diff --git a/batch/entrypoint.py b/batch/entrypoint.py index 62b14517a..f60eb7bf0 100755 --- a/batch/entrypoint.py +++ b/batch/entrypoint.py @@ -69,6 +69,7 @@ def callback(msg: Message): log.info("Submitting job %s with input(s) %s", job_name, job_inputs) new_job = get_job(job, job_name, job_inputs) + # this returns response.data from the underlying api call. batch_api.create_namespaced_job(namespace, new_job) log.info("Submitted job %s", job_name) diff --git a/zap/deployment.yaml b/zap/deployment.yaml index 29bb5f146..ec206e3c3 100644 --- a/zap/deployment.yaml +++ b/zap/deployment.yaml @@ -222,6 +222,20 @@ items: containers: - << : *cron-job-container args: ['trigger', '-s', 'auth', 'api', 'iapauth'] +- << : *cron-job + metadata: + name: ${CRON_JOB}-baseline + namespace: ${NAMESPACE} + spec: + schedule: "1 1 1 1 *" + jobTemplate: + spec: + template: + spec: + << : *cron-job-spec + containers: + - << : *cron-job-container + args: ['trigger', '-s', 'baseline'] - << : *cron-job metadata: name: ${CRON_JOB}-hail diff --git a/zap/src/scan.py b/zap/src/scan.py index cb9799dba..a68d66b36 100755 --- a/zap/src/scan.py +++ b/zap/src/scan.py @@ -209,7 +209,8 @@ def get_codedx_report_by_alert_severity( """ logging.info("Getting PDF report from Codedx project: %s", project) report_date = datetime.now() - report_file = f'{project.replace("-", "_")}_report_{report_date:%Y%m%d}.pdf' + project_name = project.replace("-", "_").replace('.','').replace("/","").replace(":","") + report_file = f'{project_name}_report_{report_date:%Y%m%d}.pdf' filters = { "severity": [s.value for s in severities], "status": ["new", "unresolved", "reopened", "escalated"], @@ -467,8 +468,8 @@ def upload_googledrive(scan_type, zap_filename, codedx_project, report_file, sla """ root_id = os.getenv('DRIVE_ROOT_ID', None) drive_id = os.getenv('DRIVE_ID', None) - if scan_type in (ScanType.BASELINE): - return + # if scan_type in (ScanType.BASELINE): + # return try: logging.info('Setting up the google drive API service for uploading reports.') if scan_type in (ScanType.HAILAPI, ScanType.HAILAUTH): @@ -574,7 +575,7 @@ def main(): # pylint: disable=too-many-locals # optionally, upload them to GCS xml_report_url = "" - if scan_type is not ScanType.BASELINE: + if scan_type is not None: xml_report_url = upload_gcs( bucket_name, scan_type, diff --git a/zap/src/zap.py b/zap/src/zap.py index 2185dc062..7eacbeea5 100755 --- a/zap/src/zap.py +++ b/zap/src/zap.py @@ -294,7 +294,8 @@ def zap_report(zap: ZAPv2, project: str, scan_type: ScanType, sites: str): # The more advanced zap report api calls require a directory local to zap # But you can download known files from /home/zap/.ZAP/transfer if you use an API key date = datetime.today() - filename = f"{project}_{scan_type}-scan_report-{date.strftime('%Y-%m-%d')}.xml" + project_name = project.replace("-", "_").replace('.','').replace("/","").replace(":","") + filename = f"{project_name}_{scan_type}-scan_report-{date.strftime('%Y-%m-%d')}.xml" filename = filename.replace("-", "_").replace(" ", "") template = "traditional-xml" @@ -324,7 +325,8 @@ def zap_save_session(zap: ZAPv2, """ share_path = os.getenv("VOLUME_SHARE") share_path_sess = share_path+"/session/" - session_filename = f"{project}_{scan_type}-session" + project_name = project.replace("-", "_").replace('.','').replace("/","").replace(":","") + session_filename = f"{project_name}_{scan_type}-session" session_filename = session_filename.replace("-", "_").replace(" ", "") # zap scanner container saves session to shared volume zap.core.save_session(share_path_sess+session_filename) @@ -412,7 +414,7 @@ def zap_compliance_scan( # and can provide more granular authentication controls. # Scan types: - # BASELINE - unauthenticated, no active scan. + # BASELINE - unauthenticated. # API - authenticated with SA, imports openid config, active scan is performed. # UI - authenticated with SA, active scan and ajax spider is performed. # AUTH - authenticated with SA, active scan is performed. @@ -457,7 +459,7 @@ def zap_compliance_scan( zap.ajaxSpider.scan(target_url, contextname=project) - if scan_type != ScanType.BASELINE: + if scan_type != None: logging.info("starting zap active scan for %s", target_url) zap.ascan.scan(target_url, contextid=context_id, recurse=True)