ameserole / akeso Goto Github PK

When a user cancels a test in the middle of the backend checks the queue gets messed up.

Bit ironic that this project doesn't have any CI testing at the moment

For some reason Gitlab is only executing one job at a time which can cause issues. I am sure it is a setting that I am missing somewhere.

https://github.com/ameserole/Akeso/blob/master/AkesoCLI.py#L31

There are more efficient and cleaner ways to handle logging

AkesoCLI.py Does not start an existing RabbitMQ Container if the container already exists but is in a stopped state.

https://github.com/ameserole/Akeso/blob/master/AkesoCLI.py#L18-L24

Currently only allows for one Service and Exploit check at a time.

Currently you have to manually edit the challenge mapper here https://github.com/ameserole/Akeso/blob/master/defense/DefenseLab/AttackWorkers.py#L12-L17 to add challenges.
A more user friendly way of adding challenges should be implemented.

@ameserole
Have a couple of questions using Akeso - Secure Coding/Config framework:

I spinned off gitlab instance and git-runner with docker executer on two different server instances per the doc and it is working and tested.

While creating a challenge (say for e.g. Java SpringBoot web app) as part of the .gitlab-ci.yml script job stages that I added it runs build, test gradle tasks to make sure the code compiles and tests passes, when those jobs are completed it runs build_image job.

The build_image job builds docker image and runs the app inside the gitlab-runner's docker.
I'm running docker:stable inside git-lab runner as shown in the job below

build_image: stage: build_image image: docker:stable services: - docker:dind variables: DOCKER_HOST: tcp://docker:2375/ DOCKER_DRIVER: overlay2 before_script: - apk add --no-cache py-pip - pip install docker-compose - docker info script: - docker build -t xyz/java-webapp:latest . - docker run -p 8080:8080 xyz/java-webapp:latest

The plan is to run deploy job after the above to kick off the tests/entry.sh script where it calls tests/queue.py to run the backend service.
deploy: stage: deploy script: - ". tests/entry.sh"

Framework questions:

1. With the above setup and when each users forks the challenge repo they get to run the app in their own build process. So they can fix the code and submit.
   Is that how the framework works ? or Do I need to create a docker image and run it on the git-runner server instance ?
2. How to gracefully end the docker instance if it get kicked off as part of the .gitlab-ci.yml and runs within .gitlab-ci.yml script and user commits ? Do I need to shutdown after the response from queue.py from backend ?
   I'm unable to find the information in the document could you let me know if I'm missing anything.

Repo questions:

1. The demo site mentioned is not up at https://ctf.tamu.edu/
2. Do we have the challenge code for the shell, maze, ApacheDirectoryTraversal examples ? or is that only for testing purpose ?
   I see the service and attacker in the repo but not the challenge code for the above.