-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathgitlab-ephemeral-app-blocking-mode.yaml
More file actions
109 lines (96 loc) · 3.35 KB
/
gitlab-ephemeral-app-blocking-mode.yaml
File metadata and controls
109 lines (96 loc) · 3.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
stages:
- build-and-test
build-and-test:
stage: build-and-test
image: docker:latest
services:
- docker:dind
variables:
DOCKER_HOST: tcp://docker:2375
script:
- apk add --no-cache curl jq python3 py3-pip
- python3 -m venv venv
- source ./venv/bin/activate
# Install Probely CLI
- pip install probely
- probely targets get --api-key ${PROBELY_API_KEY}
- docker network create custom-network
- docker build -t test-app .
- docker run --name test-app --hostname custom-web-app --network custom-network -p 0.0.0.0:8080:8080 -d test-app
- cat /etc/hosts # current /etc/hosts
- CONTAINER_IP=$(grep -i 'docker' /etc/hosts | head -1 | awk '{print $1}')
- echo "Container IP from /etc/hosts is $CONTAINER_IP"
- echo "${CONTAINER_IP} ${TARGET_HOSTNAME} ${TARGET_HOSTNAME}." | tee -a /etc/hosts # Add to /etc/hosts
- cat /etc/hosts # Confirm host was added
- |
for i in {1..10}; do # Wait for the app to start
if curl -s ${TARGET_URL} > /dev/null; then
echo "App is up!";
break;
fi
echo "Waiting for the app to be ready...";
sleep 2;
done
# Test the application
- RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" ${TARGET_URL})
- |
if [[ "$RESPONSE" -ne 200 ]]; then
echo "App test failed with HTTP status ${RESPONSE}";
exit 1;
fi
- curl -s -i ${TARGET_URL}
- echo "App test passed with HTTP status ${RESPONSE}";
# Run userspace agent
- chmod +x scanning-agent/farcasterd-linux-amd64-0.4.3
- ./scanning-agent/farcasterd-linux-amd64-0.4.3 --token ${AGENT_TOKEN} &
# Wait for the agent to start
- sleep 40
# Start Scan
- |
for i in {1..20}; do # Start Probely scan
echo "-----------------------------------"
SCAN_ID=$(probely targets start-scan ${TARGET_ID} -o IDS_ONLY --api-key ${PROBELY_API_KEY})
echo ${SCAN_ID}
if [[ -z "${SCAN_ID}" ]]; then
echo "Scan didn't start... Retry start-scan"
else
echo "Scan started with SCAN ID ${SCAN_ID}";
break;
fi
sleep 5
done
- |
if [[ -z "${SCAN_ID}" ]]; then
echo "No Scan ID, aborting..."
exit 1
fi
# Wait for scan to end
- |
while true; do
echo "-----------------------------------"
SCAN_OUTPUT=$(probely scans get ${SCAN_ID} --api-key ${PROBELY_API_KEY} | tail -1)
echo ${SCAN_OUTPUT}
echo "-----------------------------------"
SCAN_STATUS=$(probely scans get ${SCAN_ID} --api-key ${PROBELY_API_KEY} -o JSON | jq -r '.status')
if [[ "$SCAN_STATUS" == "started" ]] || [[ "$SCAN_STATUS" == "queued" ]]; then
echo "Scan is running or queued!";
else
echo "Scan is not running... finishing"
break;
fi
sleep 30;
done
# Check for high vulnerabilities
- HIGH_VULNS=$(probely scans get ${SCAN_ID} --api-key ${PROBELY_API_KEY} -o JSON | jq -r '.highs')
- echo "HIGH vulnerabilities ${HIGH_VULNS}"
- |
if [[ "$HIGH_VULNS" -gt 0 ]]; then
echo "Scan has High vulnerabilities... aborting"
exit 1
else
echo "Scan doesn't have high vulnerabilities"
fi
# Clean up
- docker stop test-app
- docker rm test-app
- docker network rm custom-network