Added new test large #13
The diff you're trying to view is too large. We only load the first 3000 changed files.
There are no files selected for viewing
Binary file not shown.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <extensions> | ||
| <extension> | ||
| <groupId>co.leantechniques</groupId> | ||
| <artifactId>maven-buildtime-extension</artifactId> | ||
| <version>3.0.3</version> | ||
| </extension> | ||
| </extensions> | ||
|
|
Empty file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"rules":{"block-no-empty":true,"comment-no-empty":true,"string-no-newline":true,"function-linear-gradient-no-nonstandard-direction":true,"media-feature-name-no-unknown":true,"color-no-invalid-hex":true,"font-family-no-duplicate-names":true,"no-duplicate-at-import-rules":true,"no-empty-source":true,"declaration-block-no-duplicate-properties":[true,{"ignore":["consecutive-duplicates-with-different-values"]}],"selector-type-no-unknown":[true,{"ignoreTypes":["/^(mat|md|fa)-/"],"ignore":["custom-elements"]}],"at-rule-no-unknown":[true,{"ignoreAtRules":["value","at-root","content","debug","each","else","error","for","function","if","include","mixin","return","warn","while","extend","use","/^@.*/"]}],"no-duplicate-selectors":true,"font-family-no-missing-generic-family-keyword":true,"no-extra-semicolons":true,"no-invalid-double-slash-comments":true,"selector-pseudo-element-no-unknown":[true,{"ignorePseudoElements":["ng-deep","v-deep"]}],"selector-pseudo-class-no-unknown":[true,{"ignorePseudoClasses":["local","global","export","import"]}],"keyframe-declaration-no-important":true,"property-no-unknown":[true,{"ignoreProperties":["composes","/^mso-/"],"ignoreSelectors":["/^:export.*/","/^:import.*/"]}],"declaration-block-no-shorthand-property-overrides":true,"unit-no-unknown":[true,{"ignoreUnits":["x"]}],"function-calc-no-invalid":true}} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| projectKey=ds_owasp_22_cli | ||
| serverUrl=http://localhost:9000 | ||
| serverVersion=9.3.0.51899 | ||
| dashboardUrl=http://localhost:9000/dashboard?id=ds_owasp_22_cli | ||
| ceTaskId=AYH2eX4ofr18r_Wq_bEJ | ||
| ceTaskUrl=http://localhost:9000/api/ce/task?id=AYH2eX4ofr18r_Wq_bEJ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| language: java | ||
|
|
||
| env: | ||
| global: | ||
| # The next declaration is the encrypted COVERITY_SCAN_TOKEN, created | ||
| # via the "travis encrypt" command using the project repo's public key | ||
| - secure: "nQwb2puOx0qCJs9ealFxjlnMl7Qzue1Ii8n9yTpqdU+T+nRRIJyjHUmifEPfmTofAUGRGuvC1jP3PFl4mIfaL0uiovGIS2ON+GdzAdO+ExpHjbteaf3eg8hfV7mmei1GgAdwHv2o7cKb0EAr+LP/6gHUPYeeR1sGwv5h5agcMq7Q33ix4+z0v4lS5OGufH8Wpo/Oy/9t2K0G8whbtVjnn3IQb6+OG/5JfQFO2jgtJZvB8JOxWAZZ2mbwPrDxArc+XLTVXBZcm4S7sr3i2yr31+SlLfKi7X4ZIlN5P6nH8O+7rdOwFTjx/n+tHiTq8xIs0uO3gZsYVT6m8yA1PQauQIC0URB0NYxR31XDLI+T131qsz7YfzVl8SD8jntG+VwnQvvedJzy5EQvq+wQvBF8rPhXXY3+ZqfERbfKWafEauMOMxuupHopiL0QtrcpLXzz6Nw1KoK+YL4dgAd9TpseuRNy1Z68dfBsGiqaBCMSg0ytftSxoPDvOXK1b9k3vY3/ByjYgutkz7VGNY7DKYODQLlpdfs3+N4GWw8l7TRtAOiKye/JzBH7RlJrpsINBL539zbpmDlf6SeLKYesA2G+ZBNgj2vy6GGFzS9dwY8mzK2TlKbxHA5mKokVcULVyEw+kEL7sKuI6ldqc0bMAuWF7gHeA2TBGXknmwtDco1WVlg=" | ||
|
|
||
| before_install: | ||
| - echo -n | openssl s_client -connect https://scan.coverity.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo tee -a /etc/ssl/certs/ca- | ||
|
|
||
| addons: | ||
| coverity_scan: | ||
| project: | ||
| name: "OWASP/Benchmark" | ||
| description: "OWASP Benchmark" | ||
| notification_email: dave.wichers@owasp.org | ||
| build_command_prepend: "" | ||
| build_command: "mvn clean compile" | ||
| branch_pattern: master |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| eclipse.preferences.version=1 | ||
| indentationChar=space | ||
| indentationSize=4 | ||
| lineWidth=999 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| eclipse.preferences.version=1 | ||
| indentationChar=space | ||
| indentationSize=4 | ||
| lineWidth=999 | ||
| formatCommentJoinLines=true | ||
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| [InternetShortcut] | ||
| URL=https://localhost:8443/benchmark/ | ||
| IDList= | ||
| HotKey=0 | ||
| IconFile=./src/main/webapp/favicon.ico | ||
| IconIndex=0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| # OWASP Benchmark | ||
| The OWASP Benchmark Project is a Java test suite designed to verify the speed and accuracy of vulnerability detection tools. It is a fully runnable open source web application that can be analyzed by any type of Application Security Testing (AST) tool, including SAST, DAST (like <a href="https://owasp.org/www-project-zap">OWASP ZAP</a>), and IAST tools. The intent is that all the vulnerabilities deliberately included in and scored by the Benchmark are actually exploitable so its a fair test for any kind of application vulnerability detection tool. The Benchmark also includes scorecard generators for numerous open source and commercial AST tools, and the set of supported tools is growing all the time. | ||
|
|
||
| The project documentation is all on the OWASP site at the <a href="https://owasp.org/www-project-benchmark">OWASP Benchmark</a> project pages. Please refer to that site for all the project details. | ||
|
|
||
| The current latest release is v1.2. Note that all the releases that are available here: https://github.com/OWASP/Benchmark/releases are historical. The latest release is always available live by simply cloning or pulling the head of this repository (i.e., git pull). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| # This dockerfile builds a container that pulls down and runs the latest version of Benchmark | ||
| FROM ubuntu:latest | ||
| MAINTAINER "Dave Wichers dave.wichers@owasp.org" | ||
|
There was a problem hiding this comment. The |
||
|
|
||
| RUN apt-get update | ||
| RUN DEBIAN_FRONTEND="noninteractive" apt-get -y install tzdata | ||
| RUN apt-get install -q -y \ | ||
| openjdk-8-jre-headless \ | ||
| openjdk-8-jdk \ | ||
| git \ | ||
| maven \ | ||
| wget \ | ||
| iputils-ping \ | ||
| && apt-get clean | ||
|
Comment on lines
+5
to
+14
There was a problem hiding this comment. For better image efficiency and to avoid potential issues with stale package caches, it's a best practice to combine |
||
|
|
||
| RUN mkdir /owasp | ||
| WORKDIR /owasp | ||
| RUN git clone https://github.com/OWASP-Benchmark/BenchmarkJava | ||
| WORKDIR /owasp/BenchmarkJava | ||
| RUN mvn clean package cargo:install | ||
|
|
||
| RUN useradd -d /home/bench -m -s /bin/bash bench | ||
| RUN echo bench:bench | chpasswd | ||
|
There was a problem hiding this comment. Hardcoding passwords in a Dockerfile is a significant security risk, as the password will be stored in the image layers and history. You should use a more secure method for handling secrets, such as build-time arguments ( |
||
|
|
||
| RUN chown -R bench /owasp/ | ||
| ENV PATH /owasp/BenchmarkJava:$PATH | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| # Pull in latest version of ubuntu | ||
| docker pull ubuntu:latest | ||
| # Remove any ubuntu:<none> image if it was left behind by a new version of ubunto:latest being pulled | ||
| i=$(docker images | grep "ubuntu" | grep "<none" | awk '{print $3}') | ||
| if [ "$i" ] | ||
| then | ||
| docker rmi $i | ||
| fi | ||
|
|
||
| # Since Docker doesn't auto delete anything, just like for the Ubunto update, delete any existing benchmark:latest image before building a new one | ||
| docker image rm benchmark:latest | ||
| docker build -t benchmark . | ||
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| docker run -t -i -p 8443:8443 --rm benchmark /bin/bash -c "git pull && ./runRemoteAccessibleBenchmark.sh" | ||
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| source "scripts/verifyBenchmarkPluginAvailable.sh" | ||
| mvn -Djava.awt.headless=true org.owasp:benchmarkutils-maven-plugin:create-scorecard -DconfigFile=data/anonymousScoringConfig.yaml | ||
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| # source "scripts/verifyBenchmarkPluginAvailable.sh" - Don't have .bat version of this (yet) | ||
| #mvn -Djava.awt.headless=true org.owasp:benchmarkutils-maven-plugin:create-scorecard -DconfigFile=config/score_v1.3config.yaml | ||
| call mvn -Djava.awt.headless=true org.owasp:benchmarkutils-maven-plugin:create-scorecard | ||
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| source "scripts/verifyBenchmarkPluginAvailable.sh" | ||
| #mvn -Djava.awt.headless=true org.owasp:benchmarkutils-maven-plugin:create-scorecard -DconfigFile=config/score_v1.3config.yaml | ||
| mvn -Djava.awt.headless=true org.owasp:benchmarkutils-maven-plugin:create-scorecard | ||
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| # This configuration simply enables anonymous scoring mode | ||
|
|
||
| anonymousmode: true # If true, anonymize names of commercial tools | ||
|
|
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using the
latesttag for base images is not recommended as it can lead to non-reproducible builds when the base image is updated. It's a best practice to pin to a specific version (e.g.,ubuntu:20.04) to ensure build consistency.