[FIX] Hackday still

CONTRIBUTING.md

@@ -0,0 +1,92 @@
+# Contributing
+
+When contributing to this repository, please first discuss the change you wish to make via issue,
+email, or any other method with the owners of this repository before making a change.
+
+Please note we have a code of conduct, please follow it in all your interactions with the project.
+
+## Pull Request Process
+
+1. Ensure any install or build dependencies are removed before the end of the layer when doing a
+   build.
+2. Update the README.md with details of changes to the interface, this includes new environment
+   variables, exposed ports, useful file locations and container parameters.
+3. Increase the version numbers in any examples files and the README.md to the new version that this
+   Pull Request would represent. The versioning scheme we use is [SemVer](http://semver.org/).
+4. You may merge the Pull Request in once you have the sign-off of two other developers, or if you
+   do not have permission to do that, you may request the second reviewer to merge it for you.
+
+## Code of Conduct
+
+### Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+### Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+### Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+### Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+### Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at "channel will be created and inserted here". All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+### Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

Makefile

@@ -8,6 +8,7 @@ GOBIN ?= $(GOPATH)/bin
 GODEP ?= $(GOBIN)/dep
 GOLINT ?= $(GOBIN)/golint
 GOSEC ?= $(GOBIN)/gosec
+CERTPASSPHRASE ?= $($(shell $(RANDOM)$(RANDOM)$(RANDOM)))
 
 HUSKYCIBIN ?= huskyci
 
@@ -19,32 +20,35 @@ COLOR_RED = \033[31m
 
 PROJECT := HuskyCI
 
-## Installs all development dependencies
-install-deps:
+## Installs a development environment using docker-compose
+install: compose-start pull-images config-auth
+
+## Gets all go test dependencies
+get-deps:
 	$(GO) get -u github.com/golang/dep/cmd/dep
 	$(GO) get -u golang.org/x/lint/golint
 	$(GO) get -u github.com/securego/gosec/cmd/gosec
 
+## Checks depencies of the project
+check-deps:
+	$(GODEP) ensure -v
+
 ## Runs a security static analysis using Gosec
-security-check:
+check-sec:
 	$(GOSEC) ./... 2> /dev/null
 
 ## Perfoms all make tests
-test: lint security-check
+test: get-deps lint security-check
 
 ## Runs lint
 lint:
 	$(GOLINT) $(shell $(GO) list ./...)
 
-## Runs project
-run:
-	@go run server.go
-
 ## Builds Go project to the executable file huskyci
 build:
 	$(GO) build -o "$(HUSKYCIBIN)"
 
-## Builds a development environment using docker-compose
+## Builds an environment using docker-compose
 compose-start:
 	docker-compose -f dev/docker-compose.yml build
 	docker-compose -f dev/docker-compose.yml up -d
@@ -53,24 +57,68 @@ compose-start:
 compose-stop:
 	docker-compose -f dev/docker-compose.yml stop
 
-# Restarts all dockers from the development environment
+## Restarts all dockers from the development environment
 compose-restart: compose-stop compose-start
 
-## Pull every HuskyCI docker image into dockerAPI container
+## Destroys all dockers from the development environment
+compose-destroy:
+	docker stop `docker ps -a | grep 'huskyCIAPI\|mongodb\|dockerAPI' | awk '{print $$1}'`
+	docker rm `docker ps -a | grep 'huskyCIAPI\|mongodb\|dockerAPI' | awk '{print $$1}'`
+
+## Pulls every HuskyCI docker image into dockerAPI container
 pull-images:
-	echo "Pulling huskyci/enry..."
 	docker exec dockerAPI /bin/sh -c "docker pull huskyci/enry"
-	echo "Pulling huskyci/gas ..."
 	docker exec dockerAPI /bin/sh -c "docker pull huskyci/gas"
-	echo "Pulling huskyci/bandit:2.7 ..."
 	docker exec dockerAPI /bin/sh -c "docker pull huskyci/bandit:2.7"
-	echo "Pulling huskyci/bandit:3.6 ..."
 	docker exec dockerAPI /bin/sh -c "docker pull huskyci/bandit:3.6"
-	echo "Pulling huskyci/brakeman ..."
 	docker exec dockerAPI /bin/sh -c "docker pull huskyci/brakeman"
-	echo "Pulling huskyci/retirejs ..."
 	docker exec dockerAPI /bin/sh -c "docker pull huskyci/retirejs"
 
+## Configures DockerAPI so that it only accepts requests from HuskyCI
+setup-auth:
+	echo "[DockerAPI - Server]"
+	openssl genrsa -aes256 -out ca-key.pem 4096
+	echo "Step 2"
+	openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem -subj "/C=US/ST=New Sweden/L=Stockholm /O=.../OU=.../CN=.../emailAddress=..."
+	echo "Step 3"
+	openssl genrsa -out server-key.pem 4096
+	openssl req -subj "/CN=dockerAPI" -sha256 -new -key server-key.pem -out server.csr
+	echo subjectAltName = DNS:dockerAPI >> extfile.cnf
+	echo extendedKeyUsage = serverAuth >> extfile.cnf
+	openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile extfile.cnf
+
+	echo "[HuskyCI - Client]"
+	openssl genrsa -out key.pem 4096
+	echo "Step 7"
+	openssl req -subj '/CN=client' -new -key key.pem -out client.csr
+	echo "Step 8"
+	echo extendedKeyUsage = clientAuth >> extfile2.cnf
+	echo "Step 9"
+	openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem -extfile extfile2.cnf
+	echo "Step 10"
+	chmod 0400 ca-key.pem key.pem server-key.pem
+	chmod 0444 ca.pem server-cert.pem cert.pem
+
+	echo "[Sending pem files to container dockerAPI]"
+	docker cp ca-key.pem dockerAPI:/ca-key.pem
+	docker cp ca.pem dockerAPI:/ca.pem
+	docker cp ca.srl dockerAPI:/ca.srl
+	docker cp server-key.pem dockerAPI:/server-key.pem
+	docker cp server-cert.pem dockerAPI:/server-cert.pem
+	docker exec dockerAPI /bin/sh -c "chown root:root /*.pem"
+
+	echo "[Sending pem files to container huskyCIAPI]"
+	docker cp key.pem huskyCIAPI:/go/src/github.com/globocom/husky/key.pem
+	docker cp cert.pem huskyCIAPI:/go/src/github.com/globocom/husky/cert.pem
+	docker cp ca.pem huskyCIAPI:/go/src/github.com/globocom/husky/ca.pem
+	docker exec huskyCIAPI /bin/sh -c "chown root:root /go/src/github.com/globocom/husky/*.pem"
+
+	echo "[Cleaning]"
+	rm -rf client.csr server.csr extfile.cnf extfile2.cnf ca.srl *.pem
+
+	# [dockerAPI] # dockerd --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem -H=0.0.0.0:2375
+	# Error starting daemon: pid file found, ensure docker is not running or delete /var/run/docker.pid
+
 ## Prints help message
 help:
 	printf "\n${COLOR_YELLOW}${PROJECT}\n------\n${COLOR_RESET}"

dockers/api.go

@@ -30,19 +30,23 @@ type Docker struct {
 	client *client.Client
 }
 
-// CreateContainerPayload is a struct that represents all data need to create a container.
+// CreateContainerPayload is a struct that represents all data needed to create a container.
 type CreateContainerPayload struct {
 	Image string   `json:"Image"`
 	Tty   bool     `json:"Tty,omitempty"`
 	Cmd   []string `json:"Cmd"`
 }
 
+// NewDocker returns a new docker.
 func NewDocker() (*Docker, error) {
 	configAPI := context.GetAPIConfig()
 	dockerHost := fmt.Sprintf("http://%s", configAPI.DockerHostsConfig.Host)
 	fmt.Printf("dockerHost:%s\n", dockerHost)
 
-	_ = os.Setenv("DOCKER_HOST", dockerHost)
+	err := os.Setenv("DOCKER_HOST", dockerHost)
+	if err != nil {
+		return nil, err
+	}
 
 	client, err := client.NewEnvClient()
 	if err != nil {
@@ -54,7 +58,7 @@ func NewDocker() (*Docker, error) {
 	return docker, nil
 }
 
