add:framework-zap

Authentication_ZAP_GT_CRIVO/.gitignore

@@ -0,0 +1,170 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+#poetry.lock
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#pdm.lock
+#   pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
+#   in version control.
+#   https://pdm.fming.dev/latest/usage/project/#working-with-version-control
+.pdm.toml
+.pdm-python
+.pdm-build/
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# PyCharm
+#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#  and can be added to the global gitignore or merged into this file.  For a more nuclear
+#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
+#.idea/
+
+# arquivos
+user_data_test.py
+tests/
+notas.txt
+contexto.py
+test.py
+Command_container.txt

Authentication_ZAP_GT_CRIVO/Makefile

@@ -0,0 +1,21 @@
+generate_key:
+	@echo "Generating API key..."
+	@python3 -c 'import random; import string; key = "".join(random.choices(string.ascii_lowercase + string.digits, k=26)); print(key)' > apikey.txt
+
+update_env:
+	@key=$$(cat apikey.txt); \
+	echo "Key to be used: $$key"; \
+	if grep -q '^ZAP_API_KEY=' file.env; then \
+		sed -i "s/^ZAP_API_KEY=.*/ZAP_API_KEY=$$key/" file.env; \
+	else \
+		echo "ZAP_API_KEY=$$key" >> file.env; \
+	fi
+	@echo "file.env updated successfully!"
+	rm apikey.txt
+
+
+run: generate_key update_env
+	@echo "Starting services with new API key..."
+	docker compose --env-file file.env up --build --force-recreate -d
+	./copy.sh $(DIR)
+	rm file.env

Authentication_ZAP_GT_CRIVO/copy.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+set -eu
+
+# Check if only 1 argument was passed
+if [ "$#" -ne 1 ]; then
+    echo "Usage: $0 <source_directory>"
+    exit 1
+fi
+
+# Argument for the directory to be copied
+SOURCE=$1
+
+DEST_DIR="input_config" 
+# volume in compose 
+DESTINATION="/shared_data/$DEST_DIR"
+
+# Check if the source directory exists
+if [ ! -d "$SOURCE" ]; then
+    echo "Error: Source directory '$SOURCE' does not exist."
+    exit 1
+fi
+
+# Check if the destination directory exists, if not, create it
+docker compose exec framework bash -c "mkdir -p $DESTINATION && rm -rf $DESTINATION/*"
+
+# command that deletes all configuration files if any before copying the new ones.
+
+# Copy only the .json content from the source directory to the volume
+for file in "$SOURCE"/*.json; do
+    if [ -f "$file" ]; then
+        docker compose cp "$file" framework:"$DESTINATION/$(basename "$file")"
+    fi
+done
+
+echo "Content copied from $SOURCE to $DESTINATION successfully."

Authentication_ZAP_GT_CRIVO/docker-compose.yml

@@ -0,0 +1,34 @@
+services:
+  zaproxy:
+    image: zaproxy/zap-weekly
+    command: ["zap.sh", "-config", "api.key=${ZAP_API_KEY}", "-daemon", "-host", "0.0.0.0", "-port", "8080", "-config", "api.addrs.addr.name=.*", "-config", "api.addrs.addr.regex=true"]
+    ports:
+      - "8080:8080"
+    networks:
+      - zapnet
+    environment:
+      - ZAP_API_KEY=${ZAP_API_KEY}
+    volumes:
+      - shared_data:/shared_data
+
+  framework:
+    build: ./framework
+    environment:
+      - FIREFOX=/usr/local/bin/geckodriver
+      - ZAP_API_KEY=${ZAP_API_KEY}
+      - ZAP_PROXY_ADDRESS=zaproxy
+      - ZAP_PROXY_PORT=8080
+    networks:
+      - zapnet
+    depends_on:
+      - zaproxy
+    volumes:
+      - ./framework:/app
+      - shared_data:/shared_data
+
+networks:
+  zapnet:
+    driver: bridge
+
+volumes:
+  shared_data:

Authentication_ZAP_GT_CRIVO/example.json

@@ -0,0 +1,8 @@
+{
+    "context": "",
+    "url": [],
+    "url_login": "",
+    "report_title": "Report",
+    "login": "",
+    "password": ""
+}

Authentication_ZAP_GT_CRIVO/framework/Dockerfile

@@ -0,0 +1,35 @@
+FROM python:3.12.5-slim
+
+# Install necessary dependencies
+RUN apt-get update && \
+    apt-get install -y \
+    wget \
+    unzip \
+    libxi6 \
+    libgconf-2-4 \
+    default-jdk \
+    python3-pip \
+    firefox-esr \
+    curl && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+# Install geckodriver
+RUN wget https://github.com/mozilla/geckodriver/releases/download/v0.29.1/geckodriver-v0.29.1-linux64.tar.gz -O /tmp/geckodriver.tar.gz && \
+    tar -xzf /tmp/geckodriver.tar.gz -C /usr/local/bin/ && \
+    rm /tmp/geckodriver.tar.gz
+
+# Install Python dependencies
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+# Copy your application code to the container
+COPY . /app
+WORKDIR /app
+
+# Set environment variables
+ENV FIREFOX="/usr/local/bin/geckodriver"
+ENV ZAP_PROXY_ADDRESS="zaproxy"
+
+# Command to start the application after zap started
+CMD sleep 30 && python3 main.py

Authentication_ZAP_GT_CRIVO/framework/autentication/autentication.py

@@ -0,0 +1,69 @@
+from selenium.common.exceptions import NoSuchElementException
+from selenium.webdriver.common.by import By
+import logging
+
+logging.basicConfig(level=logging.INFO, format='%(message)s')
+
+def find_element_by_attribute(driver, attribute, value):
+    """
+
+    Find an element on the website based on the specified attribute.
+
+    """
+    try:
+        if attribute == "name":
+            element = driver.find_element(By.NAME, value)
+        elif attribute == "type":
+            element = driver.find_element(By.CSS_SELECTOR, f"input[type='{value}']")
+        elif attribute == "placeholder":
+            element = driver.find_element(
+                By.CSS_SELECTOR, f"input[placeholder='{value}']"
+            )
+        else:
+            raise ValueError(f"Atributo inválido: {attribute}")
+        logging.info(f"Element found successfully.")
+        return element
+    except NoSuchElementException:
+        logging.info(f"Element not found based on attribute '{attribute}'.")
+        return None
+
+
+def validate_by_attribute(driver, attribute, value):
+    """
+
+    Validate if an element with the given attribute and value is displayed on the page.
+
+    """
+    try:
+        if attribute == "name":
+            if driver.find_element(By.NAME, value).is_displayed():
+                pass
+        elif attribute == "type":
+            if driver.find_element(
+                By.CSS_SELECTOR, f"input[type='{value}']"
+            ).is_displayed():
+                pass
+        elif attribute == "placeholder":
+            if driver.find_element(
+                By.CSS_SELECTOR, f"input[placeholder='{value}']"
+            ).is_displayed():
+                pass
+        logging.info("Failed to log in!")
+        driver.refresh()
+        return
+    except:
+        logging.info("Login successful!")
+
+
+def check_credentials(request, credencial_login, credencial_passsword):
+    """
+
+    This function receives a string and two credentials and checks if both credentials are present in the request body string.
+    The function can check if the credentials are the same by verifying the number of occurrences in the string.
+    And it checks if both credentials are present in the string.
+
+    """
+    if credencial_login == credencial_passsword:
+        return request.count(credencial_login) >= 2
+    else:
+        return credencial_login in request and credencial_passsword in request