From 383da9847b75f7341b9d05c5edb3be2c3110947d Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Fri, 9 Aug 2024 15:58:13 +0530 Subject: [PATCH 01/87] v2 -> v4 migration --- asoc.ps1 | 72 ++++++++++++++++++++++++++++----------------------- cancelJob.ps1 | 2 +- main.ps1 | 2 +- 3 files changed, 41 insertions(+), 35 deletions(-) diff --git a/asoc.ps1 b/asoc.ps1 index 5286ad3..0bc59a3 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -65,7 +65,7 @@ function Set-AppScanPresence{ function Lookup-ASoC-Application ($ApplicationName) { $params = @{ - Uri = "$env:INPUT_BASEURL/Apps/GetAsPage" + Uri = "$env:INPUT_BASEURL/Apps" Method = 'GET' Headers = @{ 'Content-Type' = 'application/json' @@ -90,7 +90,7 @@ function Run-ASoC-FileUpload($filepath){ Authorization = "Bearer $global:BearerToken" } Form = @{ - 'fileToUpload' = Get-Item -Path $filepath + 'uploadedFile' = Get-Item -Path $filepath } } $upload = Invoke-RestMethod @params @@ -107,8 +107,8 @@ function Run-ASoC-DynamicAnalyzerNoAuth { function Run-ASoC-DynamicAnalyzerUserPass{ Write-Host "Proceeding with username and password login..." -ForegroundColor Green - $global:jsonBodyInPSObject.Add("LoginUser",$env:INPUT_LOGIN_USER) - $global:jsonBodyInPSObject.Add("LoginPassword",$env:INPUT_LOGIN_PASSWORD) + $global:jsonBodyInPSObject.Add("UserName",$env:INPUT_LOGIN_USER) + $global:jsonBodyInPSObject.Add("Password",$env:INPUT_LOGIN_PASSWORD) return Run-ASoC-DynamicAnalyzerAPI($jsonBodyInPSObject | ConvertTo-Json) } @@ -126,9 +126,9 @@ function Run-ASoC-DynamicAnalyzerRecordedLogin{ function Run-ASoC-DynamicAnalyzerWithFile{ $FileID = Run-ASoC-FileUpload($env:INPUT_SCAN_OR_SCANT_FILE) - $global:jsonBodyInPSObject.Add("ScanFileId",$FileID) + $global:jsonBodyInPSObject.Add("ScanOrTemplateFileId",$FileID) - return Run-ASoC-DynamicAnalyzerWithFileAPI($jsonBodyInPSObject | ConvertTo-Json) + return Run-ASoC-DynamicAnalyzerAPI($jsonBodyInPSObject | ConvertTo-Json) } @@ -136,7 +136,7 @@ function Run-ASoC-DynamicAnalyzerAPI($json){ write-host $json $params = @{ - Uri = "$global:BaseAPIUrl/Scans/DynamicAnalyzer" + Uri = "$global:BaseAPIUrl/Scans/Dast" Method = 'POST' Body = $json Headers = @{ @@ -192,7 +192,7 @@ function Run-ASoC-DAST{ function Run-ASoC-ScanCompletionChecker($scanID){ $params = @{ Uri = "$global:BaseAPIUrl/Scans/$scanID/Executions" - Method = 'Get' + Method = 'GET' Headers = @{ 'Content-Type' = 'application/json' Authorization = "Bearer $global:BearerToken" @@ -228,7 +228,7 @@ function Run-ASoC-GenerateReport ($scanID) { $params = @{ Uri = "$global:BaseAPIUrl/Reports/Security/Scan/$scanID" - Method = 'Post' + Method = 'POST' Headers = @{ 'Content-Type' = 'application/json' Authorization = "Bearer $global:BearerToken" @@ -266,9 +266,10 @@ function Run-ASoC-GenerateReport ($scanID) { function Run-ASoC-ReportCompletionChecker($reportID){ #Wait for report + #/api/v4/Reports $filter= Id eq $params = @{ - Uri = "$global:BaseAPIUrl/Reports/$reportID" - Method = 'Get' + Uri = "$global:BaseAPIUrl/Reports" + "$filter= Id eq" + "$reportID" + Method = 'GET' Headers = @{ 'Content-Type' = 'application/json' Authorization = "Bearer $global:BearerToken" @@ -286,12 +287,13 @@ function Run-ASoC-ReportCompletionChecker($reportID){ } } -function Run-ASoC-DownloadReport($eportID){ +function Run-ASoC-DownloadReport($reportID){ #Download Report + #/api/v4/Reports/{ReportId}/Download $params = @{ - Uri = "$global:BaseAPIUrl/Reports/Download/$eportID" - Method = 'Get' + Uri = "$global:BaseAPIUrl/Reports/$reportID/Download" + Method = 'GET' Headers = @{ 'Accept' = 'text/html' Authorization = "Bearer $global:BearerToken" @@ -308,8 +310,9 @@ function Run-ASoC-DownloadReport($eportID){ function Run-ASoC-GetIssueCount($scanID, $policyScope){ #/api/v2/Issues/CountBySeverity/{scope}/{scopeId} + #/api/v4/Issues/Scan/?applyPolicies=all&$filter=status eq 'Open' or Status eq 'InProgress' or Status eq 'Reopened' or Status eq ‘New’ &$apply=groupby((Status,Severity),aggregate($count as N)) $params = @{ - Uri = "$global:BaseAPIUrl/Issues/CountBySeverity/Scan/$scanID"+"?applyPolicies="+"$policyScope" + Uri = "$global:BaseAPIUrl/Issues/Scan/$scanID"+"?applyPolicies="+"$policyScope"+"&%24filter=Status%20eq%20%27Open%27%20or%20Status%20eq%20%27InProgress%27%20or%20Status%20eq%20%27Reopened%27%20or%20Status%20eq%20%27New%27&%24apply=groupby%28%28Status%2CSeverity%29%2Caggregate%28%24count%20as%20N%29%29"" Method = 'GET' Headers = @{ 'Content-Type' = 'application/json' @@ -395,7 +398,7 @@ function Run-ASoC-GetAllIssuesFromScan($scanId){ #Download Report $params = @{ Uri = "$global:BaseAPIUrl/Issues/Scan/$scanId"+"?applyPolicies=None&%24inlinecount=allpages" - Method = 'Get' + Method = 'GET' Headers = @{ 'Accept' = 'text/html' Authorization = "Bearer $global:BearerToken" @@ -412,7 +415,7 @@ function Run-ASoC-SetCommentForIssue($issueId,$inputComment){ #Download Report $params = @{ Uri = "$global:BaseAPIUrl/Issues/$issueId" - Method = 'Put' + Method = 'PUT' Headers = @{ Authorization = "Bearer $global:BearerToken" 'Content-Type' = 'application/json' @@ -430,13 +433,11 @@ function Run-ASoC-SetCommentForIssue($issueId,$inputComment){ #DELETE function Run-ASoC-SetBatchComments($scanId, $inputComment){ - - #https://cloud.appscan.com/api/v2/Issues/Scan/9d989c39-70bf-ed11-ba76-14cb65723612?odataFilter=test&applyPolicies=None $params = @{ Uri = "$global:BaseAPIUrl/Issues/Scan/$issueId"+"applyPolicies=None" - Method = 'Put' + Method = 'PUT' Headers = @{ Authorization = "Bearer $global:BearerToken" 'Content-Type' = 'application/json' @@ -456,8 +457,8 @@ function Run-ASoC-GetScanDetails($scanId){ #$latestScanExecutionId = '' $params = @{ - Uri = "$global:BaseAPIUrl/Scans/$scanId" - Method = 'Get' + Uri = "$global:BaseAPIUrl/Scans/"+"?$filter=Id%20eq%20"+$scanId + Method = 'GET' Headers = @{ Authorization = "Bearer $global:BearerToken" 'Content-Type' = 'application/json' @@ -466,7 +467,9 @@ function Run-ASoC-GetScanDetails($scanId){ #DEBUG Write-Debug ($params | Format-Table | Out-String) - $jsonOutput = Invoke-RestMethod @params + $response = Invoke-RestMethod @params + $array = $response.Items + $jsonOutput = $array[0] #$latestScanExecutionId = $jsonOutput.LatestExecution.Id return $jsonOutput @@ -524,7 +527,7 @@ function Run-ASoC-CreatePresence($presenceName){ #CREATE PRESENCE $params = @{ Uri = "$global:BaseAPIUrl/Presences" - Method = 'Post' + Method = 'POST' Headers = @{ Authorization = "Bearer $global:BearerToken" 'Content-Type' = 'application/json' @@ -548,8 +551,8 @@ function Run-ASoC-DownloadPresence($presenceId, $OutputFileName, $platform){ #DOWNLOAD PRESENCE ZIP FILE $params = @{ - Uri = "$global:BaseAPIUrl/Presences/"+$presenceId+"/DownloadV2?platform="+$platform - Method = 'Post' + Uri = "$global:BaseAPIUrl/Presences/"+$presenceId+"/Download/"+$platform + Method = 'GET' Headers = @{ Authorization = "Bearer $global:BearerToken" 'Content-Type' = 'application/json' @@ -570,7 +573,7 @@ function Run-ASoC-DeletePresence($presenceId){ $params = @{ Uri = "$global:BaseAPIUrl/Presences/"+$presenceId - Method = 'Delete' + Method = 'DELETE' Headers = @{ Authorization = "Bearer $global:BearerToken" 'Content-Type' = 'application/json' @@ -600,7 +603,7 @@ function Run-ASoC-GetPresenceIdGivenPresenceName($presenceName){ $params = @{ Uri = "$global:BaseAPIUrl/Presences/" - Method = 'Get' + Method = 'GET' Headers = @{ Authorization = "Bearer $global:BearerToken" 'Content-Type' = 'application/json' @@ -610,8 +613,9 @@ function Run-ASoC-GetPresenceIdGivenPresenceName($presenceName){ Write-Debug ($params | Format-Table | Out-String) $response = Invoke-RestMethod @params + $array = $response.Items - foreach($i in $response){ + foreach($i in $array[i]){ if($i.PresenceName -eq $presenceName){ return $i.Id } @@ -622,8 +626,8 @@ function Run-ASoC-CheckPresenceStatus($presenceId){ #CREATE PRESENCE $params = @{ - Uri = "$global:BaseAPIUrl/Presences/"+$presenceId - Method = 'Get' + Uri = "$global:BaseAPIUrl/Presences/"+"$filter=Id eq "+$presenceId + Method = 'GET' Headers = @{ Authorization = "Bearer $global:BearerToken" 'Content-Type' = 'application/json' @@ -632,13 +636,15 @@ function Run-ASoC-CheckPresenceStatus($presenceId){ #DEBUG Write-Debug ($params | Format-Table | Out-String) - $jsonOutput = Invoke-RestMethod @params + $response = Invoke-RestMethod @params + $array = $response.Items + $jsonOutput = $array[0] if($jsonOutput.Status -eq 'Active'){ Write-Host "AppScan Presence with ID: $presenceId is in active state. " return $true }else{ - Write-Host "AppScan Presence with ID:" $presenceId "is NOT yet in active state. State =" $jsonOutput.Status + Write-Host "AppScan Presence with ID:" $presenceId "is NOT yet in active state. State =" $array.Status return $false } } diff --git a/cancelJob.ps1 b/cancelJob.ps1 index 9394889..48a77c8 100644 --- a/cancelJob.ps1 +++ b/cancelJob.ps1 @@ -23,7 +23,7 @@ $DebugPreference = "SilentlyContinue" $scanidFileName = ".\scanid.txt" $ephemeralPresenceIdFileName =".\ephemeralPresenceId.txt" -$global:BaseAPIUrl = $env:INPUT_BASEURL + "/api/V2" +$global:BaseAPIUrl = $env:INPUT_BASEURL + "/api/v4" #LOAD ALL ASOC FUNCTIONS FROM LIBRARY FILE asoc.ps1 . "$env:GITHUB_ACTION_PATH/asoc.ps1" diff --git a/main.ps1 b/main.ps1 index 8bf5cd1..45a2855 100644 --- a/main.ps1 +++ b/main.ps1 @@ -39,7 +39,7 @@ $global:jsonBodyInPSObject = "" $global:scanId = "" $env:scanId = "" $global:BaseAPIUrl = "" -$global:BaseAPIUrl = $env:INPUT_BASEURL + "/api/V2" +$global:BaseAPIUrl = $env:INPUT_BASEURL + "/api/v4" Write-Debug $global:BaseAPIUrl $global:ephemeralPresenceId = "" $global:GithubRunURL = "$env:GITHUB_SERVER_URL/$env:GITHUB_REPOSITORY/actions/runs/$env:GITHUB_RUN_ID" From 88ce34f93dddb417d88bc5375434cc756d3d6b21 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Fri, 9 Aug 2024 18:47:27 +0530 Subject: [PATCH 02/87] Update asoc.ps1 --- asoc.ps1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/asoc.ps1 b/asoc.ps1 index 0bc59a3..2947a89 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -309,10 +309,9 @@ function Run-ASoC-DownloadReport($reportID){ #policies options are 'All' or 'None' function Run-ASoC-GetIssueCount($scanID, $policyScope){ - #/api/v2/Issues/CountBySeverity/{scope}/{scopeId} #/api/v4/Issues/Scan/?applyPolicies=all&$filter=status eq 'Open' or Status eq 'InProgress' or Status eq 'Reopened' or Status eq ‘New’ &$apply=groupby((Status,Severity),aggregate($count as N)) $params = @{ - Uri = "$global:BaseAPIUrl/Issues/Scan/$scanID"+"?applyPolicies="+"$policyScope"+"&%24filter=Status%20eq%20%27Open%27%20or%20Status%20eq%20%27InProgress%27%20or%20Status%20eq%20%27Reopened%27%20or%20Status%20eq%20%27New%27&%24apply=groupby%28%28Status%2CSeverity%29%2Caggregate%28%24count%20as%20N%29%29"" + Uri = "$global:BaseAPIUrl/Issues/Scan/$scanID"+"?applyPolicies="+"$policyScope"+"&%24filter=Status%20eq%20%27Open%27%20or%20Status%20eq%20%27InProgress%27%20or%20Status%20eq%20%27Reopened%27%20or%20Status%20eq%20%27New%27&%24apply=groupby%28%28Status%2CSeverity%29%2Caggregate%28%24count%20as%20N%29%29" Method = 'GET' Headers = @{ 'Content-Type' = 'application/json' From 81b7e93fc562c3e3d0b5c88aba95eecb7ea81ab7 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Fri, 9 Aug 2024 21:29:00 +0530 Subject: [PATCH 03/87] Update asoc.ps1 --- asoc.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/asoc.ps1 b/asoc.ps1 index 2947a89..1a776ee 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -308,7 +308,7 @@ function Run-ASoC-DownloadReport($reportID){ } #policies options are 'All' or 'None' function Run-ASoC-GetIssueCount($scanID, $policyScope){ - + #/api/v4/Issues/Scan/?applyPolicies=all&$filter=status eq 'Open' or Status eq 'InProgress' or Status eq 'Reopened' or Status eq ‘New’ &$apply=groupby((Status,Severity),aggregate($count as N)) $params = @{ Uri = "$global:BaseAPIUrl/Issues/Scan/$scanID"+"?applyPolicies="+"$policyScope"+"&%24filter=Status%20eq%20%27Open%27%20or%20Status%20eq%20%27InProgress%27%20or%20Status%20eq%20%27Reopened%27%20or%20Status%20eq%20%27New%27&%24apply=groupby%28%28Status%2CSeverity%29%2Caggregate%28%24count%20as%20N%29%29" @@ -614,7 +614,7 @@ function Run-ASoC-GetPresenceIdGivenPresenceName($presenceName){ $response = Invoke-RestMethod @params $array = $response.Items - foreach($i in $array[i]){ + foreach($i in $array){ if($i.PresenceName -eq $presenceName){ return $i.Id } From 62048aa556f5dfb94823db8f68acbf389dc1c57b Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Mon, 12 Aug 2024 10:50:08 +0530 Subject: [PATCH 04/87] Update action.yml --- action.