darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2026-02-03 18:01:08 -05:00
Code Issues Packages Projects Releases Wiki Activity

Read openapi schema for the owasp scan

Browse Source
This commit is contained in:
Ryan Ahearn
2022-11-16 15:50:08 -05:00
parent 182dd2c28c
commit 7c611e993f
5 changed files with 24 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/checks.yml vendored
View File

@@ -107,7 +107,7 @@ jobs:
uses: zaproxy/action-api-scan@v0.1.1 uses: zaproxy/action-api-scan@v0.1.1
with: with:
docker_name: 'owasp/zap2docker-stable' docker_name: 'owasp/zap2docker-stable'
target: 'http://localhost:6011/_status' target: 'http://localhost:6011/docs/openapi.yml'
fail_action: true fail_action: true
allow_issue_writing: false allow_issue_writing: false
rules_file_name: 'zap.conf' rules_file_name: 'zap.conf'

2
.github/workflows/daily_checks.yml vendored
View File

@@ -76,7 +76,7 @@ jobs:
uses: zaproxy/action-api-scan@v0.1.1 uses: zaproxy/action-api-scan@v0.1.1
with: with:
docker_name: 'owasp/zap2docker-weekly' docker_name: 'owasp/zap2docker-weekly'
target: 'http://localhost:6011/_status' target: 'http://localhost:6011/docs/openapi.yml'
fail_action: true fail_action: true
allow_issue_writing: false allow_issue_writing: false
rules_file_name: 'zap.conf' rules_file_name: 'zap.conf'

4
app/__init__.py
View File

@@ -134,6 +134,7 @@ def register_blueprint(application):
) )
from app.billing.rest import billing_blueprint from app.billing.rest import billing_blueprint
from app.complaint.complaint_rest import complaint_blueprint from app.complaint.complaint_rest import complaint_blueprint
from app.docs import docs as docs_blueprint
from app.email_branding.rest import email_branding_blueprint from app.email_branding.rest import email_branding_blueprint
from app.events.rest import events as events_blueprint from app.events.rest import events as events_blueprint
from app.inbound_number.rest import inbound_number_blueprint from app.inbound_number.rest import inbound_number_blueprint
@@ -193,6 +194,9 @@ def register_blueprint(application):
status_blueprint.before_request(requires_no_auth) status_blueprint.before_request(requires_no_auth)
application.register_blueprint(status_blueprint) application.register_blueprint(status_blueprint)
docs_blueprint.before_request(requires_no_auth)
application.register_blueprint(docs_blueprint)
# delivery receipts # delivery receipts
ses_callback_blueprint.before_request(requires_no_auth) ses_callback_blueprint.before_request(requires_no_auth)
application.register_blueprint(ses_callback_blueprint) application.register_blueprint(ses_callback_blueprint)

10
app/docs/__init__.py Normal file
View File

@@ -0,0 +1,10 @@
from os import path
from flask import Blueprint, current_app, send_file
docs = Blueprint('docs', __name__, url_prefix='/docs')
@docs.route('/openapi.yml', methods=['GET'])
def send_openapi():
openapi_schema = path.join(current_app.root_path, '../docs/openapi.yml')
return send_file(openapi_schema, mimetype='text/yaml'), 200

10
docs/testing.md
View File

@@ -37,5 +37,11 @@ This will run an interactive prompt to create a user, and then mark that user as
2. On your host machine run: 2. On your host machine run:
``` ```
docker run -v $(pwd):/zap/wrk/:rw --network="notify-network" -t owasp/zap2docker-weekly zap-api-scan.py -t http://dev:6011/_status -f openapi -c zap.conf docker run -v $(pwd):/zap/wrk/:rw --network="notify-network" -t owasp/zap2docker-weekly zap-api-scan.py -t http://dev:6011/docs/openapi.yml -f openapi -c zap.conf
``` ```
The equivalent command if you are running the API locally:
```
docker run -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-weekly zap-api-scan.py -t http://host.docker.internal:6011/docs/openapi.yml -f openapi -c zap.conf
```