Merge branch 'master' into scanner-veracode

wso2 · Jun 19, 2019 · 90c7db7 · 90c7db7
2 parents 53add91 + 4eddbe0
commit 90c7db7
Show file tree

Hide file tree

Showing 5 changed files with 473 additions and 2 deletions.
diff --git a/internal/dependency-track/GenerateBOMFile.sh b/internal/dependency-track/GenerateBOMFile.sh
@@ -0,0 +1,66 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2019, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+################################################################
+##   This script will generate a BOM file for given product   ##
+################################################################
+
+# ------------------------------------
+# Download source code
+# ------------------------------------
+
+read -p "Enter URL to download source ZIP file: " download_url
+read -p "Enter output folder name: " output_dir
+
+temp_dir=$(mktemp -d)
+cd $temp_dir
+wget $download_url
+
+# --------------------------------------
+# Unzip source
+# --------------------------------------
+
+zip_file_name=$(ls )
+mkdir src
+unzip $temp_dir/$zip_file_name -d $temp_dir/src
+
+# -------------------
+# Generate BOM file
+# -------------------
+
+cd $temp_dir/src
+src_file_name=$(ls )
+cd $temp_dir/src/$src_file_name
+mvn org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom
+echo "BOM file is successfully generate."
+
+# -------------------------------------------------
+# Move generated BOM file to given output directory
+# -------------------------------------------------
+
+mv $temp_dir/src/$src_file_name/target/bom.xml $output_dir
+echo "BOM file created at: "$output_dir
+
+# ------------------------
+# Delete Cloned Repository
+# ------------------------
+
+rm -rf $temp_dir
+
+echo "Downloaded assets are deleted."
+
+exit
diff --git a/internal/dependency-track/config/application.properties b/internal/dependency-track/config/application.properties
@@ -0,0 +1,227 @@
+# Copyright (c) 2019, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+################ Alpine Configuration for Dependency Track ################
+
+# Required
+# Defines the number of worker threads that the event subsystem will consume.
+# Events occur asynchronously and are processed by the Event subsystem. This
+# value should be large enough to handle most production situations without
+# introducing much delay, yet small enough not to pose additional load on an
+# already resource-constrained server.
+# A value of 0 will instruct Alpine to allocate 1 thread per CPU core. This
+# can further be tweaked using the alpine.worker.thread.multiplier property.
+# Default value is 0.
+alpine.worker.threads=0
+
+# Required
+# Defines a multiplier that is used to calculate the number of threads used
+# by the event subsystem. This property is only used when alpine.worker.threads
+# is set to 0. A machine with 4 cores and a multiplier of 4, will use (at most)
+# 16 worker threads. Default value is 4.
+alpine.worker.thread.multiplier=4
+
+# Required
+# Defines the path to the data directory. This directory will hold logs,
+# keys, and any database or index files along with application-specific
+# files or directories.
+alpine.data.directory=~/.dependency-track
+
+# Required
+# Defines the interval (in seconds) to log general heath information.
+# If value equals 0, watchdog logging will be disabled.
+alpine.watchdog.logging.interval=0
+
+# Required
+# Defines the database mode of operation. Valid choices are:
+# 'server', 'embedded', and 'external'.
+# In server mode, the database will listen for connections from remote
+# hosts. In embedded mode, the system will be more secure and slightly
+# faster. External mode should be used when utilizing an external
+# database server (i.e. mysql, postgresql, etc).
+alpine.database.mode=external
+
+# Optional
+# Defines the TCP port to use when the database.mode is set to 'server'.
+alpine.database.port=9092
+
+# WSO2 : Since Dependency Track uses H2 database by default and it's not
+# recommended for production environment, MySQL is configured as Database.
+# Following five properties are used to configure MySQL database with
+# relevant values.
+
+# Required
+# Specifies the JDBC URL to use when connecting to the database.
+alpine.database.url=
+
+# Required
+# Specifies the JDBC driver class to use.
+alpine.database.driver=
+
+# Optional
+# Specifies the path (including filename) to where the JDBC driver is located.
+alpine.database.driver.path=
+
+# Optional
+# Specifies the username to use when authenticating to the database.
+alpine.database.username=
+
+# Optional
+# Specifies the password to use when authenticating to the database.
+alpine.database.password=
+
+# Optional
+# When authentication is enforced, API keys are required for automation,
+# and the user interface will prevent anonymous access by prompting for login
+# credentials.
+alpine.enforce.authentication=true
+
+# Optional
+# When authorization is enforced, team membership for both API keys and
+# user accounts are restricted to what the team itself has access to.
+# To enforce authorization, the enforce.authentication property (above)
+# must be true.
+alpine.enforce.authorization=true
+
+# Required
+# Specifies the number of bcrypt rounds to use when hashing a users password.
+# The higher the number the more secure the password, at the expense of
+# hardware resources and additional time to generate the hash.
+alpine.bcrypt.rounds=14
+
+# Required
+# Defines if LDAP will be used for user authentication. If enabled,
+# alpine.ldap.* properties should be set accordingly.
+alpine.ldap.enabled=false