-// NewClient creates http client with certificate authentication
+// NewClientTLS returns an http client with certificate authentication.
 func (d Docker) NewClientTLS() (*http.Client, error) {
 	cert, err := tls.LoadX509KeyPair(certFile, keyFile)
 	if err != nil {
@@ -86,6 +90,7 @@ func (d Docker) NewClientTLS() (*http.Client, error) {
 	return client, nil
 }
 
+// CreateContainer creates a new container
 func (d Docker) CreateContainer(analysis types.Analysis, image string, cmd string) (string, error) {
 	cmd = handleCmd(analysis.URL, analysis.Branch, cmd)
 	ctx := goContext.Background()
@@ -141,6 +146,7 @@ func (d Docker) PullImage(image string) error {
 	return err
 }
 
+// ImageIsLoaded returns a bool if a a docker image is loaded or not.
 func (d Docker) ImageIsLoaded(image string) bool {
 	args := filters.NewArgs()
 	args.Add("reference", image)
@@ -161,6 +167,7 @@ func (d Docker) ListImages() ([]dockerTypes.ImageSummary, error) {
 	return d.client.ImageList(ctx, dockerTypes.ImageListOptions{})
 }
 
+// RemoveImage removes an image.
 func (d Docker) RemoveImage(imageID string) ([]dockerTypes.ImageDelete, error) {
 	ctx := goContext.Background()
 	return d.client.ImageRemove(ctx, imageID, dockerTypes.ImageRemoveOptions{Force: true})

server.go

@@ -135,7 +135,7 @@ func checkDefaultSecurityTests(configAPI *apiContext.APIConfig) error {
 	enryQuery := map[string]interface{}{"name": "enry"}
 	enry, err := analysis.FindOneDBSecurityTest(enryQuery)
 	if err == mgo.ErrNotFound {
-		// As Enry securityTest is not set into MongoDB, Husky will insert it.
+		// As Enry securityTest is not set into MongoDB, HuskyCI will insert it.
 		fmt.Println("[!] Enry securityTest not found!")
 		enry = *configAPI.EnrySecurityTest
 		if err := analysis.InsertDBSecurityTest(enry); err != nil {
@@ -148,7 +148,7 @@ func checkDefaultSecurityTests(configAPI *apiContext.APIConfig) error {
 	gasQuery := map[string]interface{}{"name": "gas"}
 	gas, err := analysis.FindOneDBSecurityTest(gasQuery)
 	if err == mgo.ErrNotFound {
-		// As Gas securityTest is not set into MongoDB, Husky will insert it.
+		// As Gas securityTest is not set into MongoDB, HuskyCI will insert it.
 		fmt.Println("[!] Gas securityTest not found!")
 		gas = *configAPI.GasSecurityTest
 		if err := analysis.InsertDBSecurityTest(gas); err != nil {
@@ -161,7 +161,7 @@ func checkDefaultSecurityTests(configAPI *apiContext.APIConfig) error {
 	brakemanQuery := map[string]interface{}{"name": "brakeman"}
 	brakeman, err := analysis.FindOneDBSecurityTest(brakemanQuery)
 	if err == mgo.ErrNotFound {
-		// As Brakeman securityTest is not set into MongoDB, Husky will insert it.
+		// As Brakeman securityTest is not set into MongoDB, HuskyCI will insert it.
 		fmt.Println("[!] Brakeman securityTest not found!")
 		brakeman = *configAPI.BrakemanSecurityTest
 		if err := analysis.InsertDBSecurityTest(brakeman); err != nil {
@@ -174,7 +174,7 @@ func checkDefaultSecurityTests(configAPI *apiContext.APIConfig) error {
 	banditQuery := map[string]interface{}{"name": "bandit"}
 	bandit, err := analysis.FindOneDBSecurityTest(banditQuery)
 	if err == mgo.ErrNotFound {
-		// As Bandit securityTest is not set into MongoDB, Husky will insert it.
+		// As Bandit securityTest is not set into MongoDB, HuskyCI will insert it.
 		fmt.Println("[!] Bandit securityTest not found!")
 		bandit = *configAPI.BanditSecurityTest
 		if err := analysis.InsertDBSecurityTest(bandit); err != nil {