File Store Code Base Examples
Below are examples of how to use a file store / archive code base for an application asset:
Example One
In this example, you will package code up and place it correctly for the appliance to fetch.
Assume you are using Linux and Apache2, with a webfoot folder named ‘www’, the hostname ‘server.mydomain.com’, and the path ‘/www/server.mydomain.com/:’
This example will illustrate how to package up code from the "sast-playground' folder and place it in the correct location for the appliance to fetch:
linux-user:examples linuxuser$ ls
sast-playground
Compress the folder:
linux-user:examples linuxuser$ tar -czf r0.sast-playground.tar.gz sast-playground/
Compression will give you the following file:
linux-user:examples linuxuser$ ls
r0.sast-playground.tar.gz sast-playground
Move the tar.gz file to the webfoot under, for example, a folder named 'whitehat'.
linux-user:examples linuxuser$ mv r0.sast-playground.tar.gz /www/server.mydomain.com/whitehat/
Enter the following URI into Sentinel:
To update this code, you would overwrite the 'r0.sast-playground.tar.gz' folder in the webroot.
Example Two
In this example, you will add a directory option to an Apache configuration file
/etc/apache2/apache2.conf:
linux-user: vi /etc/apache2/apache2.conf
Add the following code:
<Directory /var/www/server.mydomain.com/whitehat>
Options Indexes FollowSymLinks
</Directory>
Save and close the file. Restart Apache:
linux-user: /etc/init.d/apache2 restart
Enter the following URI into Sentinel:
With this setup Sentinel will scan the directory for the highest revision (‘r0,r1,r2' etc.) and download it for scanning. This way you don’t over-write the file but add to the directory with a higher ‘r' number each time. This has the added benefit of showing you the revision changes in the results (by displaying the name of the package we scanned).