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/action.yml b/action.yml index 3e03eb0..20576e7 100644 --- a/action.yml +++ b/action.yml @@ -93,24 +93,24 @@ inputs: #misc settings email_notification: - description: 'Send email notification uponn scan completion' + description: 'Send email notification upon scan completion' required: false - default: 'false' + default: false personal_scan: description: 'set to personal scan' required: false - default: 'false' + default: false #intervention: # description: 'allow scan intervention' # required: false - # default: 'false' + # default: false #Wait for analysis settings wait_for_analysis: description: 'Set this true to wait for analysis to complete before finishing job.' required: true - default: 'true' + default: true wait_for_analysis_timeout_minutes: description: 'maximum duration in minutes before the job will no longer wait and proceeds to complete, default is 360 (6 hours)' From 5aaff829e2acfb2d6f543af5ca7349d25e1f3c7f Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Mon, 12 Aug 2024 11:49:52 +0530 Subject: [PATCH 05/87] handling boolean parameters --- action.yml | 2 -- asoc.ps1 | 7 +++++++ main.ps1 | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/action.yml b/action.yml index 20576e7..48e88f5 100644 --- a/action.yml +++ b/action.yml @@ -95,12 +95,10 @@ inputs: email_notification: description: 'Send email notification upon scan completion' required: false - default: false personal_scan: description: 'set to personal scan' required: false - default: false #intervention: # description: 'allow scan intervention' # required: false diff --git a/asoc.ps1 b/asoc.ps1 index 1a776ee..482907a 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -131,6 +131,13 @@ function Run-ASoC-DynamicAnalyzerWithFile{ return Run-ASoC-DynamicAnalyzerAPI($jsonBodyInPSObject | ConvertTo-Json) } +function Update-BooleanParameters($json){ + + $json.Add("EnableMailNotification", $env:INPUT_EMAIL_NOTIFICATION) + $json.Add("Personal", $env:INPUT_PERSONAL_SCAN) + +} + function Run-ASoC-DynamicAnalyzerAPI($json){ diff --git a/main.ps1 b/main.ps1 index 45a2855..c765042 100644 --- a/main.ps1 +++ b/main.ps1 @@ -63,11 +63,11 @@ $global:jsonBodyInPSObject = @{ OnlyFullResults = $true FullyAutomatic = $true ScanName = $global:scan_name - EnableMailNotification = $env:INPUT_EMAIL_NOTIFICATION + #EnableMailNotification = $env:INPUT_EMAIL_NOTIFICATION Locale = 'en-US' AppId = $env:INPUT_APPLICATION_ID Execute = $true - Personal = $env:INPUT_PERSONAL_SCAN + #Personal = $env:INPUT_PERSONAL_SCAN } #LOAD ALL ASOC FUNCTIONS FROM LIBRARY FILE asoc.ps1 From df769985a8e6c3f864bdf9887c73687a1c66462a Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Mon, 12 Aug 2024 12:56:41 +0530 Subject: [PATCH 06/87] Created a ScanConfiguration JSON --- asoc.ps1 | 4 ++-- main.ps1 | 26 ++++++++++++++++++++++---- 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/asoc.ps1 b/asoc.ps1 index 482907a..bb5f30b 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -107,8 +107,8 @@ function Run-ASoC-DynamicAnalyzerNoAuth { function Run-ASoC-DynamicAnalyzerUserPass{ Write-Host "Proceeding with username and password login..." -ForegroundColor Green - $global:jsonBodyInPSObject.Add("UserName",$env:INPUT_LOGIN_USER) - $global:jsonBodyInPSObject.Add("Password",$env:INPUT_LOGIN_PASSWORD) + $global:LoginJSON.Add("UserName",$env:INPUT_LOGIN_USER) + $global:LoginJSON.Add("Password",$env:INPUT_LOGIN_PASSWORD) return Run-ASoC-DynamicAnalyzerAPI($jsonBodyInPSObject | ConvertTo-Json) } diff --git a/main.ps1 b/main.ps1 index c765042..0d65f30 100644 --- a/main.ps1 +++ b/main.ps1 @@ -55,19 +55,37 @@ $global:ephemeralPresenceName = "Github Runner $env:RUNNER_TRACKING_ID" $global:jsonBodyInPSObject = @{ ScanType = $env:INPUT_SCAN_TYPE IncludeVerifiedDomains = $true - StartingUrl = $env:INPUT_STARTING_URL - TestOptimizationLevel = $env:INPUT_OPTIMIZATION + ScanConfiguration = $global.ScanConfigurationJSON UseAutomaticTimeout = $true MaxRequestsIn = 10 MaxRequestsTimeFrame = 1000 OnlyFullResults = $true FullyAutomatic = $true ScanName = $global:scan_name - #EnableMailNotification = $env:INPUT_EMAIL_NOTIFICATION + EnableMailNotification = $env:INPUT_EMAIL_NOTIFICATION Locale = 'en-US' AppId = $env:INPUT_APPLICATION_ID Execute = $true - #Personal = $env:INPUT_PERSONAL_SCAN + Personal = $env:INPUT_PERSONAL_SCAN +} + +$global:ScanConfigurationJSON = @{ + Target = TargetJSON + Login = LoginJSON + Tests = TestsJSON + +} + +$global:TargetJSON = @{ + StartingUrl = $env:INPUT_STARTING_URL +} + +$global:LoginJSON = @{ + +} + +$global:TestsJSON = @{ + TestOptimizationLevel = $env:INPUT_OPTIMIZATION } #LOAD ALL ASOC FUNCTIONS FROM LIBRARY FILE asoc.ps1 From e87d8c2a65904201b97963ab31ef7d83a3015423 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Mon, 12 Aug 2024 12:59:50 +0530 Subject: [PATCH 07/87] Update main.ps1 --- main.ps1 | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/main.ps1 b/main.ps1 index 0d65f30..2a59c8d 100644 --- a/main.ps1 +++ b/main.ps1 @@ -70,10 +70,9 @@ $global:jsonBodyInPSObject = @{ } $global:ScanConfigurationJSON = @{ - Target = TargetJSON - Login = LoginJSON - Tests = TestsJSON - + Target = $global.TargetJSON + Login = $global.LoginJSON + Tests = $global.TestsJSON } $global:TargetJSON = @{ @@ -81,7 +80,6 @@ $global:TargetJSON = @{ } $global:LoginJSON = @{ - } $global:TestsJSON = @{ From 6d9b7a79ec0ebd395992d0c1c7d1460bd603d39d Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Mon, 12 Aug 2024 14:15:15 +0530 Subject: [PATCH 08/87] handling boolean parameters of request body --- action.yml | 1 - asoc.ps1 | 1 + main.ps1 | 4 ++-- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/action.yml b/action.yml index 48e88f5..1954072 100644 --- a/action.yml +++ b/action.yml @@ -108,7 +108,6 @@ inputs: wait_for_analysis: description: 'Set this true to wait for analysis to complete before finishing job.' required: true - default: true wait_for_analysis_timeout_minutes: description: 'maximum duration in minutes before the job will no longer wait and proceeds to complete, default is 360 (6 hours)' diff --git a/asoc.ps1 b/asoc.ps1 index bb5f30b..c820a7a 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -141,6 +141,7 @@ function Update-BooleanParameters($json){ function Run-ASoC-DynamicAnalyzerAPI($json){ + Update-BooleanParameters($json) write-host $json $params = @{ Uri = "$global:BaseAPIUrl/Scans/Dast" diff --git a/main.ps1 b/main.ps1 index 2a59c8d..a440185 100644 --- a/main.ps1 +++ b/main.ps1 @@ -62,11 +62,11 @@ $global:jsonBodyInPSObject = @{ OnlyFullResults = $true FullyAutomatic = $true ScanName = $global:scan_name - EnableMailNotification = $env:INPUT_EMAIL_NOTIFICATION + #EnableMailNotification = $env:INPUT_EMAIL_NOTIFICATION Locale = 'en-US' AppId = $env:INPUT_APPLICATION_ID Execute = $true - Personal = $env:INPUT_PERSONAL_SCAN + #Personal = $env:INPUT_PERSONAL_SCAN } $global:ScanConfigurationJSON = @{ From 3b222a88ffc2fd06d4d4d63aebfbf90485860698 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Mon, 12 Aug 2024 14:17:18 +0530 Subject: [PATCH 09/87] Update asoc.ps1 --- asoc.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/asoc.ps1 b/asoc.ps1 index c820a7a..75506de 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -141,7 +141,7 @@ function Update-BooleanParameters($json){ function Run-ASoC-DynamicAnalyzerAPI($json){ - Update-BooleanParameters($json) + #Update-BooleanParameters($json) write-host $json $params = @{ Uri = "$global:BaseAPIUrl/Scans/Dast" From cc02f66fe91c514befa97d6e1be4b476c5d2ff1d Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Mon, 12 Aug 2024 14:46:26 +0530 Subject: [PATCH 10/87] Update main.ps1 --- main.ps1 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/main.ps1 b/main.ps1 index a440185..0eb2dbf 100644 --- a/main.ps1 +++ b/main.ps1 @@ -67,6 +67,9 @@ $global:jsonBodyInPSObject = @{ AppId = $env:INPUT_APPLICATION_ID Execute = $true #Personal = $env:INPUT_PERSONAL_SCAN + Target = $global.TargetJSON + Login = $global.LoginJSON + Tests = $global.TestsJSON } $global:ScanConfigurationJSON = @{ From 1226231aefed8792aa6012fd7df2f61623298f0c Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Mon, 12 Aug 2024 15:22:43 +0530 Subject: [PATCH 11/87] Update main.ps1 --- main.ps1 | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/main.ps1 b/main.ps1 index 0eb2dbf..44f3fa4 100644 --- a/main.ps1 +++ b/main.ps1 @@ -55,7 +55,15 @@ $global:ephemeralPresenceName = "Github Runner $env:RUNNER_TRACKING_ID" $global:jsonBodyInPSObject = @{ ScanType = $env:INPUT_SCAN_TYPE IncludeVerifiedDomains = $true - ScanConfiguration = $global.ScanConfigurationJSON + ScanConfiguration = { + Target = @{ + StartingUrl = $env:INPUT_STARTING_URL + }, + + Tests = @{ + TestOptimizationLevel = $env:INPUT_OPTIMIZATION + } + } UseAutomaticTimeout = $true MaxRequestsIn = 10 MaxRequestsTimeFrame = 1000 From 1ee5c9d78088003996338bbefe312a13bb5fdd77 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Mon, 12 Aug 2024 16:23:42 +0530 Subject: [PATCH 12/87] Update main.ps1 --- main.ps1 | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/main.ps1 b/main.ps1 index 44f3fa4..6ae3470 100644 --- a/main.ps1 +++ b/main.ps1 @@ -55,13 +55,14 @@ $global:ephemeralPresenceName = "Github Runner $env:RUNNER_TRACKING_ID" $global:jsonBodyInPSObject = @{ ScanType = $env:INPUT_SCAN_TYPE IncludeVerifiedDomains = $true + #ScanConfiguration = $global:ScanConfigurationJSON ScanConfiguration = { - Target = @{ - StartingUrl = $env:INPUT_STARTING_URL - }, + 'Target' = @{ + 'StartingUrl' = "$env:INPUT_STARTING_URL" + } - Tests = @{ - TestOptimizationLevel = $env:INPUT_OPTIMIZATION + 'Tests' = @{ + 'TestOptimizationLevel' = "$env:INPUT_OPTIMIZATION" } } UseAutomaticTimeout = $true From ed27a4b933c9f39d846db962958d84066ccc81fa Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Mon, 12 Aug 2024 16:28:52 +0530 Subject: [PATCH 13/87] Update main.ps1 --- main.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/main.ps1 b/main.ps1 index 6ae3470..c41b0c6 100644 --- a/main.ps1 +++ b/main.ps1 @@ -57,12 +57,12 @@ $global:jsonBodyInPSObject = @{ IncludeVerifiedDomains = $true #ScanConfiguration = $global:ScanConfigurationJSON ScanConfiguration = { - 'Target' = @{ - 'StartingUrl' = "$env:INPUT_STARTING_URL" + "Target" = @{ + "StartingUrl" = "$env:INPUT_STARTING_URL" } - 'Tests' = @{ - 'TestOptimizationLevel' = "$env:INPUT_OPTIMIZATION" + "Tests" = @{ + "TestOptimizationLevel" = "$env:INPUT_OPTIMIZATION" } } UseAutomaticTimeout = $true From cac8fbe2bde391391cf33be5f57f3b28af8a9c36 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Mon, 12 Aug 2024 16:35:57 +0530 Subject: [PATCH 14/87] Update main.ps1 --- main.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/main.ps1 b/main.ps1 index c41b0c6..5464d9d 100644 --- a/main.ps1 +++ b/main.ps1 @@ -58,11 +58,11 @@ $global:jsonBodyInPSObject = @{ #ScanConfiguration = $global:ScanConfigurationJSON ScanConfiguration = { "Target" = @{ - "StartingUrl" = "$env:INPUT_STARTING_URL" + "StartingUrl" = $env:INPUT_STARTING_URL } "Tests" = @{ - "TestOptimizationLevel" = "$env:INPUT_OPTIMIZATION" + "TestOptimizationLevel" = $env:INPUT_OPTIMIZATION } } UseAutomaticTimeout = $true From ed9f25a792ebb21f9e040d2e12071aa054789d22 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Mon, 12 Aug 2024 16:49:53 +0530 Subject: [PATCH 15/87] Update main.ps1 --- main.ps1 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/main.ps1 b/main.ps1 index 5464d9d..c3cf4f4 100644 --- a/main.ps1 +++ b/main.ps1 @@ -56,13 +56,13 @@ $global:jsonBodyInPSObject = @{ ScanType = $env:INPUT_SCAN_TYPE IncludeVerifiedDomains = $true #ScanConfiguration = $global:ScanConfigurationJSON - ScanConfiguration = { - "Target" = @{ - "StartingUrl" = $env:INPUT_STARTING_URL + 'ScanConfiguration' = { + 'Target' = @{ + 'StartingUrl' = $env:INPUT_STARTING_URL } - "Tests" = @{ - "TestOptimizationLevel" = $env:INPUT_OPTIMIZATION + 'Tests' = @{ + 'TestOptimizationLevel' = $env:INPUT_OPTIMIZATION } } UseAutomaticTimeout = $true From a457cd407331865c78c75cc0bf2d2646e9ee3681 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Mon, 12 Aug 2024 16:58:30 +0530 Subject: [PATCH 16/87] Update main.ps1 --- main.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.ps1 b/main.ps1 index c3cf4f4..21df44b 100644 --- a/main.ps1 +++ b/main.ps1 @@ -57,7 +57,7 @@ $global:jsonBodyInPSObject = @{ IncludeVerifiedDomains = $true #ScanConfiguration = $global:ScanConfigurationJSON 'ScanConfiguration' = { - 'Target' = @{ + Target = @{ 'StartingUrl' = $env:INPUT_STARTING_URL } From e21b3283130a90ef5e5baeb1492fef78f91a5ce8 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Mon, 12 Aug 2024 16:59:50 +0530 Subject: [PATCH 17/87] Update main.ps1 --- main.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.ps1 b/main.ps1 index 21df44b..d7898fe 100644 --- a/main.ps1 +++ b/main.ps1 @@ -61,7 +61,7 @@ $global:jsonBodyInPSObject = @{ 'StartingUrl' = $env:INPUT_STARTING_URL } - 'Tests' = @{ + Tests = @{ 'TestOptimizationLevel' = $env:INPUT_OPTIMIZATION } } From 07baf5a746081716d7ca0733c38a393d85bd3788 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Mon, 12 Aug 2024 17:05:03 +0530 Subject: [PATCH 18/87] Update main.ps1 --- main.ps1 | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/main.ps1 b/main.ps1 index d7898fe..173df36 100644 --- a/main.ps1 +++ b/main.ps1 @@ -56,7 +56,7 @@ $global:jsonBodyInPSObject = @{ ScanType = $env:INPUT_SCAN_TYPE IncludeVerifiedDomains = $true #ScanConfiguration = $global:ScanConfigurationJSON - 'ScanConfiguration' = { + ScanConfiguration = { Target = @{ 'StartingUrl' = $env:INPUT_STARTING_URL } @@ -81,11 +81,11 @@ $global:jsonBodyInPSObject = @{ Tests = $global.TestsJSON } -$global:ScanConfigurationJSON = @{ - Target = $global.TargetJSON - Login = $global.LoginJSON - Tests = $global.TestsJSON -} +#$global:ScanConfigurationJSON = @{ + #Target = $global.TargetJSON + #Login = $global.LoginJSON + #Tests = $global.TestsJSON +#} $global:TargetJSON = @{ StartingUrl = $env:INPUT_STARTING_URL @@ -95,7 +95,7 @@ $global:LoginJSON = @{ } $global:TestsJSON = @{ - TestOptimizationLevel = $env:INPUT_OPTIMIZATION + 'TestOptimizationLevel' = $env:INPUT_OPTIMIZATION } #LOAD ALL ASOC FUNCTIONS FROM LIBRARY FILE asoc.ps1 From 8ac452856b84f692da21cd9600bef4150492a505 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Mon, 12 Aug 2024 17:19:03 +0530 Subject: [PATCH 19/87] Update main.ps1 --- main.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/main.ps1 b/main.ps1 index 173df36..1e06ad7 100644 --- a/main.ps1 +++ b/main.ps1 @@ -76,9 +76,9 @@ $global:jsonBodyInPSObject = @{ AppId = $env:INPUT_APPLICATION_ID Execute = $true #Personal = $env:INPUT_PERSONAL_SCAN - Target = $global.TargetJSON - Login = $global.LoginJSON - Tests = $global.TestsJSON + Target = $global:TargetJSON + Login = $global:LoginJSON + Tests = $global:TestsJSON } #$global:ScanConfigurationJSON = @{ From 85d1d144c47af7e85592d11b1076f1a40b59e2a1 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Tue, 13 Aug 2024 00:08:01 +0530 Subject: [PATCH 20/87] Update main.ps1 --- main.ps1 | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/main.ps1 b/main.ps1 index 1e06ad7..b3254aa 100644 --- a/main.ps1 +++ b/main.ps1 @@ -56,7 +56,7 @@ $global:jsonBodyInPSObject = @{ ScanType = $env:INPUT_SCAN_TYPE IncludeVerifiedDomains = $true #ScanConfiguration = $global:ScanConfigurationJSON - ScanConfiguration = { + ScanConfiguration = @{ Target = @{ 'StartingUrl' = $env:INPUT_STARTING_URL } @@ -76,17 +76,18 @@ $global:jsonBodyInPSObject = @{ AppId = $env:INPUT_APPLICATION_ID Execute = $true #Personal = $env:INPUT_PERSONAL_SCAN + 'Target' = $global:TargetJSON + 'Login' = $global:LoginJSON + 'Tests' = $global:TestsJSON + Configuration = $global:ScanConfigurationJSON +} + +$global:ScanConfigurationJSON = @{ Target = $global:TargetJSON Login = $global:LoginJSON Tests = $global:TestsJSON } -#$global:ScanConfigurationJSON = @{ - #Target = $global.TargetJSON - #Login = $global.LoginJSON - #Tests = $global.TestsJSON -#} - $global:TargetJSON = @{ StartingUrl = $env:INPUT_STARTING_URL } @@ -95,7 +96,7 @@ $global:LoginJSON = @{ } $global:TestsJSON = @{ - 'TestOptimizationLevel' = $env:INPUT_OPTIMIZATION + TestOptimizationLevel = $env:INPUT_OPTIMIZATION } #LOAD ALL ASOC FUNCTIONS FROM LIBRARY FILE asoc.ps1 From 546c510ff635170e1e210c5d2b49fd3d712fd216 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Tue, 13 Aug 2024 00:36:20 +0530 Subject: [PATCH 21/87] Updated the request body for scan API call --- asoc.ps1 | 8 ++++---- main.ps1 | 24 +++--------------------- 2 files changed, 7 insertions(+), 25 deletions(-) diff --git a/asoc.ps1 b/asoc.ps1 index 75506de..50c13d6 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -107,8 +107,8 @@ function Run-ASoC-DynamicAnalyzerNoAuth { function Run-ASoC-DynamicAnalyzerUserPass{ Write-Host "Proceeding with username and password login..." -ForegroundColor Green - $global:LoginJSON.Add("UserName",$env:INPUT_LOGIN_USER) - $global:LoginJSON.Add("Password",$env:INPUT_LOGIN_PASSWORD) + $global:jsonBodyInPSObject.ScanConfiguration.Login.Add("UserName",$env:INPUT_LOGIN_USER) + $global:jsonBodyInPSObject.ScanConfiguration.Login.Add("Password",$env:INPUT_LOGIN_PASSWORD) return Run-ASoC-DynamicAnalyzerAPI($jsonBodyInPSObject | ConvertTo-Json) } @@ -418,10 +418,10 @@ function Run-ASoC-GetAllIssuesFromScan($scanId){ return $jsonIssues } -function Run-ASoC-SetCommentForIssue($issueId,$inputComment){ +function Run-ASoC-SetCommentForIssue($scanId, $issueId,$inputComment){ #Download Report $params = @{ - Uri = "$global:BaseAPIUrl/Issues/$issueId" + Uri = "$global:BaseAPIUrl/Issues/Scan/$scanId"+"?odataFilter=Id%20eq%20"+$issueId Method = 'PUT' Headers = @{ Authorization = "Bearer $global:BearerToken" diff --git a/main.ps1 b/main.ps1 index b3254aa..78d79af 100644 --- a/main.ps1 +++ b/main.ps1 @@ -61,6 +61,9 @@ $global:jsonBodyInPSObject = @{ 'StartingUrl' = $env:INPUT_STARTING_URL } + Login = @{ + } + Tests = @{ 'TestOptimizationLevel' = $env:INPUT_OPTIMIZATION } @@ -76,27 +79,6 @@ $global:jsonBodyInPSObject = @{ AppId = $env:INPUT_APPLICATION_ID Execute = $true #Personal = $env:INPUT_PERSONAL_SCAN - 'Target' = $global:TargetJSON - 'Login' = $global:LoginJSON - 'Tests' = $global:TestsJSON - Configuration = $global:ScanConfigurationJSON -} - -$global:ScanConfigurationJSON = @{ - Target = $global:TargetJSON - Login = $global:LoginJSON - Tests = $global:TestsJSON -} - -$global:TargetJSON = @{ - StartingUrl = $env:INPUT_STARTING_URL -} - -$global:LoginJSON = @{ -} - -$global:TestsJSON = @{ - TestOptimizationLevel = $env:INPUT_OPTIMIZATION } #LOAD ALL ASOC FUNCTIONS FROM LIBRARY FILE asoc.ps1 From 5b2e8deb9dc1dde6f5650923905b2b5324648e3d Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Tue, 13 Aug 2024 01:38:35 +0530 Subject: [PATCH 22/87] Update asoc.ps1 --- asoc.ps1 | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/asoc.ps1 b/asoc.ps1 index 50c13d6..54cd650 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -131,14 +131,6 @@ function Run-ASoC-DynamicAnalyzerWithFile{ return Run-ASoC-DynamicAnalyzerAPI($jsonBodyInPSObject | ConvertTo-Json) } -function Update-BooleanParameters($json){ - - $json.Add("EnableMailNotification", $env:INPUT_EMAIL_NOTIFICATION) - $json.Add("Personal", $env:INPUT_PERSONAL_SCAN) - -} - - function Run-ASoC-DynamicAnalyzerAPI($json){ #Update-BooleanParameters($json) @@ -404,7 +396,7 @@ function Run-ASoC-GetAllIssuesFromScan($scanId){ #Download Report $params = @{ - Uri = "$global:BaseAPIUrl/Issues/Scan/$scanId"+"?applyPolicies=None&%24inlinecount=allpages" + Uri = "$global:BaseAPIUrl/Issues/Scan/$scanId"+"?applyPolicies=None" Method = 'GET' Headers = @{ 'Accept' = 'text/html' @@ -421,7 +413,7 @@ function Run-ASoC-GetAllIssuesFromScan($scanId){ function Run-ASoC-SetCommentForIssue($scanId, $issueId,$inputComment){ #Download Report $params = @{ - Uri = "$global:BaseAPIUrl/Issues/Scan/$scanId"+"?odataFilter=Id%20eq%20"+$issueId + Uri = "$global:BaseAPIUrl/Issues/Scan/"+ $scanId + "?odatafilter=Id eq" $issueId Method = 'PUT' Headers = @{ Authorization = "Bearer $global:BearerToken" @@ -464,7 +456,7 @@ function Run-ASoC-GetScanDetails($scanId){ #$latestScanExecutionId = '' $params = @{ - Uri = "$global:BaseAPIUrl/Scans/"+"?$filter=Id%20eq%20"+$scanId + Uri = "$global:BaseAPIUrl/Scans/"+"?$filter=Id eq "+$scanId Method = 'GET' Headers = @{ Authorization = "Bearer $global:BearerToken" From d17d2cc0706990f27debf0e06f307a0000464c57 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Tue, 13 Aug 2024 11:14:44 +0530 Subject: [PATCH 23/87] Update asoc.ps1 --- asoc.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/asoc.ps1 b/asoc.ps1 index 54cd650..a303858 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -413,7 +413,7 @@ function Run-ASoC-GetAllIssuesFromScan($scanId){ function Run-ASoC-SetCommentForIssue($scanId, $issueId,$inputComment){ #Download Report $params = @{ - Uri = "$global:BaseAPIUrl/Issues/Scan/"+ $scanId + "?odatafilter=Id eq" $issueId + Uri = "$global:BaseAPIUrl/Issues/Scan/"+$scanId+"?odatafilter=Id eq"+$issueId Method = 'PUT' Headers = @{ Authorization = "Bearer $global:BearerToken" From effb2b0b1ec23243fdbd48ec22974caa91f26cd1 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Tue, 13 Aug 2024 12:10:04 +0530 Subject: [PATCH 24/87] Update asoc.ps1 --- asoc.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/asoc.ps1 b/asoc.ps1 index a303858..a3b1fcb 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -410,10 +410,10 @@ function Run-ASoC-GetAllIssuesFromScan($scanId){ return $jsonIssues } -function Run-ASoC-SetCommentForIssue($scanId, $issueId,$inputComment){ +function Run-ASoC-SetCommentForIssue($scanId, $issueId, $inputComment){ #Download Report $params = @{ - Uri = "$global:BaseAPIUrl/Issues/Scan/"+$scanId+"?odatafilter=Id eq"+$issueId + Uri = "$global:BaseAPIUrl/Issues/Scan/$scanId"+"?odataFilter=Id%20eq%20"+$issueId Method = 'PUT' Headers = @{ Authorization = "Bearer $global:BearerToken" @@ -435,7 +435,7 @@ function Run-ASoC-SetBatchComments($scanId, $inputComment){ $params = @{ - Uri = "$global:BaseAPIUrl/Issues/Scan/$issueId"+"applyPolicies=None" + Uri = "$global:BaseAPIUrl/Issues/Scan/$scanId"+"applyPolicies=None" Method = 'PUT' Headers = @{ Authorization = "Bearer $global:BearerToken" From 5bc943a82378cd7ebbee8b49b424db4dcd6d11c5 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Tue, 13 Aug 2024 13:00:36 +0530 Subject: [PATCH 25/87] Update main.ps1 --- main.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.ps1 b/main.ps1 index 78d79af..355a5bd 100644 --- a/main.ps1 +++ b/main.ps1 @@ -137,7 +137,7 @@ if($env:INPUT_WAIT_FOR_ANALYSIS -eq $true){ foreach($i in $issueItems){ $issueId = $i.Id Write-Host "Writing Comments for Issue ID: $issueId" - Run-ASoC-SetCommentForIssue $issueId "Issue found during Scan from Github SHA: $env:GITHUB_SHA, URL: $global:GithubRunURL" + Run-ASoC-SetCommentForIssue $scanId $issueId "Issue found during Scan from Github SHA: $env:GITHUB_SHA, URL: $global:GithubRunURL" } #Send for report generation From f1191b9a3c5dcac07999b12f51bc8de8f4693220 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Tue, 13 Aug 2024 14:23:52 +0530 Subject: [PATCH 26/87] Update asoc.ps1 --- asoc.ps1 | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/asoc.ps1 b/asoc.ps1 index a3b1fcb..b90bfc3 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -236,22 +236,22 @@ function Run-ASoC-GenerateReport ($scanID) { } $body = @{ 'Configuration' = @{ - 'Summary' = "true" - 'Details' = "true" - 'Discussion' = "true" - 'Overview' = "true" - 'TableOfContent' = "true" - 'Advisories' = "true" - 'FixRecommendation' = "true" - 'History' = "true" - 'Coverage' = "true" - 'MinimizeDetails' = "true" - 'Articles' = "true" + 'Summary' = true + 'Details' = true + 'Discussion' = true + 'Overview' = true + 'TableOfContent' = true + 'Advisories' = true + 'FixRecommendation' = true + 'History' = true + 'Coverage' = true + 'MinimizeDetails' = true + 'Articles' = true 'ReportFileType' = "HTML" 'Title' = "$global:scan_name" 'Locale' = "en-US" 'Notes' = "Github SHA: $env:GITHUB_SHA" - 'Comments' = "true" + 'Comments' = true } } #DEBUG @@ -427,7 +427,7 @@ function Run-ASoC-SetCommentForIssue($scanId, $issueId, $inputComment){ #Write-Debug ($params | Format-Table | Out-String) $jsonOutput = Invoke-RestMethod @params -Body ($jsonBody|ConvertTo-JSON) - return $jsonOutput + return "Done" } #DELETE From aaf9691d6e9e335c05c919835bdc65da88b08901 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Tue, 13 Aug 2024 15:06:58 +0530 Subject: [PATCH 27/87] removed the unused method --- asoc.ps1 | 46 +++++++++++++--------------------------------- main.ps1 | 1 - 2 files changed, 13 insertions(+), 34 deletions(-) diff --git a/asoc.ps1 b/asoc.ps1 index b90bfc3..80fce4a 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -133,7 +133,6 @@ function Run-ASoC-DynamicAnalyzerWithFile{ function Run-ASoC-DynamicAnalyzerAPI($json){ - #Update-BooleanParameters($json) write-host $json $params = @{ Uri = "$global:BaseAPIUrl/Scans/Dast" @@ -152,25 +151,6 @@ function Run-ASoC-DynamicAnalyzerAPI($json){ return $Members.Id } -function Run-ASoC-DynamicAnalyzerWithFileAPI($json){ - - Write-Debug ($json | Format-Table | Out-String) - $params = @{ - Uri = "$global:BaseAPIUrl/Scans/DynamicAnalyzerWithFile" - Method = 'POST' - Body = $json - Headers = @{ - 'Content-Type' = 'application/json' - Authorization = "Bearer $global:BearerToken" - } - } - #DEBUG - Write-Debug ($params | Format-Table | Out-String) - - $Members = Invoke-RestMethod @params - return $Members.Id -} - function Run-ASoC-DAST{ #FIRST check if dynamic_scan_type is 'upload' or 'dast' @@ -236,29 +216,29 @@ function Run-ASoC-GenerateReport ($scanID) { } $body = @{ 'Configuration' = @{ - 'Summary' = true - 'Details' = true - 'Discussion' = true - 'Overview' = true - 'TableOfContent' = true - 'Advisories' = true - 'FixRecommendation' = true - 'History' = true - 'Coverage' = true - 'MinimizeDetails' = true - 'Articles' = true + 'Summary' = $true + 'Details' = $true + 'Discussion' = $true + 'Overview' = $true + 'TableOfContent' = $true + 'Advisories' = $true + 'FixRecommendation' = $true + 'History' = $true + 'Coverage' = $true + 'MinimizeDetails' = $true + 'Articles' = $true 'ReportFileType' = "HTML" 'Title' = "$global:scan_name" 'Locale' = "en-US" 'Notes' = "Github SHA: $env:GITHUB_SHA" - 'Comments' = true + 'Comments' = $true } } #DEBUG Write-Debug ($params | Format-Table | Out-String) Write-Debug ($body | Format-Table | Out-String) - $output_runreport = Invoke-RestMethod @params -Body ($body|ConvertTo-JSON) + $output_runreport = Invoke-RestMethod @params -Body ($body | ConvertTo-Json) $report_ID = $output_runreport.Id return $report_ID } diff --git a/main.ps1 b/main.ps1 index 355a5bd..d7c1e3a 100644 --- a/main.ps1 +++ b/main.ps1 @@ -55,7 +55,6 @@ $global:ephemeralPresenceName = "Github Runner $env:RUNNER_TRACKING_ID" $global:jsonBodyInPSObject = @{ ScanType = $env:INPUT_SCAN_TYPE IncludeVerifiedDomains = $true - #ScanConfiguration = $global:ScanConfigurationJSON ScanConfiguration = @{ Target = @{ 'StartingUrl' = $env:INPUT_STARTING_URL From fb5d2c917aa6f1941a413c732d1572867449d10e Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Tue, 13 Aug 2024 15:50:37 +0530 Subject: [PATCH 28/87] Update asoc.ps1 --- asoc.