Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
#!/bin/bash
set -e
unset http_proxy
unset https_proxy
echo "Activating and entering virtualenv env"
virtualenv env
. env/bin/activate
echo "Installing apptest via pip"
pip install apptest
echo "Installing OWASP ZAP API via pip"
pip install python-owasp-zap-v2.4 --upgrade
echo "Pulling app Docker container from the registry"
docker pull docker-registry.app.com/app #make sure to change this to your internal docker registry
echo "Pulling OWASP ZAP container from docker hub"
docker pull owasp/zap2docker-stable
#setting the proxy as ZAP Daemon's IP:Port
export http_proxy=http://127.0.0.1:8090/
export https_proxy=http://127.0.0.1:8090/
echo "Starting ZAP daemon as a Docker container"
ZAPCONTAINERID=$(docker run -p 8090:8090 -id owasp/zap2docker-stable zap.sh -daemon -port 8090 -host 0.0.0.0)
echo ZAP Container ID = $ZAPCONTAINERID
ZAPCONTAINERIP=$(docker inspect $ZAPCONTAINERID | grep -w IPAddress | sed 's/.*IPAddress": "//' | sed 's/",$//')
echo ZAP Container IP = $ZAPCONTAINERIP
echo "Starting app as a docker container"
APPCONTAINERID=$(docker run -dt -p 127.0.0.1:80:80 docker-registry.app.com/app) #Change this to start your own app container
echo app Container ID = $APPCONTAINERID
APPCONTAINERIP=$(docker inspect $APPCONTAINERID | grep -w IPAddress | sed 's/.*IPAddress": "//' | sed 's/",$//')
echo app Container IP = $APPCONTAINERIP
echo "Adding the app Container IP and hostname in the /etc/hosts file of the ZAP daemon container so that when the testsuite is being run via ZAP daemon as the proxy, it knows how to get to the app container from the ZAP daemon container"
docker exec $ZAPCONTAINERID /bin/sh -c "echo $APPCONTAINERIP test.app.com >> /etc/hosts"
cleanup() {
unset http_proxy
unset https_proxy
echo "Cleaning up the app and ZAP containers..."
docker rm -f ${APPCONTAINERID}
docker rm -f ${ZAPCONTAINERID}
rm $wd/report*
rm $wd/data/cookies.txt
rm -rf $wd/env/
trap - EXIT
}
trap cleanup INT TERM EXIT
echo "Verifying whether test.app.com is accessible or not to run the test suite"
sleep 10
curl -v --silent test.app.com 2>&1 | grep "Your request was missing a required header" #Add your own app's code here
sleep 5
if [ $? -eq 0 ]
then
echo "Looks like it is accessible.."
echo "Running the test suite against the app via ZAP. Sit down and relax..."
(apptest || true) #Run your own testsuite here
echo "test suite complete"
sleep 5
else
exit 1
fi
if [ $? -eq 0 ]
then
echo "Running ZAP aginst the app with all the test suite traffic in ZAP now. This will take a few hours. Come back later.."
python ./runzap.py http://test.app.com/ #Use your own app URL here
fi
STATUS=$(docker inspect $ZAPCONTAINERID | grep Running | sed 's/"Running"://' | sed 's/,//')
flag="1"
while [ "$flag" = "1" ]; do
if [ $STATUS == "true" ];
then
sleep 5
echo ZAP is stopping..
flag=1
STATUS=$(docker inspect $ZAPCONTAINERID | grep Running | sed 's/"Running"://' | sed 's/,//')
else
sleep 5
echo ZAP has stopped
flag=0
STATUS=$(docker inspect $ZAPCONTAINERID | grep Running | sed 's/"Running"://' | sed 's/,//')
fi
done
if [ $? -eq 0 ]
then
echo "Calling the jira connect script to authenticate to JIRA and send the reports over"
./jiraconnect.sh
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment