Fix docker builds

Patrowl · Jul 12, 2021 · 44939a5 · 44939a5
1 parent bfa095e
commit 44939a5
Show file tree

Hide file tree

Showing 21 changed files with 53 additions and 44 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -28,6 +28,7 @@ env:
 - PATROWL_ENGINE=apivoid ENGINE_PORT=5022
 - PATROWL_ENGINE=wpscan ENGINE_PORT=5023
 - PATROWL_ENGINE=cybelangel ENGINE_PORT=5024
+- PATROWL_ENGINE=shhgit ENGINE_PORT=5025
 before_install:
 - cd engines
 install:

diff --git a/README.md b/README.md
@@ -91,3 +91,4 @@ Copyright (C) 2018-2021 Nicolas MATTIOCCO ([@MaKyOtOx](https://twitter.com/MaKyO
 | virustotal  | [![Known Vulnerabilities](https://snyk.io/test/github/Patrowl/PatrowlEngines/badge.svg?targetFile=engines%2Fvirustotal%2Frequirements.txt)](https://snyk.io/test/github/Patrowl/PatrowlEngines?targetFile=engines%2Fvirustotal%2Frequirements.txt)  |
 | wpscan  | [![Known Vulnerabilities](https://snyk.io/test/github/Patrowl/PatrowlEngines/badge.svg?targetFile=engines%2Fwpscan%2Frequirements.txt)](https://snyk.io/test/github/Patrowl/PatrowlEngines?targetFile=engines%2Fwpscan%2Frequirements.txt)  |
 | cybelangel  | [![Known Vulnerabilities](https://snyk.io/test/github/Patrowl/PatrowlEngines/badge.svg?targetFile=engines%2Fcybelangel%2Frequirements.txt)](https://snyk.io/test/github/Patrowl/PatrowlEngines?targetFile=engines%2Fcybelangel%2Frequirements.txt)  |
+| shhgit  | [![Known Vulnerabilities](https://snyk.io/test/github/Patrowl/PatrowlEngines/badge.svg?targetFile=engines%2Fshhgit%2Frequirements.txt)](https://snyk.io/test/github/Patrowl/PatrowlEngines?targetFile=engines%2Fshhgit%2Frequirements.txt)  |
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.4.29 // PatrowlEngines
+1.4.30 // PatrowlEngines
diff --git a/engines/arachni/Dockerfile b/engines/arachni/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:16.04
+FROM ubuntu:20.04
 MAINTAINER Patrowl.io "[email protected]"
 LABEL Name="Arachni\ \(Patrowl engine\)" Version="1.0.0"
 
@@ -25,8 +25,9 @@ COPY README.md .
 
 WORKDIR /opt/patrowl-engines/arachni/libs
 
-RUN apt-get -qq update && apt-get install -yq wget ruby bash python3 python3-dev curl bsdtar make gcc && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
-RUN curl -fsSL -o- https://bootstrap.pypa.io/pip/3.5/get-pip.py | python3.5
+# RUN apt-get -qq update && apt-get install -yq wget ruby bash python3 python3-dev curl bsdtar make gcc && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+RUN apt-get -qq update && apt-get install -yq wget ruby bash python3 python3-dev curl make gcc && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+RUN curl -fsSL -o- https://bootstrap.pypa.io/pip/get-pip.py | python3
 RUN ln -sf $(which bsdtar) $(which tar)
 RUN wget $DL_ARACHNI_LINK -nv
 RUN tar xzf $TGZ_ARACHNI && \

diff --git a/engines/arachni/VERSION b/engines/arachni/VERSION
@@ -1 +1 @@
-1.4.26
+1.4.27
diff --git a/engines/arachni/__init__.py b/engines/arachni/__init__.py
@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 
 __title__ = 'patrowl_engine_arachni'
-__version__ = '1.0.0'
+__version__ = '1.4.27'
 __author__ = 'Nicolas MATTIOCCO'
 __license__ = 'AGPLv3'
-__copyright__ = 'Copyright (C) 2018 Nicolas Mattiocco - @MaKyOtOx'
+__copyright__ = 'Copyright (C) 2018-2021 Nicolas Mattiocco - @MaKyOtOx'
diff --git a/engines/arachni/engine-arachni.py b/engines/arachni/engine-arachni.py
@@ -19,7 +19,7 @@
 APP_DEBUG = False
 APP_HOST = "0.0.0.0"
 APP_PORT = 5005
-APP_MAXSCANS = int(os.environ.get('APP_MAXSCANS', 25))
+APP_MAXSCANS = int(os.environ.get('APP_MAXSCANS', 5))
 
