From 4ac44cb79517ce17ced5250fedf1449cdc814f1f Mon Sep 17 00:00:00 2001
From: webpwnized <webpwnized@gmail.com>
Date: Wed, 15 May 2024 20:44:38 -0400
Subject: [PATCH] 1.0.63 Update Hadolint Scan Action

---
 .build/www/Dockerfile                          | 15 ++++++---------
 .github/workflows/config/stackhawk.yml         |  2 +-
 .../scan-application-with-stackhawk.yml        |  2 +-
 .../scan-dockerfiles-with-hadolint.yml         |  2 +-
 .../workflows/scan-dockerfiles-with-kics.yml   |  7 +++++--
 .../workflows/scan-dockerfiles-with-trivy.yml  | 18 ++++++++++++++----
 6 files changed, 28 insertions(+), 18 deletions(-)

diff --git a/.build/www/Dockerfile b/.build/www/Dockerfile
index e2db0a6..e3b2e95 100644
--- a/.build/www/Dockerfile
+++ b/.build/www/Dockerfile
@@ -24,7 +24,6 @@ ARG DATABASE_PASSWORD="mutillidae"
 ARG DATABASE_NAME="mutillidae"
 ARG DATABASE_PORT="3306"
 
-
 # ######################### #
 # Install software packages #
 # ######################### #
@@ -41,17 +40,17 @@ ARG DATABASE_PORT="3306"
 # Remove the apt-get lists after installation
 # Add the user for Lab #17
 RUN apt-get update && \
-    apt-get install -y libldap2-dev && docker-php-ext-install ldap && \
-    apt-get install -y libxml2-dev && docker-php-ext-install xml && \
-    apt-get install -y libonig-dev && docker-php-ext-install mbstring && \
-    apt-get install -y libcurl4-openssl-dev && docker-php-ext-install curl && \ 
+    apt-get install --no-install-recommends -y libldap2-dev && docker-php-ext-install ldap && \
+    apt-get install --no-install-recommends -y libxml2-dev && docker-php-ext-install xml && \
+    apt-get install --no-install-recommends -y libonig-dev && docker-php-ext-install mbstring && \
+    apt-get install --no-install-recommends -y libcurl4-openssl-dev && docker-php-ext-install curl && \ 
     docker-php-ext-install mysqli && \
-    apt-get install -y dnsutils ntp iputils-ping git && \
+    apt-get install --no-install-recommends -y dnsutils ntp iputils-ping git && \
     cd /tmp && \
     git clone https://github.com/webpwnized/mutillidae.git mutillidae && \
     cp -r mutillidae/src /var/www/mutillidae && \
     rm -rf /tmp/mutillidae && \ 
-    apt-get remove -y git && \
+    apt-get remove --no-install-recommends -y git && \
     apt-get -y upgrade && \
     apt-get -y autoremove && \
     apt-get clean && \
@@ -69,7 +68,6 @@ RUN cp /usr/local/etc/php/php.ini-development /usr/local/etc/php/php.ini && \
     sed -i 's/allow_url_fopen = Off/allow_url_fopen = On/g' /usr/local/etc/php/php.ini && \
     sed -i 's/expose_php = Off/expose_php = On/g' /usr/local/etc/php/php.ini
 
-
 # ######################### #
 # Configure the application #
 # ######################### #
@@ -118,7 +116,6 @@ RUN sed -i 's/127.0.0.1/directory/' /var/www/mutillidae/includes/ldap-config.inc
     a2dissite 000-default && \
     a2ensite mutillidae
 
