Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update/nuclei path fix, backwards compat #962

Merged
merged 3 commits into from
May 22, 2023
Merged

update/nuclei path fix, backwards compat #962

merged 3 commits into from
May 22, 2023

Conversation

RiieCco
Copy link
Contributor

@RiieCco RiieCco commented May 12, 2023

Changes

Nuclei seem to love to change things that break the tool, I updated the templates path and the version.

Code Checklist

  • All the commits in this PR are properly PGP-signed and verified;
  • This PR only contains functionality relevant to the issue; tickets have been created for newly discovered issues.
  • I have written unit tests for the changes or fixes I made.
  • For any non-trivial functionality, I have added integration and/or end-to-end tests.
  • I have performed a self-review of my code and refactored it to the best of my abilities.

Communication

  • I have informed others of any required .env changes files if required and changed the .env-dist accordingly.
  • I have made corresponding changes to the documentation, if necessary.

Checklist for code reviewers:

Copy-paste the checklist from the docs/source/templates folder into your comment.

Checklist for QA:

Copy-paste the checklist from the docs/source/templates folder into your comment.

@RiieCco RiieCco requested a review from a team as a code owner May 12, 2023 11:38
ammar92
ammar92 approved these changes May 15, 2023
View reviewed changes
Copy link
Contributor

@ammar92 ammar92 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah nice find. We had the same with the kat_webpage_capture plugin, even though we pinned the image, the container downloaded updates (npm packages) that broke stuff.

(Haven't tested this yet)

@underdarknl
Copy link
Contributor

Ah nice find. We had the same with the kat_webpage_capture plugin, even though we pinned the image, the container downloaded updates (npm packages) that broke stuff.

(Haven't tested this yet)

One more reason to pre-bake stable images of our boefjes. While updated functionality is nice, it also muddies the water in terms of 'what have you tested' which we cannot allow if we want to offer proof of what KAT did.

@RiieCco
Copy link
Contributor Author

RiieCco commented May 15, 2023

@underdarknl, i agree that from a compliance and stability perspective that makes most sense. In the context of
Nuclei, it pulling all the templates for every scan it does also ensures that we have a better chance of discovering vulnerabilities sooner when we are not dependent the velocity of building new images.

Plus, this is Nuclei container specific behaviour that we can't control. Even when we do pin a Nuclei image (which i did) it always pulls the latest templates from their repo on start-up. So that makes it harder to counter.

@dekkers
Copy link
Contributor

dekkers commented May 17, 2023

This also deletes the kat_nuclei boefje?

@RiieCco
Copy link
Contributor Author

RiieCco commented May 17, 2023

Hey @dekkers,

that is correct, kat_nuclei is the same as kat_nuclei_cve.
That is why i removed it :-)

@dekkers dekkers merged commit 17b43c4 into minvws:main May 22, 2023
jpbruinsslot added a commit that referenced this pull request May 25, 2023
@jpbruinsslot
Merge branch 'main' into fix/mula/thread-termination
12791e0 
* main: (21 commits)
  feature(octopoes): fields to finding type model (#921)
  Add new permissions (#950)
  Fix RDO workflow (#1023)
  Various fixes to Fierce boefje (#1001)
  Feature/add signing provider for raw file (#994)
  Only sleep when all queues are empty (#952)
  Upgrade (default) container Dockerfiles from Python 3.8 to 3.11 (#1021)
  Upgrade FastAPI and dependencies (#467)
  Make two-factor authentication (2fa) optional (#1002)
  Upgrade to Django 4.2 (#1004)
  Upgrade to requests v2.31.0 (#1020)
  Removed LXD legacy (#1016)
  Pin typing-extensions to 4.5.0 (#1019)
  Fix error on clone settings without organization selected (#997)
  Scheduler tests clean up (#978)
  Remove job model and generate migrations (#995)
  update/nuclei path fix, backwards compat (#962)
  Update debianinstall.rst (#822)
  Delete `plugin_repository` package (#992)
  Create boefjes.md (#828)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ammar92 ammar92 ammar92 approved these changes

@dekkers dekkers dekkers approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@RiieCco @underdarknl @dekkers @ammar92