forked from greenbone/openvas-scanner
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add: Smoketest for the scanner API (greenbone#1480)
* Change: make scanning struct member Optional. This solves an issue when deserializing host_info data into a HostInfo struct wich doesn't contains current scanning hosts, like when the scan finished * Add: smoktestes * Fix run-with-certs * fix clyppy warnigns. Also dont return before deletting the scan * Make target, user and pass for authenticated scan configurable via env variables * Add readme
- Loading branch information
Showing
13 changed files
with
587 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -27,6 +27,7 @@ members = [ | |
"openvasd", | ||
"scanconfig", | ||
"infisto", | ||
"smoketest", | ||
] | ||
|
||
[workspace.package] | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
[package] | ||
name = "smoketest" | ||
version = "0.1.0" | ||
edition = "2021" | ||
|
||
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html | ||
|
||
[dependencies] | ||
models = {path = "../models"} | ||
clap = { version = "4.4.0", features = ["derive"] } | ||
reqwest = { version = "0.11.20", features = ["rustls-tls", "blocking", "json"], default-features=false } | ||
tokio = { version = "1.32.0", features = ["full"] } | ||
tracing = "0.1.37" | ||
tracing-subscriber = { version = "0.3.17", features = ["env-filter"] } | ||
serde = {version = "1", features = ["derive"], optional = true} | ||
serde_json = "1" | ||
|
||
[features] | ||
default = ["serde_support"] | ||
serde_support = ["serde"] | ||
|
||
[dev-dependencies] | ||
serde_json = "1" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
# SPDX-FileCopyrightText: 2023 Greenbone AG | ||
# | ||
# SPDX-License-Identifier: AGPL-3.0-or-later | ||
|
||
.PHONY: build run-with-certs | ||
|
||
MAKEFILE_PATH := $(dir $(realpath $(firstword $(MAKEFILE_LIST)))) | ||
|
||
ifdef TARGET_HOSTNAME | ||
TARGET := $(TARGET_HOSTNAME) | ||
else | ||
TARGET := 127.0.0.1 | ||
endif | ||
|
||
ifdef OPENVASD | ||
SERVER := $(OPENVASD) | ||
else | ||
SERVER := http://127.0.0.1:8080 | ||
endif | ||
|
||
ifndef SCAN_CONFIG | ||
SCAN_CONFIG := ./simple_scan_ssh_only.json | ||
endif | ||
|
||
ifndef CARGO | ||
CARGO := cargo | ||
endif | ||
|
||
ifndef TARGET_USERNAME | ||
TARGET_USERNAME := noname | ||
TARGET_PASSWORD := nopass | ||
endif | ||
|
||
all: build run-with-certs | ||
|
||
build: prepare-scan | ||
${CARGO} build | ||
|
||
run: | ||
cargo test | ||
|
||
prepare-scan: | ||
sed -i 's|<username>|'$(TARGET_USERNAME)'|' simple_scan_ssh_only.json | ||
sed -i 's|<password>|'$(TARGET_PASSWORD)'|' simple_scan_ssh_only.json | ||
sed -i 's|<hostname>|'$(TARGET)'|' simple_scan_ssh_only.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
# smoke-test | ||
|
||
Contains a small subset of functionality tests for openvasd within a controlled environment. | ||
|
||
To build and run the tests a Makefile is provided: | ||
- make build - builds the smoketest binary | ||
- make run - runs a scan against an scanner API listening on http://127.0.0.1:3000 using the API KEY authentication method | ||
- make run-with-certs - runs a scan against an scanner API listening on https://127.0.0.1:3000 using the mTLS authentication method plus API KEY | ||
|
||
## Configuration | ||
Independent of the usage of the certificates, the api-key is required. Therefore, `openvasd` must have an api-key set. For details on how to configure it, see the [openvasd documentation](../openvasd/README.md). | ||
|
||
In case of running the test against a mTLS enabled `openvasd`, you need to configure the client key and cert as well in the smoke test environment. For details on how to configure it, see the [openvasd documentation](../openvasd/README.md). | ||
|
||
For creation of the key/cert pair for mTLS authentication, see the tls section in the [openvasd documentation](../openvasd/README.md). Also, you find certificate generators in the [examples](../examples/tls) | ||
|
||
For authenticated scans, you can set a custom target (default is 127.0.0.1), username and password. | ||
|
||
All settings for running the smoke-tests are set via environmental variables. The next table summarize the settings availables: | ||
|
||
|Variable|Description|Default|Mandatory|Comment| | ||
|--------|-----------|-------|---------|-------| | ||
|TARGET_HOSTNAME|Custom target|127.0.0.1|no|Necessary for authenticated scans| | ||
|TARGET_USERNAME|Username for login in the target during the authenticated scan|empty string|no|Necessary for authenticated scans| | ||
|TARGET_PASSWORD|Password for login in the target during the authenticated scan|empty string|no|Necessary for authenticated scans| | ||
|API_KEY|API Key for authenticated communication with `openvasd`|mtls_is_preferred|yes|| | ||
|OPENVASD|Socket where openvasd listen on|http://127.0.0.1:3000|no|Must be specified with port| | ||
|CLIENT_CERT|PEM file combinating public certificate and any 3rd party intermediate certificates ||yes for mTLS|Necessary for mTLS enabled| | ||
|CLIENT_KEY|Client private key||yes for mTLS|Necessary for mTLS enabled| | ||
|SCAN_CONFIG|Scan config in json file format to be run against the target|simple_scan_ssh_only.json|yes|| | ||
|
||
|
||
## Usage | ||
|
||
``` bash | ||
# set env variables | ||
export CLIENT_CERT=/tmp/cert.pem | ||
export CLIENT_KEY=/tmp/key.pem | ||
export OPENVASD=192.168.0.1:3000 | ||
export TARGET_HOSTNAME=192.168.10.10 | ||
export TARGET_USERNAME=user | ||
export TARGET_PASSWORD=pass | ||
export API_KEY=mtls_is_preferred | ||
|
||
#build and run | ||
make build | ||
make run-with-certs | ||
``` | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
{"target": {"hosts": ["<hostname>"], | ||
"ports": [ | ||
{ | ||
"protocol": "tcp", | ||
"range": [ | ||
{ | ||
"start": 22, | ||
"end": 22 | ||
} | ||
] | ||
} | ||
], | ||
"credentials": [ | ||
{ | ||
"service": "ssh", | ||
"port": 22, | ||
"up": { | ||
"username": "<username>", | ||
"password": "<password>" | ||
} | ||
} | ||
] | ||
}, | ||
"vts": [ | ||
{ | ||
"oid": "1.3.6.1.4.1.25623.1.0.90022" | ||
} | ||
] | ||
} |
Oops, something went wrong.