diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..455993f
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+ - package-ecosystem: "" # See documentation for possible values
+ directory: "/" # Location of package manifests
+ schedule:
+ interval: "weekly"
diff --git a/.github/workflows/Com traducao.yml b/.github/workflows/Com traducao.yml
new file mode 100644
index 0000000..18159b9
--- /dev/null
+++ b/.github/workflows/Com traducao.yml
@@ -0,0 +1,125 @@
+name: Resultados_PTBR
+on:
+ push:
+ branches: [ master ]
+ workflow_dispatch:
+jobs:
+ Download_Wrapper:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Veracode Pipeline Scan
+ run: |
+ curl -sSO https://tools.veracode.com/integrations/API-Wrappers/C%23/bin/VeracodeC%23API.zip
+ unzip VeracodeC%23API.zip
+ - name: Publicando Artefato
+ uses: actions/upload-artifact@v2
+ with:
+ name: WrapperVeracode
+ path: VeracodeC#API.exe
+
+ Download_XML:
+ runs-on: windows-latest
+ needs: Download_Wrapper
+ steps:
+ - name: Download Artefato
+ uses: actions/download-artifact@v2
+ with:
+ name: WrapperVeracode
+ - name: Download XML
+ env:
+ veracodeID: ${{ secrets.VID }}
+ veracodeAPIkey: ${{ secrets.VKEY }}
+ run: |
+ # Recebe as infos
+ [xml]$INFO = $(.\VeracodeC#API.exe -vid "$veracodeID" -vkey "$veracodeAPIkey" -action GetAppList | Select-String -Pattern 'Github Actions - IGDEXE/NodeGoat-JS')
+ $appID = $INFO.app.app_id
+ [string]$INFO = .\VeracodeC#API.exe -vid $veracodeID -vkey $veracodeAPIkey -action GetAppBuilds -appid "$appID"
+ [xml]$INFO = $INFO.Replace(' xmlns=', ' _xmlns=')
+ $buildINFO = $INFO.SelectSingleNode("//application[@app_id='$appId']")
+ $buildID = $buildINFO.build.build_id
+ # Gera o relatorio
+ $out = .\VeracodeC#API.exe -vid $veracodeID -vkey $veracodeAPIkey -action detailedreport -buildid "$buildID" -outputfilepath "${{ github.run_id }}.xml"
+ - name: Publicando Artefato
+ uses: actions/upload-artifact@v2
+ with:
+ name: WrapperVeracode
+ path: ${{ github.run_id }}.xml
+
+ Resultados:
+ runs-on: windows-latest
+ needs: Download_XML
+ steps:
+ - name: Download Artefato
+ uses: actions/download-artifact@v2
+ with:
+ name: pacoteVeracode
+
+ - name: Resultado do Scan
+ run: |
+ function Traduzir {
+ param (
+ [parameter(position=0,Mandatory=$True)]
+ $texto,
+ [parameter(position=1)]
+ $idiomaAlvo = "pt"
+ )
+
+ # Utiliza a API do Google para traduzir
+ Try {
+ $Uri = “https://translate.googleapis.com/translate_a/single?client=gtx&sl=auto&tl=$($idiomaAlvo)&dt=t&q=$texto”
+ $Response = Invoke-RestMethod -Uri $Uri -Method Get
+ # Retorna o valor traduzido
+ $traducao = $Response[0].SyncRoot | foreach { $_[0] }
+ return $traducao
+ }
+ Catch {
+ # Recebe o erro
+ $ErrorMessage = $_.Exception.Message # Recebe o erro
+ # Exibe a mensagem de erro
+ Write-Host "Erro ao traduzir"
+ Write-host $ErrorMessage
+ }
+ }
+
+ # Recebendo informacoes
+ $securityINFO = [xml](Get-Content "${{ github.run_id }}.xml")
+ $notaLetra = $securityINFO.detailedreport.'static-analysis'.rating
+ $notaScore = $securityINFO.detailedreport.'static-analysis'.score
+ $veracodeAppName = $securityINFO.detailedreport.app_name
+ $numeroVersao = $securityINFO.detailedreport.version
+ $appID = $securityINFO.detailedreport.app_id
+ $quemEnviou = $securityINFO.detailedreport.submitter
+ $politica = $securityINFO.detailedreport.policy_name
+ $complicanceStatus = $securityINFO.detailedreport.policy_compliance_status
+ # Exibe os resultados
+ Write-Host "Resultado do Scan: $numeroVersao"
+ Write-Host "Nome App: $veracodeAppName - App ID: $appID"
+ Write-Host "Enviado por: $quemEnviou"
+ Write-Host "Politica: $politica"
+ Write-Host "Nota: $notaLetra - Score: $notaScore - Resultado: $complicanceStatus"
+ Write-Host "Lista dos problemas encontrados:"
+ # Recebe os leveis e reordena
+ $levels = $securityINFO.detailedreport.severity.level
+ [array]::Reverse($levels)
+ foreach ($level in $levels) {
+ Write-Host "Prioridade: $level"
+ # Recebe as informações
+ $itensCategoria = $securityINFO.detailedreport.severity[$level].category
+ foreach ($item in $itensCategoria) {
+ $idCWE = $item.cwe.cweid
+ $nomeCategoria = $item.categoryname
+ $descricao = $item.desc.para.text
+ $recomendacoes = $item.recommendations.para.text
+ # Faz a tradução
+ $descricao = Traduzir $descricao
+ $recomendacoes = Traduzir $recomendacoes
+ # Exibe o resultado
+ Write-Host "Categoria: $nomeCategoria - ID CWE: $idCWE"
+ Write-Host "Descrição: $descricao"
+ Write-Host " "
+ Write-Host "Remediação: $recomendacoes"
+ Write-Host " "
+ Write-Host " "
+ }
+ Write-Host "..."
