From 14f67ce91d73a88444b2e4fea2f18291e526769d Mon Sep 17 00:00:00 2001 From: Samuel Gajdos Date: Mon, 16 Sep 2024 12:22:17 +0000 Subject: [PATCH] New rapidast tests --- .../java/io/brokerqe/claire/Constants.java | 1 + .../claire/container/RapidastContainer.java | 70 ++++++++++++++++ .../claire/security/RapidastDefaultTests.java | 59 ++++++++++++++ .../claire/security/RapidastSecuredTests.java | 79 +++++++++++++++++++ 4 files changed, 209 insertions(+) create mode 100644 standalone-suite/src/main/java/io/brokerqe/claire/container/RapidastContainer.java create mode 100644 standalone-suite/src/test/java/io/brokerqe/claire/security/RapidastDefaultTests.java create mode 100644 standalone-suite/src/test/java/io/brokerqe/claire/security/RapidastSecuredTests.java diff --git a/common/src/main/java/io/brokerqe/claire/Constants.java b/common/src/main/java/io/brokerqe/claire/Constants.java index 2c5c72a1..f8dc1d75 100644 --- a/common/src/main/java/io/brokerqe/claire/Constants.java +++ b/common/src/main/java/io/brokerqe/claire/Constants.java @@ -170,6 +170,7 @@ public interface Constants { // https://hub.docker.com/_/microsoft-mssql-server String IMAGE_MSSQL = "mcr.microsoft.com/mssql/server:2022-latest"; String IMAGE_ORACLE = "container-registry.oracle.com/database/free:latest"; + String IMAGE_RAPIDAST = "quay.io/redhatproductsecurity/rapidast:latest"; // Openshift related String MONITORING_NAMESPACE = "openshift-monitoring"; diff --git a/standalone-suite/src/main/java/io/brokerqe/claire/container/RapidastContainer.java b/standalone-suite/src/main/java/io/brokerqe/claire/container/RapidastContainer.java new file mode 100644 index 00000000..0b64e93a --- /dev/null +++ b/standalone-suite/src/main/java/io/brokerqe/claire/container/RapidastContainer.java @@ -0,0 +1,70 @@ +/* + * Copyright Broker QE authors. + * License: Apache License 2.0 (see the file LICENSE or http://apache.org/licenses/LICENSE-2.0.html). + */ +package io.brokerqe.claire.container; + +import io.brokerqe.claire.TestUtils; +import io.brokerqe.claire.container.database.DatabaseContainer; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.testcontainers.containers.BindMode; +import io.brokerqe.claire.Constants; +import org.testcontainers.containers.startupcheck.OneShotStartupCheckStrategy; +import java.time.Duration; + + +public class RapidastContainer extends AbstractGenericContainer { + + protected static final Logger LOGGER = LoggerFactory.getLogger(DatabaseContainer.class); + + public static final String RAPIDAST_DIR = "/tmp/rapidast"; + public static final String RESULTS_DIR = "/tmp/rapidast/results"; + public static final String RAPIDAST_CONFIG = "/tmp/rapidast/config.yaml"; + + public RapidastContainer(String name, String consoleURL, String scanName, int timeout) { + super(name, Constants.IMAGE_RAPIDAST); + container.withFileSystemBind(RAPIDAST_DIR, RAPIDAST_DIR, BindMode.READ_WRITE); + container.withFileSystemBind(RESULTS_DIR, "/opt/rapidast/results", BindMode.READ_WRITE); + container.withCreateContainerCmdModifier(cmd -> cmd.withUser("root")); + container.withCommand("rapidast.py --config " + RAPIDAST_CONFIG); + container.withStartupCheckStrategy( + new OneShotStartupCheckStrategy().withTimeout(Duration.ofSeconds(timeout)) + ); + + LOGGER.info("Preparing Rapidast scan environment"); + TestUtils.createDirectory(RAPIDAST_DIR); + TestUtils.createDirectory(RESULTS_DIR); + String config = generateConfigString(consoleURL, scanName); + LOGGER.debug("Generated config: " + config); + TestUtils.createFile(RAPIDAST_CONFIG, config); + } + + private static String generateConfigString(String consoleURL, String shortName) { + return String.format( + """ + config: + configVersion: 4 + application: + shortName: %s + url: %s + general: + authentication: + type: http_basic + parameters: + username: "admin" + password: "admin" + scanners: + zap: + spiderAjax: + maxDuration: 10 # in minutes, default: 0 unlimited + browserId: firefox-headless + passiveScan: + activeScan: + report: + format: ["json","html"] + miscOptions: + updateAddons: False""", shortName, consoleURL); + } + +} diff --git a/standalone-suite/src/test/java/io/brokerqe/claire/security/RapidastDefaultTests.java b/standalone-suite/src/test/java/io/brokerqe/claire/security/RapidastDefaultTests.java new file mode 100644 index 00000000..0c59d089 --- /dev/null +++ b/standalone-suite/src/test/java/io/brokerqe/claire/security/RapidastDefaultTests.java @@ -0,0 +1,59 @@ +/* + * Copyright Broker QE authors. + * License: Apache License 2.0 (see the file LICENSE or http://apache.org/licenses/LICENSE-2.0.html). + */ +package io.brokerqe.claire.security; + +import io.brokerqe.claire.AbstractSystemTests; +import io.brokerqe.claire.ResourceManager; +import io.brokerqe.claire.TestUtils; +import io.brokerqe.claire.container.ArtemisContainer; +import io.brokerqe.claire.container.RapidastContainer; +import