Skip to content

Disable cascading rules by default #1347

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Ilyesbdlala merged 4 commits into from
Sep 29, 2022
Merged

Disable cascading rules by default #1347

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
52d9c48
Disable cascading rules by default
the-simmon Sep 7, 2022
3bcf45e
Enable cascading rules for cascading hook tests
the-simmon Sep 7, 2022
426c9f3
chore(template): Changed the template to set cascadingrules.enabled t…
Ilyesbdlala Sep 29, 2022
9769cb8
docs(cascading-scan): Added Upgrading note to set cascadingrules.enab…
Ilyesbdlala Sep 29, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .templates/new-scanner/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,4 +104,4 @@ scanner:

cascadingRules:
# cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
enabled: true
enabled: false
12 changes: 11 additions & 1 deletion UPGRADING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -140,4 +140,14 @@ These images are usually used for testing and demo purposes. If you use these im
Previously scheduled scans generated by the container autodiscovery are named in the format `scan-image_name-at-image_hash`. The resulting scan pod will be called `scan-scan-image_name-at-image_hash`.
To avoid the duplicate “scan-scan”, the scheduled scans from the container autodiscovery are renamed. As a result, the container autodiscovery will no longer correctly “recognize” the old scans anymore. It will instead create new scans according to the new naming scheme. The old scheduled scans must be deleted manually.

➡️ [Reference: #1193](https://github.com/secureCodeBox/secureCodeBox/pull/1193)
➡️ [Reference: #1193](https://github.com/secureCodeBox/secureCodeBox/pull/1193)


### Cascading rules are disabled by default
Having the Cascading rules enabled by default on scanner helm install, has led to some confusion on the users side as mentioned in issue [#914](https://github.com/secureCodeBox/secureCodeBox/issues/914). As a result Cascading rules will have to be explicitly enabled by setting the `cascadingRules.enabled` value to `true`. For example as so:
```yaml
helm upgrade --install nmap secureCodeBox/nmap --set=cascadingRules.enabled=true
```

➡️ [Reference: #1347](https://github.com/secureCodeBox/secureCodeBox/pull/1347)

9 changes: 6 additions & 3 deletions hooks/cascading-scans/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,8 @@ deploy-test-dep-nmap:
--set="parser.image.tag=$(IMG_TAG)" \
--set="scanner.image.tag=$(IMG_TAG)" \
--set="parser.env[0].name=CRASH_ON_FAILED_VALIDATION" \
--set-string="parser.env[0].value=true"
--set-string="parser.env[0].value=true" \
--set="cascadingRules.enabled=true"

.PHONY: deploy-test-dep-ncrack
deploy-test-dep-ncrack:
Expand All @@ -46,7 +47,8 @@ deploy-test-dep-ncrack:
--set="scanner.extraVolumes[0].name=ncrack-lists" \
--set="scanner.extraVolumes[0].secret.secretName=ncrack-lists" \
--set="scanner.extraVolumeMounts[0].name=ncrack-lists" \
--set="scanner.extraVolumeMounts[0].mountPath=/ncrack/"
--set="scanner.extraVolumeMounts[0].mountPath=/ncrack/" \
--set="cascadingRules.enabled=true"

.PHONY: deploy-test-dep-sslyze
deploy-test-dep-sslyze:
Expand All @@ -55,7 +57,8 @@ deploy-test-dep-sslyze:
--set="parser.image.repository=docker.io/$(IMG_NS)/$(parser-prefix)-sslyze" \
--set="parser.image.tag=$(IMG_TAG)" \
--set="parser.env[0].name=CRASH_ON_FAILED_VALIDATION" \
--set-string="parser.env[0].value=true"
--set-string="parser.env[0].value=true" \
--set="cascadingRules.enabled=true"

.PHONY: deploy-test-deps-1 # Deploys dependencies for the nmap-ncrack test
deploy-test-deps: deploy-test-dep-dummy-ssh deploy-test-dep-nmap deploy-test-dep-ncrack
Expand Down
2 changes: 1 addition & 1 deletion scanners/cmseek/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,4 +102,4 @@ scanner:

cascadingRules:
# cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
enabled: true
enabled: false
2 changes: 1 addition & 1 deletion scanners/gitleaks/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,4 +102,4 @@ scanner:

cascadingRules:
# cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
enabled: true
enabled: false
2 changes: 1 addition & 1 deletion scanners/kube-hunter/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,4 +102,4 @@ scanner:

cascadingRules:
# cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
enabled: true
enabled: false
2 changes: 1 addition & 1 deletion scanners/ncrack/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,4 +108,4 @@ scanner:

cascadingRules:
# cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
enabled: true
enabled: false
2 changes: 1 addition & 1 deletion scanners/nikto/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,4 +102,4 @@ scanner:

cascadingRules:
# cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
enabled: true
enabled: false
2 changes: 1 addition & 1 deletion scanners/nmap/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,4 +103,4 @@ scanner:

cascadingRules:
# cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
enabled: true
enabled: false
2 changes: 1 addition & 1 deletion scanners/nuclei/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,4 +120,4 @@ nucleiTemplateCache:

cascadingRules:
# cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
enabled: true
enabled: false
2 changes: 1 addition & 1 deletion scanners/screenshooter/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,4 +102,4 @@ scanner:

cascadingRules:
# cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
enabled: true
enabled: false
2 changes: 1 addition & 1 deletion scanners/semgrep/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,4 +93,4 @@ scanner:

cascadingRules:
# cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
enabled: true
enabled: false
2 changes: 1 addition & 1 deletion scanners/ssh-scan/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,4 +102,4 @@ scanner:

cascadingRules:
# cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
enabled: true
enabled: false
2 changes: 1 addition & 1 deletion scanners/sslyze/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,4 +102,4 @@ scanner:

cascadingRules:
# cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
enabled: true
enabled: false
2 changes: 1 addition & 1 deletion scanners/typo3scan/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,4 +102,4 @@ scanner:

cascadingRules:
# cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
enabled: true
enabled: false
2 changes: 1 addition & 1 deletion scanners/whatweb/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,4 +102,4 @@ scanner:

cascadingRules:
# cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
enabled: true
enabled: false
2 changes: 1 addition & 1 deletion scanners/zap-advanced/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,4 +184,4 @@ zapConfiguration:

cascadingRules:
# cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
enabled: true
enabled: false
2 changes: 1 addition & 1 deletion scanners/zap/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,4 +108,4 @@ scanner:

cascadingRules:
# cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
enabled: true
enabled: false