+ }
diff --git a/.github/workflows/Comparativo.yml b/.github/workflows/Comparativo.yml
new file mode 100644
index 0000000..8594efe
--- /dev/null
+++ b/.github/workflows/Comparativo.yml
@@ -0,0 +1,71 @@
+name: Comparativo
+on:
+ push:
+ branches: [ master ]
+ workflow_dispatch:
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ - name: Empacotamento dos arquivos
+ uses: thedoctor0/zip-release@master
+ with:
+ filename: 'veracode.zip'
+ path: .
+ - name: Publicando Artefato
+ uses: actions/upload-artifact@v2
+ with:
+ name: pacoteVeracode
+ path: veracode.zip
+
+ Veracode_SCA:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ - name: Veracode SCA
+ env:
+ SRCCLR_API_TOKEN: ${{ secrets.SCA }} # Lembrar de criar as credenciais no Secrets
+ run: |
+ curl -sSL 'https://download.sourceclear.com/ci.sh' | bash -s – scan --update-advisor --allow-dirty
+
+ Veracode_SAST:
+ runs-on: ubuntu-latest
+ needs: build
+ steps:
+ - name: Download Artefato
+ uses: actions/download-artifact@v2
+ with:
+ name: pacoteVeracode
+ - uses: veracode/veracode-uploadandscan-action@master # Faz a analise da Veracode
+ env:
+ VID: ${{ secrets.VID }} # Lembrar de criar as credenciais no Secrets
+ VKEY: ${{ secrets.VKEY }}
+ AppName: Github Actions - ${{ github.repository }}
+ with:
+ vid: '$VID'
+ vkey: '$VKEY'
+ criticality: 'VeryHigh'
+ appname: '$AppName'
+ scanpollinginterval: 30
+ scantimeout: 45
+ filepath: 'veracode.zip'
+ version: ${{ github.run_id }}
+
+ Veracode_PipelineScan:
+ runs-on: ubuntu-latest
+ needs: build
+ steps:
+ - name: Download Artefato
+ uses: actions/download-artifact@v2
+ with:
+ name: pacoteVeracode
+ - name: Veracode Pipeline Scan
+ env:
+ VID: ${{ secrets.VID }} # Lembrar de criar as credenciais no Secrets
+ VKEY: ${{ secrets.VKEY }}
+ CaminhoArquivo: './veracode.zip'
+ run: |
+ curl -sSO https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip
+ unzip pipeline-scan-LATEST.zip
+ java -jar pipeline-scan.jar -vid $VID -vkey $VKEY -f $CaminhoArquivo --issue_details true
diff --git a/.github/workflows/Default.yml b/.github/workflows/Default.yml
deleted file mode 100644
index f7a337a..0000000
--- a/.github/workflows/Default.yml
+++ /dev/null
@@ -1,59 +0,0 @@
-name: Default
-on:
- push:
- branches: [ master ]
- workflow_dispatch:
-jobs:
- build:
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@master
-
- - name: Use Node.js
- uses: actions/setup-node@v2
- with:
- node-version: '12.x'
-
- - name: Archive Release
- uses: thedoctor0/zip-release@master
- with:
- filename: 'veracode.zip'
- path: .
-
- - uses: actions/setup-java@v1 # Make java accessible on path so the uploadandscan action can run.
- with:
- java-version: '8'
-
- - uses: veracode/veracode-uploadandscan-action@master # Faz a analise da Veracode
- env:
- VID: ${{ secrets.VID }} # Lembrar de criar as credenciais no Secrets
- VKEY: ${{ secrets.VKEY }}
- AppName: Github Actions - ${{ github.repository }}
- with:
- vid: '$VID'
- vkey: '$VKEY'
- criticality: 'VeryHigh'
- appname: '$AppName'
- createprofile: true
- filepath: 'veracode.zip'
- deleteIncompleteScan: false
- version: ${{ github.run_id }}
-
- - name: Veracode SCA
- env:
- SRCCLR_API_TOKEN: ${{ secrets.SCA }} # Lembrar de criar as credenciais no Secrets
- run: |
- curl -sSL 'https://download.sourceclear.com/ci.sh' | bash -s scan --update-advisor
-
- - name: build
- run: npm build
-
- - name: Veracode Pipeline Scan
- env:
- VID: ${{ secrets.VID }} # Lembrar de criar as credenciais no Secrets
- VKEY: ${{ secrets.VKEY }}
- CaminhoArquivo: 'veracode.zip'
- run: |
- curl -sSO https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip
- unzip -o pipeline-scan-LATEST.zip
- java -jar pipeline-scan.jar -vid $VID -vkey $VKEY -f $CaminhoArquivo --issue_details true
diff --git a/.github/workflows/PipelineIdeal.yml b/.github/workflows/PipelineIdeal.yml
index 0879adb..780ef51 100644
--- a/.github/workflows/PipelineIdeal.yml
+++ b/.github/workflows/PipelineIdeal.yml
@@ -8,12 +8,6 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- - name: Use Node.js
- uses: actions/setup-node@v2
- with:
- node-version: '12.x'
- - name: Install dependencies
- run: npm install
- name: Empacotamento dos arquivos
uses: thedoctor0/zip-release@master
with:
diff --git a/.github/workflows/Veracode-Expert.yml b/.github/workflows/Veracode-Expert.yml
new file mode 100644
index 0000000..a355805
--- /dev/null
+++ b/.github/workflows/Veracode-Expert.yml
@@ -0,0 +1,104 @@
+name: Veracode_Expert
+on:
+ push:
+ branches: [ master ]
+ workflow_dispatch:
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ - name: Empacotamento dos arquivos
+ uses: thedoctor0/zip-release@master
+ with:
+ filename: 'veracode.zip'
+ path: .
+ - name: Publicando Artefato
+ uses: actions/upload-artifact@v2
+ with:
+ name: pacoteVeracode
+ path: veracode.zip
+
+ Veracode_SCA:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ - name: Veracode SCA
+ env:
+ SRCCLR_API_TOKEN: ${{ secrets.SCA }} # Lembrar de criar as credenciais no Secrets
+ run: |
+ curl -sSL 'https://download.sourceclear.com/ci.sh' | bash -s – scan --update-advisor --pull-request --allow-dirty
+
+ Veracode-container_iac_secrets-scan:
+ runs-on: ubuntu-latest
+ name: Veracode Container/IaC/Secrets
+
+ steps:
+ - name: checkout
+ uses: actions/checkout@v3
+
+ - name: Verracode Container/IaC/Secrets action step
+ uses: veracode/container_iac_secrets_scanning@v1.0.0
+ with:
+ vid: ${{ secrets.VeracodeID }}
+ vkey: ${{ secrets.VeracodeKey }}
+ command: "scan"
+ type: "directory"
+ source: "./"
+ format: "json"
+ debug: false
+ fail_build: true
+
+ Veracode_UploadAndScan:
+ runs-on: ubuntu-latest
+ needs: build
+ steps:
+ - name: Download Artefato
+ uses: actions/download-artifact@v2
+ with:
+ name: pacoteVeracode
+ - uses: veracode/veracode-uploadandscan-action@master # Faz a analise da Veracode
+ env:
+ VeracodeID: ${{ secrets.VeracodeID }} # Lembrar de criar as credenciais no Secrets
+ VeracodeKey: ${{ secrets.VeracodeKey }}
+ AppName: Github Actions - ${{ github.repository }}
+ with:
+ vid: '$VeracodeID'
+ vkey: '$VeracodeKey'
+ criticality: 'VeryHigh'
+ appname: '$AppName'
+ createsandbox: true
+ filepath: 'veracode.zip'
+ deleteIncompleteScan: false
+ version: ${{ github.run_id }}
+
+ Veracode_PipelineScan:
+ runs-on: ubuntu-latest
+ needs: build
+ steps:
+ - name: Download Artefato
+ uses: actions/download-artifact@v2
+ with:
+ name: pacoteVeracode
+ - name: Veracode Pipeline Scan
+ continue-on-error: true
+ env:
+ VID: ${{ secrets.VeracodeID }} # Lembrar de criar as credenciais no Secrets
+ VKEY: ${{ secrets.VeracodeKey }}
+ CaminhoArquivo: './veracode.zip'
+ run: |
+ curl -sSO https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip
+ unzip pipeline-scan-LATEST.zip
+ java -jar pipeline-scan.jar -vid $VID -vkey $VKEY -f $CaminhoArquivo --issue_details true
+ - name: Converte para o formato SARIF
+ id: convert
+ uses: Veracode/veracode-pipeline-scan-results-to-sarif@v1.0.5
+ with:
+ pipeline-results-json: results.json
+ output-results-sarif: veracode-results.sarif
+ finding-rule-level: "3:1:0"
+ - name: Publica os resultados
+ uses: github/codeql-action/upload-sarif@v2
+ with: # Path to SARIF file relative to the root of the repository
+ sarif_file: veracode-results.sarif
diff --git a/.github/workflows/Veracode-SB.yml b/.github/workflows/Veracode-SB.yml
new file mode 100644
index 0000000..75e0449
--- /dev/null
+++ b/.github/workflows/Veracode-SB.yml
@@ -0,0 +1,99 @@
+name: Veracode_SB
+on:
+ push:
+
+jobs:
+ Package:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ - name: Empacotamento dos arquivos
+ uses: thedoctor0/zip-release@master
+ with:
+ filename: 'veracode.zip'
+ path: .
+ - name: Publicando Artefato
+ uses: actions/upload-artifact@v2
+ with:
+ name: pacoteVeracode
+ path: veracode.zip
+
+ Veracode_SCA:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ - name: Veracode SCA
+ env:
+ SRCCLR_API_TOKEN: ${{ secrets.SCA }} # Lembrar de criar as credenciais no Secrets
+ run: |
+ curl -sSL 'https://download.sourceclear.com/ci.sh' | bash -s – scan --update-advisor --pull-request --allow-dirty
+
+ Veracode_UploadAndScan:
+ runs-on: ubuntu-latest
+ if: ${{ github.ref == 'refs/heads/DEV' || github.ref == 'refs/heads/HMG' || github.ref == 'refs/heads/Main' }}
+ needs: Package
+ steps:
+ - name: Download Artefato
+ uses: actions/download-artifact@v2
+ with:
+ name: pacoteVeracode
+ - uses: veracode/veracode-uploadandscan-action@master # Faz a analise da Veracode
+ if: ${{ github.ref == 'refs/heads/DEV' || github.ref == 'refs/heads/HMG' }}
+ env:
+ VeracodeID: ${{ secrets.VeracodeID }} # Lembrar de criar as credenciais no Secrets
+ VeracodeKey: ${{ secrets.VeracodeKey }}
+ AppName: Github Actions - ${{ github.repository }}
+ with:
+ vid: '$VeracodeID'
+ vkey: '$VeracodeKey'
+ criticality: 'VeryHigh'
+ appname: '$AppName'
+ createsandbox: true
+ sandboxname: ${GITHUB_REF#refs/heads/}
+ filepath: 'veracode.zip'
+ deleteIncompleteScan: false
+ version: ${{ github.run_id }}
+ - uses: veracode/veracode-uploadandscan-action@master # Faz a analise da Veracode
+ if: ${{ github.ref == 'refs/heads/Main' }}
+ env:
+ VeracodeID: ${{ secrets.VeracodeID }} # Lembrar de criar as credenciais no Secrets
+ VeracodeKey: ${{ secrets.VeracodeKey }}
+ AppName: Github Actions - ${{ github.repository }}
+ with:
+ vid: '$VeracodeID'
+ vkey: '$VeracodeKey'
+ criticality: 'VeryHigh'
+ appname: '$AppName'
+ filepath: 'veracode.zip'
+ deleteIncompleteScan: false
+ version: ${{ github.run_id }}
+
+ Veracode_PipelineScan:
+ runs-on: ubuntu-latest
+ needs: Package
+ steps:
+ - name: Download Artefato
+ uses: actions/download-artifact@v2
+ with:
+ name: pacoteVeracode
+ - name: Veracode Pipeline Scan
+ continue-on-error: true
+ env:
+ VID: ${{ secrets.VeracodeID }} # Lembrar de criar as credenciais no Secrets
+ VKEY: ${{ secrets.VeracodeKey }}
+ CaminhoArquivo: './veracode.zip'
+ run: |
+ curl -sSO https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip
+ unzip pipeline-scan-LATEST.zip
+ java -jar pipeline-scan.jar -vid $VID -vkey $VKEY -f $CaminhoArquivo --issue_details true
+ - name: Converte para o formato SARIF
+ id: convert
+ uses: Veracode/veracode-pipeline-scan-results-to-sarif@v1.0.5
+ with:
+ pipeline-results-json: results.json
+ output-results-sarif: veracode-results.sarif
+ finding-rule-level: "3:1:0"
+ - name: Publica os resultados
+ uses: github/codeql-action/upload-sarif@v2
+ with: # Path to SARIF file relative to the root of the repository
+ sarif_file: veracode-results.sarif
\ No newline at end of file
diff --git a/.github/workflows/Veracode-XGH.yml b/.github/workflows/Veracode-XGH.yml
new file mode 100644
index 0000000..cc07bb4
--- /dev/null
+++ b/.github/workflows/Veracode-XGH.yml
@@ -0,0 +1,71 @@
+name: Veracode_GoHorse
+on:
+ push
+
+jobs:
+ Package:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ - name: Empacotamento dos arquivos
+ uses: thedoctor0/zip-release@master
+ with:
+ filename: 'veracode.zip'
+ path: .
