From 52d9c4854b2ea5d010490dbe75b5dc1e620d9113 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Simon=20H=C3=BClkenberg?= <simon.huelkenberg@iteratec.com>
Date: Wed, 7 Sep 2022 13:38:28 +0200
Subject: [PATCH 1/4] Disable cascading rules by default
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Simon Hülkenberg <simon.huelkenberg@iteratec.com>
---
 scanners/cmseek/values.yaml        | 2 +-
 scanners/gitleaks/values.yaml      | 2 +-
 scanners/kube-hunter/values.yaml   | 2 +-
 scanners/ncrack/values.yaml        | 2 +-
 scanners/nikto/values.yaml         | 2 +-
 scanners/nmap/values.yaml          | 2 +-
 scanners/nuclei/values.yaml        | 2 +-
 scanners/screenshooter/values.yaml | 2 +-
 scanners/semgrep/values.yaml       | 2 +-
 scanners/ssh-scan/values.yaml      | 2 +-
 scanners/sslyze/values.yaml        | 2 +-
 scanners/typo3scan/values.yaml     | 2 +-
 scanners/whatweb/values.yaml       | 2 +-
 scanners/zap-advanced/values.yaml  | 2 +-
 scanners/zap/values.yaml           | 2 +-
 15 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/scanners/cmseek/values.yaml b/scanners/cmseek/values.yaml
index ef010774b3..d957522a24 100644
--- a/scanners/cmseek/values.yaml
+++ b/scanners/cmseek/values.yaml
@@ -102,4 +102,4 @@ scanner:
 
 cascadingRules:
   # cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
-  enabled: true
+  enabled: false
diff --git a/scanners/gitleaks/values.yaml b/scanners/gitleaks/values.yaml
index e9e13d7be9..2a7e28ba2d 100644
--- a/scanners/gitleaks/values.yaml
+++ b/scanners/gitleaks/values.yaml
@@ -102,4 +102,4 @@ scanner:
 
 cascadingRules:
   # cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
-  enabled: true
+  enabled: false
diff --git a/scanners/kube-hunter/values.yaml b/scanners/kube-hunter/values.yaml
index f3772382b9..600b3de3b2 100644
--- a/scanners/kube-hunter/values.yaml
+++ b/scanners/kube-hunter/values.yaml
@@ -102,4 +102,4 @@ scanner:
 
 cascadingRules:
   # cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
-  enabled: true
+  enabled: false
diff --git a/scanners/ncrack/values.yaml b/scanners/ncrack/values.yaml
index 2fe88f2fe4..77deb6445c 100644
--- a/scanners/ncrack/values.yaml
+++ b/scanners/ncrack/values.yaml
@@ -108,4 +108,4 @@ scanner:
 
 cascadingRules:
   # cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
-  enabled: true
+  enabled: false
diff --git a/scanners/nikto/values.yaml b/scanners/nikto/values.yaml
index 9a1e55f8b9..3b7d4f0e63 100644
--- a/scanners/nikto/values.yaml
+++ b/scanners/nikto/values.yaml
@@ -102,4 +102,4 @@ scanner:
 
 cascadingRules:
   # cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
-  enabled: true
+  enabled: false
diff --git a/scanners/nmap/values.yaml b/scanners/nmap/values.yaml
index d57812ce9f..91275c4a71 100644
--- a/scanners/nmap/values.yaml
+++ b/scanners/nmap/values.yaml
@@ -103,4 +103,4 @@ scanner:
 
 cascadingRules:
   # cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
-  enabled: true
+  enabled: false
diff --git a/scanners/nuclei/values.yaml b/scanners/nuclei/values.yaml
index 63024c955d..03a80c5aa7 100644
--- a/scanners/nuclei/values.yaml
+++ b/scanners/nuclei/values.yaml
@@ -120,4 +120,4 @@ nucleiTemplateCache:
 
 cascadingRules:
   # cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
-  enabled: true
+  enabled: false
diff --git a/scanners/screenshooter/values.yaml b/scanners/screenshooter/values.yaml
index 4982f81c82..322f03f1aa 100644
--- a/scanners/screenshooter/values.yaml
+++ b/scanners/screenshooter/values.yaml
@@ -102,4 +102,4 @@ scanner:
 