-
 # Open ports 80,443 in the container firewall
 # This exposes HTTP and HTTPS
 EXPOSE 80
diff --git a/.github/workflows/config/stackhawk.yml b/.github/workflows/config/stackhawk.yml
index d0d9ad4..e2c164a 100644
--- a/.github/workflows/config/stackhawk.yml
+++ b/.github/workflows/config/stackhawk.yml
@@ -19,7 +19,7 @@ app:
       scanPassword: "password"
     cookieAuthorization:
       cookieNames:
-        - "JSESSIONID"
+        - "PHPSESSID"
     testPath:
       path: /index.php?page=edit-account-profile.php
       fail: "User.*profile.*not.*found.*"
diff --git a/.github/workflows/scan-application-with-stackhawk.yml b/.github/workflows/scan-application-with-stackhawk.yml
index 3ea7a4b..067a680 100644
--- a/.github/workflows/scan-application-with-stackhawk.yml
+++ b/.github/workflows/scan-application-with-stackhawk.yml
@@ -13,7 +13,7 @@ on:
 
   # Scan mainline branches (main and development) and report all findings.
   push:
-    branches: ["main"]
+    branches: ["development"]
 
 # Define the jobs that should be executed in this workflow.
 jobs:
diff --git a/.github/workflows/scan-dockerfiles-with-hadolint.yml b/.github/workflows/scan-dockerfiles-with-hadolint.yml
index 765ee0b..4f2b5bc 100644
--- a/.github/workflows/scan-dockerfiles-with-hadolint.yml
+++ b/.github/workflows/scan-dockerfiles-with-hadolint.yml
@@ -57,7 +57,7 @@ jobs:
         # Extracts the directory name from the Dockerfile path and sets it as an environment variable.
 
       - name: Run Hadolint Scan with SARIF result
-        uses: hadolint/hadolint-action@v3.1.0
+        uses: hadolint/hadolint-action@master
         with:
           dockerfile: ${{ matrix.dockerfile }}
           # Specify the Dockerfile from the matrix to be scanned.
diff --git a/.github/workflows/scan-dockerfiles-with-kics.yml b/.github/workflows/scan-dockerfiles-with-kics.yml
index 29ac83e..35e699a 100644
--- a/.github/workflows/scan-dockerfiles-with-kics.yml
+++ b/.github/workflows/scan-dockerfiles-with-kics.yml
@@ -13,7 +13,7 @@ on:
 
   # Scan mainline branches (main and development) and report all findings.
   push:
-    branches: ["main", "development"]
+    branches: ["development"]
 
 # Define the jobs that should be executed in this workflow.
 jobs:
@@ -38,7 +38,7 @@ jobs:
         # This step fetches the codebase from the GitHub repository.
 
       - name: Run KICS Scan with SARIF result
-        uses: Checkmarx/kics-github-action@v1.7.0
+        uses: Checkmarx/kics-github-action@master
         with:
           path: .
           # when provided with a directory on output_path
@@ -49,6 +49,9 @@ jobs:
           output_formats: 'sarif'
           ignore_on_exit: results
 
+      - name: View Results
+        run: cat results.sarif
+
       - name: Upload Results to GitHub Advanced Security Dashboard
         uses: github/codeql-action/upload-sarif@main
         with:
diff --git a/.github/workflows/scan-dockerfiles-with-trivy.yml b/.github/workflows/scan-dockerfiles-with-trivy.yml
index 14d7966..27aaa26 100644
--- a/.github/workflows/scan-dockerfiles-with-trivy.yml
+++ b/.github/workflows/scan-dockerfiles-with-trivy.yml
@@ -1,11 +1,18 @@
 name: scan-dockerfiles-with-trivy
 
+# Define when the workflow should be triggered.
 on:
+  # Trigger the workflow on the following events:
+
+  # Scan changed files in Pull Requests (diff-aware scanning).
+  pull_request: {}
+
+  # Trigger the workflow on-demand through the GitHub Actions interface.
+  workflow_dispatch: {}
+
+  # Scan mainline branches (main and development) and report all findings.
   push:
-    branches:
-      - development
-      - main
-  pull_request:
+    branches: ["development"]
 
 jobs:
   build:
@@ -34,6 +41,9 @@ jobs:
           ignore-unfixed: true
           severity: 'CRITICAL,HIGH,MEDIUM'
 
+      - name: View Results
+        run: cat dockerfile-trivy-scan-results.sarif
+
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@main
         if: always()