darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2026-01-27 04:52:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

Read openapi schema for the owasp scan

Browse Source
This commit is contained in:
Ryan Ahearn
2022-11-16 15:50:08 -05:00
parent 182dd2c28c
commit 7c611e993f
5 changed files with 24 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/checks.yml vendored
View File

@@ -107,7 +107,7 @@ jobs:
uses: zaproxy/action-api-scan@v0.1.1
with:
docker_name: 'owasp/zap2docker-stable'
target: 'http://localhost:6011/_status'
target: 'http://localhost:6011/docs/openapi.yml'
fail_action: true
allow_issue_writing: false
rules_file_name: 'zap.conf'

2
.github/workflows/daily_checks.yml vendored
View File

@@ -76,7 +76,7 @@ jobs:
uses: zaproxy/action-api-scan@v0.1.1
with:
docker_name: 'owasp/zap2docker-weekly'
target: 'http://localhost:6011/_status'
target: 'http://localhost:6011/docs/openapi.yml'
fail_action: true
allow_issue_writing: false
rules_file_name: 'zap.conf'

4
app/__init__.py
View File

@@ -134,6 +134,7 @@ def register_blueprint(application):
)
from app.billing.rest import billing_blueprint
from app.complaint.complaint_rest import complaint_blueprint
from app.docs import docs as docs_blueprint
from app.email_branding.rest import email_branding_blueprint
from app.events.rest import events as events_blueprint
from app.inbound_number.rest import inbound_number_blueprint
@@ -193,6 +194,9 @@ def register_blueprint(application):
status_blueprint.before_request(requires_no_auth)
application.register_blueprint(status_blueprint)
docs_blueprint.before_request(requires_no_auth)
application.register_blueprint(docs_blueprint)
# delivery receipts
ses_callback_blueprint.before_request(requires_no_auth)
application.register_blueprint(ses_callback_blueprint)

10
app/docs/__init__.py Normal file
View File

@@ -0,0 +1,10 @@
from os import path
from flask import Blueprint, current_app, send_file
docs = Blueprint('docs', __name__, url_prefix='/docs')
@docs.route('/openapi.yml', methods=['GET'])
def send_openapi():
openapi_schema = path.join(current_app.root_path, '../docs/openapi.yml')
return send_file(openapi_schema, mimetype='text/yaml'), 200

10
docs/testing.md
View File

@@ -37,5 +37,11 @@ This will run an interactive prompt to create a user, and then mark that user as
2. On your host machine run:
```
docker run -v $(pwd):/zap/wrk/:rw --network="notify-network" -t owasp/zap2docker-weekly zap-api-scan.py -t http://dev:6011/_status -f openapi -c zap.conf
```
docker run -v $(pwd):/zap/wrk/:rw --network="notify-network" -t owasp/zap2docker-weekly zap-api-scan.py -t http://dev:6011/docs/openapi.yml -f openapi -c zap.conf
```
The equivalent command if you are running the API locally:
```
docker run -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-weekly zap-api-scan.py -t http://host.docker.internal:6011/docs/openapi.yml -f openapi -c zap.conf
```