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/asoc.ps1 b/asoc.ps1 index 80fce4a..54bdbe7 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -248,7 +248,7 @@ function Run-ASoC-ReportCompletionChecker($reportID){ #Wait for report #/api/v4/Reports $filter= Id eq $params = @{ - Uri = "$global:BaseAPIUrl/Reports" + "$filter= Id eq" + "$reportID" + Uri = "$global:BaseAPIUrl/Reports" + "$filter=Id%20eq%20" + $reportID Method = 'GET' Headers = @{ 'Content-Type' = 'application/json' @@ -581,7 +581,7 @@ function Run-ASoC-DeletePresence($presenceId){ function Run-ASoC-GetPresenceIdGivenPresenceName($presenceName){ $params = @{ - Uri = "$global:BaseAPIUrl/Presences/" + Uri = "$global:BaseAPIUrl/Presences" Method = 'GET' Headers = @{ Authorization = "Bearer $global:BearerToken" From 1aaa67a8e8e7d3012e2065dbc32662eacdc009be Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Tue, 13 Aug 2024 16:38:28 +0530 Subject: [PATCH 29/87] Update asoc.ps1 --- asoc.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/asoc.ps1 b/asoc.ps1 index 54bdbe7..5079742 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -248,7 +248,7 @@ function Run-ASoC-ReportCompletionChecker($reportID){ #Wait for report #/api/v4/Reports $filter= Id eq $params = @{ - Uri = "$global:BaseAPIUrl/Reports" + "$filter=Id%20eq%20" + $reportID + Uri = "$global:BaseAPIUrl/Reports" + "?%24filter=Id%20eq%20" + $reportID Method = 'GET' Headers = @{ 'Content-Type' = 'application/json' From 9b618ff8156b4bc65958304919a47e3ac2e9c43a Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Tue, 13 Aug 2024 16:47:43 +0530 Subject: [PATCH 30/87] Update asoc.ps1 --- asoc.ps1 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/asoc.ps1 b/asoc.ps1 index 5079742..ff9ed0e 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -260,7 +260,8 @@ function Run-ASoC-ReportCompletionChecker($reportID){ $report_status ="Not Ready" while($report_status -ne "Ready"){ - $output = Invoke-RestMethod @params + $json = Invoke-RestMethod @params + $output = $json.Items[0] $report_status = $output.Status Start-Sleep -Seconds 5 Write-Host "Generating Report... Progress: " $output.Progress "%" @@ -436,7 +437,7 @@ function Run-ASoC-GetScanDetails($scanId){ #$latestScanExecutionId = '' $params = @{ - Uri = "$global:BaseAPIUrl/Scans/"+"?$filter=Id eq "+$scanId + Uri = "$global:BaseAPIUrl/Scans/"+"?%24filter=Id%20eq%20"+$scanId Method = 'GET' Headers = @{ Authorization = "Bearer $global:BearerToken" From ad9180723365ec8e0ae2c851af06d1c00a3e126c Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Tue, 13 Aug 2024 17:52:03 +0530 Subject: [PATCH 31/87] handling boolean parameters --- asoc.ps1 | 2 +- main.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/asoc.ps1 b/asoc.ps1 index ff9ed0e..55f0e63 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -308,7 +308,7 @@ function Run-ASoC-GetIssueCount($scanID, $policyScope){ #DEBUG #$jsonOutput - return $jsonOutput + return $jsonOutput.Items } diff --git a/main.ps1 b/main.ps1 index d7c1e3a..b99e9f1 100644 --- a/main.ps1 +++ b/main.ps1 @@ -73,11 +73,11 @@ $global:jsonBodyInPSObject = @{ OnlyFullResults = $true FullyAutomatic = $true ScanName = $global:scan_name - #EnableMailNotification = $env:INPUT_EMAIL_NOTIFICATION + EnableMailNotification = $env:INPUT_EMAIL_NOTIFICATION Locale = 'en-US' AppId = $env:INPUT_APPLICATION_ID Execute = $true - #Personal = $env:INPUT_PERSONAL_SCAN + Personal = $env:INPUT_PERSONAL_SCAN } #LOAD ALL ASOC FUNCTIONS FROM LIBRARY FILE asoc.ps1 From 1c1cef4b56c0c9c17a4aee1c6772850f169e6b04 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Tue, 13 Aug 2024 17:57:31 +0530 Subject: [PATCH 32/87] Update action.yml --- action.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/action.yml b/action.yml index 1954072..7b42b8f 100644 --- a/action.yml +++ b/action.yml @@ -95,10 +95,12 @@ inputs: email_notification: description: 'Send email notification upon scan completion' required: false + default: $false personal_scan: description: 'set to personal scan' required: false + default: $false #intervention: # description: 'allow scan intervention' # required: false From 5b7be74ad78899cfeff44b14f6cdad5b7393f082 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Tue, 13 Aug 2024 18:42:27 +0530 Subject: [PATCH 33/87] handling boolean parameters --- action.yml | 2 -- main.ps1 | 4 ++-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/action.yml b/action.yml index 7b42b8f..1954072 100644 --- a/action.yml +++ b/action.yml @@ -95,12 +95,10 @@ inputs: email_notification: description: 'Send email notification upon scan completion' required: false - default: $false personal_scan: description: 'set to personal scan' required: false - default: $false #intervention: # description: 'allow scan intervention' # required: false diff --git a/main.ps1 b/main.ps1 index b99e9f1..dc06521 100644 --- a/main.ps1 +++ b/main.ps1 @@ -75,9 +75,9 @@ $global:jsonBodyInPSObject = @{ ScanName = $global:scan_name EnableMailNotification = $env:INPUT_EMAIL_NOTIFICATION Locale = 'en-US' - AppId = $env:INPUT_APPLICATION_ID + AppId = $($env:INPUT_APPLICATION_ID) Execute = $true - Personal = $env:INPUT_PERSONAL_SCAN + Personal = $($env:INPUT_PERSONAL_SCAN) } #LOAD ALL ASOC FUNCTIONS FROM LIBRARY FILE asoc.ps1 From 6a84afb718acf43b38a1a0e454eaddd5a8cbf559 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Tue, 13 Aug 2024 18:52:36 +0530 Subject: [PATCH 34/87] handling boolean parameters --- asoc.ps1 | 11 ++++++++++- main.ps1 | 4 +--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/asoc.ps1 b/asoc.ps1 index 55f0e63..f6192a1 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -133,7 +133,8 @@ function Run-ASoC-DynamicAnalyzerWithFile{ function Run-ASoC-DynamicAnalyzerAPI($json){ - write-host $json + $body = updating-BooleanParameters($json) + write-host $body $params = @{ Uri = "$global:BaseAPIUrl/Scans/Dast" Method = 'POST' @@ -151,6 +152,14 @@ function Run-ASoC-DynamicAnalyzerAPI($json){ return $Members.Id } +function updating-BooleanParameters($json) { + + $json.Add("EnableMailNotification", $env:INPUT_EMAIL_NOTIFICATION) + $json.Add("Personal", $env:INPUT_PERSONAL_SCAN) + + return $json +} + function Run-ASoC-DAST{ #FIRST check if dynamic_scan_type is 'upload' or 'dast' diff --git a/main.ps1 b/main.ps1 index dc06521..445e498 100644 --- a/main.ps1 +++ b/main.ps1 @@ -73,11 +73,9 @@ $global:jsonBodyInPSObject = @{ OnlyFullResults = $true FullyAutomatic = $true ScanName = $global:scan_name - EnableMailNotification = $env:INPUT_EMAIL_NOTIFICATION Locale = 'en-US' - AppId = $($env:INPUT_APPLICATION_ID) + AppId = $env:INPUT_APPLICATION_ID Execute = $true - Personal = $($env:INPUT_PERSONAL_SCAN) } #LOAD ALL ASOC FUNCTIONS FROM LIBRARY FILE asoc.ps1 From 2d01c8227b7199c9383101d92d5e5a58874b0734 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Tue, 13 Aug 2024 18:59:08 +0530 Subject: [PATCH 35/87] Update asoc.ps1 --- asoc.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/asoc.ps1 b/asoc.ps1 index f6192a1..f0c3683 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -154,8 +154,8 @@ function Run-ASoC-DynamicAnalyzerAPI($json){ function updating-BooleanParameters($json) { - $json.Add("EnableMailNotification", $env:INPUT_EMAIL_NOTIFICATION) - $json.Add("Personal", $env:INPUT_PERSONAL_SCAN) + $json.Append("EnableMailNotification",$env:INPUT_EMAIL_NOTIFICATION) + $json.Append("Personal",$env:INPUT_PERSONAL_SCAN) return $json } From a098cca8f00a4976b6d941d4d918c8506f40eabf Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Tue, 13 Aug 2024 21:23:24 +0530 Subject: [PATCH 36/87] handling boolean values --- action.yml | 3 +++ asoc.ps1 | 9 --------- main.ps1 | 2 ++ 3 files changed, 5 insertions(+), 9 deletions(-) diff --git a/action.yml b/action.yml index 1954072..cf2983b 100644 --- a/action.yml +++ b/action.yml @@ -95,10 +95,13 @@ inputs: email_notification: description: 'Send email notification upon scan completion' required: false + default: $false + personal_scan: description: 'set to personal scan' required: false + default: $false #intervention: # description: 'allow scan intervention' # required: false diff --git a/asoc.ps1 b/asoc.ps1 index f0c3683..69869c0 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -133,7 +133,6 @@ function Run-ASoC-DynamicAnalyzerWithFile{ function Run-ASoC-DynamicAnalyzerAPI($json){ - $body = updating-BooleanParameters($json) write-host $body $params = @{ Uri = "$global:BaseAPIUrl/Scans/Dast" @@ -152,14 +151,6 @@ function Run-ASoC-DynamicAnalyzerAPI($json){ return $Members.Id } -function updating-BooleanParameters($json) { - - $json.Append("EnableMailNotification",$env:INPUT_EMAIL_NOTIFICATION) - $json.Append("Personal",$env:INPUT_PERSONAL_SCAN) - - return $json -} - function Run-ASoC-DAST{ #FIRST check if dynamic_scan_type is 'upload' or 'dast' diff --git a/main.ps1 b/main.ps1 index 445e498..b99e9f1 100644 --- a/main.ps1 +++ b/main.ps1 @@ -73,9 +73,11 @@ $global:jsonBodyInPSObject = @{ OnlyFullResults = $true FullyAutomatic = $true ScanName = $global:scan_name + EnableMailNotification = $env:INPUT_EMAIL_NOTIFICATION Locale = 'en-US' AppId = $env:INPUT_APPLICATION_ID Execute = $true + Personal = $env:INPUT_PERSONAL_SCAN } #LOAD ALL ASOC FUNCTIONS FROM LIBRARY FILE asoc.ps1 From 3d158b85e872a79e1841bb18909004992d092c77 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Tue, 13 Aug 2024 21:28:45 +0530 Subject: [PATCH 37/87] Update main.ps1 --- main.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/main.ps1 b/main.ps1 index b99e9f1..a95c4f0 100644 --- a/main.ps1 +++ b/main.ps1 @@ -73,11 +73,11 @@ $global:jsonBodyInPSObject = @{ OnlyFullResults = $true FullyAutomatic = $true ScanName = $global:scan_name - EnableMailNotification = $env:INPUT_EMAIL_NOTIFICATION + EnableMailNotification = [System.Convert]::ToBoolean($env:INPUT_EMAIL_NOTIFICATION) Locale = 'en-US' AppId = $env:INPUT_APPLICATION_ID Execute = $true - Personal = $env:INPUT_PERSONAL_SCAN + Personal = [System.Convert]::ToBoolean($env:INPUT_PERSONAL_SCAN) } #LOAD ALL ASOC FUNCTIONS FROM LIBRARY FILE asoc.ps1 From b017403b0ca366e42eda6daed5f1575e95e3394b Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Tue, 13 Aug 2024 21:31:00 +0530 Subject: [PATCH 38/87] Update action.yml --- action.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/action.yml b/action.yml index cf2983b..3e3c68b 100644 --- a/action.yml +++ b/action.yml @@ -95,13 +95,11 @@ inputs: email_notification: description: 'Send email notification upon scan completion' required: false - default: $false personal_scan: description: 'set to personal scan' required: false - default: $false #intervention: # description: 'allow scan intervention' # required: false From 8cf1c321ed59d79aac587e3a1fbef92f2b0f97a9 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Tue, 13 Aug 2024 21:33:26 +0530 Subject: [PATCH 39/87] Update action.yml --- action.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/action.yml b/action.yml index 3e3c68b..cf6d598 100644 --- a/action.yml +++ b/action.yml @@ -95,11 +95,14 @@ inputs: email_notification: description: 'Send email notification upon scan completion' required: false + default: 'false' personal_scan: description: 'set to personal scan' required: false + default: 'false' + #intervention: # description: 'allow scan intervention' # required: false From b0287a5a5babc61e9fce4847579af1675067528c Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Tue, 13 Aug 2024 22:37:43 +0530 Subject: [PATCH 40/87] indentation check --- action.yml | 6 +++--- asoc.ps1 | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/action.yml b/action.yml index cf6d598..9c211b3 100644 --- a/action.yml +++ b/action.yml @@ -97,21 +97,21 @@ inputs: required: false default: 'false' - personal_scan: description: 'set to personal scan' required: false default: 'false' - + #intervention: # description: 'allow scan intervention' # required: false - # default: false + # default: 'false' #Wait for analysis settings wait_for_analysis: description: 'Set this true to wait for analysis to complete before finishing job.' required: true + default: 'true' wait_for_analysis_timeout_minutes: description: 'maximum duration in minutes before the job will no longer wait and proceeds to complete, default is 360 (6 hours)' diff --git a/asoc.ps1 b/asoc.ps1 index 69869c0..4bc338e 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -238,7 +238,7 @@ function Run-ASoC-GenerateReport ($scanID) { Write-Debug ($params | Format-Table | Out-String) Write-Debug ($body | Format-Table | Out-String) - $output_runreport = Invoke-RestMethod @params -Body ($body | ConvertTo-Json) + $output_runreport = Invoke-RestMethod @params -Body ($body|ConvertTo-Json) $report_ID = $output_runreport.Id return $report_ID } From c687e84b11555696bd721d196584cf2b43228f7e Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Tue, 13 Aug 2024 22:57:33 +0530 Subject: [PATCH 41/87] Update main.ps1 --- main.