nosu
/
security-c4po
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: added data & fixed small bugs

This commit is contained in:
Marcel Haag 2023-08-14 11:01:23 +02:00 committed by Cel
parent 930306d00f
commit a5fa8ca9dd
24 changed files with 415 additions and 274 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.github/workflows/c4po-ci.yml vendored
View File

@ -9,7 +9,6 @@
name: "Security C4PO CI"
on:
pull_request:
branches: [ "main" ]

79
.github/workflows/c4po-release.yml vendored
View File

@ -79,7 +79,7 @@ jobs:
- uses: actions/upload-artifact@v3
with:
name: API-jar
path: security-c4po-api/build/libs/security-c4po-api-0.0.1-SNAPSHOT.jar # artifacts/api.jar
path: security-c4po-api/build/libs/
reporting_job:
name: "Reporting Job"
@ -109,7 +109,7 @@ jobs:
- uses: actions/upload-artifact@v3
with:
name: REPORTING-jar
path: security-c4po-reporting/build/libs/security-c4po-reporting-0.0.1-SNAPSHOT.jar # artifacts/reporting.jar
path: security-c4po-reporting/build/libs/
push_c4po_to_docker_hub:
name: "Push images to Docker Hub"
@ -121,33 +121,6 @@ jobs:
steps:
- name: "Check out the repo"
uses: actions/checkout@v3
- name: Download jar api artifact
uses: actions/download-artifact@v3
with:
name: API-jar
path: security-c4po-api/build/libs/security-c4po-api-0.0.1-SNAPSHOT.jar
- name: Download jar reporting artifact
uses: actions/download-artifact@v3
with:
name: REPORTING-jar
path: security-c4po-reporting/build/libs/security-c4po-reporting-0.0.1-SNAPSHOT.jar
- name: "Set up Docker Compose"
# https://github.com/marketplace/actions/docker-compose-action
uses: isbang/compose-action@v1.4.1
with:
compose-file: ./security-c4po-cfg/docker-compose.yml
- name: "Build Docker images"
run: |
cd $CFG_PATH
docker-compose build \
--build-arg TAG=c4po:${{ github.run_number }} \
--build-arg VERSION=c4po:${{ github.run_number }} \
--build-arg JAR_FILE_API=security-c4po-api/build/libs/security-c4po-api-0.0.1-SNAPSHOT.jar \
--build-arg JAR_FILE_REPORT=security-c4po-reporting/build/libs/security-c4po-reporting-0.0.1-SNAPSHOT.jar
- name: "Log in to Docker Hub"
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
@ -161,16 +134,40 @@ jobs:
with:
images: cellecram/security-c4po # my-docker-hub-namespace/my-docker-hub-repository
- name: "Push Docker images"
- name: Download jar api artifact
uses: actions/download-artifact@v3
with:
name: API-jar
path: security-c4po-api/build/libs/
- name: Download jar reporting artifact
uses: actions/download-artifact@v3
with:
name: REPORTING-jar
path: security-c4po-reporting/build/libs/
- name: "Set up Docker Buildx"
uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 #v1
- name: "Buildx & Push Docker images for AMD64 & ARM64"
run: |
docker image ls
docker image tag security-c4po-angular cellecram/security-c4po:angular
docker image push cellecram/security-c4po:angular
docker image tag security-c4po-api cellecram/security-c4po:api
docker image push cellecram/security-c4po:api
docker image tag security-c4po-reporting cellecram/security-c4po:reporting
docker image push cellecram/security-c4po:reporting
docker image tag quay.io/keycloak/keycloak:20.0.0 cellecram/security-c4po:keycloak
docker image push cellecram/security-c4po:keycloak
docker image tag mongo:5.0.0-focal cellecram/security-c4po:mongo
docker image push cellecram/security-c4po:mongo
cd $CFG_PATH
docker buildx build --push \
--platform linux/amd64,linux/arm64 \
--tag cellecram/security-c4po:mongo ./c4po-db
docker buildx build --push \
--platform linux/amd64,linux/arm64 \
--tag cellecram/security-c4po:keycloak ./c4po-keycloak
docker buildx build --push \
--build-arg JAR_FILE_REPORT=./build/libs/security-c4po-reporting-0.0.1-SNAPSHOT.jar \
--build-arg SPRING_PROFILES_ACTIVE=COMPOSE \
--platform linux/amd64,linux/arm64 \
--tag cellecram/security-c4po:reporting ../security-c4po-reporting
docker buildx build --push \
--build-arg JAR_FILE_API=./build/libs/security-c4po-api-0.0.1-SNAPSHOT.jar \
--build-arg SPRING_PROFILES_ACTIVE=COMPOSE \
--platform linux/amd64,linux/arm64 \
--tag cellecram/security-c4po:api ../security-c4po-api
docker buildx build --push \
--platform linux/amd64,linux/arm64 \
--tag cellecram/security-c4po:angular ../security-c4po-angular

