Merge pull request #15 from secureCodeBox/feature/improve-zap-parser

Refactored the ZAP parser to generate more detailed finding objects #14

Author: rfelber

.codeclimate.yml

@@ -0,0 +1,26 @@
+version: "2"         # required to adjust maintainability checks
+checks:
+  file-lines:
+    config:
+      threshold: 300
+  method-lines:
+    config:
+      threshold: 50
+exclude_patterns:
+  - "config/"
+  - "db/"
+  - "dist/"
+  - "features/"
+  - "**/node_modules/"
+  - "script/"
+  - "**/spec/"
+  - "**/test/"
+  - "**/tests/"
+  - "**/__testFiles__/"
+  - "**/__snapshots__/"
+  - "Tests/"
+  - "**/vendor/"
+  - "**/*_test.go"
+  - "**/*.deepcopy.go"
+  - "**/*.test.js"
+  - "**/*.d.ts"

.gitignore

@@ -1,3 +1,6 @@
 .DS_Store
 **/node_modules
-coverage/
+coverage/
+.vagrant
+**.log
+**/*.monopic

hooks/imperative-subsequent-scans/.gitignore

@@ -191,11 +191,12 @@ async function startZAPBaselineHttpsScan({ parentScan, hostname, port }) {
     console.log(
       " --> Starting async subsequent ZAP Scan for host: '" + hostname + "' and port: '" + port + "'"
     );
+    // https://www.zaproxy.org/docs/docker/baseline-scan/
     await startSubsequentSecureCodeBoxScan({
       parentScan,
       name: `zap-${port}-${hostname.toLowerCase()}`,
       scanType: "zap-baseline",
-      parameters: ["-t", "https://" + hostname + ":" + port],
+      parameters: ["-a", "-j", "-t", "https://" + hostname + ":" + port],
     });
   }
   else

hooks/imperative-subsequent-scans/hook.js

@@ -65,7 +65,7 @@ test("Should create subsequent scans for open HTTPS ports (NMAP findings)", asyn
   });
   expect(startSubsequentSecureCodeBoxScan).toHaveBeenNthCalledWith(2, {
     name: "zap-443-foobar.com",
-    parameters: ["-t", "https://foobar.com:443"],
+    parameters: ["-a", "-j", "-t", "https://foobar.com:443"],
     parentScan: { metadata: { labels: { foo: "bar" } } },
     scanType: "zap-baseline",
   });
@@ -78,7 +78,7 @@ test("Should create subsequent scans for open HTTPS ports (NMAP findings)", asyn
   });
   expect(startSubsequentSecureCodeBoxScan).toHaveBeenNthCalledWith(4, {
     name: "zap-8443-example.com",
-    parameters: ["-t", "https://example.com:8443"],
+    parameters: ["-a", "-j", "-t", "https://example.com:8443"],
     parentScan: { metadata: { labels: { foo: "bar" } } },
     scanType: "zap-baseline",
   });
@@ -677,7 +677,7 @@ test("Should create subsequent scans for Service which are running in custom por
   });
   expect(startSubsequentSecureCodeBoxScan).toHaveBeenNthCalledWith(16, {
     name: "zap-3000-https.example.com",
-    parameters: ["-t", "https://https.example.com:3000"],
+    parameters: ["-a", "-j", "-t", "https://https.example.com:3000"],
     parentScan: { metadata: { labels: { foo: "bar" } } },
     scanType: "zap-baseline",
   });