Skip to content

Commit

Permalink
feat: Added Flags for Assertions & Binary Download
Browse files Browse the repository at this point in the history
  • Loading branch information
SamJUK committed Jul 9, 2024
1 parent fda6665 commit a4e887b
Show file tree
Hide file tree
Showing 3 changed files with 35 additions and 5 deletions.
19 changes: 18 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,11 @@ None.

Available variables are listed below, along with default values (see defaults/main.yml):

```yaml
ecomscan_binary_download: true
```
Boolean to set if we should try and download the latest copy of Ecomscan
```yaml
ecomscan_binary_source: 'https://ecomscan.com/downloads/linux-amd64/ecomscan'
```
Expand Down Expand Up @@ -51,6 +56,18 @@ ecomscan_deep: false
Boolean toggle to decide if Ecomscan should perform a deep or regular scan
```yaml
ecomscan_assert_no_malware: false
```
Boolean toggle to decide if we should assert that no malware is present. Is this is set to true, the playbook will exit with code `2`.


```yaml
ecomscan_assert_no_vulnerabilities: false
```
Boolean toggle to decide if we should assert that no vulnerabilities is present. Is this is set to true, the playbook will exit with code `2`


## Example Playbook
An example playbook usage
```yaml
Expand Down Expand Up @@ -86,4 +103,4 @@ magento2:
ansible_user: client2_mage_prod
ecomscan_report_email: [email protected],[email protected]
ecomscan_project_root: /var/www/vhosts/prod.client2.com/htdocs/release/
```
```
3 changes: 3 additions & 0 deletions defaults/main.yml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
ecomscan_binary_download: true
ecomscan_binary_source: https://ecomscan.com/downloads/linux-amd64/ecomscan
ecomscan_binary_directory: ~/bin
ecomscan_binary_path: ~/bin/ecomscan
Expand All @@ -7,3 +8,5 @@ ecomscan_project_root: /var/www/vhosts/magento2/htdocs/
ecomscan_minimum_confidence: 50
ecomscan_maximum_filesize: 20000000
ecomscan_deep: false
ecomscan_assert_no_malware: false
ecomscan_assert_no_vulnerabilities: false
18 changes: 14 additions & 4 deletions tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,14 @@
path: "{{ ecomscan_binary_directory }}"
state: directory
mode: '0755'
when: ecomscan_binary_download

- name: Download the Ecomscan binary
ansible.builtin.get_url:
url: "{{ ecomscan_binary_source }}"
dest: "{{ ecomscan_binary_path }}"
mode: '0744'
when: ecomscan_binary_download

- name: Perform Ecomscan
ansible.builtin.command:
Expand All @@ -21,15 +23,23 @@
--report={{ ecomscan_report_email }}
{{ ecomscan_deep | ternary('--deep', '') }}
{{ ecomscan_project_root }}
register: scan
register: ecomscan_scan
changed_when: true

- name: Summary
ansible.builtin.debug:
msg: "{{ scan.stdout_lines | select('match', '^>> Found:.*') | first }}"
msg: "{{ ecomscan_scan.stdout_lines | select('match', '^>> Found:.*') | first }}"

- name: Assert No Malware
ansible.builtin.assert:
that: "'MALWARE' not in scan.stdout"
fail_msg: "❌ Malware found"
that: "'MALWARE' not in ecomscan_scan.stdout"
success_msg: "✅ No Malware Found"
fail_msg: "❌ Malware found"
when: ecomscan_assert_no_malware

- name: Assert No Vulnerabilities
ansible.builtin.assert:
that: "'VULNERABILITY' not in ecomscan_scan.stdout"
success_msg: "✅ No Vulnerabilities Found"
fail_msg: "❌ Vulnerabilities Found"
when: ecomscan_assert_no_vulnerabilities

0 comments on commit a4e887b

Please sign in to comment.