diff --git a/.github/workflows/c4po-ci.yml b/.github/workflows/c4po-ci.yml index 271bc11..fe89b39 100644 --- a/.github/workflows/c4po-ci.yml +++ b/.github/workflows/c4po-ci.yml @@ -9,7 +9,6 @@ name: "Security C4PO CI" - on: pull_request: branches: [ "main" ] diff --git a/.github/workflows/c4po-release.yml b/.github/workflows/c4po-release.yml index 5c06bd4..dce1e63 100644 --- a/.github/workflows/c4po-release.yml +++ b/.github/workflows/c4po-release.yml @@ -79,7 +79,7 @@ jobs: - uses: actions/upload-artifact@v3 with: name: API-jar - path: security-c4po-api/build/libs/security-c4po-api-0.0.1-SNAPSHOT.jar # artifacts/api.jar + path: security-c4po-api/build/libs/ reporting_job: name: "Reporting Job" @@ -109,7 +109,7 @@ jobs: - uses: actions/upload-artifact@v3 with: name: REPORTING-jar - path: security-c4po-reporting/build/libs/security-c4po-reporting-0.0.1-SNAPSHOT.jar # artifacts/reporting.jar + path: security-c4po-reporting/build/libs/ push_c4po_to_docker_hub: name: "Push images to Docker Hub" @@ -121,33 +121,6 @@ jobs: steps: - name: "Check out the repo" uses: actions/checkout@v3 - - - name: Download jar api artifact - uses: actions/download-artifact@v3 - with: - name: API-jar - path: security-c4po-api/build/libs/security-c4po-api-0.0.1-SNAPSHOT.jar - - - name: Download jar reporting artifact - uses: actions/download-artifact@v3 - with: - name: REPORTING-jar - path: security-c4po-reporting/build/libs/security-c4po-reporting-0.0.1-SNAPSHOT.jar - - - name: "Set up Docker Compose" - # https://github.com/marketplace/actions/docker-compose-action - uses: isbang/compose-action@v1.4.1 - with: - compose-file: ./security-c4po-cfg/docker-compose.yml - - - name: "Build Docker images" - run: | - cd $CFG_PATH - docker-compose build \ - --build-arg TAG=c4po:${{ github.run_number }} \ - --build-arg VERSION=c4po:${{ github.run_number }} \ - --build-arg JAR_FILE_API=security-c4po-api/build/libs/security-c4po-api-0.0.1-SNAPSHOT.jar \ - --build-arg JAR_FILE_REPORT=security-c4po-reporting/build/libs/security-c4po-reporting-0.0.1-SNAPSHOT.jar - name: "Log in to Docker Hub" uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a @@ -161,16 +134,40 @@ jobs: with: images: cellecram/security-c4po # my-docker-hub-namespace/my-docker-hub-repository - - name: "Push Docker images" + - name: Download jar api artifact + uses: actions/download-artifact@v3 + with: + name: API-jar + path: security-c4po-api/build/libs/ + + - name: Download jar reporting artifact + uses: actions/download-artifact@v3 + with: + name: REPORTING-jar + path: security-c4po-reporting/build/libs/ + + - name: "Set up Docker Buildx" + uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 #v1 + + - name: "Buildx & Push Docker images for AMD64 & ARM64" run: | - docker image ls - docker image tag security-c4po-angular cellecram/security-c4po:angular - docker image push cellecram/security-c4po:angular - docker image tag security-c4po-api cellecram/security-c4po:api - docker image push cellecram/security-c4po:api - docker image tag security-c4po-reporting cellecram/security-c4po:reporting - docker image push cellecram/security-c4po:reporting - docker image tag quay.io/keycloak/keycloak:20.0.0 cellecram/security-c4po:keycloak - docker image push cellecram/security-c4po:keycloak - docker image tag mongo:5.0.0-focal cellecram/security-c4po:mongo - docker image push cellecram/security-c4po:mongo + cd $CFG_PATH + docker buildx build --push \ + --platform linux/amd64,linux/arm64 \ + --tag cellecram/security-c4po:mongo ./c4po-db + docker buildx build --push \ + --platform linux/amd64,linux/arm64 \ + --tag cellecram/security-c4po:keycloak ./c4po-keycloak + docker buildx build --push \ + --build-arg JAR_FILE_REPORT=./build/libs/security-c4po-reporting-0.0.1-SNAPSHOT.jar \ + --build-arg SPRING_PROFILES_ACTIVE=COMPOSE \ + --platform linux/amd64,linux/arm64 \ + --tag cellecram/security-c4po:reporting ../security-c4po-reporting + docker buildx build --push \ + --build-arg JAR_FILE_API=./build/libs/security-c4po-api-0.0.1-SNAPSHOT.jar \ + --build-arg SPRING_PROFILES_ACTIVE=COMPOSE \ + --platform linux/amd64,linux/arm64 \ + --tag cellecram/security-c4po:api ../security-c4po-api + docker buildx build --push \ + --platform linux/amd64,linux/arm64 \ + --tag cellecram/security-c4po:angular ../security-c4po-angular diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index bfdee12..59a1152 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -37,21 +37,20 @@ By participating, you are expected to uphold this code. ## Local development Security-C4PO and all it's included micorservices can be developed locally. -Execute 'c4po.sh' and all services will run on a dev server. +Execute `c4po-dev.sh` and all services will run on a dev server. #### Testuser Credentials: -* Username: ttt +* Username: c4po * Password: Test1234! #### Technical Environment Requirements * Docker / Docker-compose * OpenJDK 11 * Node 14.15.1 / npm 6.14.8 -* MongoDB 4.4.6 #### Helpfull Tools * mongoDB Compass * Postman -## Additional Notes -lorem ipsum. +## Issue Board +[C4PO Board](https://github.com/Marcel-Haag/security-c4po/projects/1) diff --git a/README.md b/README.md index 40aca30..2fa1769 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ ![workflow_badge](https://github.com/Marcel-Haag/security-c4po/actions/workflows/c4po-ci.yml/badge.svg?branch=main) ![workflow_badge](https://github.com/Marcel-Haag/security-c4po/actions/workflows/c4po-release.yml/badge.svg?branch=main) -![alt architecture](./wiki/repository-open-graph-c4po.png) +![alt architecture](./wiki/repository-owasp-guide-c4po.png) Welcome to the frontend repository of Security C4PO, an open-source pentest reporting tool. Security C4PO is a powerful, user-friendly tool designed to simplify the process of generating professional pentest reports. @@ -13,6 +13,7 @@ This repository contains the codebase of Security C4PO, built with an Angular Fr ## Table of Contents +* [Docker Hub Setup](#docker-hub-setup) * [Application Architecture](#application-architecture) * [Data Structure](#data-structure) * [C4PO Roadmap](#c4po-roadmap) @@ -25,6 +26,23 @@ This repository contains the codebase of Security C4PO, built with an Angular Fr * [Contributing](#contributing) * [License](#license) +## Docker Hub Setup +[![Docker](https://img.shields.io/badge/docker-%230db7ed.svg?style=for-the-badge&logo=docker&logoColor=white)](https://hub.docker.com/repository/docker/cellecram/security-c4po/general) +* Pull all images: + * `docker image pull --all-tags cellecram/security-c4po` +* Create network: + * `docker network create -d bridge c4po +* Start images: + * `docker run --network=c4po --name c4po-keycloak -d -p 8080:8080 cellecram/security-c4po:keycloak` + * `docker run --network=c4po --name c4po-db -d -p 27017:27017 cellecram/security-c4po:mongo` + * `docker run --network=c4po --name c4po-angular -d -p 4200:4200 cellecram/security-c4po:angular` + * `docker run --network=c4po -e "SPRING_PROFILES_ACTIVE=COMPOSE" --name c4po-api -d -p 8443:8443 cellecram/security-c4po:api` + * `docker run --network=c4po -e "SPRING_PROFILES_ACTIVE=COMPOSE" --name c4po-reporting -d -p 8444:8444 cellecram/security-c4po:reporting` + +### OR: Run Script (Docker Hub) +Execute `c4po-prod.sh` and all services will be pulled from Docker Hub and started. +You can reach the application by entering http://localhost:4200 in you browser. + ## Application Architecture ![alt architecture](./wiki/C4PO-Architecture.png) @@ -40,7 +58,6 @@ This repository contains