abhaybhargav · July 16, 2020 10:02
diff --git a/Automation.robot b/Automation.robot
 *** Settings ***
 Library  Collections
 Library  RoboZap  http://127.0.0.1:8090/  8090
 Library  RoboNodeJSScan
 Library  RoboGit
 Library  Playbot  expenser-project  newwebapp2  threatplaybook=http://167.71.144.178:81
 Library  OperatingSystem
 Library  RoboNpmAudit
 Library  REST  http://${TARGET_HOST}:3000  proxies={"http": "http://127.0.0.1:8090", "https": "http://127.0.0.1:8090"}

 *** Variables ***
 ${GIT_URL}  https://github.com/we45/Cut-The-Funds-NodeJS.git
 ${ZAP_PATH}  /root/zap/ZAP_2.9.0/
 ${APPNAME}  Cut-the-funds
 ${CONTEXT}  ctf
 ${REPORT_TITLE}  Cut-The-Funds Report
 ${REPORT_FORMAT}  json
 ${ZAP_REPORT_FILE}  ctf.json
 ${REPORT_AUTHOR}  Abhay Bhargav
 ${SCANPOLICY}  Default Policy
 ${TARGET_HOST}  167.172.194.72



 *** Test Cases ***
 Login User
    login  [email protected]  supersecret

 create new target
    create target  http://${TARGET_HOST}

 Clone the source code from Github
    create directory  code
    clone repository from url  ${GIT_URL}  code/

 Run NodeJSScan against my codebase
    create directory  results
    run nodejsscan against source  ${CURDIR}/code  ${CURDIR}/results/njs.json

 Push NJS to ThreatPlaybook
    manage nodejsscan results  ${CURDIR}/results/njs.json

 Run NPMAudit against packages
    run npmaudit against source  ${CURDIR}/code  ${CURDIR}/results/

 Push NPM to ThreatPlaybook
    manage npmaudit results  ${CURDIR}/results/npm_audit.json

 Initialize ZAP
    [Tags]  zap_init
    start headless zap  ${ZAP_PATH}
    sleep  20
    zap open url  http://${TARGET_HOST}:3000

 Authenticate to Cut the Funds as Admin
    [Tags]  walk_web_service
    &{res}=  POST  /users/login  {"email": "[email protected]", "password": "spiderman"}
    Integer  response status  200
    Boolean  response body auth  true
    set suite variable  ${TOKEN}  ${res.body["token"]}
    log  ${TOKEN}

 Search the Currency Lookup Service
    [Tags]  walk_web_service
    [Setup]  Set Headers  { "Authorization": "${TOKEN}" }
    POST  /projects/search_expense_db  { "search": "Chile" }
    Integer  response status  200
    String  $[0].country  Chile

 ZAP Contextualize
    [Tags]  zap_context
    ${contextid}=  zap define context  ${CONTEXT}  http://${TARGET_HOST}:3000
    set suite variable  ${CONTEXT_ID}  ${contextid}

 ZAP Active Scan
    [Tags]  zap_scan
    ${scan_id}=  zap start ascan  ${CONTEXT_ID}  http://${TARGET_HOST}:3000/  ${SCANPOLICY}
    set suite variable  ${SCAN_ID}  ${scan_id}
    zap scan status  ${scan_id}

 ZAP Generate Report
    [Tags]  zap_generate_report
    zap export report  ${CURDIR}/results/${ZAP_REPORT_FILE}  ${REPORT_FORMAT}  ${REPORT_TITLE}  ${REPORT_AUTHOR}

 ZAP Die
    zap shutdown

 Push ZAP Report to ThreatPlaybook
    manage zap results  ${CURDIR}/results/${ZAP_REPORT_FILE}  ${TARGET_HOST}
	* Settings *
	Library Collections
	Library RoboZap http://127.0.0.1:8090/ 8090
	Library RoboNodeJSScan
	Library RoboGit
	Library Playbot expenser-project newwebapp2 threatplaybook=http://167.71.144.178:81
	Library OperatingSystem
	Library RoboNpmAudit
	Library REST http://${TARGET_HOST}:3000 proxies={"http": "http://127.0.0.1:8090", "https": "http://127.0.0.1:8090"}

	* Variables *
	${GIT_URL} https://github.com/we45/Cut-The-Funds-NodeJS.git
	${ZAP_PATH} /root/zap/ZAP_2.9.0/
	${APPNAME} Cut-the-funds
	${CONTEXT} ctf
	${REPORT_TITLE} Cut-The-Funds Report
	${REPORT_FORMAT} json
	${ZAP_REPORT_FILE} ctf.json
	${REPORT_AUTHOR} Abhay Bhargav
	${SCANPOLICY} Default Policy
	${TARGET_HOST} 167.172.194.72



	* Test Cases *
	Login User
	login [email protected] supersecret

	create new target
	create target http://${TARGET_HOST}

	Clone the source code from Github
	create directory code
	clone repository from url ${GIT_URL} code/

	Run NodeJSScan against my codebase
	create directory results
	run nodejsscan against source ${CURDIR}/code ${CURDIR}/results/njs.json

	Push NJS to ThreatPlaybook
	manage nodejsscan results ${CURDIR}/results/njs.json

	Run NPMAudit against packages
	run npmaudit against source ${CURDIR}/code ${CURDIR}/results/

	Push NPM to ThreatPlaybook
	manage npmaudit results ${CURDIR}/results/npm_audit.json

	Initialize ZAP
	[Tags] zap_init
	start headless zap ${ZAP_PATH}
	sleep 20
	zap open url http://${TARGET_HOST}:3000

	Authenticate to Cut the Funds as Admin
	[Tags] walk_web_service
	&{res}= POST /users/login {"email": "[email protected]", "password": "spiderman"}
	Integer response status 200
	Boolean response body auth true
	set suite variable ${TOKEN} ${res.body["token"]}
	log ${TOKEN}

	Search the Currency Lookup Service
	[Tags] walk_web_service
	[Setup] Set Headers { "Authorization": "${TOKEN}" }
	POST /projects/search_expense_db { "search": "Chile" }
	Integer response status 200
	String $[0].country Chile

	ZAP Contextualize
	[Tags] zap_context
	${contextid}= zap define context ${CONTEXT} http://${TARGET_HOST}:3000
	set suite variable ${CONTEXT_ID} ${contextid}

	ZAP Active Scan
	[Tags] zap_scan
	${scan_id}= zap start ascan ${CONTEXT_ID} http://${TARGET_HOST}:3000/ ${SCANPOLICY}
	set suite variable ${SCAN_ID} ${scan_id}
	zap scan status ${scan_id}

	ZAP Generate Report
	[Tags] zap_generate_report
	zap export report ${CURDIR}/results/${ZAP_REPORT_FILE} ${REPORT_FORMAT} ${REPORT_TITLE} ${REPORT_AUTHOR}

	ZAP Die
	zap shutdown

	Push ZAP Report to ThreatPlaybook
	manage zap results ${CURDIR}/results/${ZAP_REPORT_FILE} ${TARGET_HOST}
No results found