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/main.ps1 b/main.ps1 index a95c4f0..ceefcbd 100644 --- a/main.ps1 +++ b/main.ps1 @@ -61,6 +61,7 @@ $global:jsonBodyInPSObject = @{ } Login = @{ + 'ExtraField' = 'check' } Tests = @{ From 020d5abd5b3f4467307073492efd5c144f3b8872 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Tue, 13 Aug 2024 23:09:19 +0530 Subject: [PATCH 42/87] Update main.ps1 --- main.ps1 | 4 ---- 1 file changed, 4 deletions(-) diff --git a/main.ps1 b/main.ps1 index ceefcbd..0e764c4 100644 --- a/main.ps1 +++ b/main.ps1 @@ -60,10 +60,6 @@ $global:jsonBodyInPSObject = @{ 'StartingUrl' = $env:INPUT_STARTING_URL } - Login = @{ - 'ExtraField' = 'check' - } - Tests = @{ 'TestOptimizationLevel' = $env:INPUT_OPTIMIZATION } From ea3e143a75f4a08754230681431aaa5e7ae8c6d0 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Tue, 13 Aug 2024 23:19:28 +0530 Subject: [PATCH 43/87] Update asoc.ps1 --- asoc.ps1 | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/asoc.ps1 b/asoc.ps1 index 4bc338e..f67cd38 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -107,8 +107,11 @@ function Run-ASoC-DynamicAnalyzerNoAuth { function Run-ASoC-DynamicAnalyzerUserPass{ Write-Host "Proceeding with username and password login..." -ForegroundColor Green - $global:jsonBodyInPSObject.ScanConfiguration.Login.Add("UserName",$env:INPUT_LOGIN_USER) - $global:jsonBodyInPSObject.ScanConfiguration.Login.Add("Password",$env:INPUT_LOGIN_PASSWORD) + $Login = @{ + 'Username' = $env:INPUT_LOGIN_USER + 'Password' = $env:INPUT_LOGIN_PASSWORD + } + $global:jsonBodyInPSObject.ScanConfiguration.Add($Login) return Run-ASoC-DynamicAnalyzerAPI($jsonBodyInPSObject | ConvertTo-Json) } From fb92019daad0a91134066026ab3ed4a3cd0aa142 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Tue, 13 Aug 2024 23:24:59 +0530 Subject: [PATCH 44/87] Update asoc.ps1 --- asoc.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/asoc.ps1 b/asoc.ps1 index f67cd38..07be083 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -111,7 +111,7 @@ function Run-ASoC-DynamicAnalyzerUserPass{ 'Username' = $env:INPUT_LOGIN_USER 'Password' = $env:INPUT_LOGIN_PASSWORD } - $global:jsonBodyInPSObject.ScanConfiguration.Add($Login) + $global:jsonBodyInPSObject.ScanConfiguration.Add('Login', $Login) return Run-ASoC-DynamicAnalyzerAPI($jsonBodyInPSObject | ConvertTo-Json) } From bd18b1b016aa9e8ad1151154d3a6c84889d4760c Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Thu, 15 Aug 2024 13:53:44 +0530 Subject: [PATCH 45/87] Removed the "scan_type" parameter --- README.md | 46 +++++++++++++++++++++------------------------- action.yml | 4 ---- asoc.ps1 | 2 +- main.ps1 | 1 - 4 files changed, 22 insertions(+), 31 deletions(-) diff --git a/README.md b/README.md index 39bbc92..5b3ca6c 100644 --- a/README.md +++ b/README.md @@ -65,28 +65,27 @@ If you don't have an account, register on [HCL AppScan on Cloud (ASoC)](https:// | application_id | The ID of the application in ASoC. | # Optional Inputs -| Name | Description | Default Value | Available options | -| :--- | :--- | :--- | :--- | -| scan_name | The name of the scan created in ASoC. | The GitHub repository name + GITHUB SHA | | -| scan_type | The type of the scan | staging | staging, production | -| dynamic_scan_type | Choose between dast or upload. DAST will require you to specify starting URL and login, while upload will only require you to specify a .scan or .scant file | dast | dast, upload | -| scan_or_scant_file |(applicable only if **dynamic_scan_type** = upload) Provide the path to the .scan or .scant file here| | | -| starting_URL|(applicable only if **dynamic_scan_type** = dast)The starting URL of the DAST scan|https://demo.testfire.net?mode=demo || -|optimization|Level of test optimization|Fast|NoOptimization, Fast, Faster, Fastest| -|network|Set the type of network, if this is set to private, you must have AppScan Presence created in advance|public|public, private| -|presence_id|(applicable only if network = private)||| -|login_method|(applicable only if **dynamic_scan_type** = dast)Login Method of the scan, none: no authentication required for the application, userpass: basic username/password authentication, recorded: you will provide a recorded login sequence dast.config file |none|none, userpass, or recorded| -|login_user|(applicable only if **login_method** = userpass) Type the username used for logging into the application||| -|login_password|(applicable only if **login_method** = userpass) Type the password used logging into the application||| -|login_sequence_file|Provide a path to the Login Traffic File data. Supported file type: DAST.CONFIG: AppScan Activity Recorder file||| -|email_notification|Send email notification uponn scan completion|false|true,false| -| personal_scan | Make this a [personal scan](https://help.hcltechsw.com/appscan/ASoC/appseccloud_scans_personal.html). | false | true, false| -|wait_for_analysis|If set to true, the job will suspend and wait until DAST scan is complete before finishing the job| true| true, false| -|wait_for_analysis_timeout_minutes|(applicable only if **wait_for_analysis** = true) Maximum duration in minutes before the job will no longer wait and proceeds to complete, default is 360 (6 hours)|360|| -|fail_for_noncompliance|If **fail_for_noncompliance** is true, fail the job if any non-compliant issues are found in the scan|false|true, false| -|fail_by_severity|If **fail_by_severity** is set to true, failure_threshold must also be set. This will fail the job if any issues equal to or higher (more severe) than **failure_threshold** are found in the scan|false|false| -|failure_threshold|(applicable only if **failure_threshold** = true) Set the severity level that indicates a failure. Lesser severities will not be considered a failure. For example, if **failure_threshold** is set to Medium, Informational and/or Low severity issues will not cause a failure. Medium, High, and/or Critical issues will cause a failure.|High|Informational, Low, Medium, High, Critical| -|ephemeral_presence|If set to true, a temp instance of AppScan Presence will be deployed in the runner and will be used for the scan. When enabled, this will force **wait_for_analysis** to true and **network** to private regardless of user settings | false| true, false| +| Name | Description | Default Value | Available options | +|:---------------------------------------| :--- |:---------------------------------------| :--- | +| scan_name | The name of the scan created in ASoC. | The GitHub repository name + GITHUB SHA | | | +| dynamic_scan_type | Choose between dast or upload. DAST will require you to specify starting URL and login, while upload will only require you to specify a .scan or .scant file | dast | dast, upload | +| scan_or_scant_file |(applicable only if **dynamic_scan_type** = upload) Provide the path to the .scan or .scant file here| | | +| starting_URL |(applicable only if **dynamic_scan_type** = dast)The starting URL of the DAST scan| https://demo.testfire.net?mode=demo || +| optimization |Level of test optimization| Fast |NoOptimization, Fast, Faster, Fastest| +| network |Set the type of network, if this is set to private, you must have AppScan Presence created in advance| public |public, private| +| presence_id |(applicable only if network = private)||| +| login_method |(applicable only if **dynamic_scan_type** = dast)Login Method of the scan, none: no authentication required for the application, userpass: basic username/password authentication, recorded: you will provide a recorded login sequence dast.config file | none |none, userpass, or recorded| +| login_user |(applicable only if **login_method** = userpass) Type the username used for logging into the application||| +| login_password |(applicable only if **login_method** = userpass) Type the password used logging into the application||| +| login_sequence_file |Provide a path to the Login Traffic File data. Supported file type: DAST.CONFIG: AppScan Activity Recorder file||| +| email_notification |Send email notification uponn scan completion| false |true,false| +| personal_scan | Make this a [personal scan](https://help.hcltechsw.com/appscan/ASoC/appseccloud_scans_personal.html). | false | true, false| +| wait_for_analysis |If set to true, the job will suspend and wait until DAST scan is complete before finishing the job| true | true, false| +| wait_for_analysis_timeout_minutes |(applicable only if **wait_for_analysis** = true) Maximum duration in minutes before the job will no longer wait and proceeds to complete, default is 360 (6 hours)| 360 || +| fail_for_noncompliance |If **fail_for_noncompliance** is true, fail the job if any non-compliant issues are found in the scan| false |true, false| +| fail_by_severity |If **fail_by_severity** is set to true, failure_threshold must also be set. This will fail the job if any issues equal to or higher (more severe) than **failure_threshold** are found in the scan| false |false| +| failure_threshold |(applicable only if **failure_threshold** = true) Set the severity level that indicates a failure. Lesser severities will not be considered a failure. For example, if **failure_threshold** is set to Medium, Informational and/or Low severity issues will not cause a failure. Medium, High, and/or Critical issues will cause a failure.| High |Informational, Low, Medium, High, Critical| +| ephemeral_presence | If set to true, a temp instance of AppScan Presence will be deployed in the runner and will be used for the scan. When enabled, this will force **wait_for_analysis** to true and **network** to private regardless of user settings | false | true, false | # Example 1 - DAST scan with basic username and password login method, using the public network ```yaml @@ -106,7 +105,6 @@ jobs: asoc_key: ${{secrets.ASOC_KEY}} asoc_secret: ${{secrets.ASOC_SECRET}} application_id: acd3ef50-6276-461d-8514-abc6e7113577 - scan_type: 'staging' dynamic_scan_type: dast starting_URL: 'https://demo.testfire.net?mode=demo' login_method: userpass @@ -141,7 +139,6 @@ jobs: asoc_key: ${{secrets.ASOC_KEY}} asoc_secret: ${{secrets.ASOC_SECRET}} application_id: acd3ef50-6276-461d-8514-abc6e7113577 - scan_type: 'staging' dynamic_scan_type: upload scan_or_scant_file: 'altoro.scant' network: private @@ -174,7 +171,6 @@ jobs: asoc_key: ${{secrets.ASOC_KEY}} asoc_secret: ${{secrets.ASOC_SECRET}} application_id: acd3ef50-6276-461d-8514-abc6e7113577 - scan_type: 'staging' dynamic_scan_type: dast starting_URL: 'https://demo.testfire.net' ephemeral_presence: true diff --git a/action.yml b/action.yml index 9c211b3..2c5c1e9 100644 --- a/action.yml +++ b/action.yml @@ -34,10 +34,6 @@ inputs: scan_name: description: 'The name of the scan created in ASoC.' required: false - scan_type: - description: 'The type of scan - staging or production' - required: false - default: 'staging' #dast or scan file dynamic_scan_type: diff --git a/asoc.ps1 b/asoc.ps1 index 07be083..58923b1 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -136,7 +136,7 @@ function Run-ASoC-DynamicAnalyzerWithFile{ function Run-ASoC-DynamicAnalyzerAPI($json){ - write-host $body + write-host $json $params = @{ Uri = "$global:BaseAPIUrl/Scans/Dast" Method = 'POST' diff --git a/main.ps1 b/main.ps1 index 0e764c4..fbb58e4 100644 --- a/main.ps1 +++ b/main.ps1 @@ -53,7 +53,6 @@ $global:ephemeralPresenceName = "Github Runner $env:RUNNER_TRACKING_ID" #INITIALIZE #Construct base JSON Body for DAST Scan for API DynamicAnalyzer and DynamicAnalyzerWithFiles $global:jsonBodyInPSObject = @{ - ScanType = $env:INPUT_SCAN_TYPE IncludeVerifiedDomains = $true ScanConfiguration = @{ Target = @{ From 5543fb88c2f7d63fa99e166a6d418e2d737ae004 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Thu, 15 Aug 2024 14:08:05 +0530 Subject: [PATCH 46/87] Added ClientType parameter --- main.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/main.ps1 b/main.ps1 index fbb58e4..36a90e0 100644 --- a/main.ps1 +++ b/main.ps1 @@ -74,6 +74,7 @@ $global:jsonBodyInPSObject = @{ AppId = $env:INPUT_APPLICATION_ID Execute = $true Personal = [System.Convert]::ToBoolean($env:INPUT_PERSONAL_SCAN) + ClientType = "DastGithubAction-" +$Get-OSInfo.Name+ "-$env:GITHUB_ACTION_REF" } #LOAD ALL ASOC FUNCTIONS FROM LIBRARY FILE asoc.ps1 From 8a1e8df93ffa1599f0efab9e138baf08d0cc29b4 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Thu, 15 Aug 2024 14:10:39 +0530 Subject: [PATCH 47/87] Update main.ps1 --- main.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.ps1 b/main.ps1 index 36a90e0..016ba67 100644 --- a/main.ps1 +++ b/main.ps1 @@ -74,7 +74,7 @@ $global:jsonBodyInPSObject = @{ AppId = $env:INPUT_APPLICATION_ID Execute = $true Personal = [System.Convert]::ToBoolean($env:INPUT_PERSONAL_SCAN) - ClientType = "DastGithubAction-" +$Get-OSInfo.Name+ "-$env:GITHUB_ACTION_REF" + ClientType = "DastGithubAction-" +$env:Get-OSInfo.Name+ "-$env:GITHUB_ACTION_REF" } #LOAD ALL ASOC FUNCTIONS FROM LIBRARY FILE asoc.ps1 From ca35f45d4e50c9cf55e9f03dcb5b9ee4eea8b474 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Thu, 15 Aug 2024 14:18:49 +0530 Subject: [PATCH 48/87] ClientType setting --- action.yml | 2 +- main.ps1 | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/action.yml b/action.yml index 2c5c1e9..5508c4c 100644 --- a/action.yml +++ b/action.yml @@ -1,4 +1,4 @@ -# Copyright 2023 HCL America +# Copyright 2023, 2024 HCL America # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/main.ps1 b/main.ps1 index 016ba67..1042d22 100644 --- a/main.ps1 +++ b/main.ps1 @@ -47,6 +47,7 @@ Write-Host "Gitub Run URL: $global:GithubRunURL" $scanidFileName = ".\scanid.txt" $ephemeralPresenceIdFileName =".\ephemeralPresenceId.txt" $global:ephemeralPresenceName = "Github Runner $env:RUNNER_TRACKING_ID" +$osDetails = Get-OSInfo #${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} @@ -74,7 +75,7 @@ $global:jsonBodyInPSObject = @{ AppId = $env:INPUT_APPLICATION_ID Execute = $true Personal = [System.Convert]::ToBoolean($env:INPUT_PERSONAL_SCAN) - ClientType = "DastGithubAction-" +$env:Get-OSInfo.Name+ "-$env:GITHUB_ACTION_REF" + ClientType = "DastGithubAction-"+"$($osDetails.Name)"+ "-$env:GITHUB_ACTION_REF" } #LOAD ALL ASOC FUNCTIONS FROM LIBRARY FILE asoc.ps1 From 3d74e59466edf2a2604bc805d1a8900b3c511f98 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Thu, 15 Aug 2024 14:27:38 +0530 Subject: [PATCH 49/87] commented the scan_type info --- action.yml | 6 +++++- main.ps1 | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/action.yml b/action.yml index 5508c4c..d9be4ba 100644 --- a/action.yml +++ b/action.yml @@ -1,4 +1,4 @@ -# Copyright 2023, 2024 HCL America +# Copyright 2023 HCL America # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -34,6 +34,10 @@ inputs: scan_name: description: 'The name of the scan created in ASoC.' required: false + #scan_type: + # description: 'The type of scan - staging or production' + # required: false + # default: 'staging' #dast or scan file dynamic_scan_type: diff --git a/main.ps1 b/main.ps1 index 1042d22..bf221e5 100644 --- a/main.ps1 +++ b/main.ps1 @@ -47,7 +47,7 @@ Write-Host "Gitub Run URL: $global:GithubRunURL" $scanidFileName = ".\scanid.txt" $ephemeralPresenceIdFileName =".\ephemeralPresenceId.txt" $global:ephemeralPresenceName = "Github Runner $env:RUNNER_TRACKING_ID" -$osDetails = Get-OSInfo +#$osDetails = Get-OSInfo #${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} @@ -75,7 +75,7 @@ $global:jsonBodyInPSObject = @{ AppId = $env:INPUT_APPLICATION_ID Execute = $true Personal = [System.Convert]::ToBoolean($env:INPUT_PERSONAL_SCAN) - ClientType = "DastGithubAction-"+"$($osDetails.Name)"+ "-$env:GITHUB_ACTION_REF" + ClientType = "DastGithubAction-"+"-$env:GITHUB_ACTION_REF" } #LOAD ALL ASOC FUNCTIONS FROM LIBRARY FILE asoc.ps1 From 0fd88d1189406680d792e5b13363ffe626dc2f0c Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Thu, 15 Aug 2024 16:14:47 +0530 Subject: [PATCH 50/87] fetching os details --- main.ps1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/main.ps1 b/main.ps1 index bf221e5..00871ca 100644 --- a/main.ps1 +++ b/main.ps1 @@ -47,7 +47,6 @@ Write-Host "Gitub Run URL: $global:GithubRunURL" $scanidFileName = ".\scanid.txt" $ephemeralPresenceIdFileName =".\ephemeralPresenceId.txt" $global:ephemeralPresenceName = "Github Runner $env:RUNNER_TRACKING_ID" -#$osDetails = Get-OSInfo #${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} @@ -75,7 +74,7 @@ $global:jsonBodyInPSObject = @{ AppId = $env:INPUT_APPLICATION_ID Execute = $true Personal = [System.Convert]::ToBoolean($env:INPUT_PERSONAL_SCAN) - ClientType = "DastGithubAction-"+"-$env:GITHUB_ACTION_REF" + ClientType = "DastGithubAction-"+"$env:OS"+ "-$env:GITHUB_ACTION_REF" } #LOAD ALL ASOC FUNCTIONS FROM LIBRARY FILE asoc.ps1 From 4da69fbb338cd10a5968c6cd3f7f3ee87ff18543 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Wed, 28 Aug 2024 16:01:46 +0530 Subject: [PATCH 51/87] Handling the scan template issue --- asoc.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/asoc.ps1 b/asoc.ps1 index 58923b1..910927f 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -129,6 +129,7 @@ function Run-ASoC-DynamicAnalyzerRecordedLogin{ function Run-ASoC-DynamicAnalyzerWithFile{ $FileID = Run-ASoC-FileUpload($env:INPUT_SCAN_OR_SCANT_FILE) + $global:jsonBodyInPSObject.Delete('ScanConfiguration') $global:jsonBodyInPSObject.Add("ScanOrTemplateFileId",$FileID) return Run-ASoC-DynamicAnalyzerAPI($jsonBodyInPSObject | ConvertTo-Json) From a2f9235523d912fcf360ae01a13795aa12e667d5 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Wed, 28 Aug 2024 16:20:06 +0530 Subject: [PATCH 52/87] Update asoc.ps1 --- asoc.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/asoc.ps1 b/asoc.ps1 index 910927f..72ae76b 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -129,7 +129,7 @@ function Run-ASoC-DynamicAnalyzerRecordedLogin{ function Run-ASoC-DynamicAnalyzerWithFile{ $FileID = Run-ASoC-FileUpload($env:INPUT_SCAN_OR_SCANT_FILE) - $global:jsonBodyInPSObject.Delete('ScanConfiguration') + $global:jsonBodyInPSObject.Remove('ScanConfiguration') $global:jsonBodyInPSObject.Add("ScanOrTemplateFileId",$FileID) return Run-ASoC-DynamicAnalyzerAPI($jsonBodyInPSObject | ConvertTo-Json) From 59c8d80de3473bc377c526874ae7fdea4b3d5954 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Wed, 28 Aug 2024 17:36:30 +0530 Subject: [PATCH 53/87] Update main.ps1 --- main.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.ps1 b/main.ps1 index 00871ca..7daaec9 100644 --- a/main.ps1 +++ b/main.ps1 @@ -74,7 +74,7 @@ $global:jsonBodyInPSObject = @{ AppId = $env:INPUT_APPLICATION_ID Execute = $true Personal = [System.Convert]::ToBoolean($env:INPUT_PERSONAL_SCAN) - ClientType = "DastGithubAction-"+"$env:OS"+ "-$env:GITHUB_ACTION_REF" + ClientType = "DastGithubAction-"+"-$env:GITHUB_ACTION_REF" } #LOAD ALL ASOC FUNCTIONS FROM LIBRARY FILE asoc.ps1 From 1a0f39b1112371fff23eebcbecf5dee4809bf8e7 Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Tue, 3 Sep 2024 17:25:26 +0530 Subject: [PATCH 54/87] Update presence_dockerfile --- presence_dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/presence_dockerfile b/presence_dockerfile index 8d14ef6..1b70493 100644 --- a/presence_dockerfile +++ b/presence_dockerfile @@ -1,7 +1,7 @@ FROM registry.access.redhat.com/ubi8/ubi:latest LABEL description="AppScan Presence in Dockerfile for Linux Image" -#ENV APIKEYID 082c4037-2bd5-380a-09e1-a1754a5eaab0 -#ENV APIKEYSECRET fMM4inw4zR2ip3ovtZHyVLoRenA2sd9Fq9MRNhjTx5s= +#ENV APIKEYID d3e35642-b9cc-17c4-e39c-5d9caf6ba088 +#ENV APIKEYSECRET vZiRxhopqA5Uybj0eoFJneTEQeGERmMQQEfxfdCPufw= #ENV PRESENCEID 8f2c5776-e2d3-ed11-800f-14cb65723612 RUN yum install -y unzip && yum clean all #RUN curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{"KeyId":"'"${APIKEYID}"'","KeySecret":"'"${APIKEYSECRET}"'"}' 'https://cloud.appscan.com/api/V2/Account/ApiKeyLogin' > /root/output.txt From 78bc7681956650f391e2bed67c83067d63d24fc2 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Wed, 4 Sep 2024 11:01:48 +0530 Subject: [PATCH 55/87] Update presence_dockerfile --- presence_dockerfile | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/presence_dockerfile b/presence_dockerfile index 1b70493..0fdfbe8 100644 --- a/presence_dockerfile +++ b/presence_dockerfile @@ -1,15 +1,10 @@ -FROM registry.access.redhat.com/ubi8/ubi:latest +FROM registry.access.redhat.com/ubi8/ubi-minimal:latest LABEL description="AppScan Presence in Dockerfile for Linux Image" -#ENV APIKEYID d3e35642-b9cc-17c4-e39c-5d9caf6ba088 -#ENV APIKEYSECRET vZiRxhopqA5Uybj0eoFJneTEQeGERmMQQEfxfdCPufw= -#ENV PRESENCEID 8f2c5776-e2d3-ed11-800f-14cb65723612 -RUN yum install -y unzip && yum clean all -#RUN curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{"KeyId":"'"${APIKEYID}"'","KeySecret":"'"${APIKEYSECRET}"'"}' 'https://cloud.appscan.com/api/V2/Account/ApiKeyLogin' > /root/output.txt -#RUN curl -X POST --header 'Accept: application/zip' --header 'Content-Length: 0' --header "Authorization: Bearer $(grep -oP '(?<="Token":")[^"]*' /root/output.txt)" https://cloud.appscan.com/api/v2/Presences/$PRESENCEID/Download/Linux_x86_64/v2 > /root/AppScanPresence-Linux_x86_64.zip -#RUN ls +RUN microdnf update && \ + microdnf install unzip && \ + microdnf clean all COPY presence.zip /root RUN mkdir /root/presence/ && unzip /root/presence.zip -d /root/presence/ RUN chmod +x /root/presence/startPresence.sh ENTRYPOINT ["/root/presence/startPresence.sh"] -#ENTRYPOINT ["sh","/root/AppScanPresence/startPresence.sh"] -#ENTRYPOINT ["/bin/sh"] + From 696964fae4a9d0ae14d5d83564f30b5daaaa4ccb Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Wed, 4 Sep 2024 17:45:45 +0530 Subject: [PATCH 56/87] Update asoc.ps1 --- asoc.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/asoc.ps1 b/asoc.ps1 index 72ae76b..817063b 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -664,8 +664,8 @@ function Create-EphemeralPresenceWithDocker{ docker rm $dockerContainerName } - docker build -f $env:GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName . - docker run --name $dockerContainerName -d $dockerImageName + docker build -f $env:GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName --debug + docker run --name $dockerContainerName -d $dockerImageName --debug #Pause for 5 seconds for the commands to complete Start-Sleep -Seconds 5 From 3ec3eccd766b7d1156dc44a18c60fd8e2c63407e Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Wed, 4 Sep 2024 17:49:09 +0530 Subject: [PATCH 57/87] Update asoc.ps1 --- asoc.ps1 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/asoc.ps1 b/asoc.ps1 index 817063b..1af7272 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -652,6 +652,7 @@ function Create-EphemeralPresenceWithDocker{ #CREATE A NEW PRESENCE $presenceId = Run-ASoC-CreatePresence($presenceName) $output = Run-ASoC-DownloadPresence $presenceId $presenceFileName $platform + Write-Host "Checkpoint-0" $dockerContainerName = 'appscanpresence_container' @@ -662,10 +663,13 @@ function Create-EphemeralPresenceWithDocker{ if ((docker ps -a --format '{{.Names}}') -contains $dockerContainerName) { docker stop $dockerContainerName docker rm $dockerContainerName + Write-Host "Checkpoint-1" } - docker build -f $env:GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName --debug + docker build -f $env:GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName + Write-Host "Checkpoint-2" docker run --name $dockerContainerName -d $dockerImageName --debug + Write-Host "Checkpoint-3" #Pause for 5 seconds for the commands to complete Start-Sleep -Seconds 5 From 1cfab88891d648286257f4445ad4ddd330406251 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Wed, 4 Sep 2024 17:56:07 +0530 Subject: [PATCH 58/87] Update asoc.ps1 --- asoc.ps1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/asoc.ps1 b/asoc.ps1 index 1af7272..82d4656 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -666,7 +666,8 @@ function Create-EphemeralPresenceWithDocker{ Write-Host "Checkpoint-1" } - docker build -f $env:GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName + Write-Host "Checkpoint-4" + docker build -f $GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName . Write-Host "Checkpoint-2" docker run --name $dockerContainerName -d $dockerImageName --debug Write-Host "Checkpoint-3" From a891dc210f99ba6da16b644a7c0c5c4900a0002c Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Wed, 4 Sep 2024 18:03:15 +0530 Subject: [PATCH 59/87] Update asoc.ps1 --- asoc.ps1 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/asoc.ps1 b/asoc.ps1 index 82d4656..2e7ff40 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -667,7 +667,9 @@ function Create-EphemeralPresenceWithDocker{ } Write-Host "Checkpoint-4" - docker build -f $GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName . + Write-Host $GITHUB_ACTION_PATH/$dockerfileName + #docker build -f $GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName . + docker build -f "$env:GITHUB_ACTION_PATH\$dockerfileName" -t "$dockerImageName" . Write-Host "Checkpoint-2" docker run --name $dockerContainerName -d $dockerImageName --debug Write-Host "Checkpoint-3" From cd5ae6ff847030c66dcf00be67ad832b3573125a Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Wed, 4 Sep 2024 18:14:50 +0530 Subject: [PATCH 60/87] Update asoc.ps1 --- asoc.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/asoc.ps1 b/asoc.ps1 index 2e7ff40..57b0e43 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -667,9 +667,9 @@ function Create-EphemeralPresenceWithDocker{ } Write-Host "Checkpoint-4" - Write-Host $GITHUB_ACTION_PATH/$dockerfileName + Write-Host $env:GITHUB_ACTION_PATH/$dockerfileName #docker build -f $GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName . - docker build -f "$env:GITHUB_ACTION_PATH\$dockerfileName" -t "$dockerImageName" . + docker build -f "$env:GITHUB_ACTION_PATH/$dockerfileName" -t "$dockerImageName" . Write-Host "Checkpoint-2" docker run --name $dockerContainerName -d $dockerImageName --debug Write-Host "Checkpoint-3" From d6ba1797ada2283b31c18bf4af64699f0661e16d Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Wed, 4 Sep 2024 18:21:55 +0530 Subject: [PATCH 61/87] debugging --- asoc.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/asoc.ps1 b/asoc.ps1 index 57b0e43..c7f4758 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -652,6 +652,7 @@ function Create-EphemeralPresenceWithDocker{ #CREATE A NEW PRESENCE $presenceId = Run-ASoC-CreatePresence($presenceName) $output = Run-ASoC-DownloadPresence $presenceId $presenceFileName $platform + Write-Host $output Write-Host "Checkpoint-0" From c30337b4689b6c1690ee76c73f2704820168d40c Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Wed, 4 Sep 2024 18:25:12 +0530 Subject: [PATCH 62/87] debugging --- asoc.ps1 | 3 ++- presence_dockerfile | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/asoc.ps1 b/asoc.ps1 index c7f4758..56532da 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -651,8 +651,9 @@ function Create-EphemeralPresenceWithDocker{ #CREATE A NEW PRESENCE $presenceId = Run-ASoC-CreatePresence($presenceName) + Write-Host "$presenceId" $output = Run-ASoC-DownloadPresence $presenceId $presenceFileName $platform - Write-Host $output + Write-Host "$output" Write-Host "Checkpoint-0" diff --git a/presence_dockerfile b/presence_dockerfile index 0fdfbe8..d6244f8 100644 --- a/presence_dockerfile +++ b/presence_dockerfile @@ -1,5 +1,6 @@ FROM registry.access.redhat.com/ubi8/ubi-minimal:latest LABEL description="AppScan Presence in Dockerfile for Linux Image" +RUN echo "Inside dockerfile" RUN microdnf update && \ microdnf install unzip && \ microdnf clean all From c111c20376a3c5423d12dc4e788e388c4bfd69fa Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Wed, 4 Sep 2024 18:28:53 +0530 Subject: [PATCH 63/87] Update asoc.ps1 --- asoc.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/asoc.ps1 b/asoc.ps1 index 56532da..979d7ae 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -670,8 +670,8 @@ function Create-EphemeralPresenceWithDocker{ Write-Host "Checkpoint-4" Write-Host $env:GITHUB_ACTION_PATH/$dockerfileName - #docker build -f $GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName . - docker build -f "$env:GITHUB_ACTION_PATH/$dockerfileName" -t "$dockerImageName" . + Write-Host $dockerImageName + docker build -f $GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName . Write-Host "Checkpoint-2" docker run --name $dockerContainerName -d $dockerImageName --debug Write-Host "Checkpoint-3" From 0779d02c2f52b9cb46aacec25aef03bf8abf9dfb Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Wed, 4 Sep 2024 23:27:19 +0530 Subject: [PATCH 64/87] debugging --- asoc.ps1 | 2 +- presence_dockerfile | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/asoc.ps1 b/asoc.ps1 index 979d7ae..6949c66 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -671,7 +671,7 @@ function Create-EphemeralPresenceWithDocker{ Write-Host "Checkpoint-4" Write-Host $env:GITHUB_ACTION_PATH/$dockerfileName Write-Host $dockerImageName - docker build -f $GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName . + docker build -f $env:GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName . Write-Host "Checkpoint-2" docker run --name $dockerContainerName -d $dockerImageName --debug Write-Host "Checkpoint-3" diff --git a/presence_dockerfile b/presence_dockerfile index d6244f8..22b2dae 100644 --- a/presence_dockerfile +++ b/presence_dockerfile @@ -1,5 +1,6 @@ FROM registry.access.redhat.com/ubi8/ubi-minimal:latest LABEL description="AppScan Presence in Dockerfile for Linux Image" +Write-Host "Inside docker file" RUN echo "Inside dockerfile" RUN microdnf update && \ microdnf install unzip && \ From ed4ce18b7f2ed8544c4b91b563bef3431335c680 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Wed, 4 Sep 2024 23:37:10 +0530 Subject: [PATCH 65/87] Update asoc.ps1 --- asoc.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/asoc.ps1 b/asoc.ps1 index 6949c66..d9c6401 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -668,13 +668,13 @@ function Create-EphemeralPresenceWithDocker{ Write-Host "Checkpoint-1" } - Write-Host "Checkpoint-4" + Write-Host "Checkpoint-2" Write-Host $env:GITHUB_ACTION_PATH/$dockerfileName Write-Host $dockerImageName docker build -f $env:GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName . - Write-Host "Checkpoint-2" - docker run --name $dockerContainerName -d $dockerImageName --debug Write-Host "Checkpoint-3" + docker run --name $dockerContainerName -d $dockerImageName --debug + Write-Host "Checkpoint-4" #Pause for 5 seconds for the commands to complete Start-Sleep -Seconds 5 From 26d8414a8367aec4d1bd90ef4976c291aeaf35e5 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Wed, 4 Sep 2024 23:50:41 +0530 Subject: [PATCH 66/87] Update asoc.ps1 --- asoc.ps1 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/asoc.ps1 b/asoc.ps1 index d9c6401..7cf6713 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -543,10 +543,12 @@ function Run-ASoC-DownloadPresence($presenceId, $OutputFileName, $platform){ } } #DEBUG + Write-Host "Inside DownloadPresence method" Write-Debug ($params | Format-Table | Out-String) $ProgressPreference = 'SilentlyContinue' $jsonOutput = Invoke-WebRequest @params -OutFile $OutputFileName + Write-Host "Inside DownloadPresence method but after response" $ProgressPreference = 'Continue' return $jsonOutput @@ -652,7 +654,7 @@ function Create-EphemeralPresenceWithDocker{ #CREATE A NEW PRESENCE $presenceId = Run-ASoC-CreatePresence($presenceName) Write-Host "$presenceId" - $output = Run-ASoC-DownloadPresence $presenceId $presenceFileName $platform + $output = Run-ASoC-DownloadPresence $presenceId $presenceFileName $platform --debug Write-Host "$output" Write-Host "Checkpoint-0" From 6ff467c77bd1cf1abbfdd87144976adcb56ab4c1 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Thu, 5 Sep 2024 00:27:58 +0530 Subject: [PATCH 67/87] Update asoc.ps1 --- asoc.ps1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/asoc.ps1 b/asoc.ps1 index 7cf6713..5fab546 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -549,6 +549,7 @@ function Run-ASoC-DownloadPresence($presenceId, $OutputFileName, $platform){ $ProgressPreference = 'SilentlyContinue' $jsonOutput = Invoke-WebRequest @params -OutFile $OutputFileName Write-Host "Inside DownloadPresence method but after response" + Write-Host (ConvertFrom-JSON $jsonOutput) $ProgressPreference = 'Continue' return $jsonOutput @@ -655,7 +656,7 @@ function Create-EphemeralPresenceWithDocker{ $presenceId = Run-ASoC-CreatePresence($presenceName) Write-Host "$presenceId" $output = Run-ASoC-DownloadPresence $presenceId $presenceFileName $platform --debug - Write-Host "$output" + Write-Host $output Write-Host "Checkpoint-0" From 43dc131044ee5e1a982bee2211feb86bf2aada3f Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Fri, 6 Sep 2024 11:40:27 +0530 Subject: [PATCH 68/87] Update asoc.ps1 --- asoc.ps1 | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/asoc.ps1 b/asoc.ps1 index 5fab546..ce49b32 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -549,7 +549,6 @@ function Run-ASoC-DownloadPresence($presenceId, $OutputFileName, $platform){ $ProgressPreference = 'SilentlyContinue' $jsonOutput = Invoke-WebRequest @params -OutFile $OutputFileName Write-Host "Inside DownloadPresence method but after response" - Write-Host (ConvertFrom-JSON $jsonOutput) $ProgressPreference = 'Continue' return $jsonOutput @@ -655,7 +654,7 @@ function Create-EphemeralPresenceWithDocker{ #CREATE A NEW PRESENCE $presenceId = Run-ASoC-CreatePresence($presenceName) Write-Host "$presenceId" - $output = Run-ASoC-DownloadPresence $presenceId $presenceFileName $platform --debug + $output = Run-ASoC-DownloadPresence $presenceId $presenceFileName $platform Write-Host $output Write-Host "Checkpoint-0" @@ -676,7 +675,7 @@ function Create-EphemeralPresenceWithDocker{ Write-Host $dockerImageName docker build -f $env:GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName . Write-Host "Checkpoint-3" - docker run --name $dockerContainerName -d $dockerImageName --debug + docker run --name $dockerContainerName -d $dockerImageName Write-Host "Checkpoint-4" #Pause for 5 seconds for the commands to complete From 5b04a74e2c0226725e0ac95ee5a473a3c9ec5465 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Sat, 7 Sep 2024 23:18:51 +0530 Subject: [PATCH 69/87] Update asoc.ps1 --- asoc.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/asoc.ps1 b/asoc.ps1 index ce49b32..88c70d2 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -673,7 +673,7 @@ function Create-EphemeralPresenceWithDocker{ Write-Host "Checkpoint-2" Write-Host $env:GITHUB_ACTION_PATH/$dockerfileName Write-Host $dockerImageName - docker build -f $env:GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName . + docker build -f $dockerfileName -t $dockerImageName . Write-Host "Checkpoint-3" docker run --name $dockerContainerName -d $dockerImageName Write-Host "Checkpoint-4" From 9b897398114e4c009af8e63d0d8ee259ae459b5a Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Sat, 7 Sep 2024 23:24:19 +0530 Subject: [PATCH 70/87] updated docker file name --- asoc.ps1 | 2 +- presence_dockerfile => dockerfile | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename presence_dockerfile => dockerfile (100%) diff --git a/asoc.ps1 b/asoc.ps1 index 88c70d2..6675fbe 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -661,7 +661,7 @@ function Create-EphemeralPresenceWithDocker{ $dockerContainerName = 'appscanpresence_container' $dockerImageName = 'appscanpresence_image' - $dockerfileName = 'presence_dockerfile' + $dockerfileName = 'dockerfile' #Start presence in a container if ((docker ps -a --format '{{.Names}}') -contains $dockerContainerName) { diff --git a/presence_dockerfile b/dockerfile similarity index 100% rename from presence_dockerfile rename to dockerfile From 6bbea58bbdfbf51109699cb9cca586be7197c571 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Sat, 7 Sep 2024 23:25:23 +0530 Subject: [PATCH 71/87] Update asoc.ps1 --- asoc.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/asoc.ps1 b/asoc.ps1 index 6675fbe..b629122 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -673,7 +673,7 @@ function Create-EphemeralPresenceWithDocker{ Write-Host "Checkpoint-2" Write-Host $env:GITHUB_ACTION_PATH/$dockerfileName Write-Host $dockerImageName - docker build -f $dockerfileName -t $dockerImageName . + docker build -f $env:GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName . Write-Host "Checkpoint-3" docker run --name $dockerContainerName -d $dockerImageName Write-Host "Checkpoint-4" From adaad8c91f0f03d211f75f299d56e8e34ea15716 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Sat, 7 Sep 2024 23:30:05 +0530 Subject: [PATCH 72/87] Update asoc.ps1 --- asoc.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/asoc.ps1 b/asoc.ps1 index b629122..6ee163c 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -673,7 +673,7 @@ function Create-EphemeralPresenceWithDocker{ Write-Host "Checkpoint-2" Write-Host $env:GITHUB_ACTION_PATH/$dockerfileName Write-Host $dockerImageName - docker build -f $env:GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName . + docker buildx -f $env:GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName . Write-Host "Checkpoint-3" docker run --name $dockerContainerName -d $dockerImageName Write-Host "Checkpoint-4" From d3d1d3ae2f0f390db34762d7cbf60a5c837e07fb Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Sat, 7 Sep 2024 23:33:05 +0530 Subject: [PATCH 73/87] Update asoc.ps1 --- asoc.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/asoc.ps1 b/asoc.ps1 index 6ee163c..a1c7d76 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -673,7 +673,7 @@ function Create-EphemeralPresenceWithDocker{ Write-Host "Checkpoint-2" Write-Host $env:GITHUB_ACTION_PATH/$dockerfileName Write-Host $dockerImageName - docker buildx -f $env:GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName . + docker buildx build -f $env:GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName . Write-Host "Checkpoint-3" docker run --name $dockerContainerName -d $dockerImageName Write-Host "Checkpoint-4" From 3bfbe217448ec6a85f4f844c98afa7b4e906cd98 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Sat, 7 Sep 2024 23:38:12 +0530 Subject: [PATCH 74/87] Update asoc.ps1 --- asoc.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/asoc.ps1 b/asoc.ps1 index a1c7d76..685dee1 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -661,7 +661,7 @@ function Create-EphemeralPresenceWithDocker{ $dockerContainerName = 'appscanpresence_container' $dockerImageName = 'appscanpresence_image' - $dockerfileName = 'dockerfile' + $dockerfileName = 'Dockerfile' #Start presence in a container if ((docker ps -a --format '{{.Names}}') -contains $dockerContainerName) { @@ -673,7 +673,7 @@ function Create-EphemeralPresenceWithDocker{ Write-Host "Checkpoint-2" Write-Host $env:GITHUB_ACTION_PATH/$dockerfileName Write-Host $dockerImageName - docker buildx build -f $env:GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName . + docker build -f $env:GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName . Write-Host "Checkpoint-3" docker run --name $dockerContainerName -d $dockerImageName Write-Host "Checkpoint-4" From 5289080b93ecfa5f9235c0243438ca4430747af4 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Sat, 7 Sep 2024 23:40:31 +0530 Subject: [PATCH 75/87] Update asoc.ps1 --- asoc.