diff --git a/Dockerfile b/Dockerfile index 562b388..6d99cde 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,8 @@ # We need .NET Core image for running parser FROM mcr.microsoft.com/dotnet/core/sdk:2.1 +ENV container=true + # Expose port for process monitor EXPOSE 26002/tcp EXPOSE 26002/udp @@ -15,11 +17,10 @@ COPY fuzzer /usr/local/fuzzer/fuzzer COPY parser /usr/local/fuzzer/parser COPY reporter /usr/local/fuzzer/reporter -# And finally, copy the run script -COPY run.sh /usr/local/bin/ - # Set working directory WORKDIR /usr/local/fuzzer/ +COPY run.sh /usr/local/fuzzer/run.sh + # Set run script as an entry point of the container -ENTRYPOINT ["run.sh"] +ENTRYPOINT ["/usr/local/fuzzer/run.sh"] diff --git a/README.md b/README.md index 330cd5f..8bb34c2 100644 --- a/README.md +++ b/README.md @@ -65,7 +65,7 @@ Execute `run.sh config_file_path openapi_doc_file_path [custom_payloads_file_pat ### Docker You just need to run the container with following arguments: -`docker run -p {host_port}:{container_port} -v $(pwd):/usr/local/fuzzer/mnt/ starek4/wfuzz:latest mnt/config.json mnt/sqta.yaml [mnt/custom_payloads.txt]` +`docker run -p {host_port}:{container_port} -v $(pwd):/usr/local/fuzzer/mnt/ starek4/wfuzz:latest config.json sqta.yaml [custom_payloads.txt]` where files `config.json`, `sqta.yaml` and `custom_payloads` needs to be stored in the working directory. With parameter `-p` you also need to bind port number, which is used for communication with your web API, to the container. diff --git a/run.sh b/run.sh index fbbd599..ed1b91a 100644 --- a/run.sh +++ b/run.sh @@ -9,25 +9,11 @@ then exit 1 fi -# Check if config file and documentation file are valid files +# Load script arguments WFUZZ_CONFIG=$1 OPENAPI_DOCUMENTATION=$2 CUSTOM_PAYLOADS_FILE=$3 -if [ ! -f "$WFUZZ_CONFIG" ] -then - echo "Configuration file path is not valid!" >&2 - echo $USAGE >&2 - exit 1 -fi - -if [ ! -f "$OPENAPI_DOCUMENTATION" ] -then - echo "OpenApi documentation file path is not valid!" >&2 - echo $USAGE >&2 - exit 1 -fi - # Define binary binaries paths PIP3_BIN=pip3 PYTHON3_BIN=python3 @@ -47,14 +33,33 @@ FUZZER_LOG=fuzzing.log XUNIT2HTML_XSL=./reporter/xunit_to_html.xsl SAXON9HE=./reporter/saxon9he.jar -# If there is mounted Docker directory, write output files into it -if [ -d "mnt/" ]; then +# If we are in Docker container, write output files into mounted folder and append this folder before input files paths +if [ "$container" = "true" ]; then echo "Founded mounted Docker directory, you can find WFuzz artifacts in your working directory." + WFUZZ_CONFIG="./mnt/$WFUZZ_CONFIG" + OPENAPI_DOCUMENTATION="./mnt/$OPENAPI_DOCUMENTATION" + CUSTOM_PAYLOADS_FILE="./mnt/$CUSTOM_PAYLOADS_FILE" + FUZZER_LOG="./mnt/$FUZZER_LOG" JUNIT_TEST_REPORT="./mnt/$JUNIT_TEST_REPORT_FILENAME" HTML_TEST_REPORT="./mnt/$HTML_TEST_REPORT_FILENAME" fi +# Check if config file and documentation file are valid files +if [ ! -f "$WFUZZ_CONFIG" ] +then + echo "Configuration file path is not valid!" >&2 + echo $USAGE >&2 + exit 1 +fi + +if [ ! -f "$OPENAPI_DOCUMENTATION" ] +then + echo "OpenApi documentation file path is not valid!" >&2 + echo $USAGE >&2 + exit 1 +fi + # Define docker images tags REPORTER_IMAGE_TAG=wfuzz:reporter