9
CONTRIBUTING.md
View File

@ -37,21 +37,20 @@ By participating, you are expected to uphold this code.
## Local development
Security-C4PO and all it's included micorservices can be developed locally.
Execute 'c4po.sh' and all services will run on a dev server.
Execute `c4po-dev.sh` and all services will run on a dev server.
#### Testuser Credentials:
* Username: ttt
* Username: c4po
* Password: Test1234!
#### Technical Environment Requirements
* Docker / Docker-compose
* OpenJDK 11
* Node 14.15.1 / npm 6.14.8
* MongoDB 4.4.6
#### Helpfull Tools
* mongoDB Compass
* Postman
## Additional Notes
lorem ipsum.
## Issue Board
[C4PO Board](https://github.com/Marcel-Haag/security-c4po/projects/1)

24
README.md
View File

@ -1,7 +1,7 @@
![workflow_badge](https://github.com/Marcel-Haag/security-c4po/actions/workflows/c4po-ci.yml/badge.svg?branch=main)
![workflow_badge](https://github.com/Marcel-Haag/security-c4po/actions/workflows/c4po-release.yml/badge.svg?branch=main)
![alt architecture](./wiki/repository-open-graph-c4po.png)
![alt architecture](./wiki/repository-owasp-guide-c4po.png)
Welcome to the frontend repository of Security C4PO, an open-source pentest reporting tool.
Security C4PO is a powerful, user-friendly tool designed to simplify the process of generating professional pentest reports.
@ -13,6 +13,7 @@ This repository contains the codebase of Security C4PO, built with an Angular Fr
## Table of Contents
* [Docker Hub Setup](#docker-hub-setup)
* [Application Architecture](#application-architecture)
* [Data Structure](#data-structure)
* [C4PO Roadmap](#c4po-roadmap)
@ -25,6 +26,23 @@ This repository contains the codebase of Security C4PO, built with an Angular Fr
* [Contributing](#contributing)
* [License](#license)
## Docker Hub Setup
[![Docker](https://img.shields.io/badge/docker-%230db7ed.svg?style=for-the-badge&logo=docker&logoColor=white)](https://hub.docker.com/repository/docker/cellecram/security-c4po/general)
* Pull all images:
* `docker image pull --all-tags cellecram/security-c4po`
* Create network:
* `docker network create -d bridge c4po
* Start images:
* `docker run --network=c4po --name c4po-keycloak -d -p 8080:8080 cellecram/security-c4po:keycloak`
* `docker run --network=c4po --name c4po-db -d -p 27017:27017 cellecram/security-c4po:mongo`
* `docker run --network=c4po --name c4po-angular -d -p 4200:4200 cellecram/security-c4po:angular`
* `docker run --network=c4po -e "SPRING_PROFILES_ACTIVE=COMPOSE" --name c4po-api -d -p 8443:8443 cellecram/security-c4po:api`
* `docker run --network=c4po -e "SPRING_PROFILES_ACTIVE=COMPOSE" --name c4po-reporting -d -p 8444:8444 cellecram/security-c4po:reporting`
### OR: Run Script (Docker Hub)
Execute `c4po-prod.sh` and all services will be pulled from Docker Hub and started.
You can reach the application by entering http://localhost:4200 in you browser.
## Application Architecture
![alt architecture](./wiki/C4PO-Architecture.png)
@ -40,7 +58,6 @@ This repository contains the codebase of Security C4PO, built with an Angular Fr
![RxJS](https://img.shields.io/badge/rxjs-%23B7178C.svg?style=for-the-badge&logo=reactivex&logoColor=white)
![Spring](https://img.shields.io/badge/spring-%236DB33F.svg?style=for-the-badge&logo=spring&logoColor=white)
![Gradle](https://img.shields.io/badge/Gradle-02303A.svg?style=for-the-badge&logo=Gradle&logoColor=white)
![Docker](https://img.shields.io/badge/docker-%230db7ed.svg?style=for-the-badge&logo=docker&logoColor=white)
![MongoDB](https://img.shields.io/badge/MongoDB-%234ea94b.svg?style=for-the-badge&logo=mongodb&logoColor=white)
### Technical Requirements
@ -59,7 +76,8 @@ This repository contains the codebase of Security C4PO, built with an Angular Fr
* Commit: `feat: <What was implemented?>` or `fix: <What got fixed?>`
### Development server
Execute 'c4po.sh' and all services will run on a dev server.
Execute `c4po-dev.sh` and all services will run on a dev server.
You can reach the application by entering http://localhost:4200 in you browser.
### Testuser Credentials
* Username: c4po

