This project includes demo applications and configuration to demo Checkmarx service discovery on kubernetes.
Security note: These applications are vulnerable by design. Do not use them as reference for secured applications.
git clone https://github.com/yevgenykuz/service-discovery-demo-parent.git
Specific instructions for every programming language can be found in each folder.
All docker related commands require docker to work with linux containers.
This may be hard to achieve on docker installed on Windows Server.
Please use linux/windows 10/macos for best results.
In addition to the possible flows in every programming language, there are some flows which run across applications
written in different programming languages.
Application launching can be done manually by following the instructions for every programming language, or by using
docker compose files found below.
An agent will be downloaded from the configured manager for each application before running.
Depending on your machine, full environment startup may take a couple of minutes.
Do the following steps before launching the applications:
- Start a local IAST manager instance
- Edit the provided
.env
file if needed or use.env.linux
file in linux
Relevant applications:
- bank-gateway
- bank-analysis
- dotnet-core-http-entry-point
- dotnet-core-http-propagator
- nodejs-http-entry-point
- nodejs-http-propagator
- nodejs-http-sink
Control with docker compose:
# Windows
# pull latest:
docker-compose -f docker-compose-cross-http.yml pull
# start:
docker-compose -f docker-compose-cross-http.yml up -d
# stop:
docker-compose -f docker-compose-cross-http.yml down
# Linux
# pull latest:
sudo docker-compose -f docker-compose-cross-http.yml pull
# start:
sudo docker-compose -f docker-compose-cross-http.yml --env-file .env.linux up -d
# stop:
sudo docker-compose -f docker-compose-cross-http.yml down
To trigger HTTP flows you can send HTTP GET request as follows (change localhost
if needed):
- bank-gateway -> bank-analysis -> dotnet-http-entry-point -> dotnet-http-propagator ->nodejs-http-entry-point -> nodejs-http-propagator -> nodejs-http-sink
http://localhost:8110/cross-http/?name=${text}
Replace ${text} with any string.
Components' ports are detailed below for clarity.
- IAST manager IP should be accessible from the docker host machine
- Default expected IAST manager HTTP port is 8380 (without SSL)
Port | App |
---|---|
9000 | Kafka-manager |
9001 | Zookeeper |
9002 | Kafka (internal listener) |
9003 | Kafka (external listener) |
Port | App |
---|---|
15672 | RabbitMQ management |
5672 | RabbitMQ server |
Port | App |
---|---|
2379 | etcd compose client |
Port | App |
---|---|
6443 | k8s cluster API |
8001 | k8s management portal |
Port | App |
---|---|
3306 | MySQL DB |
- HTTP access ports:
Port | App | Remarks |
---|---|---|
8110 | bank-gateway | |
8111 | bank-analysis | |
8112 | bank-storage | |
8113 | java-kafka-http-entry-point | |
8114 | java-kafka-entry-point | Reserved |
8115 | java-kafka-propagator | Reserved |
8116 | java-kafka-sink | Reserved |
8117 | java-rabitmq-http-entry-point | |
8118 | java-rabitmq-entry-point | Reserved |
8119 | java-rabitmq-propagator | Reserved |
8120 | java-rabitmq-sink | Reserved |
- HTTP remote debug ports:
Port | App |
---|---|
8410 | bank-gateway |
8411 | bank-analysis |
8412 | bank-storage |
8413 | java-kafka-http-entry-point |
8414 | java-kafka-entry-point |
8415 | java-kafka-propagator |
8416 | java-kafka-sink |
8417 | java-rabitmq-http-entry-point |
8418 | java-rabitmq-entry-point |
8419 | java-rabitmq-propagator |
8420 | java-rabitmq-sink |
- HTTP access ports:
Port | App |
---|---|
5010 | node-entry-point |
5011 | node-propagator |
5012 | node-sink |
- HTTP access ports:
Port | App |
---|---|
5551 | net-core-entry-point |
5552 | net-core-propagator |
5553 | net-core-sink |
- HTTP access ports:
Port | App |
---|---|
5561 | net-framework-entry-point |
5562 | net-framework-propagator |
5563 | net-framework-sink |