+
+# Optional
+# Specifies the LDAP server URL
+# Example (Microsoft Active Directory):
+#    alpine.ldap.server.url=ldap://ldap.example.com:3268
+#    alpine.ldap.server.url=ldaps://ldap.example.com:3269
+# Example (ApacheDS, Fedora 389 Directory, NetIQ/Novell eDirectory, etc):
+#    alpine.ldap.server.url=ldap://ldap.example.com:389
+#    alpine.ldap.server.url=ldaps://ldap.example.com:636
+alpine.ldap.server.url=ldap://ldap.example.com:389
+
+# Optional
+# Specifies the base DN that all queries should search from
+alpine.ldap.basedn=dc=example,dc=com
+
+# Optional
+# Specifies the LDAP security authentication level to use. Its value is one of
+# the following strings: "none", "simple", "strong". If this property is empty
+# or unspecified, the behaviour is determined by the service provider.
+alpine.ldap.security.auth=simple
+
+# Optional
+# If anonymous access is not permitted, specify a username with limited access
+# to the directory, just enough to perform searches. This should be the fully
+# qualified DN of the user.
+#alpine.ldap.bind.username=
+
+# Optional
+# If anonymous access is not permitted, specify a password for the username
+# used to bind.
+#alpine.ldap.bind.password=
+
+# Optional
+# Specifies if the username entered during login needs to be formatted prior
+# to asserting credentials against the directory. For Active Directory, the
+# userPrincipal attribute typically ends with the domain, whereas the
+# samAccountName attribute and other directory server implementations do not.
+# The %s variable will be substitued with the username asserted during login.
+# Example (Microsoft Active Directory):
+#    alpine.ldap.auth.username.format=%s@example.com
+# Example (ApacheDS, Fedora 389 Directory, NetIQ/Novell eDirectory, etc):
+#    alpine.ldap.auth.username.format=%s
+alpine.ldap.auth.username.format=%s@example.com
+
+# Optional
+# Specifies the Attribute that identifies a users ID
+# Example (Microsoft Active Directory):
+#    alpine.ldap.attribute.name=userPrincipalName
+# Example (ApacheDS, Fedora 389 Directory, NetIQ/Novell eDirectory, etc):
+#    alpine.ldap.attribute.name=uid
+alpine.ldap.attribute.name=userPrincipalName
+
+# Optional
+# Specifies the LDAP attribute used to store a users email address
+alpine.ldap.attribute.mail=mail
+
+# Optional
+# Specifies the LDAP search filter used to retrieve all groups from the
+# directory.
+# Example (Microsoft Active Directory):
+#    alpine.ldap.groups.filter=(&(objectClass=group)(objectCategory=Group))
+# Example (ApacheDS, Fedora 389 Directory, NetIQ/Novell eDirectory, etc):
+#    alpine.ldap.groups.filter=(&(objectClass=groupOfUniqueNames))
+alpine.ldap.groups.filter=(&(objectClass=group)(objectCategory=Group))
+
+# Optional
+# Specifies the LDAP search filter to use to query a user and retrieve a list
+# of groups the user is a member of. The {USER_DN} variable will be substituted
+# with the actual value of the users DN at runtime.
+# Example (Microsoft Active Directory):
+#    alpine.ldap.user.groups.filter=(&(objectClass=group)(objectCategory=Group)(member={USER_DN}))
+# Example (Microsoft Active Directory - with nested group support):
+#    alpine.ldap.user.groups.filter=(member:1.2.840.113556.1.4.1941:={USER_DN})
+# Example (ApacheDS, Fedora 389 Directory, NetIQ/Novell eDirectory, etc):
+#    alpine.ldap.user.groups.filter=(&(objectClass=groupOfUniqueNames)(uniqueMember={USER_DN}))
+alpine.ldap.user.groups.filter=(member:1.2.840.113556.1.4.1941:={USER_DN})
+
+# Optional
+# Specifies if mapped LDAP accounts are automatically created upon successful
+# authentication. When a user logs in with valid credentials but an account has
+# not been previously provisioned, an authentication failure will be returned.
+# This allows admins to control specifically which ldap users can access the
+# system and which users cannot. When this value is set to true, a local ldap
+# user will be created and mapped to the ldap account automatically. This
+# automatic provisioning only affects authentication, not authorization.
+alpine.ldap.user.provisioning=false
+
+# Optional
+# This option will ensure that team memberships for LDAP users are dynamic and
+# synchronized with membership of LDAP groups. When a team is mapped to an LDAP
+# group, all local LDAP users will automatically be assigned to the team if
+# they are a member of the group the team is mapped to. If the user is later
+# removed from the LDAP group, they will also be removed from the team. This
+# option provides the ability to dynamically control user permissions via an
+# external directory.
+alpine.ldap.team.synchronization=false
+
+# Optional
+# HTTP proxy. If the address is set, then the port must be set too.
+# alpine.http.proxy.address=proxy.example.com
+# alpine.http.proxy.port=8888
+# alpine.http.proxy.username=
+# alpine.http.proxy.password=
+
+####################### Dependency-Track Configuration ######################
+
+# Optional
+# Specifies if VulnDB access is enabled or not. VulnDB is a commercial source
+# of vulnerability data that requires a subscription. Enabling VulnDB provides
+# vulnerability data that may not be published in public repositories and may
+# enhance public vulnerability data with additional content.
+# Refer to https://vulndb.cyberriskanalytics.com/ for information.
+# datasource.vulndb.enabled=false
+
+# Optional
+# Specified the OAuth consumer key. Required only if vulndb is enabled.
+# datasource.vulndb.key=
+
+# Optional
+# Specified the OAuth consumer secret. Required only if vulndb is enabled.
+# datasource.vulndb.secret=