Skip to content

Demo services and configuration for Checkmarx IAST service discovery on Kubernetes

License

Notifications You must be signed in to change notification settings

yevgenykuz/service-discovery-demo-parent

Repository files navigation

Service Discovery Demo

This project includes demo applications and configuration to demo Checkmarx service discovery on kubernetes.
Security note: These applications are vulnerable by design. Do not use them as reference for secured applications.

Java CD .NET Core CD NodeJS CD


git clone https://github.com/yevgenykuz/service-discovery-demo-parent.git
Specific instructions for every programming language can be found in each folder.

All docker related commands require docker to work with linux containers.
This may be hard to achieve on docker installed on Windows Server.
Please use linux/windows 10/macos for best results.
In addition to the possible flows in every programming language, there are some flows which run across applications written in different programming languages.
Application launching can be done manually by following the instructions for every programming language, or by using docker compose files found below.
An agent will be downloaded from the configured manager for each application before running.
Depending on your machine, full environment startup may take a couple of minutes.
Do the following steps before launching the applications:

  • Start a local IAST manager instance
  • Edit the provided .env file if needed or use .env.linux file in linux

Relevant applications:

  • bank-gateway
  • bank-analysis
  • dotnet-core-http-entry-point
  • dotnet-core-http-propagator
  • nodejs-http-entry-point
  • nodejs-http-propagator
  • nodejs-http-sink

Control with docker compose:

# Windows
# pull latest:
docker-compose -f docker-compose-cross-http.yml pull
# start:
docker-compose -f docker-compose-cross-http.yml up -d
# stop:
docker-compose -f docker-compose-cross-http.yml down

# Linux
# pull latest:
sudo docker-compose -f docker-compose-cross-http.yml pull
# start:
sudo docker-compose -f docker-compose-cross-http.yml --env-file .env.linux up -d
# stop:
sudo docker-compose -f docker-compose-cross-http.yml down

To trigger HTTP flows you can send HTTP GET request as follows (change localhost if needed):

  • bank-gateway -> bank-analysis -> dotnet-http-entry-point -> dotnet-http-propagator ->
    nodejs-http-entry-point -> nodejs-http-propagator -> nodejs-http-sink
    http://localhost:8110/cross-http/?name=${text}

Replace ${text} with any string.

Components' ports are detailed below for clarity.

  • IAST manager IP should be accessible from the docker host machine
  • Default expected IAST manager HTTP port is 8380 (without SSL)
Port App
9000 Kafka-manager
9001 Zookeeper
9002 Kafka (internal listener)
9003 Kafka (external listener)
Port App
15672 RabbitMQ management
5672 RabbitMQ server
Port App
2379 etcd compose client
Port App
6443 k8s cluster API
8001 k8s management portal
Port App
3306 MySQL DB
  • HTTP access ports:
Port App Remarks
8110 bank-gateway  
8111 bank-analysis  
8112 bank-storage  
8113 java-kafka-http-entry-point  
8114 java-kafka-entry-point Reserved
8115 java-kafka-propagator Reserved
8116 java-kafka-sink Reserved
8117 java-rabitmq-http-entry-point  
8118 java-rabitmq-entry-point Reserved
8119 java-rabitmq-propagator Reserved
8120 java-rabitmq-sink Reserved
  • HTTP remote debug ports:
Port App
8410 bank-gateway
8411 bank-analysis
8412 bank-storage
8413 java-kafka-http-entry-point
8414 java-kafka-entry-point
8415 java-kafka-propagator
8416 java-kafka-sink
8417 java-rabitmq-http-entry-point
8418 java-rabitmq-entry-point
8419 java-rabitmq-propagator
8420 java-rabitmq-sink
  • HTTP access ports:
Port App
5010 node-entry-point
5011 node-propagator
5012 node-sink
  • HTTP access ports:
Port App
5551 net-core-entry-point
5552 net-core-propagator
5553 net-core-sink
  • HTTP access ports:
Port App
5561 net-framework-entry-point
5562 net-framework-propagator
5563 net-framework-sink

MIT License


About

Demo services and configuration for Checkmarx IAST service discovery on Kubernetes

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published