 cascadingRules:
   # cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
-  enabled: true
+  enabled: false
diff --git a/scanners/semgrep/values.yaml b/scanners/semgrep/values.yaml
index 39ae7ebb64..d66b612d64 100644
--- a/scanners/semgrep/values.yaml
+++ b/scanners/semgrep/values.yaml
@@ -93,4 +93,4 @@ scanner:
 
 cascadingRules:
   # cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
-  enabled: true
+  enabled: false
diff --git a/scanners/ssh-scan/values.yaml b/scanners/ssh-scan/values.yaml
index 6fd110a5e8..5e77e217f0 100644
--- a/scanners/ssh-scan/values.yaml
+++ b/scanners/ssh-scan/values.yaml
@@ -102,4 +102,4 @@ scanner:
 
 cascadingRules:
   # cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
-  enabled: true
+  enabled: false
diff --git a/scanners/sslyze/values.yaml b/scanners/sslyze/values.yaml
index 930f105d81..11af29556f 100644
--- a/scanners/sslyze/values.yaml
+++ b/scanners/sslyze/values.yaml
@@ -102,4 +102,4 @@ scanner:
 
 cascadingRules:
   # cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
-  enabled: true
+  enabled: false
diff --git a/scanners/typo3scan/values.yaml b/scanners/typo3scan/values.yaml
index ccc0c3e88f..2fb6f3ab0d 100644
--- a/scanners/typo3scan/values.yaml
+++ b/scanners/typo3scan/values.yaml
@@ -102,4 +102,4 @@ scanner:
 
 cascadingRules:
   # cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
-  enabled: true
+  enabled: false
diff --git a/scanners/whatweb/values.yaml b/scanners/whatweb/values.yaml
index 9779f39042..ce8e083324 100644
--- a/scanners/whatweb/values.yaml
+++ b/scanners/whatweb/values.yaml
@@ -102,4 +102,4 @@ scanner:
 
 cascadingRules:
   # cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
-  enabled: true
+  enabled: false
diff --git a/scanners/zap-advanced/values.yaml b/scanners/zap-advanced/values.yaml
index b1da318b21..c75c772ca4 100644
--- a/scanners/zap-advanced/values.yaml
+++ b/scanners/zap-advanced/values.yaml
@@ -184,4 +184,4 @@ zapConfiguration:
 
 cascadingRules:
   # cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
-  enabled: true
+  enabled: false
diff --git a/scanners/zap/values.yaml b/scanners/zap/values.yaml
index 3445996dba..82c0a37921 100644
--- a/scanners/zap/values.yaml
+++ b/scanners/zap/values.yaml
@@ -108,4 +108,4 @@ scanner:
 
 cascadingRules:
   # cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
-  enabled: true
+  enabled: false

From 3bcf45eb901d63799453fd4cb03717ff3dab8111 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Simon=20H=C3=BClkenberg?= <simon.huelkenberg@iteratec.com>
Date: Wed, 7 Sep 2022 16:12:46 +0200
Subject: [PATCH 2/4] Enable cascading rules for cascading hook tests
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Simon Hülkenberg <simon.huelkenberg@iteratec.com>
---
 hooks/cascading-scans/Makefile | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/hooks/cascading-scans/Makefile b/hooks/cascading-scans/Makefile
index 94a78d464c..1b417f33df 100644
--- a/hooks/cascading-scans/Makefile
+++ b/hooks/cascading-scans/Makefile
@@ -28,7 +28,8 @@ deploy-test-dep-nmap:
 		--set="parser.image.tag=$(IMG_TAG)" \
 		--set="scanner.image.tag=$(IMG_TAG)" \
 		--set="parser.env[0].name=CRASH_ON_FAILED_VALIDATION" \
-		--set-string="parser.env[0].value=true"
+		--set-string="parser.env[0].value=true" \
+		--set="cascadingRules.enabled=true"
 
