getKeyStorePath(), keyStoreContainerPath, BindMode.READ_WRITE);
+        artemis.withFileSystemBind(truststoreBrokerData.getKeyStorePath(), trustStoreContainerPath, BindMode.READ_WRITE);
+        generateArtemisCfg(artemis, new ArrayList<>(List.of("tune_file=" + tuneFileName)));
+        artemis.start();
+        ensureBrokerStarted(artemis);
+        ensureBrokerIsLive(artemis);
+        artemis.setSecured(true);
+
+        consoleURL = artemis.getConsoleUrl();
+    }
+
+}