From 57ab686b2a82e6dd20a1a2631ca739ad530a9e5f Mon Sep 17 00:00:00 2001 From: "Kainan(Kris) Zhang" <4xpl0r3r@gmail.com> Date: Sat, 29 Jun 2024 11:13:08 +0800 Subject: [PATCH 1/4] add guide for gitlab --- docs-2/development/testing/gitlab.md | 55 ++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 docs-2/development/testing/gitlab.md diff --git a/docs-2/development/testing/gitlab.md b/docs-2/development/testing/gitlab.md new file mode 100644 index 0000000..175e89c --- /dev/null +++ b/docs-2/development/testing/gitlab.md @@ -0,0 +1,55 @@ +--- + +title: GitLab repo testing +layout: col-document +tags: threatdragon +document: Threat Dragon version 2.0 +permalink: /docs-2/gitlab-repo/ + +--- + +{% include breadcrumb.html %} + +## [OWASP](https://www.owasp.org) Threat Dragon + +### GitLab repository access + +Most of steps are the same as the GitHub Guide, but there are several parts different: + +1. Web App GitLab Access +2. Environment variables + +#### Web App GitLab Access + +It's recommended to follow the [gitlab official guide](https://docs.gitlab.com/ee/integration/oauth_provider.html) to set up the OAuth Application. + +The recommended configs are like bellow: + +- Redirect URI: `{BaseURL of your Threat Dragon Instance}/api/oauth/return` +- Scopes: Check `read_user read_repository write_repository profile read_api api` + +For other options like `Trusted`, you could decide it by yourself. + +After finishing the application, you will get `Application ID` and `Application Secret`, they will be useful in the next part. + +#### Example Environment variables + +To help your threat dragon instance to support GitLab access, you have to set the environment variables like bellow + +```bash +GITLAB_CLIENT_ID=0000000000000000000000000000000 +GITLAB_CLIENT_SECRET=gloas-0000000000000000000000000000000 +GITLAB_SCOPE=read_user read_repository write_repository profile read_api api +GITLAB_REDIRECT_URI=http://threat-dragon-instance/api/oauth/return +GITLAB_HOST=http://gitlab-instance +``` + +- GITLAB_CLIENT_ID: the `Application ID` you got from Gitlab +- GITLAB_CLIENT_SECRET: the `Application Secret` you got from Gitlab +- GITLAB_SCOPE: the functionalities you allow the threat dragon to use +- GITLAB_REDIRECT_URI: set it like this pattern ``{BaseURL of your Threat Dragon Instance}/api/oauth/return`` +- GITLAB_HOST: it is the BaseURL of your GitLab Instance, if you're using official GitLab instance, it remove this variable or set it to `https://gitlab.com/` + +#### The End + +Now you have successfully configured the GitLab Access for your Threat Dragon instance, for anything not mentioned in this guide, you can check [the Guide of GitHub one](/docs-2/github-repo/) \ No newline at end of file From fa242ac6f64f130c8e8d97800d5cff3822ab988e Mon Sep 17 00:00:00 2001 From: 4xpl0r3r <4xpl0r3r@gmail.com> Date: Mon, 1 Jul 2024 22:47:03 +0800 Subject: [PATCH 2/4] Update to meed CI Requirement --- docs-2/development/testing/gitlab.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/docs-2/development/testing/gitlab.md b/docs-2/development/testing/gitlab.md index 175e89c..8b68693 100644 --- a/docs-2/development/testing/gitlab.md +++ b/docs-2/development/testing/gitlab.md @@ -21,7 +21,8 @@ Most of steps are the same as the GitHub Guide, but there are several parts diff #### Web App GitLab Access -It's recommended to follow the [gitlab official guide](https://docs.gitlab.com/ee/integration/oauth_provider.html) to set up the OAuth Application. +It's recommended to follow the [gitlab official guide](https://docs.gitlab.com/ee/integration/oauth_provider.html) +to set up the OAuth Application. The recommended configs are like bellow: @@ -30,7 +31,8 @@ The recommended configs are like bellow: For other options like `Trusted`, you could decide it by yourself. -After finishing the application, you will get `Application ID` and `Application Secret`, they will be useful in the next part. +After finishing the application, you will get `Application ID` and `Application Secret`, +they will be useful in the next part. #### Example Environment variables @@ -48,8 +50,10 @@ GITLAB_HOST=http://gitlab-instance - GITLAB_CLIENT_SECRET: the `Application Secret` you got from Gitlab - GITLAB_SCOPE: the functionalities you allow the threat dragon to use - GITLAB_REDIRECT_URI: set it like this pattern ``{BaseURL of your Threat Dragon Instance}/api/oauth/return`` -- GITLAB_HOST: it is the BaseURL of your GitLab Instance, if you're using official GitLab instance, it remove this variable or set it to `https://gitlab.com/` +- GITLAB_HOST: it is the BaseURL of your GitLab Instance, if you're using official GitLab instance, +it remove this variable or set it to `https://gitlab.com/` #### The End -Now you have successfully configured the GitLab Access for your Threat Dragon instance, for anything not mentioned in this guide, you can check [the Guide of GitHub one](/docs-2/github-repo/) \ No newline at end of file +Now you have successfully configured the GitLab Access for your Threat Dragon instance, +for anything not mentioned in this guide, you can check [the Guide of GitHub one](/docs-2/github-repo/) From 88b339df117d313284e8cc6ccbdc456e9a2cbd02 Mon Sep 17 00:00:00 2001 From: 4xpl0r3r <4xpl0r3r@gmail.com> Date: Mon, 8 Jul 2024 21:01:43 +0800 Subject: [PATCH 3/4] Update gitlab.md --- docs-2/development/testing/gitlab.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs-2/development/testing/gitlab.md b/docs-2/development/testing/gitlab.md index 8b68693..3c6039c 100644 --- a/docs-2/development/testing/gitlab.md +++ b/docs-2/development/testing/gitlab.md @@ -31,7 +31,7 @@ The recommended configs are like bellow: For other options like `Trusted`, you could decide it by yourself. -After finishing the application, you will get `Application ID` and `Application Secret`, +After finishing the application, you will get `Application ID` and `Application Secret`, they will be useful in the next part. #### Example Environment variables From 9a2c07b2fa168bf9e4cc3d2847c31d95289702e6 Mon Sep 17 00:00:00 2001 From: 4xpl0r3r <4xpl0r3r@gmail.com> Date: Mon, 8 Jul 2024 13:02:53 +0000 Subject: [PATCH 4/4] Update wordlist --- .wordlist.txt | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.wordlist.txt b/.wordlist.txt index 153fed6..8b11678 100644 --- a/.wordlist.txt +++ b/.wordlist.txt @@ -187,3 +187,7 @@ GitLab githubusercontent nvm LTS + +configs +URI +BaseURL