Merge branch 'master' into feature/improve-readme-files

dpatanin · dpatanin · commit c758c476a987 · 2020-08-18T09:38:54.000+02:00
diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-# secureCodeBox – v2 ALPHA
+# secureCodeBox – v2 Beta
 
 <p align="center">
   <img alt="secureCodeBox Logo" src="./docs/resources/securecodebox-logo.svg" width="500px">
@@ -7,25 +7,28 @@
 
 <p align="center">
   <a href="https://opensource.org/licenses/Apache-2.0"><img alt="License Apache-2.0" src="https://img.shields.io/badge/License-Apache%202.0-blue.svg"></a>
-  <a href="https://github.com/secureCodeBox/secureCodeBox/releases/latest"><img alt="Latest GitHub Release" src="https://img.shields.io/github/release/secureCodeBox/secureCodeBox.svg"></a>
+  <a href="https://github.com/secureCodeBox/secureCodeBox-v2/releases/tag/v2.0.0-rc.1"><img alt="Preview GitHub Release" src="https://img.shields.io/badge/release-v2.0.0%7Erc.1-blue.svg"></a>
   <a href="https://owasp.org/www-project-securecodebox/"><img alt="OWASP Incubator Project" src="https://img.shields.io/badge/OWASP-Incubator%20Project-365EAA"></a>
   <a href="https://twitter.com/securecodebox"><img alt="Twitter Follower" src="https://img.shields.io/twitter/follow/securecodebox?style=flat&color=blue&logo=twitter"></a>
 </p>
 <p align="center">
-  <a href="https://github.com/secureCodeBox/secureCodeBox-v2-alpha/actions?query=workflow%3ACI"><img alt="Build" src="https://github.com/secureCodeBox/secureCodeBox-v2-alpha/workflows/CI/badge.svg"></a>
-  <a href="https://codeclimate.com/github/secureCodeBox/secureCodeBox-v2-alpha/test_coverage"><img alt="Test Coverage" src="https://api.codeclimate.com/v1/badges/b6bf3af707671b5e5251/test_coverage" /></a>
-  <a href="https://snyk.io/test/github/secureCodeBox/secureCodeBox-v2-alpha/"><img alt="Known Vulnerabilities" src="https://snyk.io/test/github/secureCodeBox/secureCodeBox-v2-alpha/badge.svg"></a>
+  <a href="https://github.com/secureCodeBox/secureCodeBox-v2/actions?query=workflow%3ACI"><img alt="Build" src="https://github.com/secureCodeBox/secureCodeBox-v2/workflows/CI/badge.svg"></a>
+  <a href="https://codeclimate.com/github/secureCodeBox/secureCodeBox-v2/test_coverage"><img alt="Test Coverage" src="https://api.codeclimate.com/v1/badges/b6bf3af707671b5e5251/test_coverage" /></a>
+  <a href="https://snyk.io/test/github/secureCodeBox/secureCodeBox-v2/"><img alt="Known Vulnerabilities" src="https://snyk.io/test/github/secureCodeBox/secureCodeBox-v2/badge.svg"></a>
 </p>
 
-**NOTE**: This Repository contains a **work in progress** preview of the planned next major secureCodeBox Release. You can find the current **stable release** here [https://github.com/secureCodeBox/secureCodeBox](https://github.com/secureCodeBox/secureCodeBox). The release of version 2.0 is still at least some month away but you can already get a sneak peak here 😀. The release will contain a major architecture change which will not be backward compatible. More details will follow soon in a series of blog articles.
+**NOTE**: This Repository contains the stable beta preview of the next major secureCodeBox (SCB) Release v2.  
+You can find the current **stable release** here [https://github.com/secureCodeBox/secureCodeBox](https://github.com/secureCodeBox/secureCodeBox). 
+
+_The major release of SCB version 2.0 will be available in the next weeks._ The release will contain a major architecture change which will not be backward compatible. More details will follow soon in a series of blog articles.
 
 > _secureCodeBox_ is a kubernetes based, modularized toolchain for continuous security scans of your software project. Its goal is to orchestrate and easily automate a bunch of security-testing tools out of the box.
 