8
c4po.sh → c4po-dev.sh
View File

@ -22,12 +22,16 @@ docker rm -f c4po-angular
echo -e "\n"
echo "-----------------Start Build------------------"
echo " - Report Engine: "
docker-compose -f ${compose} build c4po-db
echo " - Report Engine: "
docker-compose -f ${compose} build c4po-keycloak
echo -e "\n"
echo " - Report Engine: "
docker-compose -f ${compose} build c4po-reporting #--build-arg JAR_FILE_REPORT=security-c4po-reporting/build/libs/security-c4po-reporting-0.0.1-SNAPSHOT.jar
docker-compose -f ${compose} build c4po-reporting --build-arg JAR_FILE_REPORT=./build/libs/security-c4po-reporting-0.0.1-SNAPSHOT.jar ### toggle for additional build args ###
echo -e "\n"
echo " - Backend: "
docker-compose -f ${compose} build c4po-api #--build-arg JAR_FILE_API=security-c4po-api/build/libs/security-c4po-api-0.0.1-SNAPSHOT.jar
docker-compose -f ${compose} build c4po-api --build-arg JAR_FILE_API=./build/libs/security-c4po-api-0.0.1-SNAPSHOT.jar ### toggle for additional build args ###
echo -e "\n"
echo " - Frontend: "
docker-compose -f ${compose} build c4po-angular

35
c4po-prod.sh Executable file
View File

@ -0,0 +1,35 @@
#!/bin/bash
baseDir=$(pwd)
compose=$baseDir"/security-c4po-cfg/docker-compose.yml"
echo -e "
_______ _______ _______ _ _ ______ _____ _______ __ __
|______ |______ | | | |_____/ | | \_/
______| |______ |_____ |_____| | \_ __|__ | | _/_/_/ _/ _/ _/_/_/ _/_/
_/ _/ _/ _/ _/ _/ _/
_/ _/_/_/_/ _/_/_/ _/ _/
_/ _/ _/ _/ _/
_/_/_/ _/ _/ _/_/
\n"
echo "---------------Pull C4PO from Docker Hub----------------"
echo -e "\n"
docker image pull --all-tags cellecram/security-c4po
echo -e "\n"
echo "---------------Create Network----------------"
echo -e "\n"
docker network create -d bridge c4po
echo -e "\n"
echo "---------------Start Containers---------------"
echo -e "\n"
docker run --network=c4po --name c4po-keycloak -d -p 8080:8080 cellecram/security-c4po:keycloak
echo -e "\n"
docker run --network=c4po --name c4po-db -d -p 27017:27017 cellecram/security-c4po:mongo
echo -e "\n"
docker run --network=c4po --name c4po-angular -d -p 4200:4200 cellecram/security-c4po:angular
echo -e "\n"
docker run --network=c4po -e "SPRING_PROFILES_ACTIVE=COMPOSE" --name c4po-api -d -p 8443:8443 cellecram/security-c4po:api
echo -e "\n"
docker run --network=c4po -e "SPRING_PROFILES_ACTIVE=COMPOSE" --name c4po-reporting -d -p 8444:8444 cellecram/security-c4po:reporting

