Created
August 25, 2015 00:57
-
-
Save anshumanbh/1a729109b39fe4feb857 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -e | |
unset http_proxy | |
unset https_proxy | |
echo "Activating and entering virtualenv env" | |
virtualenv env | |
. env/bin/activate | |
echo "Installing apptest via pip" | |
pip install apptest | |
echo "Installing OWASP ZAP API via pip" | |
pip install python-owasp-zap-v2.4 --upgrade | |
echo "Pulling app Docker container from the registry" | |
docker pull docker-registry.app.com/app #make sure to change this to your internal docker registry | |
echo "Pulling OWASP ZAP container from docker hub" | |
docker pull owasp/zap2docker-stable | |
#setting the proxy as ZAP Daemon's IP:Port | |
export http_proxy=http://127.0.0.1:8090/ | |
export https_proxy=http://127.0.0.1:8090/ | |
echo "Starting ZAP daemon as a Docker container" | |
ZAPCONTAINERID=$(docker run -p 8090:8090 -id owasp/zap2docker-stable zap.sh -daemon -port 8090 -host 0.0.0.0) | |
echo ZAP Container ID = $ZAPCONTAINERID | |
ZAPCONTAINERIP=$(docker inspect $ZAPCONTAINERID | grep -w IPAddress | sed 's/.*IPAddress": "//' | sed 's/",$//') | |
echo ZAP Container IP = $ZAPCONTAINERIP | |
echo "Starting app as a docker container" | |
APPCONTAINERID=$(docker run -dt -p 127.0.0.1:80:80 docker-registry.app.com/app) #Change this to start your own app container | |
echo app Container ID = $APPCONTAINERID | |
APPCONTAINERIP=$(docker inspect $APPCONTAINERID | grep -w IPAddress | sed 's/.*IPAddress": "//' | sed 's/",$//') | |
echo app Container IP = $APPCONTAINERIP | |
echo "Adding the app Container IP and hostname in the /etc/hosts file of the ZAP daemon container so that when the testsuite is being run via ZAP daemon as the proxy, it knows how to get to the app container from the ZAP daemon container" | |
docker exec $ZAPCONTAINERID /bin/sh -c "echo $APPCONTAINERIP test.app.com >> /etc/hosts" | |
cleanup() { | |
unset http_proxy | |
unset https_proxy | |
echo "Cleaning up the app and ZAP containers..." | |
docker rm -f ${APPCONTAINERID} | |
docker rm -f ${ZAPCONTAINERID} | |
rm $wd/report* | |
rm $wd/data/cookies.txt | |
rm -rf $wd/env/ | |
trap - EXIT | |
} | |
trap cleanup INT TERM EXIT | |
echo "Verifying whether test.app.com is accessible or not to run the test suite" | |
sleep 10 | |
curl -v --silent test.app.com 2>&1 | grep "Your request was missing a required header" #Add your own app's code here | |
sleep 5 | |
if [ $? -eq 0 ] | |
then | |
echo "Looks like it is accessible.." | |
echo "Running the test suite against the app via ZAP. Sit down and relax..." | |
(apptest || true) #Run your own testsuite here | |
echo "test suite complete" | |
sleep 5 | |
else | |
exit 1 | |
fi | |
if [ $? -eq 0 ] | |
then | |
echo "Running ZAP aginst the app with all the test suite traffic in ZAP now. This will take a few hours. Come back later.." | |
python ./runzap.py http://test.app.com/ #Use your own app URL here | |
fi | |
STATUS=$(docker inspect $ZAPCONTAINERID | grep Running | sed 's/"Running"://' | sed 's/,//') | |
flag="1" | |
while [ "$flag" = "1" ]; do | |
if [ $STATUS == "true" ]; | |
then | |
sleep 5 | |
echo ZAP is stopping.. | |
flag=1 | |
STATUS=$(docker inspect $ZAPCONTAINERID | grep Running | sed 's/"Running"://' | sed 's/,//') | |
else | |
sleep 5 | |
echo ZAP has stopped | |
flag=0 | |
STATUS=$(docker inspect $ZAPCONTAINERID | grep Running | sed 's/"Running"://' | sed 's/,//') | |
fi | |
done | |
if [ $? -eq 0 ] | |
then | |
echo "Calling the jira connect script to authenticate to JIRA and send the reports over" | |
./jiraconnect.sh | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment