Skip to content

Commit e7265f4

Browse files
committed
Refactor Dockerfile and scripts for improved functionality and cleanup
- Updated Dockerfile to change the entry point to CMD ["bash"] and removed obsolete loading.html copy. - Enhanced run-docker.sh to ensure environment variables are correctly set and passed to the scanner. - Modified security-check.sh to streamline the ZAP_TARGET assignment. - Improved zap_processor.py to return detailed alerts from ZAP scans and updated HTML report generation to reflect these changes. - Deleted obsolete OLD.sh script to declutter the project structure.
1 parent 3d38a1d commit e7265f4

8 files changed

Lines changed: 294 additions & 208 deletions

File tree

Dockerfile

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,5 @@ RUN ln -s /zap/zap.sh /zap/zap-x.sh
5151

5252
COPY scripts/webui.js /SimpleSecCheck/results/webui.js
5353

54-
COPY web/loading.html /SimpleSecCheck/web/loading.html
55-
5654
WORKDIR /zap/wrk
57-
ENTRYPOINT ["/SimpleSecCheck/scripts/security-check.sh"]
55+
CMD ["bash"]

rules/llm-ai-security.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -10,10 +10,10 @@ rules:
1010
GOOGLE_API_KEY = "AIza..."
1111
- pattern-inside: |
1212
... = os.environ.get("...") # Good: loaded from env
13-
message: "Potential hardcoded LLM API key. Load keys from environment variables or a secure vault."
14-
languages:
15-
- python
16-
severity: CRITICAL
13+
message: "Potential hardcoded LLM API key. Load keys from environment variables or a secure vault."
14+
languages:
15+
- python
16+
severity: CRITICAL
1717

1818
- id: llm-direct-html-output
1919
patterns:

run-docker.sh

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -95,6 +95,7 @@ log_message "Starting Docker container for security scan..."
9595

9696
# Set environment variables for Docker
9797
export TARGET_URL="$ZAP_TARGET"
98+
export ZAP_TARGET="$ZAP_TARGET"
9899
export TARGET_PATH_IN_CONTAINER="/target"
99100
export PROJECT_RESULTS_DIR="$RESULTS_DIR"
100101
export SCAN_TYPE="$SCAN_TYPE"
@@ -103,10 +104,13 @@ export SCAN_TYPE="$SCAN_TYPE"
103104
if [ "$SCAN_TYPE" = "code" ]; then
104105
# Code scan: mount code directory
105106
if docker-compose -f docker-compose.yml run --rm \
107+
-e SCAN_TYPE="$SCAN_TYPE" \
108+
-e ZAP_TARGET="$ZAP_TARGET" \
109+
-e TARGET_URL="$ZAP_TARGET" \
106110
-v "$TARGET_PATH:/target:ro" \
107111
-v "$RESULTS_DIR:/SimpleSecCheck/results" \
108112
-v "$LOGS_DIR:/SimpleSecCheck/logs" \
109-
scanner; then
113+
scanner /SimpleSecCheck/scripts/security-check.sh; then
110114
log_success "Code security scan completed successfully!"
111115
OVERALL_SUCCESS=true
112116
else
@@ -116,9 +120,12 @@ if [ "$SCAN_TYPE" = "code" ]; then
116120
else
117121
# Website scan: no code mount needed
118122
if docker-compose -f docker-compose.yml run --rm \
123+
-e SCAN_TYPE="$SCAN_TYPE" \
124+
-e ZAP_TARGET="$ZAP_TARGET" \
125+
-e TARGET_URL="$ZAP_TARGET" \
119126
-v "$RESULTS_DIR:/SimpleSecCheck/results" \
120127
-v "$LOGS_DIR:/SimpleSecCheck/logs" \
121-
scanner; then
128+
scanner /SimpleSecCheck/scripts/security-check.sh; then
122129
log_success "Website security scan completed successfully!"
123130
OVERALL_SUCCESS=true
124131
else

scripts/OLD.sh

Lines changed: 0 additions & 179 deletions
This file was deleted.

scripts/generate-html-report.py

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010
sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
1111
from scripts.html_utils import html_header, html_footer, generate_visual_summary_section, generate_overall_summary_and_links_section
1212
from scripts.zap_processor import zap_summary, generate_zap_html_section
13+
from scripts.zap_xml_parser import parse_zap_xml, generate_html_report
1314
from scripts.semgrep_processor import semgrep_summary, generate_semgrep_html_section
1415
from scripts.trivy_processor import trivy_summary, generate_trivy_html_section
1516
from scripts.llm_connector import llm_client
@@ -34,7 +35,7 @@ def read_json(path):
3435
def main():
3536
debug(f"Starting HTML report generation. Output: {OUTPUT_FILE}")
3637
now = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
37-
target = os.environ.get('ZAP_TARGET', 'Unknown')
38+
target = os.environ.get('ZAP_TARGET', os.environ.get('TARGET_URL', 'Unknown'))
3839
zap_html_path = os.path.join(RESULTS_DIR, 'zap-report.xml.html')
3940
zap_xml_path = os.path.join(RESULTS_DIR, 'zap-report.xml')
4041
semgrep_json_path = os.path.join(RESULTS_DIR, 'semgrep.json')
@@ -55,20 +56,18 @@ def main():
5556
f.write('''\n<!-- WebUI Controls -->\n<div style="margin: 1em 0;">\n <button id="scan-btn">Jetzt neuen Scan starten</button>\n <button id="refresh-status-btn">Status aktualisieren</button>\n <span id="scan-status" style="margin-left:1em; color: #007bff;">Status wird geladen...</span>\n</div>\n<!-- Hinweis: Scan-Status und Trigger laufen über Port 9100 (Watchdog) -->\n''')
5657

5758
# --- Visual summary with icons/colors for each tool ---
58-
f.write(generate_visual_summary_section(zap_alerts, semgrep_findings, trivy_vulns))
59+
f.write(generate_visual_summary_section(zap_alerts.get('summary', zap_alerts), semgrep_findings, trivy_vulns))
5960

6061
# --- Overall Summary and Links ---
61-
f.write(generate_overall_summary_and_links_section(zap_alerts, semgrep_findings, trivy_vulns, RESULTS_DIR, Path, os))
62+
f.write(generate_overall_summary_and_links_section(zap_alerts.get('summary', zap_alerts), semgrep_findings, trivy_vulns, RESULTS_DIR, Path, os))
6263

63-
# ZAP Section
64+
# ZAP Section - pass the full zap_alerts data structure
6465
f.write(generate_zap_html_section(zap_alerts, zap_html_path, Path, os))
6566

6667
# Semgrep Section
67-
f.write('<h2>Semgrep Static Code Analysis</h2>')
6868
f.write(generate_semgrep_html_section(semgrep_findings))
6969

7070
# Trivy Section
71-
f.write('<h2>Trivy Dependency & Container Scan</h2>')
7271
f.write(generate_trivy_html_section(trivy_vulns))
7372

7473
f.write(html_footer())

scripts/security-check.sh

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -24,10 +24,8 @@ export SEMGREP_RULES_PATH_IN_CONTAINER="$BASE_PROJECT_DIR/rules"
2424
export TRIVY_CONFIG_PATH_IN_CONTAINER="$BASE_PROJECT_DIR/trivy/config.yaml"
2525
export ZAP_CONFIG_PATH_IN_CONTAINER="$BASE_PROJECT_DIR/zap/baseline.conf" # Note: your run_zap.sh hardcodes this.
2626

27-
# --- DAST Target URL (from .env, passed to ZAP script) ---
28-
# TARGET_URL is from .env (e.g. http://host.docker.internal:8000)
29-
# Your run_zap.sh expects ZAP_TARGET as the env var.
30-
export ZAP_TARGET="${TARGET_URL:-http://host.docker.internal:8000}"
27+
# ZAP_TARGET is passed from run-docker.sh
28+
export ZAP_TARGET="${ZAP_TARGET:-http://host.docker.internal:8000}"
3129

3230
# --- Determine scan type ---
3331
export SCAN_TYPE="${SCAN_TYPE:-code}" # Default to code scan

0 commit comments

Comments
 (0)