the codebase of Security C4PO, built with an Angular Fr ![RxJS](https://img.shields.io/badge/rxjs-%23B7178C.svg?style=for-the-badge&logo=reactivex&logoColor=white) ![Spring](https://img.shields.io/badge/spring-%236DB33F.svg?style=for-the-badge&logo=spring&logoColor=white) ![Gradle](https://img.shields.io/badge/Gradle-02303A.svg?style=for-the-badge&logo=Gradle&logoColor=white) -![Docker](https://img.shields.io/badge/docker-%230db7ed.svg?style=for-the-badge&logo=docker&logoColor=white) ![MongoDB](https://img.shields.io/badge/MongoDB-%234ea94b.svg?style=for-the-badge&logo=mongodb&logoColor=white) ### Technical Requirements @@ -59,7 +76,8 @@ This repository contains the codebase of Security C4PO, built with an Angular Fr * Commit: `feat: ` or `fix: ` ### Development server -Execute 'c4po.sh' and all services will run on a dev server. +Execute `c4po-dev.sh` and all services will run on a dev server. +You can reach the application by entering http://localhost:4200 in you browser. ### Testuser Credentials * Username: c4po diff --git a/c4po.sh b/c4po-dev.sh similarity index 74% rename from c4po.sh rename to c4po-dev.sh index 971c5f8..79ac7a7 100755 --- a/c4po.sh +++ b/c4po-dev.sh @@ -22,12 +22,16 @@ docker rm -f c4po-angular echo -e "\n" echo "-----------------Start Build------------------" +echo " - Report Engine: " +docker-compose -f ${compose} build c4po-db +echo " - Report Engine: " +docker-compose -f ${compose} build c4po-keycloak echo -e "\n" echo " - Report Engine: " -docker-compose -f ${compose} build c4po-reporting #--build-arg JAR_FILE_REPORT=security-c4po-reporting/build/libs/security-c4po-reporting-0.0.1-SNAPSHOT.jar +docker-compose -f ${compose} build c4po-reporting --build-arg JAR_FILE_REPORT=./build/libs/security-c4po-reporting-0.0.1-SNAPSHOT.jar ### toggle for additional build args ### echo -e "\n" echo " - Backend: " -docker-compose -f ${compose} build c4po-api #--build-arg JAR_FILE_API=security-c4po-api/build/libs/security-c4po-api-0.0.1-SNAPSHOT.jar +docker-compose -f ${compose} build c4po-api --build-arg JAR_FILE_API=./build/libs/security-c4po-api-0.0.1-SNAPSHOT.jar ### toggle for additional build args ### echo -e "\n" echo " - Frontend: " docker-compose -f ${compose} build c4po-angular diff --git a/c4po-prod.sh b/c4po-prod.sh new file mode 100755 index 0000000..f47ddcd --- /dev/null +++ b/c4po-prod.sh @@ -0,0 +1,35 @@ +#!/bin/bash +baseDir=$(pwd) +compose=$baseDir"/security-c4po-cfg/docker-compose.yml" + +echo -e " +_______ _______ _______ _ _ ______ _____ _______ __ __ +|______ |______ | | | |_____/ | | \_/ +______| |______ |_____ |_____| | \_ __|__ | | _/_/_/ _/ _/ _/_/_/ _/_/ + _/ _/ _/ _/ _/ _/ _/ + _/ _/_/_/_/ _/_/_/ _/ _/ + _/ _/ _/ _/ _/ + _/_/_/ _/ _/ _/_/ +\n" + +echo "---------------Pull C4PO from Docker Hub----------------" +echo -e "\n" +docker image pull --all-tags cellecram/security-c4po +echo -e "\n" + +echo "---------------Create Network----------------" +echo -e "\n" +docker network create -d bridge c4po +echo -e "\n" + +echo "---------------Start Containers---------------" +echo -e "\n" +docker run --network=c4po --name c4po-keycloak -d -p 8080:8080 cellecram/security-c4po:keycloak +echo -e "\n" +docker run --network=c4po --name c4po-db -d -p 27017:27017 cellecram/security-c4po:mongo +echo -e "\n" +docker run --network=c4po --name c4po-angular -d -p 4200:4200 cellecram/security-c4po:angular +echo -e "\n" +docker run --network=c4po -e "SPRING_PROFILES_ACTIVE=COMPOSE" --name c4po-api -d -p 8443:8443 cellecram/security-c4po:api +echo -e "\n" +docker run --network=c4po -e "SPRING_PROFILES_ACTIVE=COMPOSE" --name c4po-reporting -d -p 8444:8444 cellecram/security-c4po:reporting diff --git a/security-c4po-angular/Dockerfile b/security-c4po-angular/Dockerfile index 257137d..8a0f7a0 100644 --- a/security-c4po-angular/Dockerfile +++ b/security-c4po-angular/Dockerfile @@ -1,5 +1,5 @@ # base image -FROM node:14.15.3 +FROM node:14 # set working directory WORKDIR /app @@ -9,8 +9,8 @@ ENV PATH /app/node_modules/.bin:$PATH # install and cache app dependencies COPY package.json /app/package.json -RUN npm install -RUN npm install -g @angular/cli@12.2.17 +RUN NODE_ENV=development npm install +RUN NODE_ENV=development npm install -g @angular/cli@12.2.17 # add app COPY . /app diff --git a/security-c4po-angular/angular.json b/security-c4po-angular/angular.json index 9155bfb..c3bd573 100644 --- a/security-c4po-angular/angular.json +++ b/security-c4po-angular/angular.json @@ -72,17 +72,25 @@ "budgets": [ { "type": "initial", - "maximumWarning": "3mb", - "maximumError": "5mb" + "maximumWarning": "5mb", + "maximumError": "8mb" }, { "type": "anyComponentStyle", "maximumWarning": "6kb" } ] + }, + "development": { + "buildOptimizer": false, + "optimization": false, + "vendorChunk": true, + "extractLicenses": false, + "sourceMap": true, + "namedChunks": true } }, - "defaultConfiguration": "" + "defaultConfiguration": "production" }, "serve": { "builder": "@angular-devkit/build-angular:dev-server", @@ -91,7 +99,7 @@ }, "configurations": { "production": { - "browserTarget": "security-c4po-angular:build:production" + "browserTarget": "security-c4po-angular:build:development" } } }, diff --git a/security-c4po-angular/src/app/header/header.component.html b/security-c4po-angular/src/app/header/header.component.html index 508a40c..ed0b672 100644 --- a/security-c4po-angular/src/app/header/header.component.html +++ b/security-c4po-angular/src/app/header/header.component.html @@ -46,4 +46,3 @@ - diff --git a/security-c4po-api/Dockerfile b/security-c4po-api/Dockerfile index b986f2d..a247cda 100644 --- a/security-c4po-api/Dockerfile +++ b/security-c4po-api/Dockerfile @@ -1,11 +1,7 @@ FROM openjdk:11-jre ENV TZ=UTC -#ARG JAR_FILE_API - -#RUN if [[ -z "$JAR_FILE_API" ]] ; then COPY ./build/libs/security-c4po-api-0.0.1-SNAPSHOT.jar app.jar / ; else COPY ${JAR_FILE_API} app.jar ; fi - -#COPY ${JAR_FILE_API} app.jar +ARG JAR_FILE_API RUN groupadd -g 9999 security-c4po-api && \ useradd -r -u 9999 -g security-c4po-api security-c4po-api @@ -13,13 +9,15 @@ RUN mkdir /data RUN chown security-c4po-api:security-c4po-api /data USER security-c4po-api +# GET CURRENT STAGE +ARG STAGE +ENV ENV_STAGE=$STAGE + # COPY PACKAGE INTO IMAGE -COPY ./build/libs/security-c4po-api-0.0.1-SNAPSHOT.jar / +COPY ${JAR_FILE_API} app.jar USER security-c4po-api EXPOSE 8443 # WAIT FOR KEYCLOAK & RUN JAVA COPY ./wait-for-keycloak.sh / -# CMD [ "java", "-jar", "security-c4po-api-0.0.1-SNAPSHOT.jar" ] -ENTRYPOINT [ "./wait-for-keycloak.sh", "http://c4po-keycloak:8080/auth/realms/c4po_realm_local", "java", "-Dspring.profiles.active=${SPRING_PROFILES_ACTIVE}", "-jar", "security-c4po-api-0.0.1-SNAPSHOT.jar" ] -#ENTRYPOINT [ "./wait-for-keycloak.sh", "http://c4po-keycloak:8080/auth/realms/c4po_realm_local", "java", "-Dspring.profiles.active=${SPRING_PROFILES_ACTIVE}", "-jar", "app.jar" ] \ No newline at end of file +ENTRYPOINT [ "./wait-for-keycloak.sh", "http://c4po-keycloak:8080/auth/realms/c4po_realm_local", "java", "-Dspring.profiles.active=${SPRING_PROFILES_ACTIVE}", "-jar", "app.jar" ] diff --git a/security-c4po-api/security-c4po-api.postman_collection.json b/security-c4po-api/security-c4po-api.postman_collection.json index a9e29c6..94c1a12 100644 --- a/security-c4po-api/security-c4po-api.postman_collection.json +++ b/security-c4po-api/security-c4po-api.postman_collection.json @@ -1,9 +1,9 @@ { "info": { - "_postman_id": "6f244dd9-5264-497a-9ea4-1ae73e172624", + "_postman_id": "6329294d-deb2-449d-9fec-ac2f3fef46f3", "name": "security-c4po-api", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", - "_exporter_id": "5225213" + "_exporter_id": "14503169" }, "item": [ { @@ -235,95 +235,6 @@ } ] }, - { - "name": "keycloak", - "item": [ - { - "name": "getKeycloakConfiguration", - "request": { - "method": "GET", - "header": [], - "url": { - "raw": "http://localhost:8080/auth/realms/c4po_realm_local/.well-known/openid-configuration", - "protocol": "http", - "host": [ - "localhost" - ], - "port": "8080", - "path": [ - "auth", - "realms", - "c4po_realm_local", - ".well-known", - "openid-configuration" - ] - } - }, - "response": [] - }, - { - "name": "postKeycloakToken", - "request": { - "method": "POST", - "header": [], - "body": { - "mode": "urlencoded", - "urlencoded": [ - { - "key": "client_id", - "value": "c4po_local", - "type": "text" - }, - { - "key": "username", - "value": "ttt", - "type": "text" - }, - { - "key": "password", - "value": "Test1234!", - "type": "text" - }, - { - "key": "grant_type", - "value": "password", - "type": "text" - }, - { - "key": "token", - "value": "", - "type": "text", - "disabled": true - }, - { - "key": "client_secret", - "value": "secret", - "type": "text", - "disabled": true - } - ] - }, - "url": { - "raw": "http://localhost:8080/auth/realms/c4po_realm_local/protocol/openid-connect/token", - "protocol": "http", - "host": [ - "localhost" - ], - "port": "8080", - "path": [ - "auth", - "realms", - "c4po_realm_local", - "protocol", - "openid-connect", - "token" - ] - } - }, - "response": [] - } - ] - }, { "name": "pentests", "item": [ diff --git a/security-c4po-api/wait-for-keycloak.sh b/security-c4po-api/wait-for-keycloak.sh index 11c112e..7d07e1f 100755 --- a/security-c4po-api/wait-for-keycloak.sh +++ b/security-c4po-api/wait-for-keycloak.sh @@ -6,7 +6,7 @@ set -e host="$1" shift -printf 'Waiting for keycloak...' +printf 'Waiting for Keycloak...' until $(curl --output /dev/null --silent --head --fail $host); do printf '.' sleep 4 diff --git a/security-c4po-cfg/c4po-db/Dockerfile b/security-c4po-cfg/c4po-db/Dockerfile new file mode 100644 index 0000000..5cc2ab8 --- /dev/null +++ b/security-c4po-cfg/c4po-db/Dockerfile @@ -0,0 +1,16 @@ +# Use an official MongoDB as the base image +FROM mongo:5.0.0-focal + +# Set environment variables for MongoDB +ENV MONGO_INITDB_ROOT_USERNAME=admin +ENV MONGO_INITDB_ROOT_PASSWORD=Test1234! +ENV MONGO_INITDB_DATABASE=admin + +# Copy custom configuration file if needed +# COPY mongod.conf /etc/mongod.conf + +# Expose MongoDB default port +EXPOSE 27017 + +# Start MongoDB server +CMD ["mongod"] \ No newline at end of file diff --git a/security-c4po-cfg/c4po-keycloak/Dockerfile b/security-c4po-cfg/c4po-keycloak/Dockerfile new file mode 100644 index 0000000..c13bb05 --- /dev/null +++ b/security-c4po-cfg/c4po-keycloak/Dockerfile @@ -0,0 +1,25 @@ +# Use the base Keycloak image +FROM quay.io/keycloak/keycloak:20.0.0 + +# Set environment variables if needed +ENV KEYCLOAK_ADMIN=admin +ENV KEYCLOAK_ADMIN_PASSWORD=admin +ENV KC_HTTP_RELATIVE_PATH=/auth + +# Copy custom themes or configuration files if needed +# COPY my-theme /opt/keycloak/themes/my-theme + +# Expose Keycloak ports +EXPOSE 8080 + +# Create a directory to hold imported data +RUN mkdir -p /opt/keycloak/data/import + +# Copy the realm export file into the import directory +COPY c4po_realm_export.json /opt/keycloak/data/import/c4po_realm_export.json + +# Set the custom entrypoint +ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "--spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true", "start-dev", "--import-realm"] + +# Start the Keycloak server with the imported realm configuration +# CMD ["/opt/keycloak/bin/kc.sh", "start-dev", "-b", "0.0.0.0", "-Dkeycloak.import=/opt/keycloak/data/import/c4po_realm_export.json"] \ No newline at end of file diff --git a/security-c4po-cfg/cfg/c4po_realm_export.json b/security-c4po-cfg/c4po-keycloak/c4po_realm_export.json similarity index 100% rename from security-c4po-cfg/cfg/c4po_realm_export.json rename to security-c4po-cfg/c4po-keycloak/c4po_realm_export.json diff --git a/security-c4po-cfg/c4po-keycloak/security-c4po-keycloak.postman_collection.json b/security-c4po-cfg/c4po-keycloak/security-c4po-keycloak.postman_collection.json new file mode 100644 index 0000000..356b19f --- /dev/null +++ b/security-c4po-cfg/c4po-keycloak/security-c4po-keycloak.postman_collection.json @@ -0,0 +1,94 @@ +{ + "info": { + "_postman_id": "992e6c29-2089-4d15-94bc-12a639b5ecaf", + "name": "security-c4po-keycloak", + "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", + "_exporter_id": "14503169" + }, + "item": [ + { + "name": "getKeycloakConfiguration", + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://localhost:8080/auth/realms/c4po_realm_local/.well-known/openid-configuration", + "protocol": "http", + "host": [ + "localhost" + ], + "port": "8080", + "path": [ + "auth", + "realms", + "c4po_realm_local", + ".well-known", + "openid-configuration" + ] + } + }, + "response": [] + }, + { + "name": "postKeycloakToken", + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "urlencoded", + "urlencoded": [ + { + "key": "client_id", + "value": "c4po_local", + "type": "text" + }, + { + "key": "username", + "value": "c4po", + "type": "text" + }, + { + "key": "password", + "value": "Test1234!", + "type": "text" + }, + { + "key": "grant_type", + "value": "password", + "type": "text" + }, + { + "key": "token", + "value": "", + "type": "text", + "disabled": true + }, + { + "key": "client_secret", + "value": "secret", + "type": "text", + "disabled": true + } + ] + }, + "url": { + "raw": "http://localhost:8080/auth/realms/c4po_realm_local/protocol/openid-connect/token", + "protocol": "http", + "host": [ + "localhost" + ], + "port": "8080", + "path": [ + "auth", + "realms", + "c4po_realm_local", + "protocol", + "openid-connect", + "token" + ] + } + }, + "response": [] + } + ] +} \ No newline at end of file diff --git a/security-c4po-cfg/c4po-keycloak/wait-for-keycloak.sh b/security-c4po-cfg/c4po-keycloak/wait-for-keycloak.sh new file mode 100755 index 0000000..7027a40 --- /dev/null +++ b/security-c4po-cfg/c4po-keycloak/wait-for-keycloak.sh @@ -0,0 +1,17 @@ +#!/bin/sh +# wait-for-keycloak.sh + +set -e + +host="$1" +shift + +printf 'Waiting for Keycloak...' +until $(curl --output /dev/null --silent --head --fail $host); do + printf '.' + sleep 4 +done + +printf '\nKeycloak is up and running - Starting C4PO Microservice' + +exec "$@" \ No newline at end of file diff --git a/security-c4po-cfg/docker-bake.hcl b/security-c4po-cfg/docker-bake.hcl new file mode 100644 index 0000000..d56e60d --- /dev/null +++ b/security-c4po-cfg/docker-bake.hcl @@ -0,0 +1,68 @@ +version = "3" + +services { + c4po-db { + build = { + context = "c4po-db" + platforms = ["linux/amd64", "linux/arm64"] + } + image = "mongo:5.0.0-focal" + volumes = ["./volumes/mongodb/data/:/db/data"] + resources = { limits = { memory = "2G" } } + ports = ["27017:27017"] + networks = ["c4po"] + } + + c4po-keycloak { + build = { + context = "c4po-keycloak" + platforms = ["linux/amd64", "linux/arm64"] + } + image = "quay.io/keycloak/keycloak:20.0.0" + ports = ["8080:8080"] + networks = ["c4po"] + } + + c4po-angular { + build = { + context = "../security-c4po-angular" + platforms = ["linux/amd64", "linux/arm64"] + } + image = "security-c4po-angular:latest" + depends_on = ["c4po-keycloak"] + resources = { limits = { memory = "2G" } } + ports = ["4200:4200"] + networks = ["c4po"] + } + + c4po-api { + build = { + context = "../security-c4po-api" + platforms = ["linux/amd64", "linux/arm64"] + } + image = "security-c4po-api:latest" + environment = ["SPRING_PROFILES_ACTIVE=COMPOSE"] + depends_on = ["c4po-db", "c4po-keycloak"] + resources = { limits = { memory = "2G" } } + ports = ["8443:8443"] + networks = ["c4po"] + } + + c4po-reporting { + build = { + context = "../security-c4po-reporting" + platforms = ["linux/amd64", "linux/arm64"] + } + image = "security-c4po-reporting:latest" + environment = ["SPRING_PROFILES_ACTIVE=COMPOSE"] + depends_on = ["c4po-keycloak"] + resources = { limits = { memory = "4G" } } + ports = ["8444:8444"] + networks = ["c4po"] + } +} + +networks { + c4po {} +} + diff --git a/security-c4po-cfg/docker-compose.yml b/security-c4po-cfg/docker-compose.yml index 9dca2f4..e10b90d 100644 --- a/security-c4po-cfg/docker-compose.yml +++ b/security-c4po-cfg/docker-compose.yml @@ -1,4 +1,10 @@ -version: '2' +version: '2.4' + +x-platforms: + - os: linux + arch: amd64 + - os: linux + arch: arm64 volumes: c4po-db: @@ -6,14 +12,16 @@ volumes: services: # Database c4po-db: + build: + context: 'c4po-db' + x-bake: + platforms: + - linux/amd64 + - linux/arm64 image: mongo:5.0.0-focal container_name: c4po-db labels: name: "c4po-db" - environment: - - MONGO_INITDB_ROOT_USERNAME=admin - - MONGO_INITDB_ROOT_PASSWORD=Test1234! - - MONGO_INITDB_DATABASE=admin volumes: - ./volumes/mongodb/data/:/db/data deploy: @@ -26,23 +34,29 @@ services: - c4po # Authentication Provider c4po-keycloak: + build: + context: 'c4po-keycloak' + x-bake: + platforms: + - linux/amd64 + - linux/arm64 container_name: c4po-keycloak labels: name: "c4po-keycloak" image: quay.io/keycloak/keycloak:20.0.0 - environment: - - KEYCLOAK_ADMIN=admin - - KEYCLOAK_ADMIN_PASSWORD=admin - volumes: - - ./cfg/c4po_realm_export.json/:/opt/keycloak/data/import/c4po_realm_export.json ports: - 8080:8080 - entrypoint: /opt/keycloak/bin/kc.sh --spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true start-dev --import-realm --http-relative-path=/auth networks: - c4po # Services c4po-angular: - build: '../security-c4po-angular' + build: + context: '../security-c4po-angular' + x-bake: + platforms: + - linux/amd64 + - linux/arm64 + #build: '../security-c4po-angular' image: security-c4po-angular:latest container_name: c4po-angular labels: @@ -58,7 +72,13 @@ services: networks: - c4po c4po-api: - build: '../security-c4po-api' + build: + context: '../security-c4po-api' + x-bake: + platforms: + - linux/amd64 + - linux/arm64 + #build: '../security-c4po-api' image: security-c4po-api:latest container_name: c4po-api labels: @@ -77,7 +97,13 @@ services: networks: - c4po c4po-reporting: - build: '../security-c4po-reporting' + build: + context: '../security-c4po-reporting' + x-bake: + platforms: + - linux/amd64 + - linux/arm64 + #build: '../security-c4po-reporting' image: security-c4po-reporting:latest container_name: c4po-reporting labels: diff --git a/security-c4po-reporting/Dockerfile b/security-c4po-reporting/Dockerfile index ea41774..3218ab6 100644 --- a/security-c4po-reporting/Dockerfile +++ b/security-c4po-reporting/Dockerfile @@ -1,9 +1,7 @@ FROM openjdk:11-jre ENV TZ=UTC -#ARG JAR_FILE_REPORTING - -#COPY ${JAR_FILE_REPORTING} app.jar +ARG JAR_FILE_REPORT RUN groupadd -g 9999 security-c4po-reporting && \ useradd -r -u 9999 -g security-c4po-reporting security-c4po-reporting @@ -16,12 +14,10 @@ ARG STAGE ENV ENV_STAGE=$STAGE # COPY PACKAGE INTO IMAGE -COPY ./build/libs/security-c4po-reporting-0.0.1-SNAPSHOT.jar / +COPY ${JAR_FILE_REPORT} app.jar USER security-c4po-reporting EXPOSE 8444 # WAIT FOR KEYCLOAK & RUN JAVA COPY ./wait-for-keycloak.sh / -# CMD [ "java", "-jar", "security-c4po-reporting-0.0.1-SNAPSHOT.jar" ] -ENTRYPOINT [ "./wait-for-keycloak.sh", "http://c4po-keycloak:8080/auth/realms/c4po_realm_local", "java", "-Dspring.profiles.active=${SPRING_PROFILES_ACTIVE}", "-jar", "security-c4po-reporting-0.0.1-SNAPSHOT.jar" ] -#ENTRYPOINT [ "./wait-for-keycloak.sh", "http://c4po-keycloak:8080/auth/realms/c4po_realm_local", "java", "-Dspring.profiles.active=${SPRING_PROFILES_ACTIVE}", "-jar", "app.jar" ] +ENTRYPOINT [ "./wait-for-keycloak.sh", "http://c4po-keycloak:8080/auth/realms/c4po_realm_local", "java", "-Dspring.profiles.active=${SPRING_PROFILES_ACTIVE}", "-jar", "app.jar" ] diff --git a/security-c4po-reporting/security-c4po-reporting.postman_collection.json b/security-c4po-reporting/security-c4po-reporting.postman_collection.json index 7c17f18..e61cbf8 100644 --- a/security-c4po-reporting/security-c4po-reporting.postman_collection.json +++ b/security-c4po-reporting/security-c4po-reporting.postman_collection.json @@ -1,100 +1,11 @@ { "info": { - "_postman_id": "3d7cb3b3-a3f6-43b9-a537-a66088165dcd", + "_postman_id": "107a575a-0074-4e7f-b431-15303f4643c5", "name": "security-c4po-reporting", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", - "_exporter_id": "5225213" + "_exporter_id": "14503169" }, "item": [ - { - "name": "keycloak", - "item": [ - { - "name": "getKeycloakConfiguration", - "request": { - "method": "GET", - "header": [], - "url": { - "raw": "http://localhost:8080/auth/realms/c4po_realm_local/.well-known/openid-configuration", - "protocol": "http", - "host": [ - "localhost" - ], - "port": "8080", - "path": [ - "auth", - "realms", - "c4po_realm_local", - ".well-known", - "openid-configuration" - ] - } - }, - "response": [] - }, - { - "name": "postKeycloakToken", - "request": { - "method": "POST", - "header": [], - "body": { - "mode": "urlencoded", - "urlencoded": [ - { - "key": "client_id", - "value": "c4po_local", - "type": "text" - }, - { - "key": "username", - "value": "ttt", - "type": "text" - }, - { - "key": "password", - "value": "Test1234!", - "type": "text" - }, - { - "key": "grant_type", - "value": "password", - "type": "text" - }, - { - "key": "token", - "value": "", - "type": "text", - "disabled": true - }, - { - "key": "client_secret", - "value": "secret", - "type": "text", - "disabled": true - } - ] - }, - "url": { - "raw": "http://localhost:8080/auth/realms/c4po_realm_local/protocol/openid-connect/token", - "protocol": "http", - "host": [ - "localhost" - ], - "port": "8080", - "path": [ - "auth", - "realms", - "c4po_realm_local", - "protocol", - "openid-connect", - "token" - ] - } - }, - "response": [] - } - ] - }, { "name": "reports", "item": [ @@ -141,6 +52,26 @@ "response": [] } ] + }, + { + "name": "getHealth", + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://localhost:8444/actuator/health", + "protocol": "http", + "host": [ + "localhost" + ], + "port": "8444", + "path": [ + "actuator", + "health" + ] + } + }, + "response": [] } ] } \ No newline at end of file diff --git a/security-c4po-reporting/wait-for-keycloak.sh b/security-c4po-reporting/wait-for-keycloak.sh index 9eeec48..6ca427a 100755 --- a/security-c4po-reporting/wait-for-keycloak.sh +++ b/security-c4po-reporting/wait-for-keycloak.sh @@ -6,7 +6,7 @@ set -e host="$1" shift -printf 'Waiting for keycloak...' +printf 'Waiting for Keycloak...' until $(curl --output /dev/null --silent --head --fail $host); do printf '.' sleep 4 diff --git a/wiki/MyReports.zip b/wiki/MyReports.zip new file mode 100644 index 0000000..6bddd1f Binary files /dev/null and b/wiki/MyReports.zip differ diff --git a/wiki/repository-owasp-guide-c4po.png b/wiki/repository-owasp-guide-c4po.png new file mode 100644 index 0000000..96fbfac Binary files /dev/null and b/wiki/repository-owasp-guide-c4po.png differ