This sample application is based on https://github.com/Contrast-Security-OSS/spring-petclinic
Warning: The computer running this application will be vulnerable to attacks, please take appropriate precautions.
You can run PetClinic locally on any machine with Java 1.8 RE installed.
- Place a
contrast_security.yaml
file into the application's root folder. - Place a
contrast.jar
into the application's root folder. - Run the application using:
java -javaagent:contrast.jar -Dcontrast.config.path=contrast_security.yaml -Dcontrast.application.name=spring-petclinic -jar spring-petclinic-1.5.1.jar [--server.port=8080] [--server.address=localhost]
- Browse the application at http://localhost:8080/
You can run PetClinic within a Docker container.
- Place a
contrast_security.yaml
file into the application's root folder. - Build the PetClinic container image using
./1-Build-Docker-Image.sh
. The Contrast agent is added automatically during the Docker build process. - Run the container using
docker run -v $PWD/contrast_security.yaml:/etc/contrast/java/contrast_security.yaml -p 8080:8080 spring-petclinic:1.5.1
- Browse the application at http://localhost:8080/
You can run PetClinic within a Docker container using Terraform.
- Place a
contrast_security.yaml
file into theterraform-local
folder. - Install Terraform from here: https://www.terraform.io/downloads.html.
- Install PyYAML using
pip install PyYAML
. - Build the PetClinic container image using
./1-Build-Docker-Image.sh
. The Contrast agent is added automatically during the Docker build process. - Open a terminal and cd to the
terraform-local
folder. - Run
terraform init
to download the required plugins. - Run
terraform plan
and check the output for errors. - Run
terraform apply
to run the image in Docker, this will output the web address for the application. - Run
terraform destroy
when you would like to stop the app service and release the resources. - Browse the application at http://localhost:8081/
- Place a
contrast_security.yaml
file into the application's root folder. - Install Terraform from here: https://www.terraform.io/downloads.html.
- Install PyYAML using
pip install PyYAML
. - Install the Azure cli tools using
brew update && brew install azure-cli
. - Log into Azure to make sure you cache your credentials using
az login
. - Edit the variables.tf file (or add a terraform.tfvars) to add your initials, preferred Azure location, app name, server name and environment.
- Run
terraform init
to download the required plugins. - Run
terraform plan
and check the output for errors. - Run
terraform apply
to build the infrastructure that you need in Azure, this will output the web address for the application. - Run
terraform destroy
when you would like to stop the app service and release the resources.
There is a test script which you can use to reveal vulnerabilities which requires node and puppeteer.
- Install Node, NPM, Playwright and Chrome.
- From the app folder run
npx playwright test
.
You can re-build the docker image (used by Terraform) by running two scripts in order:
- 1-Build-Docker-Image.sh
- 2-Deploy-Docker-Image-To-Docker-Hub.sh