Omer Levi Hevroni omerlh

## annon-pasv-scanner.js
/**
 * This script checks whether resources (URLs) are successfully accessed (Status 200 - Ok)
 * on a request which did not have an authorization header.
 *
 * Note: This is a passive script not an active script: As such the Authorization header
 * is not forcefully removed prior to making the request. This script will only alert if a
 * request is proxied (or initiated via the spider(s), etc) which does not have an Authorization
 * header, and subsequently passively scanned.
 * Source: https://github.com/zaproxy/zaproxy/issues/4602#issuecomment-382106798
 */

## config.xml
  <script>
    <scripts>
      <name>Scan for anonymous requests</name>
      <description/>
      <engine>Oracle Nashorn</engine>
      <type>passive</type>
      <enabled>true</enabled>
      <file>/home/zap/scripts/passive/annon-pasv-scanner.js</file>
    </scripts>
  </script>

## Dockerfile
FROM owasp/zap2docker-bare

LABEL maintainer="omerlh@gmail.com"

ENV ZAP_DIR=/home/zap/.ZAP

RUN zap.sh -cmd -addonupdate -addoninstall pscanrulesAlpha -addoninstall pscanrulesBeta -addoninstall pscanrules

COPY scripts /home/zap/scripts/

## auth.js

import passport from 'passport'
import {BearerStrategy} from 'passport-azure-ad';

const options = {
    clientID: 'x', //irelevant
    identityMetadata: '<IDSrv URL>/.well-known/openid-configuration',
    issuer: '<IDSrv issuer>',
    audience: '<IDSrv audience>',
    passReqToCallback: true

## check.rb
#!/usr/bin/env ruby

#generated with https://jhawthorn.github.io/curl-to-ruby/

require 'net/http'
require 'uri'
require 'json'
require 'optparse'

options = {}

## daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: disk-checker
  labels:
    app: disk-checker
spec:
  selector:
    matchLabels:
      app: disk-checker

## profile.1.svg

      
              2 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                omerlh
                / profile.1.svg
            
            
              Created
              March 14, 2019 06:21
            
              
                Prometheus High CPU
              
          
      Sorry, something went wrong. Reload?
      Sorry, we cannot display this file.
      Sorry, this file is invalid so it cannot be displayed.
      
          Viewer requires iframe.
      
    
## utilization.promql
sum((kube_pod_container_resource_requests_memory_bytes * on (pod, container) group_right(node) kube_pod_container_status_running) * on (node) group_left(label_cloud_google_com_gke_nodepool)  kube_node_labels) by (label_cloud_google_com_gke_nodepool) /   sum(node:node_memory_bytes_total:sum * on (node) group_left(label_cloud_google_com_gke_nodepool) kube_node_labels) by (label_cloud_google_com_gke_nodepool)

## velero log
velero-85ddbf7d98-wzpw7 velero time="2020-09-09T15:04:00Z" level=info msg="setting log-level to INFO" logSource="pkg/cmd/server/server.go:177"
velero-85ddbf7d98-wzpw7 velero time="2020-09-09T15:04:00Z" level=info msg="Starting Velero server v1.4.2 (56a08a4d695d893f0863f697c2f926e27d70c0c5)" logSource="pkg/cmd/server/server.go:179"
velero-85ddbf7d98-wzpw7 velero time="2020-09-09T15:04:00Z" level=info msg="1 feature flags enabled []" logSource="pkg/cmd/server/server.go:181"
velero-85ddbf7d98-wzpw7 velero time="2020-09-09T15:04:00Z" level=info msg="registering plugin" command=/velero kind=BackupItemAction logSource="pkg/plugin/clientmgmt/registry.go:100" name=velero.io/crd-remap-version
velero-85ddbf7d98-wzpw7 velero time="2020-09-09T15:04:00Z" level=info msg="registering plugin" command=/velero kind=BackupItemAction logSource="pkg/plugin/clientmgmt/registry.go:100" name=velero.io/pod
velero-85ddbf7d98-wzpw7 velero time="2020-09-09T15:04:00Z" level=info msg="registering plugin" command=/velero kind=BackupItemAct