6
security-c4po-angular/Dockerfile
View File

@ -1,5 +1,5 @@
# base image
FROM node:14.15.3
FROM node:14
# set working directory
WORKDIR /app
@ -9,8 +9,8 @@ ENV PATH /app/node_modules/.bin:$PATH
# install and cache app dependencies
COPY package.json /app/package.json
RUN npm install
RUN npm install -g @angular/cli@12.2.17
RUN NODE_ENV=development npm install
RUN NODE_ENV=development npm install -g @angular/cli@12.2.17
# add app
COPY . /app

16
security-c4po-angular/angular.json
View File

@ -72,17 +72,25 @@
"budgets": [
{
"type": "initial",
"maximumWarning": "3mb",
"maximumError": "5mb"
"maximumWarning": "5mb",
"maximumError": "8mb"
},
{
"type": "anyComponentStyle",
"maximumWarning": "6kb"
}
]
},
"development": {
"buildOptimizer": false,
"optimization": false,
"vendorChunk": true,
"extractLicenses": false,
"sourceMap": true,
"namedChunks": true
}
},
"defaultConfiguration": ""
"defaultConfiguration": "production"
},
"serve": {
"builder": "@angular-devkit/build-angular:dev-server",
@ -91,7 +99,7 @@
},
"configurations": {
"production": {
"browserTarget": "security-c4po-angular:build:production"
"browserTarget": "security-c4po-angular:build:development"
}
}
},

1
security-c4po-angular/src/app/header/header.component.html
View File

@ -46,4 +46,3 @@
</nb-actions>
</div>
</div>

16
security-c4po-api/Dockerfile
View File

@ -1,11 +1,7 @@
FROM openjdk:11-jre
ENV TZ=UTC
#ARG JAR_FILE_API
#RUN if [[ -z "$JAR_FILE_API" ]] ; then COPY ./build/libs/security-c4po-api-0.0.1-SNAPSHOT.jar app.jar / ; else COPY ${JAR_FILE_API} app.jar ; fi
#COPY ${JAR_FILE_API} app.jar
ARG JAR_FILE_API
RUN groupadd -g 9999 security-c4po-api && \
useradd -r -u 9999 -g security-c4po-api security-c4po-api
@ -13,13 +9,15 @@ RUN mkdir /data
RUN chown security-c4po-api:security-c4po-api /data
USER security-c4po-api
# GET CURRENT STAGE
ARG STAGE
ENV ENV_STAGE=$STAGE
# COPY PACKAGE INTO IMAGE
COPY ./build/libs/security-c4po-api-0.0.1-SNAPSHOT.jar /
COPY ${JAR_FILE_API} app.jar
USER security-c4po-api
EXPOSE 8443
# WAIT FOR KEYCLOAK & RUN JAVA
COPY ./wait-for-keycloak.sh /
# CMD [ "java", "-jar", "security-c4po-api-0.0.1-SNAPSHOT.jar" ]
ENTRYPOINT [ "./wait-for-keycloak.sh", "http://c4po-keycloak:8080/auth/realms/c4po_realm_local", "java", "-Dspring.profiles.active=${SPRING_PROFILES_ACTIVE}", "-jar", "security-c4po-api-0.0.1-SNAPSHOT.jar" ]
#ENTRYPOINT [ "./wait-for-keycloak.sh", "http://c4po-keycloak:8080/auth/realms/c4po_realm_local", "java", "-Dspring.profiles.active=${SPRING_PROFILES_ACTIVE}", "-jar", "app.jar" ]
ENTRYPOINT [ "./wait-for-keycloak.sh", "http://c4po-keycloak:8080/auth/realms/c4po_realm_local", "java", "-Dspring.profiles.active=${SPRING_PROFILES_ACTIVE}", "-jar", "app.jar" ]

93
security-c4po-api/security-c4po-api.postman_collection.json
View File

@ -1,9 +1,9 @@
{
"info": {
"_postman_id": "6f244dd9-5264-497a-9ea4-1ae73e172624",
"_postman_id": "6329294d-deb2-449d-9fec-ac2f3fef46f3",
"name": "security-c4po-api",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
"_exporter_id": "5225213"
"_exporter_id": "14503169"
},
"item": [
{
@ -235,95 +235,6 @@
}
]
},
{
"name": "keycloak",
"item": [
{
"name": "getKeycloakConfiguration",
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://localhost:8080/auth/realms/c4po_realm_local/.well-known/openid-configuration",
"protocol": "http",
"host": [
"localhost"
],
"port": "8080",
"path": [
"auth",
"realms",
"c4po_realm_local",
".well-known",
"openid-configuration"
]
}
},
"response": []
},
{
"name": "postKeycloakToken",
"request": {
"method": "POST",
"header": [],
"body": {
"mode": "urlencoded",
"urlencoded": [
{
"key": "client_id",
"value": "c4po_local",
"type": "text"
},
{
"key": "username",
"value": "ttt",
"type": "text"
},
{
"key": "password",
"value": "Test1234!",
"type": "text"
},
{
"key": "grant_type",
"value": "password",
"type": "text"
},
{
"key": "token",
"value": "",
"type": "text",
"disabled": true
},
{
"key": "client_secret",
"value": "secret",
"type": "text",
"disabled": true
}
]
},
"url": {
"raw": "http://localhost:8080/auth/realms/c4po_realm_local/protocol/openid-connect/token",
"protocol": "http",
"host": [
"localhost"
],
"port": "8080",
"path": [
"auth",
"realms",
"c4po_realm_local",
"protocol",
"openid-connect",
"token"
]
}
},
"response": []
}
]
},
{
"name": "pentests",
"item": [

2
security-c4po-api/wait-for-keycloak.sh
View File

@ -6,7 +6,7 @@ set -e
host="$1"
shift
printf 'Waiting for keycloak...'
printf 'Waiting for Keycloak...'
until $(curl --output /dev/null --silent --head --fail $host); do
printf '.'
sleep 4

16
security-c4po-cfg/c4po-db/Dockerfile Normal file
View File

@ -0,0 +1,16 @@
# Use an official MongoDB as the base image
FROM mongo:5.0.0-focal
# Set environment variables for MongoDB
ENV MONGO_INITDB_ROOT_USERNAME=admin
ENV MONGO_INITDB_ROOT_PASSWORD=Test1234!
ENV MONGO_INITDB_DATABASE=admin
# Copy custom configuration file if needed
# COPY mongod.conf /etc/mongod.conf
# Expose MongoDB default port
EXPOSE 27017
# Start MongoDB server
CMD ["mongod"]