 BASE_DIR = os.path.dirname(os.path.realpath(__file__))
 this = sys.modules[__name__]

diff --git a/engines/censys/Dockerfile → engines/censys/Dockerfile.old b/engines/censys/Dockerfile → engines/censys/Dockerfile.old
diff --git a/engines/droopescan/Dockerfile b/engines/droopescan/Dockerfile
@@ -1,6 +1,6 @@
 FROM alpine:latest
 MAINTAINER Patrowl.io "[email protected]"
-LABEL Name="droopescan\ \(Patrowl engine\)" Version="1.3.0"
+LABEL Name="droopescan\ \(Patrowl engine\)" Version="1.4.27"
 
 # Set the working directory
 RUN mkdir -p /opt/patrowl-engines/droopescan

diff --git a/engines/droopescan/VERSION b/engines/droopescan/VERSION
@@ -1 +1 @@
-1.4.26
+1.4.27
diff --git a/engines/droopescan/__init__.py b/engines/droopescan/__init__.py
@@ -2,6 +2,7 @@
 # -*- coding: utf-8 -*-
 
 __title__ = 'patrowl_engine_droopscan'
-__version__ = '1.3.0'
-__author__ = 'not yet'
+__version__ = '1.4.27'
 __license__ = 'AGPLv3'
+__author__ = 'Nicolas MATTIOCCO'
+__copyright__ = 'Copyright (C) 2018-2021 Nicolas Mattiocco - @MaKyOtOx'
diff --git a/engines/droopescan/engine-droopescan.py b/engines/droopescan/engine-droopescan.py
@@ -1,6 +1,6 @@
 #!/usr/bin/python3
 # -*- coding: utf-8 -*-
-""" Droopescan Patrowl engine application """
+"""Droopescan Patrowl engine application."""
 
 import os
 import subprocess
@@ -29,7 +29,7 @@
 APP_PORT = 5021
 APP_MAXSCANS = int(os.environ.get('APP_MAXSCANS', 25))
 APP_ENGINE_NAME = "patrowl-droopescan"
-VERSION = "1.4.18"
+VERSION = "1.4.27"
 
 BASE_DIR = os.path.dirname(os.path.realpath(__file__))
 this = sys.modules[__name__]
@@ -67,6 +67,7 @@ def index():
     """Return index page."""
     return engine.index()
 
+
 @app.route('/engines/droopescan/liveness')
 def liveness():
     """Return liveness page."""
@@ -132,7 +133,9 @@ def status():
 
     if not os.path.exists(BASE_DIR+'/droopescan.json'):
         this.scanner['status'] = "ERROR"
-        res.update({"status": "error", "reason": "Config file droopescan.json not found"})
+        res.update({
+            "status": "error",
+            "reason": "Config file droopescan.json not found"})
         app.logger.error("Config file droopescan.json not found")
 #    if not os.path.isfile(this.scanner['path']):
 #        this.scanner['status'] = "ERROR"
@@ -178,7 +181,7 @@ def getreport(scan_id):
 
 
 def loadconfig():
-    """ Load engine configuration """
+    """Load engine configuration."""
     conf_file = BASE_DIR+'/droopescan.json'
     if os.path.exists(conf_file):
         json_data = open(conf_file)
@@ -191,7 +194,7 @@ def loadconfig():
 
 @app.route('/engines/droopescan/reloadconfig')
 def reloadconfig():
-    """ Reload engine configuration """
+    """Reload engine configuration."""
     res = {"page": "reloadconfig"}
     loadconfig()
     res.update({"config": this.scanner})
@@ -270,7 +273,7 @@ def scan_status(scan_id):
 def _add_issue(scan_id, target, timestamp, title, desc, type,
                severity="info", confidence="certain",
                vuln_refs=None, links=None, tags=None, risk=None):
-    """ Add findings to results """
+    """Add findings to results."""
     this.scans[scan_id]["nb_findings"] = this.scans[scan_id]["nb_findings"] + 1
     if (vuln_refs is None and links is None and tags is None and risk is None):
         issue = {
@@ -346,7 +349,7 @@ def stop_scan(scan_id):
 ##########################
 @app.route('/engines/droopescan/startscan', methods=['POST'])
 def start():
-    """ Start scan. """
+    """Start a scan."""
     res = {"page": "startscan"}
 