 .PHONY: deploy-test-dep-ncrack
 deploy-test-dep-ncrack:
@@ -46,7 +47,8 @@ deploy-test-dep-ncrack:
 		--set="scanner.extraVolumes[0].name=ncrack-lists" \
 		--set="scanner.extraVolumes[0].secret.secretName=ncrack-lists" \
 		--set="scanner.extraVolumeMounts[0].name=ncrack-lists" \
-		--set="scanner.extraVolumeMounts[0].mountPath=/ncrack/"
+		--set="scanner.extraVolumeMounts[0].mountPath=/ncrack/" \
+		--set="cascadingRules.enabled=true"
 
 .PHONY: deploy-test-dep-sslyze
 deploy-test-dep-sslyze:
@@ -55,7 +57,8 @@ deploy-test-dep-sslyze:
 		--set="parser.image.repository=docker.io/$(IMG_NS)/$(parser-prefix)-sslyze" \
 		--set="parser.image.tag=$(IMG_TAG)" \
 		--set="parser.env[0].name=CRASH_ON_FAILED_VALIDATION" \
-		--set-string="parser.env[0].value=true"
+		--set-string="parser.env[0].value=true" \
+		--set="cascadingRules.enabled=true"
 
 .PHONY: deploy-test-deps-1 # Deploys dependencies for the nmap-ncrack test
 deploy-test-deps: deploy-test-dep-dummy-ssh deploy-test-dep-nmap deploy-test-dep-ncrack

From 426c9f31ab7482b9b949e5df443ee6f71e8ca24e Mon Sep 17 00:00:00 2001
From: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
Date: Thu, 29 Sep 2022 18:41:16 +0200
Subject: [PATCH 3/4] chore(template): Changed the template to set
 cascadingrules.enabled to false by default

Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
---
 .templates/new-scanner/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.templates/new-scanner/values.yaml b/.templates/new-scanner/values.yaml
index 6c3272e87b..ff37f9f90a 100644
--- a/.templates/new-scanner/values.yaml
+++ b/.templates/new-scanner/values.yaml
@@ -104,4 +104,4 @@ scanner:
 
 cascadingRules:
   # cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
-  enabled: true
+  enabled: false

From 9769cb8f3ad6d40cb16c453fef53219bbb0e53d7 Mon Sep 17 00:00:00 2001
From: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
Date: Thu, 29 Sep 2022 18:42:04 +0200
Subject: [PATCH 4/4] docs(cascading-scan): Added Upgrading note to set
 cascadingrules.enabled to true explicitly

Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
---
 UPGRADING.md | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/UPGRADING.md b/UPGRADING.md
index 752633d3e8..30c61af9d4 100644
--- a/UPGRADING.md
+++ b/UPGRADING.md
@@ -140,4 +140,14 @@ These images are usually used for testing and demo purposes. If you use these im
 Previously scheduled scans generated by the container autodiscovery are named in the format `scan-image_name-at-image_hash`. The resulting scan pod will be called `scan-scan-image_name-at-image_hash`. 
 To avoid the duplicate “scan-scan”, the scheduled scans from the container autodiscovery are renamed. As a result, the container autodiscovery will no longer correctly “recognize” the old scans anymore. It will instead create new scans according to the new naming scheme. The old scheduled scans must be deleted manually.
 
-➡️  [Reference: #1193](https://github.com/secureCodeBox/secureCodeBox/pull/1193)
\ No newline at end of file
+➡️  [Reference: #1193](https://github.com/secureCodeBox/secureCodeBox/pull/1193)
+
+
+### Cascading rules are disabled by default
+Having the Cascading rules enabled by default on scanner helm install, has led to some confusion on the users side as mentioned in issue [#914](https://github.com/secureCodeBox/secureCodeBox/issues/914). As a result Cascading rules will have to be explicitly enabled by setting the `cascadingRules.enabled` value to `true`. For example as so:
+```yaml
+helm upgrade --install nmap secureCodeBox/nmap --set=cascadingRules.enabled=true 
+```
+
+➡️  [Reference: #1347](https://github.com/secureCodeBox/secureCodeBox/pull/1347)
+