Dockerfile for the humble tool - tested on both amd & arm architectur…

[MikeAnast]

…es and is working properly

Pull Request Template

Description

Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.

Fixes # (issue)

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

• Test A
• Test B

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published in downstream modules
• I have checked my code and corrected any misspellings

[rfc-st]

Hello!, @MikeAnast:

Thanks for the PR. One question (I don't usually work with Dockerfiles): what does 'apt-get install -y' actually do?, I understand nothing as it doesn't indicate any package to install, right?.

Regards

[rfc-st]

Hi again, @MikeAnast:

After reviewing your PR I had to make some modifications:

• Indicating a previous version of Python that is in line with the minimum required by 'humble'.

  E.g.: FROM python:3.8-slim

• Indicating a TAG in the creation of the image, associating it with the last release of 'humble', to facilitate its identification via 'docker images'.

  E.g.: docker build -t humble:1.42 .

• Indicating, by the previous point, how to run 'humble'; including '-it' to allow colorama and some functions to run without problems (like delete_lines()).

  E.g.: docker run -it --rm --name humble humble:1.42 /bin/bash -c "python3 humble.py -u https://facebook.com"

• Indicating how to clean images via tags; after updating to the latest 'humble' release and building a new image.

  E.g.: docker rmi humble:1.42

Thanks for your time!; I will mention you in the 'Acknowledgements' section!.

Regards,

[MikeAnast]

Hello rfc ! First of all, you did a wonderfull work !
You are right my bad, i contributed 10 lines of code and i have an error, my bad ! :P
I was trying to remove uncessary installations and forgot to remove it.

I would suggest also to upload a docker image to your docker hub.

You can run the following command to extract the report file from docker container in your local machine:
docker run -v $(pwd):/tmp --rm humble /bin/bash -c "python3 humble.py -u https://www.spacex.com -o json -b -op /tmp"

*I couldn't find a way to give names on the generated reports, it will be very usefull in future releases

Best regards,
Mike

[rfc-st]

Hi @MikeAnast:

First of all, thanks, for your great suggestion that made me a little bit wiser (interesting world of Docker ^^).

Take a look at this commit!, which includes this new section and, of course, my thanks.

And about your suggestion: What specific part of the name of the generated report do you think should be customizable?;
do you have an example at hand of how you would like to define such customization?.

Regards,

[MikeAnast]

I would suggest all the name to be customizable in order to be more scalable. you then can use it in bash scripts or other integrations and it will be easier to parse the json files.

I usually use as example ZAProxy's documentation and structure since the tool is the most well known free vulnerability scanner and the devs are highly skilled !

Check the following link:
https://www.zaproxy.org/docs/docker/baseline-scan/

The example command that i am refering is the following:
docker run -v $(pwd):/zap/wrk/:rw -t ghcr.io/zaproxy/zaproxy:stable zap-baseline.py
-t https://www.example.com -g gen.conf -r testreport.html

With this command you run the tool in docker without any dependencies and store the testreport.html in your local computer, and thats it!

of course this is just a suggestion :)

[rfc-st]

Hi, @MikeAnast!:

Do you propose maybe a new parameter whose value is the full name of the exported analysis?.

For example: python3 humble.py -u https://facebook.com -o html -of testreport

In this case the new parameter would be '-of' (output file), which in the above example would generate the file 'testreport.html'.

Regards,

[MikeAnast]

Hi @rfc-st yes, exactly !!

[rfc-st]

Hi @MikeAnast:

Not only does it sound good, but it is also very interesting. I'm getting to it right now! :).

Regards,

[rfc-st]

Hi, @MikeAnast:

Check out this!: 7208487

First iteration, I know. But its a start! :)

Regards,

[rfc-st]

Hi, @MikeAnast:

After a quick fix (970d02a) both, Dockerfile logic and the new parameter 'of' (OUTPUT_FILE), are implemented.

Thanks!.

Regards,