## vulns.txt
Testing gcr.io/cloudsql-docker/gce-proxy:1.22.0...

✗ Low severity vulnerability found in openssl/libssl1.1
  Description: Cryptographic Issues
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-374709
  Introduced through: openssl/libssl1.1@1.1.1d-0+deb10u6, openssl@1.1.1d-0+deb10u6
  From: openssl/libssl1.1@1.1.1d-0+deb10u6
  From: openssl@1.1.1d-0+deb10u6 > openssl/libssl1.1@1.1.1d-0+deb10u6
  From: openssl@1.1.1d-0+deb10u6
	/**
	* This script checks whether resources (URLs) are successfully accessed (Status 200 - Ok)
	* on a request which did not have an authorization header.
	*
	* Note: This is a passive script not an active script: As such the Authorization header
	* is not forcefully removed prior to making the request. This script will only alert if a
	* request is proxied (or initiated via the spider(s), etc) which does not have an Authorization
	* header, and subsequently passively scanned.
	* Source: https://github.com/zaproxy/zaproxy/issues/4602#issuecomment-382106798
	*/
	<script>
	<scripts>
	<name>Scan for anonymous requests</name>
	<description/>
	<engine>Oracle Nashorn</engine>
	<type>passive</type>
	<enabled>true</enabled>
	<file>/home/zap/scripts/passive/annon-pasv-scanner.js</file>
	</scripts>
	</script>
	FROM owasp/zap2docker-bare

	LABEL maintainer="omerlh@gmail.com"

	ENV ZAP_DIR=/home/zap/.ZAP

	RUN zap.sh -cmd -addonupdate -addoninstall pscanrulesAlpha -addoninstall pscanrulesBeta -addoninstall pscanrules

	COPY scripts /home/zap/scripts/

	import passport from 'passport'
	import {BearerStrategy} from 'passport-azure-ad';

	const options = {
	clientID: 'x', //irelevant
	identityMetadata: '<IDSrv URL>/.well-known/openid-configuration',
	issuer: '<IDSrv issuer>',
	audience: '<IDSrv audience>',
	passReqToCallback: true
	#!/usr/bin/env ruby

	#generated with https://jhawthorn.github.io/curl-to-ruby/

	require 'net/http'
	require 'uri'
	require 'json'
	require 'optparse'

	options = {}
	apiVersion: apps/v1
	kind: DaemonSet
	metadata:
	name: disk-checker
	labels:
	app: disk-checker
	spec:
	selector:
	matchLabels:
	app: disk-checker
	velero-85ddbf7d98-wzpw7 velero time="2020-09-09T15:04:00Z" level=info msg="setting log-level to INFO" logSource="pkg/cmd/server/server.go:177"
	velero-85ddbf7d98-wzpw7 velero time="2020-09-09T15:04:00Z" level=info msg="Starting Velero server v1.4.2 (56a08a4d695d893f0863f697c2f926e27d70c0c5)" logSource="pkg/cmd/server/server.go:179"
	velero-85ddbf7d98-wzpw7 velero time="2020-09-09T15:04:00Z" level=info msg="1 feature flags enabled []" logSource="pkg/cmd/server/server.go:181"
	velero-85ddbf7d98-wzpw7 velero time="2020-09-09T15:04:00Z" level=info msg="registering plugin" command=/velero kind=BackupItemAction logSource="pkg/plugin/clientmgmt/registry.go:100" name=velero.io/crd-remap-version
	velero-85ddbf7d98-wzpw7 velero time="2020-09-09T15:04:00Z" level=info msg="registering plugin" command=/velero kind=BackupItemAction logSource="pkg/plugin/clientmgmt/registry.go:100" name=velero.io/pod
	velero-85ddbf7d98-wzpw7 velero time="2020-09-09T15:04:00Z" level=info msg="registering plugin" command=/velero kind=BackupItemAct
	Testing gcr.io/cloudsql-docker/gce-proxy:1.22.0...

	✗ Low severity vulnerability found in openssl/libssl1.1
	Description: Cryptographic Issues
	Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-374709
	Introduced through: openssl/libssl1.1@1.1.1d-0+deb10u6, openssl@1.1.1d-0+deb10u6
	From: openssl/libssl1.1@1.1.1d-0+deb10u6
	From: openssl@1.1.1d-0+deb10u6 > openssl/libssl1.1@1.1.1d-0+deb10u6
	From: openssl@1.1.1d-0+deb10u6