25
security-c4po-cfg/c4po-keycloak/Dockerfile Normal file
View File

@ -0,0 +1,25 @@
# Use the base Keycloak image
FROM quay.io/keycloak/keycloak:20.0.0
# Set environment variables if needed
ENV KEYCLOAK_ADMIN=admin
ENV KEYCLOAK_ADMIN_PASSWORD=admin
ENV KC_HTTP_RELATIVE_PATH=/auth
# Copy custom themes or configuration files if needed
# COPY my-theme /opt/keycloak/themes/my-theme
# Expose Keycloak ports
EXPOSE 8080
# Create a directory to hold imported data
RUN mkdir -p /opt/keycloak/data/import
# Copy the realm export file into the import directory
COPY c4po_realm_export.json /opt/keycloak/data/import/c4po_realm_export.json
# Set the custom entrypoint
ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "--spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true", "start-dev", "--import-realm"]
# Start the Keycloak server with the imported realm configuration
# CMD ["/opt/keycloak/bin/kc.sh", "start-dev", "-b", "0.0.0.0", "-Dkeycloak.import=/opt/keycloak/data/import/c4po_realm_export.json"]

0
security-c4po-cfg/cfg/c4po_realm_export.json → security-c4po-cfg/c4po-keycloak/c4po_realm_export.json
View File

94
security-c4po-cfg/c4po-keycloak/security-c4po-keycloak.postman_collection.json Normal file
View File

@ -0,0 +1,94 @@
{
"info": {
"_postman_id": "992e6c29-2089-4d15-94bc-12a639b5ecaf",
"name": "security-c4po-keycloak",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
"_exporter_id": "14503169"
},
"item": [
{
"name": "getKeycloakConfiguration",
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://localhost:8080/auth/realms/c4po_realm_local/.well-known/openid-configuration",
"protocol": "http",
"host": [
"localhost"
],
"port": "8080",
"path": [
"auth",
"realms",
"c4po_realm_local",
".well-known",
"openid-configuration"
]
}
},
"response": []
},
{
"name": "postKeycloakToken",
"request": {
"method": "POST",
"header": [],
"body": {
"mode": "urlencoded",
"urlencoded": [
{
"key": "client_id",
"value": "c4po_local",
"type": "text"
},
{
"key": "username",
"value": "c4po",
"type": "text"
},
{
"key": "password",
"value": "Test1234!",
"type": "text"
},
{
"key": "grant_type",
"value": "password",
"type": "text"
},
{
"key": "token",
"value": "",
"type": "text",
"disabled": true
},
{
"key": "client_secret",
"value": "secret",
"type": "text",
"disabled": true
}
]
},
"url": {
"raw": "http://localhost:8080/auth/realms/c4po_realm_local/protocol/openid-connect/token",
"protocol": "http",
"host": [
"localhost"
],
"port": "8080",
"path": [
"auth",
"realms",
"c4po_realm_local",
"protocol",
"openid-connect",
"token"
]
}
},
"response": []
}
]
}

17
security-c4po-cfg/c4po-keycloak/wait-for-keycloak.sh Executable file
View File

@ -0,0 +1,17 @@
#!/bin/sh
# wait-for-keycloak.sh
set -e
host="$1"
shift
printf 'Waiting for Keycloak...'
until $(curl --output /dev/null --silent --head --fail $host); do
printf '.'
sleep 4
done
printf '\nKeycloak is up and running - Starting C4PO Microservice'
exec "$@"

68
security-c4po-cfg/docker-bake.hcl Normal file
View File

@ -0,0 +1,68 @@
version = "3"
services {
c4po-db {
build = {
context = "c4po-db"
platforms = ["linux/amd64", "linux/arm64"]
}
image = "mongo:5.0.0-focal"
volumes = ["./volumes/mongodb/data/:/db/data"]
resources = { limits = { memory = "2G" } }
ports = ["27017:27017"]
networks = ["c4po"]
}
c4po-keycloak {
build = {
context = "c4po-keycloak"
platforms = ["linux/amd64", "linux/arm64"]
}
image = "quay.io/keycloak/keycloak:20.0.0"
ports = ["8080:8080"]
networks = ["c4po"]
}
c4po-angular {
build = {
context = "../security-c4po-angular"
platforms = ["linux/amd64", "linux/arm64"]
}
image = "security-c4po-angular:latest"
depends_on = ["c4po-keycloak"]
resources = { limits = { memory = "2G" } }
ports = ["4200:4200"]
networks = ["c4po"]
}
c4po-api {
build = {
context = "../security-c4po-api"
platforms = ["linux/amd64", "linux/arm64"]
}
image = "security-c4po-api:latest"
environment = ["SPRING_PROFILES_ACTIVE=COMPOSE"]
depends_on = ["c4po-db", "c4po-keycloak"]
resources = { limits = { memory = "2G" } }
ports = ["8443:8443"]
networks = ["c4po"]
}
c4po-reporting {
build = {
context = "../security-c4po-reporting"
platforms = ["linux/amd64", "linux/arm64"]
}
image = "security-c4po-reporting:latest"
environment = ["SPRING_PROFILES_ACTIVE=COMPOSE"]
depends_on = ["c4po-keycloak"]
resources = { limits = { memory = "4G" } }
ports = ["8444:8444"]
networks = ["c4po"]
}
}
networks {
c4po {}
}