 ## Overview
 
 <!-- toc -->
 
-- [secureCodeBox – v2 ALPHA](#securecodebox--v2-alpha)
+- [secureCodeBox – v2 Beta](#securecodebox--v2-beta)
   - [Overview](#overview)
   - [Purpose of this Project](#purpose-of-this-project)
   - [Quickstart](#quickstart)
diff --git a/docs/resources/scb-architecture.drawio b/docs/resources/scb-architecture.drawio
diff --git a/docs/resources/scb-architecture.svg b/docs/resources/scb-architecture.svg
diff --git a/scanners/amass/Chart.yaml b/scanners/amass/Chart.yaml
@@ -4,7 +4,7 @@ description: A Helm chart for the Amass security scanner that integrates with th
 
 type: application
 version: 0.1.0
-appVersion: 3.8.2
+appVersion: 3.9.1
 
 keywords:
   - security
diff --git a/scanners/amass/README.md b/scanners/amass/README.md
@@ -4,7 +4,7 @@ path: "scanners/amass"
 category: "scanner"
 type: "Network"
 state: "released"
-appVersion: "3.7.2"
+appVersion: "3.9.1"
 usecase: "Subdomain Enumeration Scanner"
 ---
 
diff --git a/scanners/amass/values.yaml b/scanners/amass/values.yaml
@@ -5,3 +5,11 @@ parserImage:
 
 scannerJob:
   resources: {}
+# scannerJob:
+#   resources:
+#     requests:
+#       memory: "256Mi"
+#       cpu: "250m"
+#     limits:
+#       memory: "512Mi"
+#       cpu: "500m"
diff --git a/scanners/kube-hunter/examples/in-cluster/findings.yaml b/scanners/kube-hunter/examples/in-cluster/findings.yaml
diff --git a/scanners/nikto/values.yaml b/scanners/nikto/values.yaml
@@ -5,3 +5,11 @@ parserImage:
 
 scannerJob:
   resources: {}
+# scannerJob:
+#   resources:
+#     requests:
+#       memory: "256Mi"
+#       cpu: "250m"
+#     limits:
+#       memory: "512Mi"
+#       cpu: "500m"
diff --git a/scanners/nmap/values.yaml b/scanners/nmap/values.yaml
@@ -5,3 +5,11 @@ parserImage:
 
 scannerJob:
   resources: {}
+# scannerJob:
+#   resources:
+#     requests:
+#       memory: "256Mi"
+#       cpu: "250m"
+#     limits:
+#       memory: "512Mi"
+#       cpu: "500m"
diff --git a/scanners/ssh_scan/values.yaml b/scanners/ssh_scan/values.yaml
@@ -5,3 +5,11 @@ parserImage:
 
 scannerJob:
   resources: {}
+# scannerJob:
+#   resources:
+#     requests:
+#       memory: "256Mi"
+#       cpu: "250m"
+#     limits:
+#       memory: "512Mi"
+#       cpu: "500m"
diff --git a/scanners/sslyze/values.yaml b/scanners/sslyze/values.yaml
@@ -5,3 +5,11 @@ parserImage:
 
 scannerJob:
   resources: {}
+# scannerJob:
+#   resources:
+#     requests:
+#       memory: "256Mi"
+#       cpu: "250m"
+#     limits:
+#       memory: "512Mi"
+#       cpu: "500m"
diff --git a/scanners/test-scan/values.yaml b/scanners/test-scan/values.yaml
@@ -5,3 +5,11 @@ parserImage:
 
 scannerJob:
   resources: {}
+# scannerJob:
+#   resources:
+#     requests:
+#       memory: "256Mi"
+#       cpu: "250m"
+#     limits:
+#       memory: "512Mi"
+#       cpu: "500m"
diff --git a/scanners/trivy/values.yaml b/scanners/trivy/values.yaml
@@ -5,3 +5,11 @@ parserImage:
 
 scannerJob:
   resources: {}
+# scannerJob:
+#   resources:
+#     requests:
+#       memory: "256Mi"
+#       cpu: "250m"
+#     limits:
+#       memory: "512Mi"
+#       cpu: "500m"
diff --git a/scanners/wpscan/values.yaml b/scanners/wpscan/values.yaml
@@ -5,3 +5,11 @@ parserImage:
 
 scannerJob:
   resources: {}
+# scannerJob:
+#   resources:
+#     requests:
+#       memory: "256Mi"
+#       cpu: "250m"
+#     limits:
+#       memory: "512Mi"
+#       cpu: "500m"
diff --git a/scanners/zap/examples/demo-juice-shop-full-scan/findings.yaml b/scanners/zap/examples/demo-juice-shop-full-scan/findings.yaml
diff --git a/scanners/zap/parser/__snapshots__/parser.test.js.snap b/scanners/zap/parser/__snapshots__/parser.test.js.snap
diff --git a/scanners/zap/parser/parser.js b/scanners/zap/parser/parser.js
@@ -1,49 +1,67 @@
 function riskToSeverity(risk) {
   switch (parseInt(risk, 10)) {
     case 0:
-      return 'INFORMATIONAL';
+      return "INFORMATIONAL";
     case 1:
-      return 'LOW';
+      return "LOW";
     case 2:
-      return 'MEDIUM';
+      return "MEDIUM";
     default:
-      return 'HIGH';
+      return "HIGH";
   }
 }
 
-function stripHtmlTags(str)
-{
-   if ((!str) || ( str === null ) || ( str === '' ))
-       return false;
-  else
-   str = str.toString();
-  return str.replace(/<[^>]*>/g, '');
+function stripHtmlTags(str) {
+  if (!str || str === null || str === "") {
+    return false;
+  } else {
+    str = str.toString();
+  }
+  return str.replace(/<[^>]*>/g, "");
+}
+
+function truncate({ text, maxLength = 2048 }) {
+  if (!text || text.length < maxLength) {
+    return text;
+  }
+
+  return `${text.slice(0, maxLength)}...`;
 }
 
 async function parse(fileContent) {
   return fileContent.site.flatMap(
-    ({ '@name': location, '@host': host, alerts }) => {
-      return alerts.map(alert => {
+    ({ "@name": location, "@host": host, alerts }) => {
+      return alerts.map((alert) => {
+        const findingUrls = (alert.instances || []).map((instance) => {
+          return {
+            ...instance,
+            evidence: truncate({ text: instance.evidence, maxLength: 256 }),
+          };
+        });
+
         return {
           name: stripHtmlTags(alert.name),
           description: stripHtmlTags(alert.desc),
           hint: alert.hint,
           category: alert.alert || stripHtmlTags(alert.name),
           location,
-          osi_layer: 'APPLICATION',
+          osi_layer: "APPLICATION",
           severity: riskToSeverity(alert.riskcode),
           attributes: {
             host: host,
             zap_confidence: alert.confidence || null,
             zap_count: alert.count || null,
             zap_solution: stripHtmlTags(alert.solution) || null,
-            zap_otherinfo: stripHtmlTags(alert.otherinfo) || null,
+            zap_otherinfo: truncate({
+              text: stripHtmlTags(alert.otherinfo) || null,
+              maxLength: 2048,
+            }),
             zap_reference: stripHtmlTags(alert.reference) || null,
             zap_cweid: alert.cweid || null,
             zap_wascid: alert.wascid || null,
             zap_riskcode: alert.riskcode || null,
             zap_pluginid: alert.pluginid || null,
-            zap_finding_urls: alert.instances || null,
+            zap_finding_urls: findingUrls,
           },
         };
       });
diff --git a/scanners/zap/values.yaml b/scanners/zap/values.yaml
@@ -5,3 +5,11 @@ parserImage:
 
 scannerJob:
   resources: {}
+# scannerJob:
+#   resources:
+#     requests:
+#       memory: "2Gi"
+#       cpu: "250m"
+#     limits:
+#       memory: "2Gi"
+#       cpu: "500m"
