Fixes

560a4cf5 · bonmari · e18d2f94 · 560a4cf5
Commit 560a4cf5 authored 10 months ago by bonmari
Hide whitespace changes
Inline Side-by-side

Showing

with 18 additions and 54 deletions
+18 -54
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
 stages:
-    - test-zap
-    - sonarqube-check
-    # - sonarqube-vulnerability-report
+  - sonarqube-check
+  - zap-check

 variables:
-  # TARGET_URL: "http://target-website.com"
-  ZAP_PORT: 8080
-  ZAP_HOST: "localhost"
+  ZAP_URL: http://localhost:8080
+  APP_URL: http://localhost:9005

 sonarqube-check:
  stage: sonarqube-check
@@ -25,72 +23,38 @@ sonarqube-check:
  script: 
    - sonar-scanner
  allow_failure: true
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "push"'
  only:
-    - merge_requests
-    - master
-    - main
-    - develop
+    - branches

-test-zap:
+zap-check:
  stage: test-zap
  tags:
    - sonar
+  before_script:
+    - yarn
+    - npx quasar dev
  script:
+  
  # Выполнение пассивного сканирования
-  - Invoke-RestMethod -Method GET -Uri "http://localhost:8080/JSON/ascan/action/scan/?url=http://localhost:9005&apikey=8tm221jcqtolmprhbt2dq2q8ev"
+  - Invoke-RestMethod -Method GET -Uri "${ZAP_URL}/JSON/ascan/action/scan/?url=${APP_URL}&apikey=${ZAP_API_KEY}"

  # Выполнение активного сканирования
-  - Invoke-RestMethod -Method GET -Uri "http://localhost:8080/JSON/ascan/action/scan/?url=http://localhost:9005&apikey=8tm221jcqtolmprhbt2dq2q8ev"
+  - Invoke-RestMethod -Method GET -Uri "${ZAP_URL}/JSON/ascan/action/scan/?url=${APP_URL}&apikey=${ZAP_API_KEY}"

  - |
    $scanStatus = ''
    while ($scanStatus -ne "100") {
      Write-Output "Scanning"
-      $scanStatus = (Invoke-RestMethod -Method GET -Uri "http://localhost:8080/JSON/ascan/view/status/?apikey=8tm221jcqtolmprhbt2dq2q8ev").status
+      $scanStatus = (Invoke-RestMethod -Method GET -Uri "${ZAP_URL}/JSON/ascan/view/status/?apikey=${ZAP_API_KEY}").status
      $scanStatus | ConvertTo-Json -Depth 10
      Start-Sleep -Seconds 5
    }

-    $results = Invoke-RestMethod -Method GET -Uri "http://localhost:8080/JSON/core/view/alerts/?baseurl=http://localhost:9005&apikey=8tm221jcqtolmprhbt2dq2q8ev"
+    $results = Invoke-RestMethod -Method GET -Uri "${ZAP_URL}/JSON/core/view/alerts/?baseurl=${APP_URL}&apikey=${ZAP_API_KEY}"
    $results | ConvertTo-Json -Depth 10
    Write-Output "results"   
    Write-Output $results.Content    
-
-    # - curl --header "url: 'http://localhost:9005'" --header "apikey: '8tm221jcqtolmprhbt2dq2q8ev'" http://localhost:8080/JSON/ascan/action/scan/
-
-
-    
-    # Ожидание завершения сканирования
-    # - sleep 60
-
-      # Получение и сохранение результатов сканирования
-    # - Invoke-RestMethod -Method GET -Uri "http://localhost:8080/JSON/core/view/alerts/?baseurl=http://localhost:9005&apikey=8tm221jcqtolmprhbt2dq2q8ev"
-    # - Invoke-WebRequest -Method GET -Uri "http://localhost:8080/JSON/core/view/alerts/?baseurl=http://localhost:9005&apikey=8tm221jcqtolmprhbt2dq2q8ev"
-    #   Write-Output "Результаты сканирования: $($results.Content)"
-
-    # # Получение и сохранение результатов сканирования
-    # - RESULTS=$(Invoke-RestMethod -Method GET -Uri "http://localhost:8080/JSON/core/view/alerts/?baseurl=http://localhost:9005&apikey=8tm221jcqtolmprhbt2dq2q8ev").Content
-    # - echo $RESULTS
-    # - sleep 60
-    # - 'curl --request GET "http://localhost:8080/JSON/core/view/alerts/?baseurl=localhost:9005&apikey=8tm221jcqtolmprhbt2dq2q8ev"'
-    # - ./zap/zap.sh -daemon -port ${ZAP_PORT} -config api.key=$ZAP_API_KEY &
-    # - chmod +x ./zapTest.sh
-    # - bash ./zapTest.sh
-    # - 'curl "http://localhost:8080/JSON/ascan/action/scan/?url=localhost:9005&apikey=8tm221jcqtolmprhbt2dq2q8ev"'
-    # - 'curl "http://localhost:8080/JSON/core/view/alerts/?baseurl=localhost:9005&apikey=8tm221jcqtolmprhbt2dq2q8ev"''
-# sonarqube-vulnerability-report:
-#   stage: sonarqube-vulnerability-report
-#   script:
-#     - 'curl -u "${SONAR_TOKEN}:" "${SONAR_HOST_URL}/api/issues/gitlab_sast_export?projectKey=LR7&branch=${CI_COMMIT_BRANCH}&pullRequest=${CI_MERGE_REQUEST_IID}" -o gl-sast-sonar-report.json'
-#   allow_failure: true
-#   only:
-#     - merge_requests
-#     - master
-#     - main
-#     - develop
-#   artifacts:
-#     expire_in: 1 day
-#     reports:
-#       sast: gl-sast-sonar-report.json
-#   dependencies:
-#     - sonarqube-check
+  only:
+   - master
\ No newline at end of file