54
security-c4po-cfg/docker-compose.yml
View File

@ -1,4 +1,10 @@
version: '2'
version: '2.4'
x-platforms:
- os: linux
arch: amd64
- os: linux
arch: arm64
volumes:
c4po-db:
@ -6,14 +12,16 @@ volumes:
services:
# Database
c4po-db:
build:
context: 'c4po-db'
x-bake:
platforms:
- linux/amd64
- linux/arm64
image: mongo:5.0.0-focal
container_name: c4po-db
labels:
name: "c4po-db"
environment:
- MONGO_INITDB_ROOT_USERNAME=admin
- MONGO_INITDB_ROOT_PASSWORD=Test1234!
- MONGO_INITDB_DATABASE=admin
volumes:
- ./volumes/mongodb/data/:/db/data
deploy:
@ -26,23 +34,29 @@ services:
- c4po
# Authentication Provider
c4po-keycloak:
build:
context: 'c4po-keycloak'
x-bake:
platforms:
- linux/amd64
- linux/arm64
container_name: c4po-keycloak
labels:
name: "c4po-keycloak"
image: quay.io/keycloak/keycloak:20.0.0
environment:
- KEYCLOAK_ADMIN=admin
- KEYCLOAK_ADMIN_PASSWORD=admin
volumes:
- ./cfg/c4po_realm_export.json/:/opt/keycloak/data/import/c4po_realm_export.json
ports:
- 8080:8080
entrypoint: /opt/keycloak/bin/kc.sh --spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true start-dev --import-realm --http-relative-path=/auth
networks:
- c4po
# Services
c4po-angular:
build: '../security-c4po-angular'
build:
context: '../security-c4po-angular'
x-bake:
platforms:
- linux/amd64
- linux/arm64
#build: '../security-c4po-angular'
image: security-c4po-angular:latest
container_name: c4po-angular
labels:
@ -58,7 +72,13 @@ services:
networks:
- c4po
c4po-api:
build: '../security-c4po-api'
build:
context: '../security-c4po-api'
x-bake:
platforms:
- linux/amd64
- linux/arm64
#build: '../security-c4po-api'
image: security-c4po-api:latest
container_name: c4po-api
labels:
@ -77,7 +97,13 @@ services:
networks:
- c4po
c4po-reporting:
build: '../security-c4po-reporting'
build:
context: '../security-c4po-reporting'
x-bake:
platforms:
- linux/amd64
- linux/arm64
#build: '../security-c4po-reporting'
image: security-c4po-reporting:latest
container_name: c4po-reporting
labels:

