hook.js and hook.test.js
hook.js
This file will contain the actual code of your hook. For JavaScript, we provide a hook-sdk. This hook-sdk serves as helper for retrieving findings and as entrypoint for the Dockerfile.
The only function required to be created is the handle()
function.
This function is called by the hook-sdk after scans are finished.
As parameters for handle()
the hook-sdk provides the following:
getRawResults()
This callback function will provide all raw results to the hook as a promise.
caution
When the rawResults are in form of a json file, getRawResults will return the parsed representation of the data, not the json string.
async function handle({ getRawResults }) {
const result = await getRawResults();
// outputs string representation of the scan result file
// e.g. the nmap xml output
console.log(result);
}
module.exports.handle = handle;
getFindings()
This callback function will provide all findings to the hook as an array of findings wrapped in a promise.
Example:
async function handle({ getFindings }) {
const findings = await getFindings();
// logs the findings returned by the parser of the scantype
console.log(findings);
}
module.exports.handle = handle;
updateRawResults()
This callback function will enable you to publish desired changes to raw results.
note
updateRawResults
is only available in ReadAndWrite hooks.
caution
updateRawResults
operates on the raw results of the scans, this means that the implementation has to be tied to the specific output format of a singular scanner. The updated raw results are also not parsed again by the parsers integrated into the secureCodeBox, making this method only viable if you are using a ReadOnly hook exporting the results into an external system like DefectDojo.
If you want to perform actions on all findings consider using the updateFindings
hook.
Example
async function handle({ updateRawResults }) {
// Overrides the raw results with a fixed nmap report
await updateRawResults(`
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/local/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.91 scan initiated Mon Dec 7 12:29:59 2020 as: nmap -oX - -p 443 fooobar.example.com -->
<nmaprun scanner="nmap" args="nmap -oX - -p 443 fooobar.example.com" start="1607340599" startstr="Mon Dec 7 12:29:59 2020" version="7.91" xmloutputversion="1.05">
<scaninfo type="connect" protocol="tcp" numservices="1" services="443"/>
<verbose level="0"/>
<debugging level="0"/>
Failed to resolve "fooobar.example.com".
WARNING: No targets were specified, so 0 hosts scanned.
<runstats><finished time="1607340599" timestr="Mon Dec 7 12:29:59 2020" summary="Nmap done at Mon Dec 7 12:29:59 2020; 0 IP addresses (0 hosts up) scanned in 0.03 seconds" elapsed="0.03" exit="success"/><hosts up="0" down="0" total="0"/>
</runstats>
</nmaprun>
`);
}
module.exports.handle = handle;
updateFindings()
This callback function will enable you to publish desired updates to the findings.
note
updateFindings
is only available in ReadAndWrite hooks.
caution
If you make changes to some findings you will have to call updateFindings()
with ALL findings not just with the ones that have changed or unchanged findings will get lost!
Example:
async function handle({
updateFindings,
}) {
// Overrides the findings with a fixed nmap finding
await updateFindings([
{
"id": "7475b620-0527-4679-b738-b2c69fad025f"
"name": "ssh",
"description": "Port 22 is open using tcp protocol.",
"category": "Open Port",
"location": "tcp://45.33.32.156:22",
"osi_layer": "NETWORK",
"severity": "INFORMATIONAL",
"attributes": {
"port": 22,
"state": "open",
"ip_address": "45.33.32.156",
"mac_address": null,
"protocol": "tcp",
"hostname": "scanme.nmap.org",
"method": "table",
"operating_system": null,
"service": "ssh",
"serviceProduct": null,
"serviceVersion": null,
"scripts": null
},
}
]);
}
scan
Example
This is a basic example for the generic-webhook
As you can see this hook defines the handle()
function but only uses getFindings()
and scan
provided by the hook-sdk.
This is fine because the other parameters are not needed.
info
Maybe you notice that in line 5 ENVs are used. If you also need ENVs or Volumes see INSERT-LINK-HERE.
info
Notice that the handle()
function has to be exported to use in the hook-sdk
const axios = require("axios");
async function handle({
getFindings,
scan,
webhookUrl = process.env["WEBHOOK_URL"],
}) {
const findings = await getFindings();
console.log(`Sending ${findings.length} findings to ${webhookUrl}`);
await axios.post(webhookUrl, { scan, findings });
}
module.exports.handle = handle;
hook.test.js
This file should contain some unit test to run against your hook.