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/asoc.ps1 b/asoc.ps1 index 685dee1..a3a4577 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -673,7 +673,7 @@ function Create-EphemeralPresenceWithDocker{ Write-Host "Checkpoint-2" Write-Host $env:GITHUB_ACTION_PATH/$dockerfileName Write-Host $dockerImageName - docker build -f $env:GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName . + docker buildx build -f $env:GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName . Write-Host "Checkpoint-3" docker run --name $dockerContainerName -d $dockerImageName Write-Host "Checkpoint-4" From 0002d1203e172c2834a4875d809f4282c7edfc2e Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Mon, 9 Sep 2024 22:39:45 +0530 Subject: [PATCH 76/87] removed the debug messages --- asoc.ps1 | 13 ++----------- dockerfile | 2 -- 2 files changed, 2 insertions(+), 13 deletions(-) diff --git a/asoc.ps1 b/asoc.ps1 index a3a4577..d288faf 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -543,12 +543,10 @@ function Run-ASoC-DownloadPresence($presenceId, $OutputFileName, $platform){ } } #DEBUG - Write-Host "Inside DownloadPresence method" Write-Debug ($params | Format-Table | Out-String) $ProgressPreference = 'SilentlyContinue' $jsonOutput = Invoke-WebRequest @params -OutFile $OutputFileName - Write-Host "Inside DownloadPresence method but after response" $ProgressPreference = 'Continue' return $jsonOutput @@ -656,7 +654,6 @@ function Create-EphemeralPresenceWithDocker{ Write-Host "$presenceId" $output = Run-ASoC-DownloadPresence $presenceId $presenceFileName $platform Write-Host $output - Write-Host "Checkpoint-0" $dockerContainerName = 'appscanpresence_container' @@ -667,16 +664,10 @@ function Create-EphemeralPresenceWithDocker{ if ((docker ps -a --format '{{.Names}}') -contains $dockerContainerName) { docker stop $dockerContainerName docker rm $dockerContainerName - Write-Host "Checkpoint-1" } - - Write-Host "Checkpoint-2" - Write-Host $env:GITHUB_ACTION_PATH/$dockerfileName - Write-Host $dockerImageName - docker buildx build -f $env:GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName . - Write-Host "Checkpoint-3" + + docker build -f $env:GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName . docker run --name $dockerContainerName -d $dockerImageName - Write-Host "Checkpoint-4" #Pause for 5 seconds for the commands to complete Start-Sleep -Seconds 5 diff --git a/dockerfile b/dockerfile index 22b2dae..0fdfbe8 100644 --- a/dockerfile +++ b/dockerfile @@ -1,7 +1,5 @@ FROM registry.access.redhat.com/ubi8/ubi-minimal:latest LABEL description="AppScan Presence in Dockerfile for Linux Image" -Write-Host "Inside docker file" -RUN echo "Inside dockerfile" RUN microdnf update && \ microdnf install unzip && \ microdnf clean all From 157cfaa3a7f377350544c50f3afc44d560225fea Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Mon, 9 Sep 2024 22:45:06 +0530 Subject: [PATCH 77/87] removed the 'new' status --- asoc.ps1 | 6 ++---- main.ps1 | 2 +- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/asoc.ps1 b/asoc.ps1 index d288faf..1182153 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -294,9 +294,9 @@ function Run-ASoC-DownloadReport($reportID){ #policies options are 'All' or 'None' function Run-ASoC-GetIssueCount($scanID, $policyScope){ - #/api/v4/Issues/Scan/?applyPolicies=all&$filter=status eq 'Open' or Status eq 'InProgress' or Status eq 'Reopened' or Status eq ‘New’ &$apply=groupby((Status,Severity),aggregate($count as N)) + #/api/v4/Issues/Scan/?applyPolicies=all&$filter=status eq 'Open' or Status eq 'InProgress' or Status eq 'Reopened' &$apply=groupby((Status,Severity),aggregate($count as N)) $params = @{ - Uri = "$global:BaseAPIUrl/Issues/Scan/$scanID"+"?applyPolicies="+"$policyScope"+"&%24filter=Status%20eq%20%27Open%27%20or%20Status%20eq%20%27InProgress%27%20or%20Status%20eq%20%27Reopened%27%20or%20Status%20eq%20%27New%27&%24apply=groupby%28%28Status%2CSeverity%29%2Caggregate%28%24count%20as%20N%29%29" + Uri = "$global:BaseAPIUrl/Issues/Scan/$scanID"+"?applyPolicies="+"$policyScope"+"&%24filter=Status%20eq%20%27Open%27%20or%20Status%20eq%20%27InProgress%27%20or%20Status%20eq%20%27Reopened%27&%24apply=groupby%28%28Status%2CSeverity%29%2Caggregate%28%24count%20as%20N%29%29" Method = 'GET' Headers = @{ 'Content-Type' = 'application/json' @@ -651,9 +651,7 @@ function Create-EphemeralPresenceWithDocker{ #CREATE A NEW PRESENCE $presenceId = Run-ASoC-CreatePresence($presenceName) - Write-Host "$presenceId" $output = Run-ASoC-DownloadPresence $presenceId $presenceFileName $platform - Write-Host $output $dockerContainerName = 'appscanpresence_container' diff --git a/main.ps1 b/main.ps1 index 7daaec9..26df5c3 100644 --- a/main.ps1 +++ b/main.ps1 @@ -74,7 +74,7 @@ $global:jsonBodyInPSObject = @{ AppId = $env:INPUT_APPLICATION_ID Execute = $true Personal = [System.Convert]::ToBoolean($env:INPUT_PERSONAL_SCAN) - ClientType = "DastGithubAction-"+"-$env:GITHUB_ACTION_REF" + ClientType = "DastGithubAction"+"-$env:GITHUB_ACTION_REF" } #LOAD ALL ASOC FUNCTIONS FROM LIBRARY FILE asoc.ps1 From 32cd844c919cb598510e9dfacbf04e6015706e83 Mon Sep 17 00:00:00 2001 From: mattmurp Date: Thu, 12 Sep 2024 10:31:01 -0400 Subject: [PATCH 78/87] Update asoc.ps1 --- asoc.ps1 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/asoc.ps1 b/asoc.ps1 index 1182153..80925fe 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -653,7 +653,6 @@ function Create-EphemeralPresenceWithDocker{ $presenceId = Run-ASoC-CreatePresence($presenceName) $output = Run-ASoC-DownloadPresence $presenceId $presenceFileName $platform - $dockerContainerName = 'appscanpresence_container' $dockerImageName = 'appscanpresence_image' $dockerfileName = 'Dockerfile' @@ -664,7 +663,10 @@ function Create-EphemeralPresenceWithDocker{ docker rm $dockerContainerName } + Write-Host "Creating docker image..." docker build -f $env:GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName . + + Write-Host "Starting container..." docker run --name $dockerContainerName -d $dockerImageName #Pause for 5 seconds for the commands to complete From bdf79f6c1fa187958a84cdc6373c4b47979f859a Mon Sep 17 00:00:00 2001 From: mattmurp Date: Thu, 12 Sep 2024 10:34:49 -0400 Subject: [PATCH 79/87] Update asoc.ps1 --- asoc.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/asoc.ps1 b/asoc.ps1 index 80925fe..45d26cc 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -655,7 +655,7 @@ function Create-EphemeralPresenceWithDocker{ $dockerContainerName = 'appscanpresence_container' $dockerImageName = 'appscanpresence_image' - $dockerfileName = 'Dockerfile' + $dockerfileName = 'dockerfile' #Start presence in a container if ((docker ps -a --format '{{.Names}}') -contains $dockerContainerName) { From 6139eb8544dda9f3cac22a11d94105ab82b51639 Mon Sep 17 00:00:00 2001 From: mattmurp Date: Thu, 12 Sep 2024 10:49:14 -0400 Subject: [PATCH 80/87] Update asoc.ps1 --- asoc.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/asoc.ps1 b/asoc.ps1 index 45d26cc..9dd1ea3 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -664,7 +664,7 @@ function Create-EphemeralPresenceWithDocker{ } Write-Host "Creating docker image..." - docker build -f $env:GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName . + (docker build -f $env:GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName .) > $null Write-Host "Starting container..." docker run --name $dockerContainerName -d $dockerImageName From e5d4e5cc33a24fb299f36b0f871e4feaf0c2194c Mon Sep 17 00:00:00 2001 From: mattmurp Date: Thu, 12 Sep 2024 11:09:29 -0400 Subject: [PATCH 81/87] Update asoc.ps1 --- asoc.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/asoc.ps1 b/asoc.ps1 index 9dd1ea3..d080ff9 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -664,7 +664,7 @@ function Create-EphemeralPresenceWithDocker{ } Write-Host "Creating docker image..." - (docker build -f $env:GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName .) > $null + (docker build -f $env:GITHUB_ACTION_PATH/$dockerfileName -t $dockerImageName .) 2>&1 Write-Host "Starting container..." docker run --name $dockerContainerName -d $dockerImageName From 7bca8f2469bcf496915e7a7082321e1569123117 Mon Sep 17 00:00:00 2001 From: mattmurp Date: Thu, 12 Sep 2024 11:18:47 -0400 Subject: [PATCH 82/87] Update asoc.ps1 --- asoc.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/asoc.ps1 b/asoc.ps1 index d080ff9..c19ce5d 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -610,7 +610,7 @@ function Run-ASoC-CheckPresenceStatus($presenceId){ #CREATE PRESENCE $params = @{ - Uri = "$global:BaseAPIUrl/Presences/"+"$filter=Id eq "+$presenceId + Uri = "$global:BaseAPIUrl/Presences?$filter=Id eq "+$presenceId Method = 'GET' Headers = @{ Authorization = "Bearer $global:BearerToken" From 71c701c65a6795f5ae5f9eeccbec9f9205439d82 Mon Sep 17 00:00:00 2001 From: mattmurp Date: Thu, 12 Sep 2024 11:26:40 -0400 Subject: [PATCH 83/87] Update asoc.ps1 --- asoc.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/asoc.ps1 b/asoc.ps1 index c19ce5d..dd36590 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -610,7 +610,7 @@ function Run-ASoC-CheckPresenceStatus($presenceId){ #CREATE PRESENCE $params = @{ - Uri = "$global:BaseAPIUrl/Presences?$filter=Id eq "+$presenceId + Uri = "$global:BaseAPIUrl/Presences?%24filter=Id%20eq%20"+$presenceId Method = 'GET' Headers = @{ Authorization = "Bearer $global:BearerToken" From b5f819eae051e88f0df53bcf582e9595362dc1df Mon Sep 17 00:00:00 2001 From: mattmurp Date: Thu, 12 Sep 2024 11:50:51 -0400 Subject: [PATCH 84/87] Update asoc.ps1 --- asoc.ps1 | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/asoc.ps1 b/asoc.ps1 index dd36590..ace121b 100644 --- a/asoc.ps1 +++ b/asoc.ps1 @@ -1,4 +1,4 @@ -# Copyright 2023 HCL America +# Copyright 2023, 2024 HCL America # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,7 +12,17 @@ # See the License for the specific language governing permissions and # limitations under the License. +$Os = 'linux' +if($IsMacOS){ + $Os = 'mac' +}elseif($IsWindows){ + $Os = 'win' +} + +$ClientType = "github-dast-$Os-$env:GITHUB_ACTION_REF" + Write-Host "Loading Library functions from asoc.ps1" + #FUNCTIONS function Login-ASoC { @@ -28,6 +38,7 @@ function Login-ASoC { Headers = @{ 'Content-Type' = 'application/json' 'accept' = 'application/json' + 'ClientType' = "$ClientType" } } #DEBUG @@ -144,6 +155,7 @@ function Run-ASoC-DynamicAnalyzerAPI($json){ Body = $json Headers = @{ 'Content-Type' = 'application/json' + 'ClientType' = "$ClientType" Authorization = "Bearer $global:BearerToken" } } From a52f8be844ca4da97782fce626c3a35550be981e Mon Sep 17 00:00:00 2001 From: mattmurp Date: Thu, 12 Sep 2024 11:56:45 -0400 Subject: [PATCH 85/87] Update main.ps1 --- main.ps1 | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/main.ps1 b/main.ps1 index 26df5c3..a07c86f 100644 --- a/main.ps1 +++ b/main.ps1 @@ -1,4 +1,4 @@ -# Copyright 2023 HCL America +# Copyright 2023, 2024 HCL America # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,6 +14,13 @@ Write-Host "Starting ASoC script" +$Os = 'linux' +if($IsMacOS){ + $Os = 'mac' +}elseif($IsWindows){ + $Os = 'win' +} + #DEBUG - To show DEBUG Messages, set $DebugPreference = 'Continue' @@ -74,7 +81,7 @@ $global:jsonBodyInPSObject = @{ AppId = $env:INPUT_APPLICATION_ID Execute = $true Personal = [System.Convert]::ToBoolean($env:INPUT_PERSONAL_SCAN) - ClientType = "DastGithubAction"+"-$env:GITHUB_ACTION_REF" + ClientType = "github-dast-$Os-$env:GITHUB_ACTION_REF" } #LOAD ALL ASOC FUNCTIONS FROM LIBRARY FILE asoc.ps1 From e5ac40ac2abfa894a2d171c5746bdaeb2db2623c Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Tue, 17 Sep 2024 11:31:26 +0530 Subject: [PATCH 86/87] Adding copyright years --- action.yml | 3 +-- cancelJob.ps1 | 2 +- main.ps1 | 1 - 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/action.yml b/action.yml index d9be4ba..c4c3901 100644 --- a/action.yml +++ b/action.yml @@ -1,4 +1,4 @@ -# Copyright 2023 HCL America +# Copyright 2023, 2024 HCL America # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -101,7 +101,6 @@ inputs: description: 'set to personal scan' required: false default: 'false' - #intervention: # description: 'allow scan intervention' # required: false diff --git a/cancelJob.ps1 b/cancelJob.ps1 index 48a77c8..fdba09f 100644 --- a/cancelJob.ps1 +++ b/cancelJob.ps1 @@ -1,4 +1,4 @@ -# Copyright 2023 HCL America +# Copyright 2023, 2024 HCL America # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/main.ps1 b/main.ps1 index 26df5c3..fbb58e4 100644 --- a/main.ps1 +++ b/main.ps1 @@ -74,7 +74,6 @@ $global:jsonBodyInPSObject = @{ AppId = $env:INPUT_APPLICATION_ID Execute = $true Personal = [System.Convert]::ToBoolean($env:INPUT_PERSONAL_SCAN) - ClientType = "DastGithubAction"+"-$env:GITHUB_ACTION_REF" } #LOAD ALL ASOC FUNCTIONS FROM LIBRARY FILE asoc.ps1 From 2bc1774121a3e7b8633d35f720523d09ae9ab7c2 Mon Sep 17 00:00:00 2001 From: Vishal-Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Wed, 18 Sep 2024 14:43:23 +0530 Subject: [PATCH 87/87] ASA-9513 Handling the deprecated api's - v3 and node16 --- README.md | 18 +++++++++--------- action.yml | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 5b3ca6c..2225277 100644 --- a/README.md +++ b/README.md @@ -97,9 +97,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run ASoC DAST Scan - uses: HCL-TECH-SOFTWARE/appscan-dast-action@v1.0.5 + uses: HCL-TECH-SOFTWARE/appscan-dast-action@v1.0.6 with: baseurl: https://cloud.appscan.com asoc_key: ${{secrets.ASOC_KEY}} @@ -113,7 +113,7 @@ jobs: network: public fail_for_noncompliance: false wait_for_analysis: true - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 name: Upload HCL AppScan HTML Report to Github Artifacts with: name: AppScan Security Scan HTML Report @@ -131,9 +131,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run ASoC DAST Scan - uses: HCL-TECH-SOFTWARE/appscan-dast-action@v1.0.5 + uses: HCL-TECH-SOFTWARE/appscan-dast-action@v1.0.6 with: baseurl: https://cloud.appscan.com asoc_key: ${{secrets.ASOC_KEY}} @@ -145,7 +145,7 @@ jobs: presence_id: f185efda-67bf-ed11-ba76-14cb65723612 fail_for_noncompliance: false wait_for_analysis: true - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 name: Upload HCL AppScan HTML Report to Github Artifacts with: name: AppScan Security Scan HTML Report @@ -162,9 +162,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run ASoC DAST Scan - uses: HCL-TECH-SOFTWARE/appscan-dast-action@v1.0.5 + uses: HCL-TECH-SOFTWARE/appscan-dast-action@v1.0.6 with: baseurl: https://cloud.appscan.com @@ -174,7 +174,7 @@ jobs: dynamic_scan_type: dast starting_URL: 'https://demo.testfire.net' ephemeral_presence: true - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 name: Upload HCL AppScan HTML Report to Github Artifacts with: name: AppScan Security Scan HTML Report diff --git a/action.yml b/action.yml index c4c3901..6536b63 100644 --- a/action.yml +++ b/action.yml @@ -132,7 +132,7 @@ inputs: default: 'High' runs: - using: 'node16' + using: 'node20' main: 'main.js' post: 'cancelJob.js' post-if: cancelled()