     # check the scanner is ready to start a new scan
@@ -412,7 +415,7 @@ def start():
 
 
 def _scan_thread(scan_id):
-    """ Attribute scan to a thread and launch it. """
+    """Attribute scan to a thread and launch it."""
     hosts = []
 
     for asset in this.scans[scan_id]['assets']:
@@ -504,7 +507,7 @@ def _scan_thread(scan_id):
 
 
 def _get_hears_findings(scan_id, t_vendor=None, t_product=None, t_product_version=None):
-    """ Get CVE associated to given vendor/product/product version """
+    """Get CVE associated to given vendor/product/product version."""
     # Set up credentials
     hears_url = this.scans[scan_id]["hears_api"]["url"]
     hears_token = this.scans[scan_id]["hears_api"]["token"]
@@ -544,7 +547,7 @@ def _get_hears_findings(scan_id, t_vendor=None, t_product=None, t_product_versio
 
 def _get_cvss_severity(cvss):
     """
-    Returns severity from given CVSS
+    Return severity from given CVSS.
 
     :param cvss: CVSS
     :type cvss: float
@@ -695,7 +698,7 @@ def _parse_report(filename, scan_id):
 ###########################
 @app.route('/engines/droopescan/getfindings/<scan_id>')
 def getfindings(scan_id):
-    """ Retrieve findings from scan results.  """
+    """Retrieve findings from scan results."""
     res = {"page": "getfindings", "scan_id": scan_id}
     if scan_id not in this.scans.keys():
         res.update({"status": "error", "reason": "scan_id '{}' not found".format(scan_id)})

diff --git a/engines/openvas/__init__.py b/engines/openvas/__init__.py
@@ -5,4 +5,4 @@
 __version__ = '1.0.0'
 __author__ = 'Nicolas Béguier'
 __license__ = 'AGPLv3'
-__copyright__ = 'Copyright (C) 2018-2019 Nicolas Mattiocco - @MaKyOtOx'
+__copyright__ = 'Copyright (C) 2018-2021 Nicolas Mattiocco - @MaKyOtOx'
diff --git a/engines/owl_code/Dockerfile b/engines/owl_code/Dockerfile
@@ -1,13 +1,13 @@
 FROM alpine:latest
 MAINTAINER Patrowl.io "[email protected]"
-LABEL Name="Patrowl\ Code\ Security\ review\ \(Patrowl engine\)" Version="1.4.26"
+LABEL Name="Patrowl\ Code\ Security\ review\ \(Patrowl engine\)" Version="1.4.27"
 
 # Install dependencies
 RUN apk add --update --no-cache \
     wget unzip openjdk8-jre \
     git subversion \
     python3 python3-dev py3-pip \
-    nodejs nodejs-npm \
+    npm nodejs \
   && rm -rf /var/cache/apk/* \
   && rm -rf /tmp/*
 
@@ -25,18 +25,21 @@ RUN npm install -g retire
 
 # Install OWASP-DC
 ENV version_url=https://jeremylong.github.io/DependencyCheck/current.txt
-ENV download_url=https://dl.bintray.com/jeremy-long/owasp
+# ENV download_url=https://dl.bintray.com/jeremy-long/owasp
+ENV download_url=https://github.com/jeremylong/DependencyCheck/releases/download/
 RUN wget -qO- -O /tmp/current.txt ${version_url}                            && \
     version=$(cat /tmp/current.txt)                                         && \
-    file="dependency-check-6.0.3-release.zip"                               && \
+    # version="6.0.3"                                         && \
+    # file="dependency-check-6.0.3-release.zip"                               && \
     # file="dependency-check-${version}-release.zip"                          && \
-    wget "$download_url/$file"                                              && \
+    file="dependency-check-${version}-release.zip"                          && \
+    wget "$download_url/v${version}/$file"                                  && \
     unzip ${file}                                                           && \
     rm ${file}                                                              && \
     mv dependency-check /opt/patrowl-engines/owl_code/libs                  && \
     cd /opt/patrowl-engines/owl_code/libs                                   && \
-    chmod +x dependency-check/bin/dependency-check.sh                       && \
-    dependency-check/bin/dependency-check.sh --updateonly
+    chmod +x dependency-check/bin/dependency-check.sh
+RUN dependency-check/bin/dependency-check.sh --updateonly ; exit 0
 
