search

WinOpsDBA / DBAinTheCloud

MIT License
15 stars 15 forks source link

Docker Run Command Not Working For Windows Based Agent #1

Open quicksort9 opened 1 year ago

quicksort9 commented 1 year ago

Hi the command

docker run --user

(pwd):/dastardly -e DASTARDLY_TARGET_URL=https://ginandjuice.shop/ -e DASTARDLY_OUTPUT_FILE=/dastardly/dastardly-report.xml public.ecr.aws/portswigger/dastardly:latest

works fine for ubuntu based agents but not on windows based agent

Can somebody confirm if the above works for windows env too

N1k05 commented 1 year ago

Hi @quicksort9,

Would you like to check the logs on the agent, please?

When I am running it on Windows agent I am getting the following message.

docker: image operating system "linux" cannot be used on this platform: operating system is not supported.

Looks like it is not supported by design.

Please find below a link to the Dastardly page regarding CI/CD pipelines and command to use for docker run.

https://portswigger.net/burp/documentation/dastardly/generic

quicksort9 commented 1 year ago

Hi @N1k05 ,

Thank you for taking time and responding. I have multiple questions based on the scenario I have observed on my end. I shall try to share as much detail as possible:

Yes on Microsoft Hosted agent , I get the similar exception i.e image operating system "linux" cannot be used on this platform: operating system is not supported. . But we are using self-hosted agent running Windows and on it the task runs fine (perhaps switch to linux containers setting on Docker Windows has something to do with it but I will confirm you on this as it is currently managed by other team)

Question 1:

image

I see that in your YAML file: azure-pipelines-dastardly.yml , you are passing an additional parameter "true"

      docker run --user $(id -u) --rm -v $(pwd):/dastardly -e \
      DASTARDLY_TARGET_URL=$(url_to_scan) -e \
      DASTARDLY_OUTPUT_FILE=/dastardly/dastardly-report.xml \
      public.ecr.aws/portswigger/dastardly:latest
      **true**

Can you kindly confirm its impact of this specific parameter? I could not find it even in the Dastardly official documentation link you shared.

My YAML is as follows:

image

Now,

The task runs fine except only that this true property has some part to play

I am not sure but I guess that the default behavior of the scanner is to exit in case the scan job fails due to critical vulnerabilities encountered which I get in case I run this task without true parameter at end and the task fails breaking pipeline BUT with true the scan task completes and moves to next task uploading the XML file as output (in both cases the test URL https://ginandjuice.shop is used)