org.junit.jupiter.api.AfterAll; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.Test; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import static org.assertj.core.api.Assertions.assertThat; + + +public class RapidastDefaultTests extends AbstractSystemTests { + + private static final Logger LOGGER = LoggerFactory.getLogger(RapidastDefaultTests.class); + + protected String consoleURL; + + protected String getScanName() { + return "default-spider"; + } + + @BeforeAll + void setupEnv() { + String artemisName = "artemis"; + LOGGER.info("Creating artemis instance: " + artemisName); + ArtemisContainer artemis = getArtemisInstance(artemisName); + consoleURL = artemis.getConsoleUrl(); + } + + @AfterAll + public void tearDownEnv() { + ResourceManager.stopAllContainers(); + } + + @Test + void rapidastConsoleTest() { + LOGGER.info("[RAPIDAST] {}, Spider method: {}", consoleURL, getScanName()); + + LOGGER.info("Creating rapidast container"); + RapidastContainer rapidast = new RapidastContainer("rapidast", consoleURL, getScanName(), 1000); + + LOGGER.info("Starting rapidast container"); + rapidast.start(); + + LOGGER.info("Ensuring results from scanner are in results directory"); + boolean resultsDirExists = TestUtils.directoryExists(RapidastContainer.RESULTS_DIR + "/" + getScanName()); + assertThat(resultsDirExists).isTrue(); + } + +} diff --git a/standalone-suite/src/test/java/io/brokerqe/claire/security/RapidastSecuredTests.java b/standalone-suite/src/test/java/io/brokerqe/claire/security/RapidastSecuredTests.java new file mode 100644 index 00000000..176eb15d --- /dev/null +++ b/standalone-suite/src/test/java/io/brokerqe/claire/security/RapidastSecuredTests.java @@ -0,0 +1,79 @@ +/* + * Copyright Broker QE authors. + * License: Apache License 2.0 (see the file LICENSE or http://apache.org/licenses/LICENSE-2.0.html). + */ +package io.brokerqe.claire.security; + +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import io.brokerqe.claire.ResourceManager; +import io.brokerqe.claire.TestUtils; +import io.brokerqe.claire.Constants; +import io.brokerqe.claire.ArtemisConstants; +import io.brokerqe.claire.container.ArtemisContainer; +import org.junit.jupiter.api.BeforeAll; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import org.testcontainers.containers.BindMode; + + +public class RapidastSecuredTests extends RapidastDefaultTests { + + private static final Logger LOGGER = LoggerFactory.getLogger(RapidastSecuredTests.class); + + + protected String getScanName() { + return "secured-spider"; + } + @BeforeAll + void setupEnv() { + String artemisName = "artemis"; + LOGGER.info("Generating certificates: " + artemisName); + CertificateData rootCACertData = new CertificateData("rootca", "C=CZ, L=Brno, O=ArtemisCloud, OU=CertificateAuthority, CN=rootca", null); + CertificateData myCACertData = new CertificateData("myca", "C=CZ, L=Brno, O=ArtemisCloud, OU=tls-tests, CN=myca", rootCACertData); + + Map keystores = CertificateManager.generateDefaultCertificateKeystores( + "C=CZ, L=Brno, O=ArtemisCloud, OU=Broker CN=localhost", + "C=CZ, L=Brno, O=ArtemisCloud, OU=Client CN=*", + null, + myCACertData + ); + CertificateData producerCertData = new CertificateData("producer", CertificateManager.generateArtemisCloudDN("tls-tests", "producer"), null, 30, myCACertData); + KeyStoreData truststoreBrokerData = keystores.get(Constants.BROKER_TRUSTSTORE_ID); + CertificateManager.addToTruststore(truststoreBrokerData, producerCertData.getCertificate(), producerCertData.getAlias()); + + KeyStoreData keystoreBrokerData = keystores.get(Constants.BROKER_KEYSTORE_ID); + String keyStoreContainerPath = ArtemisContainer.ARTEMIS_INSTANCE_DIR + "/" + keystoreBrokerData.getKeyStorePathFileName(); + String trustStoreContainerPath = ArtemisContainer.ARTEMIS_INSTANCE_DIR + "/" + truststoreBrokerData.getKeyStorePathFileName(); + LOGGER.info("Creating artemis instance: " + artemisName); + String tuneFileName = TestUtils.getProjectRelativeFile("https_console_tune.yaml"); + String tuneFileContent = String.format(""" + boostrap_xml_bindings: + - name: 'artemis' + uri: https://0.0.0.0:8161 + sniHostCheck: "false" + sniRequired: "false" + clientAuth: "false" + keyStorePath: %s + keyStorePassword: brokerPass + trustStorePath: %s + trustStorePassword: brokerPass + """, keyStoreContainerPath, trustStoreContainerPath); + + TestUtils.createFile(tuneFileName, tuneFileContent); + ArtemisContainer artemis = ResourceManager.getArtemisContainerInstance(ArtemisConstants.ARTEMIS_STRING); + artemis.withFileSystemBind(keystoreBrokerData.getKeyStorePath(), keyStoreContainerPath, BindMode.READ_WRITE); + artemis.withFileSystemBind(truststoreBrokerData.getKeyStorePath(), trustStoreContainerPath, BindMode.READ_WRITE); + generateArtemisCfg(artemis, new ArrayList<>(List.of("tune_file=" + tuneFileName))); + artemis.start(); + ensureBrokerStarted(artemis); + ensureBrokerIsLive(artemis); + artemis.setSecured(true); + + consoleURL = artemis.getConsoleUrl(); + } + +}