 # Set the working directory to /opt/<engine_name>
 WORKDIR /opt/patrowl-engines/owl_code

diff --git a/engines/owl_code/VERSION b/engines/owl_code/VERSION
@@ -1 +1 @@
-1.4.26
+1.4.27
diff --git a/engines/owl_code/__init__.py b/engines/owl_code/__init__.py
@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 
 __title__ = 'patrowl_engine_owl_code'
-__version__ = '1.0.0'
+__version__ = '1.4.27'
 __author__ = 'Nicolas MATTIOCCO'
 __license__ = 'AGPLv3'
-__copyright__ = 'Copyright (C) 2018 Nicolas Mattiocco - @MaKyOtOx'
+__copyright__ = 'Copyright (C) 2018-2021 Nicolas Mattiocco - @MaKyOtOx'
diff --git a/engines/shhgit/Dockerfile b/engines/shhgit/Dockerfile
@@ -1,6 +1,6 @@
 FROM alpine:latest
 MAINTAINER Patrowl.io "[email protected]"
-LABEL Name="SHHGit\ \(Patrowl engine\)" Version="1.4.27"
+LABEL Name="SHHGit\ \(Patrowl engine\)" Version="1.4.28"
 
 # Create the target repo
 RUN mkdir -p /opt/patrowl-engines/shhgit
@@ -21,15 +21,14 @@ COPY README.md .
 RUN mkdir -p results
 RUN mkdir -p data
 RUN apk add --update --no-cache \
-    python3 \
-    python3-dev \
-    py3-pip \
+    python3 python3-dev py3-pip \
+    gcc libc-dev libffi-dev make \
   && rm -rf /var/cache/apk/*
 RUN pip3 install --upgrade pip
 RUN pip3 install --trusted-host pypi.python.org -r requirements.txt
 
 # TCP port exposed by the container (NAT)
-EXPOSE 5024
+EXPOSE 5025
 
 # Run app.py when the container launches
-CMD ["gunicorn", "engine-shhgit:app", "-b", "0.0.0.0:5024", "--access-logfile", "-"]
+CMD ["gunicorn", "engine-shhgit:app", "-b", "0.0.0.0:5025", "--access-logfile", "-"]
diff --git a/engines/shhgit/README.md b/engines/shhgit/README.md
@@ -20,7 +20,7 @@ It will scan them with shhgit and try to find any potential secret (AWS, Google
 ## Testing URLs
 
 ```bash
-SHHGIT_ENGINE_URL=http://localhost:5024/engines/shhgit
+SHHGIT_ENGINE_URL=http://localhost:5025/engines/shhgit
 
 # Start scan
 curl "${shhgit_ENGINE_URL}/startscan" -XPOST -H 'Accept: application/json' -H 'Content-type: application/json' -d "{\"scan_id\": 1, \"options\": {\"since\": \"9999\"}, \"assets\": [], \"engine_id\": 42}"

diff --git a/engines/shhgit/VERSION b/engines/shhgit/VERSION
@@ -1 +1 @@
-1.4.27
+1.4.28
diff --git a/engines/shhgit/__init__.py b/engines/shhgit/__init__.py
@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 
 __title__ = 'patrowl_engine_shhgit'
-__version__ = '1.0.0'
+__version__ = '1.4.28'
 __author__ = 'Fabien Martinez'
 __license__ = 'AGPLv3'
 __copyright__ = 'Copyright (C) 2018-2021 Nicolas Mattiocco - @MaKyOtOx'
diff --git a/engines/shhgit/engine-shhgit.py b/engines/shhgit/engine-shhgit.py
@@ -30,7 +30,7 @@
 app = Flask(__name__)
 APP_DEBUG = False
 APP_HOST = "0.0.0.0"
-APP_PORT = 5024
+APP_PORT = 5025
 APP_MAXSCANS = int(os.environ.get('APP_MAXSCANS', 1))
 APP_ENGINE_NAME = "shhgit"
 APP_BASE_DIR = Path(__file__).parent