10
security-c4po-reporting/Dockerfile
View File

@ -1,9 +1,7 @@
FROM openjdk:11-jre
ENV TZ=UTC
#ARG JAR_FILE_REPORTING
#COPY ${JAR_FILE_REPORTING} app.jar
ARG JAR_FILE_REPORT
RUN groupadd -g 9999 security-c4po-reporting && \
useradd -r -u 9999 -g security-c4po-reporting security-c4po-reporting
@ -16,12 +14,10 @@ ARG STAGE
ENV ENV_STAGE=$STAGE
# COPY PACKAGE INTO IMAGE
COPY ./build/libs/security-c4po-reporting-0.0.1-SNAPSHOT.jar /
COPY ${JAR_FILE_REPORT} app.jar
USER security-c4po-reporting
EXPOSE 8444
# WAIT FOR KEYCLOAK & RUN JAVA
COPY ./wait-for-keycloak.sh /
# CMD [ "java", "-jar", "security-c4po-reporting-0.0.1-SNAPSHOT.jar" ]
ENTRYPOINT [ "./wait-for-keycloak.sh", "http://c4po-keycloak:8080/auth/realms/c4po_realm_local", "java", "-Dspring.profiles.active=${SPRING_PROFILES_ACTIVE}", "-jar", "security-c4po-reporting-0.0.1-SNAPSHOT.jar" ]
#ENTRYPOINT [ "./wait-for-keycloak.sh", "http://c4po-keycloak:8080/auth/realms/c4po_realm_local", "java", "-Dspring.profiles.active=${SPRING_PROFILES_ACTIVE}", "-jar", "app.jar" ]
ENTRYPOINT [ "./wait-for-keycloak.sh", "http://c4po-keycloak:8080/auth/realms/c4po_realm_local", "java", "-Dspring.profiles.active=${SPRING_PROFILES_ACTIVE}", "-jar", "app.jar" ]

113
security-c4po-reporting/security-c4po-reporting.postman_collection.json
View File

@ -1,100 +1,11 @@
{
"info": {
"_postman_id": "3d7cb3b3-a3f6-43b9-a537-a66088165dcd",
"_postman_id": "107a575a-0074-4e7f-b431-15303f4643c5",
"name": "security-c4po-reporting",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
"_exporter_id": "5225213"
"_exporter_id": "14503169"
},
"item": [
{
"name": "keycloak",
"item": [
{
"name": "getKeycloakConfiguration",
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://localhost:8080/auth/realms/c4po_realm_local/.well-known/openid-configuration",
"protocol": "http",
"host": [
"localhost"
],
"port": "8080",
"path": [
"auth",
"realms",
"c4po_realm_local",
".well-known",
"openid-configuration"
]
}
},
"response": []
},
{
"name": "postKeycloakToken",
"request": {
"method": "POST",
"header": [],
"body": {
"mode": "urlencoded",
"urlencoded": [
{
"key": "client_id",
"value": "c4po_local",
"type": "text"
},
{
"key": "username",
"value": "ttt",
"type": "text"
},
{
"key": "password",
"value": "Test1234!",
"type": "text"
},
{
"key": "grant_type",
"value": "password",
"type": "text"
},
{
"key": "token",
"value": "",
"type": "text",
"disabled": true
},
{
"key": "client_secret",
"value": "secret",
"type": "text",
"disabled": true
}
]
},
"url": {
"raw": "http://localhost:8080/auth/realms/c4po_realm_local/protocol/openid-connect/token",
"protocol": "http",
"host": [
"localhost"
],
"port": "8080",
"path": [
"auth",
"realms",
"c4po_realm_local",
"protocol",
"openid-connect",
"token"
]
}
},
"response": []
}
]
},
{
"name": "reports",
"item": [
@ -141,6 +52,26 @@
"response": []
}
]
},
{
"name": "getHealth",
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://localhost:8444/actuator/health",
"protocol": "http",
"host": [
"localhost"
],
"port": "8444",
"path": [
"actuator",
"health"
]
}
},
"response": []
}
]
}

2
security-c4po-reporting/wait-for-keycloak.sh
View File

@ -6,7 +6,7 @@ set -e
host="$1"
shift
printf 'Waiting for keycloak...'
printf 'Waiting for Keycloak...'
until $(curl --output /dev/null --silent --head --fail $host); do
printf '.'
sleep 4

BIN
wiki/MyReports.zip Normal file
View File

Binary file not shown.

BIN
wiki/repository-owasp-guide-c4po.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 469 KiB