+ - name: Publicando Artefato
+ uses: actions/upload-artifact@v2
+ with:
+ name: pacoteVeracode
+ path: veracode.zip
+
+ Veracode_SCA:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ - name: Veracode SCA
+ env:
+ SRCCLR_API_TOKEN: ${{ secrets.SCA }} # Lembrar de criar as credenciais no Secrets
+ run: |
+ curl -sSL 'https://download.sourceclear.com/ci.sh' | bash -s – scan --update-advisor --pull-request --allow-dirty
+
+ Veracode_UploadAndScan:
+ runs-on: ubuntu-latest
+ needs: Package
+ steps:
+ - name: Download Artefato
+ uses: actions/download-artifact@v2
+ with:
+ name: pacoteVeracode
+ - uses: veracode/veracode-uploadandscan-action@master # Faz a analise da Veracode
+ env:
+ VeracodeID: ${{ secrets.VeracodeID }} # Lembrar de criar as credenciais no Secrets
+ VeracodeKey: ${{ secrets.VeracodeKey }}
+ AppName: ${{ github.repository }}
+ with:
+ vid: '$VeracodeID'
+ vkey: '$VeracodeKey'
+ criticality: 'VeryHigh'
+ appname: '$AppName'
+ filepath: 'veracode.zip'
+ deleteIncompleteScan: true
+ scanallnonfataltoplevelmodules: true
+ includenewmodules: true
+ version: ${{ github.run_id }}
+
+ Veracode_PipelineScan:
+ runs-on: ubuntu-latest
+ needs: Package
+ steps:
+ - name: Download Artefato
+ uses: actions/download-artifact@v2
+ with:
+ name: pacoteVeracode
+ - name: Veracode Pipeline Scan
+ env:
+ VID: ${{ secrets.VeracodeID }} # Lembrar de criar as credenciais no Secrets
+ VKEY: ${{ secrets.VeracodeKey }}
+ CaminhoArquivo: './veracode.zip'
+ run: |
+ curl -sSO https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip
+ unzip pipeline-scan-LATEST.zip
+ java -jar pipeline-scan.jar -vid $VID -vkey $VKEY -f $CaminhoArquivo --issue_details true
\ No newline at end of file
diff --git a/.github/workflows/allTools.yml b/.github/workflows/allTools.yml
deleted file mode 100644
index 39b4c2c..0000000
--- a/.github/workflows/allTools.yml
+++ /dev/null
@@ -1,133 +0,0 @@
-name: All-Tools
-
-on:
- push:
- branches: [ master ]
-
- workflow_dispatch:
-
-jobs:
- build:
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v2
- - name: Use Node.js
- uses: actions/setup-node@v2
- with:
- node-version: '12.x'
- - name: Install dependencies
- run: npm install
- - name: Empacotamento dos arquivos
- uses: thedoctor0/zip-release@master
- with:
- filename: 'veracode.zip'
- path: .
- - name: Publicando Artefato
- uses: actions/upload-artifact@v2
- with:
- name: pacoteVeracode
- path: veracode.zip
-
- Veracode_SCA:
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v2
- - name: Veracode SCA
- env:
- SRCCLR_API_TOKEN: ${{ secrets.SCA }} # Lembrar de criar as credenciais no Secrets
- run: |
- curl -sSL 'https://download.sourceclear.com/ci.sh' | bash -s – scan --update-advisor --pull-request
-
- Veracode_REST_API:
- runs-on: ubuntu-latest
- needs: build
- steps:
- - name: Download Artefato
- uses: actions/download-artifact@v2
- with:
- name: pacoteVeracode
- - name: Veracode REST API
- env:
- VERACODE_ID: ${{ secrets.VID }} # Lembrar de criar as credenciais no Secrets
- VERACODE_KEY: ${{ secrets.VKEY }}
- veracodeAppName: Github - ${{ github.repository }}
- CaminhoArquivo: './veracode.zip'
- run: |
- aut_Veracode () {
- URLPATH=$1
- METHOD=$2
- NONCE="$(cat /dev/random | xxd -p | head -c 32)"
- TS="$(($(date +%s%N)/1000))"
- encryptedNonce=$(echo "$NONCE" | xxd -r -p | openssl dgst -sha256 -mac HMAC -macopt hexkey:$VERACODE_KEY | cut -d ' ' -f 2)
- encryptedTimestamp=$(echo -n "$TS" | openssl dgst -sha256 -mac HMAC -macopt hexkey:$encryptedNonce | cut -d ' ' -f 2)
- signingKey=$(echo -n "vcode_request_version_1" | openssl dgst -sha256 -mac HMAC -macopt hexkey:$encryptedTimestamp | cut -d ' ' -f 2)
- DATA="id=$VERACODE_ID&host=analysiscenter.veracode.com&url=$URLPATH&method=$METHOD"
- signature=$(echo -n "$DATA" | openssl dgst -sha256 -mac HMAC -macopt hexkey:$signingKey | cut -d ' ' -f 2)
- VERACODE_AUTH_HEADER="VERACODE-HMAC-SHA-256 id=$VERACODE_ID,ts=$TS,nonce=$NONCE,sig=$signature"
- }
- URLPATH=/api/5.0/getapplist.do
- METHOD=GET
- aut_Veracode $URLPATH $METHOD
- curl -s -X $METHOD -H "Authorization: $VERACODE_AUTH_HEADER" "https://analysiscenter.veracode.com$URLPATH" -o applist.xml
- while read -r line
- do
- app_name=$(echo $line | grep -Po 'app_name="\K.*?(?=")')
- AppID=$(echo $line | grep -Po 'app_id="\K.*?(?=")')
- if [ "$app_name" = "$veracodeAppName" ]; then
- break
- fi
- done < <(grep $veracodeAppName applist.xml)
- URLPATH=/api/5.0/uploadfile.do
- METHOD=POST
- aut_Veracode $URLPATH $METHOD
- echo "Fazendo o Upload do arquivo: $CaminhoArquivo"
- curl -X $METHOD -H "Authorization: $VERACODE_AUTH_HEADER" "https://analysiscenter.veracode.com$URLPATH" -F "app_id=$AppID" -F "file=@$CaminhoArquivo"
- URLPATH=/api/5.0/beginprescan.do
- METHOD=POST
- aut_Veracode $URLPATH $METHOD
- echo " "
- echo "Iniciando o scan no perfil: $veracodeAppName ID: $AppID"
- curl -X $METHOD -H "Authorization: $VERACODE_AUTH_HEADER" "https://analysiscenter.veracode.com$URLPATH" -F "app_id=$AppID" -F "auto_scan=true"
-
- Veracode_Wrapper:
- runs-on: ubuntu-latest
- needs: build
- steps:
- - name: Download Artefato
- uses: actions/download-artifact@v2
- with:
- name: pacoteVeracode
- - uses: veracode/veracode-uploadandscan-action@master # Faz a analise da Veracode
- env:
- VID: ${{ secrets.VID }} # Lembrar de criar as credenciais no Secrets
- VKEY: ${{ secrets.VKEY }}
- AppName: Github Actions - ${{ github.repository }}
- with:
- vid: '$VID'
- vkey: '$VKEY'
- criticality: 'VeryHigh'
- appname: '$AppName'
- createprofile: true
- sandboxname: 'HMG'
- createsandbox: true
- filepath: 'veracode.zip'
- deleteIncompleteScan: false
- version: ${{ github.run_id }}
-
- Veracode_PipelineScan:
- runs-on: ubuntu-latest
- needs: build
- steps:
- - name: Download Artefato
- uses: actions/download-artifact@v2
- with:
- name: pacoteVeracode
- - name: Veracode Pipeline Scan
- env:
- VID: ${{ secrets.VID }} # Lembrar de criar as credenciais no Secrets
- VKEY: ${{ secrets.VKEY }}
- CaminhoArquivo: './veracode.zip'
- run: |
- curl -sSO https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip
- unzip pipeline-scan-LATEST.zip
- java -jar pipeline-scan.jar -vid $VID -vkey $VKEY -f $CaminhoArquivo
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
deleted file mode 100644
index 7dc2a3b..0000000
--- a/.github/workflows/main.yml
+++ /dev/null
@@ -1,111 +0,0 @@
-name: Pipeline-Envs
-
-on:
- push:
- branches: [ master ]
-
- workflow_dispatch:
-
-jobs:
- build:
- runs-on: ubuntu-latest
-
- steps:
- - uses: actions/checkout@v2
- - name: Use Node.js
- uses: actions/setup-node@v2
- with:
- node-version: '12.x'
- - name: Install dependencies
- run: npm install
- - name: Empacotamento dos arquivos
- uses: thedoctor0/zip-release@master
- with:
- filename: 'veracode.zip'
- path: .
- - name: Publicando Artefato
- uses: actions/upload-artifact@v2
- with:
- name: pacoteVeracode
- path: veracode.zip
-
- Veracode_REST_API:
- runs-on: ubuntu-latest
- environment:
- name: REST
- needs: build
- steps:
- - name: Download math result for job 1
- uses: actions/download-artifact@v2
- with:
- name: pacoteVeracode
- - name: Veracode REST API
- env:
- VERACODE_ID: ${{ secrets.VID }} # Lembrar de criar as credenciais no Secrets
- VERACODE_KEY: ${{ secrets.VKEY }}
- veracodeAppName: Github Actions - ${{ github.repository }}
- CaminhoArquivo: './veracode.zip'
- run: |
- aut_Veracode () {
- URLPATH=$1
- METHOD=$2
- NONCE="$(cat /dev/random | xxd -p | head -c 32)"
- TS="$(($(date +%s%N)/1000))"
- encryptedNonce=$(echo "$NONCE" | xxd -r -p | openssl dgst -sha256 -mac HMAC -macopt hexkey:$VERACODE_KEY | cut -d ' ' -f 2)
- encryptedTimestamp=$(echo -n "$TS" | openssl dgst -sha256 -mac HMAC -macopt hexkey:$encryptedNonce | cut -d ' ' -f 2)
- signingKey=$(echo -n "vcode_request_version_1" | openssl dgst -sha256 -mac HMAC -macopt hexkey:$encryptedTimestamp | cut -d ' ' -f 2)
- DATA="id=$VERACODE_ID&host=analysiscenter.veracode.com&url=$URLPATH&method=$METHOD"
- signature=$(echo -n "$DATA" | openssl dgst -sha256 -mac HMAC -macopt hexkey:$signingKey | cut -d ' ' -f 2)
- VERACODE_AUTH_HEADER="VERACODE-HMAC-SHA-256 id=$VERACODE_ID,ts=$TS,nonce=$NONCE,sig=$signature"
- }
- URLPATH=/api/5.0/getapplist.do
- METHOD=GET
- aut_Veracode $URLPATH $METHOD
- curl -s -X $METHOD -H "Authorization: $VERACODE_AUTH_HEADER" "https://analysiscenter.veracode.com$URLPATH" -o applist.xml
- while read -r line
- do
- app_name=$(echo $line | grep -Po 'app_name="\K.*?(?=")')
- AppID=$(echo $line | grep -Po 'app_id="\K.*?(?=")')
- if [ "$app_name" = "$veracodeAppName" ]; then
- break
- fi
- done < <(grep $veracodeAppName applist.xml)
- URLPATH=/api/5.0/uploadfile.do
- METHOD=POST
- aut_Veracode $URLPATH $METHOD
- echo "Fazendo o Upload do arquivo: $CaminhoArquivo"
- curl -X $METHOD -H "Authorization: $VERACODE_AUTH_HEADER" "https://analysiscenter.veracode.com$URLPATH" -F "app_id=$AppID" -F "file=@$CaminhoArquivo"
- URLPATH=/api/5.0/beginprescan.do
- METHOD=POST
- aut_Veracode $URLPATH $METHOD
- echo " "
- echo "Iniciando o scan no perfil: $veracodeAppName ID: $AppID"
- curl -X $METHOD -H "Authorization: $VERACODE_AUTH_HEADER" "https://analysiscenter.veracode.com$URLPATH" -F "app_id=$AppID" -F "auto_scan=true"
-
- Veracode_Wrapper:
- runs-on: ubuntu-latest
- environment:
- name: Wrapper
- needs: build
- steps:
- - name: Download math result for job 1
- uses: actions/download-artifact@v2
- with:
- name: pacoteVeracode
- - uses: veracode/veracode-uploadandscan-action@master # Faz a analise da Veracode
- env:
- VID: ${{ secrets.VID }} # Lembrar de criar as credenciais no Secrets
- VKEY: ${{ secrets.VKEY }}
- AppName: Github Actions - ${{ github.repository }}
- with:
- vid: '$VID'
- vkey: '$VKEY'
- criticality: 'VeryHigh'
- appname: '$AppName'
- createprofile: true
- sandboxname: 'Wrapper'
- createsandbox: true
- filepath: 'veracode.zip'
- deleteIncompleteScan: false
- version: ${{ github.run_id }}
- scantimeout: 30
diff --git a/.github/workflows/restAPI.yml b/.github/workflows/restAPI.yml
deleted file mode 100644
index edee816..0000000
--- a/.github/workflows/restAPI.yml
+++ /dev/null
@@ -1,78 +0,0 @@
-# This workflow will do a clean installation of node dependencies, cache/restore them, build the source code and run tests across different versions of node
-# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
-
-name: NodeJS
-
-on:
- push:
- branches: [ master ]
-
- workflow_dispatch:
-
-jobs:
- build:
- runs-on: ubuntu-latest
-
- steps:
- - uses: actions/checkout@v2
- - name: Use Node.js
- uses: actions/setup-node@v2
- with:
- node-version: '12.x'
- - name: Install dependencies
- run: npm install
-
- - name: Empacotamento dos arquivos
- uses: thedoctor0/zip-release@master
- with:
- filename: 'veracode.zip'
- path: .
-
- - name: Veracode REST API
- env:
- VERACODE_ID: ${{ secrets.VID }} # Lembrar de criar as credenciais no Secrets
- VERACODE_KEY: ${{ secrets.VKEY }}
- veracodeAppName: Github Actions - ${{ github.repository }}
- CaminhoArquivo: './veracode.zip'
- run: |
- aut_Veracode () {
- URLPATH=$1
- METHOD=$2
-
- NONCE="$(cat /dev/random | xxd -p | head -c 32)"
- TS="$(($(date +%s%N)/1000))"
- encryptedNonce=$(echo "$NONCE" | xxd -r -p | openssl dgst -sha256 -mac HMAC -macopt hexkey:$VERACODE_KEY | cut -d ' ' -f 2)
- encryptedTimestamp=$(echo -n "$TS" | openssl dgst -sha256 -mac HMAC -macopt hexkey:$encryptedNonce | cut -d ' ' -f 2)
- signingKey=$(echo -n "vcode_request_version_1" | openssl dgst -sha256 -mac HMAC -macopt hexkey:$encryptedTimestamp | cut -d ' ' -f 2)
- DATA="id=$VERACODE_ID&host=analysiscenter.veracode.com&url=$URLPATH&method=$METHOD"
- signature=$(echo -n "$DATA" | openssl dgst -sha256 -mac HMAC -macopt hexkey:$signingKey | cut -d ' ' -f 2)
- VERACODE_AUTH_HEADER="VERACODE-HMAC-SHA-256 id=$VERACODE_ID,ts=$TS,nonce=$NONCE,sig=$signature"
- }
-
- URLPATH=/api/5.0/getapplist.do
- METHOD=GET
- aut_Veracode $URLPATH $METHOD
- curl -s -X $METHOD -H "Authorization: $VERACODE_AUTH_HEADER" "https://analysiscenter.veracode.com$URLPATH" -o applist.xml
-
- while read -r line
- do
- app_name=$(echo $line | grep -Po 'app_name="\K.*?(?=")')
- AppID=$(echo $line | grep -Po 'app_id="\K.*?(?=")')
- if [ "$app_name" = "$veracodeAppName" ]; then
- break
- fi
- done < <(grep $veracodeAppName applist.xml)
-
-
- URLPATH=/api/5.0/uploadfile.do
- METHOD=POST
- aut_Veracode $URLPATH $METHOD
- echo "Fazendo o Upload do arquivo: $CaminhoArquivo"
- curl -X $METHOD -H "Authorization: $VERACODE_AUTH_HEADER" "https://analysiscenter.veracode.com$URLPATH" -F "app_id=$AppID" -F "file=@$CaminhoArquivo"
-
- URLPATH=/api/5.0/beginprescan.do
- METHOD=POST
- aut_Veracode $URLPATH $METHOD
- echo " "
- echo "Iniciando o scan no perfil: $veracodeAppName ID: $AppID"
- curl -X $METHOD -H "Authorization: $VERACODE_AUTH_HEADER" "https://analysiscenter.veracode.com$URLPATH" -F "app_id=$AppID" -F "auto_scan=true"
diff --git a/.github/workflows/veracode-basic.yml b/.github/workflows/veracode-basic.yml
new file mode 100644
index 0000000..624f14e
--- /dev/null
+++ b/.github/workflows/veracode-basic.yml
@@ -0,0 +1,44 @@
+name: Veracode_Basic
+on:
+ push:
+ branches: [ master ]
+ workflow_dispatch:
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ - name: Empacotamento dos arquivos
+ uses: thedoctor0/zip-release@master
+ with:
+ filename: 'veracode.zip'
+ path: .
+ - name: Publicando Artefato
+ uses: actions/upload-artifact@v2
+ with:
+ name: pacoteVeracode
+ path: veracode.zip
+
+ Veracode_UploadAndScan:
+ runs-on: ubuntu-latest
+ needs: build
+ steps:
+ - name: Download Artefato
+ uses: actions/download-artifact@v2
+ with:
+ name: pacoteVeracode
+ - uses: veracode/veracode-uploadandscan-action@master # Faz a analise da Veracode
+ env:
+ VeracodeID: ${{ secrets.VeracodeID }} # Lembrar de criar as credenciais no Secrets
+ VeracodeKey: ${{ secrets.VeracodeKey }}
+ AppName: ${{ github.repository }}
+ with:
+ vid: '$VeracodeID'
+ vkey: '$VeracodeKey'
+ criticality: 'VeryHigh'
+ appname: '$AppName'
+ createprofile: true
+ filepath: 'veracode.zip'
+ deleteIncompleteScan: false
+ version: ${{ github.run_id }}
\ No newline at end of file
diff --git a/.github/workflows/veracode-expert.yml b/.github/workflows/veracode-expert.yml
new file mode 100644
index 0000000..a355805
--- /dev/null
+++ b/.github/workflows/veracode-expert.yml
@@ -0,0 +1,104 @@
+name: Veracode_Expert
+on:
+ push:
+ branches: [ master ]
+ workflow_dispatch:
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ - name: Empacotamento dos arquivos
+ uses: thedoctor0/zip-release@master
+ with:
+ filename: 'veracode.zip'
+ path: .
+ - name: Publicando Artefato
+ uses: actions/upload-artifact@v2
+ with:
+ name: pacoteVeracode
+ path: veracode.zip
+
+ Veracode_SCA:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ - name: Veracode SCA
+ env:
+ SRCCLR_API_TOKEN: ${{ secrets.SCA }} # Lembrar de criar as credenciais no Secrets
+ run: |
+ curl -sSL 'https://download.sourceclear.com/ci.sh' | bash -s – scan --update-advisor --pull-request --allow-dirty
+
+ Veracode-container_iac_secrets-scan:
+ runs-on: ubuntu-latest
+ name: Veracode Container/IaC/Secrets
+
+ steps:
+ - name: checkout
+ uses: actions/checkout@v3
+
+ - name: Verracode Container/IaC/Secrets action step
+ uses: veracode/container_iac_secrets_scanning@v1.0.0
+ with:
+ vid: ${{ secrets.VeracodeID }}
+ vkey: ${{ secrets.VeracodeKey }}
+ command: "scan"
+ type: "directory"
+ source: "./"
+ format: "json"
+ debug: false
+ fail_build: true
+
+ Veracode_UploadAndScan:
+ runs-on: ubuntu-latest
+ needs: build
+ steps:
+ - name: Download Artefato
+ uses: actions/download-artifact@v2
+ with:
+ name: pacoteVeracode
+ - uses: veracode/veracode-uploadandscan-action@master # Faz a analise da Veracode
+ env:
+ VeracodeID: ${{ secrets.VeracodeID }} # Lembrar de criar as credenciais no Secrets
+ VeracodeKey: ${{ secrets.VeracodeKey }}
+ AppName: Github Actions - ${{ github.repository }}
+ with:
+ vid: '$VeracodeID'
+ vkey: '$VeracodeKey'
+ criticality: 'VeryHigh'
+ appname: '$AppName'
+ createsandbox: true
+ filepath: 'veracode.zip'
+ deleteIncompleteScan: false
+ version: ${{ github.run_id }}
+
+ Veracode_PipelineScan:
+ runs-on: ubuntu-latest
+ needs: build
+ steps:
+ - name: Download Artefato
+ uses: actions/download-artifact@v2
+ with:
+ name: pacoteVeracode
+ - name: Veracode Pipeline Scan
+ continue-on-error: true
+ env:
+ VID: ${{ secrets.VeracodeID }} # Lembrar de criar as credenciais no Secrets
+ VKEY: ${{ secrets.VeracodeKey }}
+ CaminhoArquivo: './veracode.zip'
+ run: |
+ curl -sSO https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip
+ unzip pipeline-scan-LATEST.zip
+ java -jar pipeline-scan.jar -vid $VID -vkey $VKEY -f $CaminhoArquivo --issue_details true
+ - name: Converte para o formato SARIF
+ id: convert
+ uses: Veracode/veracode-pipeline-scan-results-to-sarif@v1.0.5
+ with:
+ pipeline-results-json: results.json
+ output-results-sarif: veracode-results.sarif
+ finding-rule-level: "3:1:0"
+ - name: Publica os resultados
+ uses: github/codeql-action/upload-sarif@v2
+ with: # Path to SARIF file relative to the root of the repository
+ sarif_file: veracode-results.sarif
diff --git a/terraform/alicloud/bucket.tf b/terraform/alicloud/bucket.tf
new file mode 100644
index 0000000..831f9bc
--- /dev/null
+++ b/terraform/alicloud/bucket.tf
@@ -0,0 +1,18 @@
+resource "alicloud_oss_bucket" "bad_bucket" {
+ # Public and writeable bucket
+ # Versioning isn't enabled
+ # Not Encrypted with a Customer Master Key and no Server side encryption
+ # Doesn't have access logging enabled"
+ bucket = "wildwestfreeforall"
+ acl = "public-read-write"
+ tags = {
+ git_commit = "9c114f23d311f787c137723e1f71b27a52f0adec"
+ git_file = "terraform/alicloud/bucket.tf"
+ git_last_modified_at = "2022-04-05 15:17:55"
+ git_last_modified_by = "james.woolfenden@gmail.com"
+ git_modifiers = "james.woolfenden"
+ git_org = "bridgecrewio"
+ git_repo = "terragoat"
+ yor_trace = "80373049-248d-4f5e-9d25-740c3e80f2b9"
+ }
+}
diff --git a/terraform/alicloud/provider.tf b/terraform/alicloud/provider.tf
new file mode 100644
index 0000000..955c266
--- /dev/null
+++ b/terraform/alicloud/provider.tf
@@ -0,0 +1,12 @@
+terraform {
+ required_providers {
+ alicloud = {
+ source = "aliyun/alicloud"
+ version = "1.162.0"
+ }
+ }
+}
+
+provider "alicloud" {
+ region = "cn-hangzhou"
+}
\ No newline at end of file
diff --git a/terraform/alicloud/rds.tf b/terraform/alicloud/rds.tf
new file mode 100644
index 0000000..70660df
--- /dev/null
+++ b/terraform/alicloud/rds.tf
@@ -0,0 +1,30 @@
+resource "alicloud_db_instance" "seeme" {
+ # Is public due to Security IPS 0.0.0.0/0
+ engine = "MySQL"
+ engine_version = "5.6"
+ instance_type = "rds.mysql.t1.small"
+ instance_storage = "10"
+ tde_status = "Enabled"
+ security_ips = [
+ "0.0.0.0",
+ "10.23.12.24/24"
+ ]
+ parameters {
+ name = "innodb_large_prefix"
+ value = "ON"
+ }
+ parameters {
+ name = "connect_timeout"
+ value = "50"
+ }
+ tags = {
+ git_commit = "c2ff052009d49c65e6af551eb1506abc73b5976c"
+ git_file = "terraform/alicloud/rds.tf"
+ git_last_modified_at = "2022-04-05 15:14:28"
+ git_last_modified_by = "james.woolfenden@gmail.com"
+ git_modifiers = "james.woolfenden"
+ git_org = "bridgecrewio"
+ git_repo = "terragoat"
+ yor_trace = "7bd1394e-0a79-4288-8f83-5abcca5bf1ba"
+ }
+}
diff --git a/terraform/alicloud/trail.tf b/terraform/alicloud/trail.tf
new file mode 100644
index 0000000..9e2daf8
--- /dev/null
+++ b/terraform/alicloud/trail.tf
@@ -0,0 +1,44 @@
+resource "alicloud_actiontrail_trail" "fail" {
+ # Action Trail not Logging for all regions
+ # Action Trail not Logging for all events
+ trail_name = "action-trail"
+ oss_write_role_arn = alicloud_ram_role.trail.arn
+ oss_bucket_name = alicloud_oss_bucket.trail.bucket
+ event_rw = "Read"
+ trail_region = "cn-hangzhou"
+}
+
+resource "alicloud_oss_bucket" "trail" {
+
+ tags = {
+ git_commit = "c2ff052009d49c65e6af551eb1506abc73b5976c"
+ git_file = "terraform/alicloud/trail.tf"
+ git_last_modified_at = "2022-04-05 15:14:28"
+ git_last_modified_by = "james.woolfenden@gmail.com"
+ git_modifiers = "james.woolfenden"
+ git_org = "bridgecrewio"
+ git_repo = "terragoat"
+ yor_trace = "9ce7077b-8195-4e71-aec6-ed1f769555dc"
+ }
+}
+
+resource "alicloud_ram_role" "trail" {
+ name = "trail"
+ document = <Sample page
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Error adding employee data.
+
+
+";
+ echo "ID
+ NAME
+ ADDRESS
+ ",\$query_data[0], " ",
+ "",\$query_data[1], " ",
+ "",\$query_data[2], " ";
+ echo "";
+}
+?>
+
+
Error creating table.
"); + } +} + +/* Check for the existence of a table. */ +function TableExists(\$tableName, \$connection, \$dbName) { + \$t = mysqli_real_escape_string(\$connection, \$tableName); + \$d = mysqli_real_escape_string(\$connection, \$dbName); + + \$checktable = mysqli_query(\$connection, + "SELECT TABLE_NAME FROM information_schema.TABLES WHERE TABLE_NAME = '\$t' AND TABLE_SCHEMA = '\$d'"); + + if(mysqli_num_rows(\$checktable) > 0) return true; + + return false; +} +?> +EnD + +sudo mv /tmp/index.php /var/www/html +sudo chown root:root /var/www/html/index.php + + + +EOF + tags = merge({ + Name = "${local.resource_prefix.value}-dbapp" + }, { + git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" + git_file = "terraform/aws/db-app.tf" + git_last_modified_at = "2020-06-16 14:46:24" + git_last_modified_by = "nimrodkor@gmail.com" + git_modifiers = "nimrodkor" + git_org = "bridgecrewio" + git_repo = "terragoat" + yor_trace = "f7999d4e-c983-43ee-bd88-7903a6f8483e" + }) +} + +output "db_app_public_dns" { + description = "DB Public DNS name" + value = aws_instance.db_app.public_dns +} + +output "db_endpoint" { + description = "DB Endpoint" + value = aws_db_instance.default.endpoint +} + diff --git a/terraform/aws/ec2.tf b/terraform/aws/ec2.tf new file mode 100644 index 0000000..00e0ba9 --- /dev/null +++ b/terraform/aws/ec2.tf @@ -0,0 +1,308 @@ +resource "aws_instance" "web_host" { + # ec2 have plain text secrets in user data + ami = "${var.ami}" + instance_type = "t2.nano" + + vpc_security_group_ids = [ + "${aws_security_group.web-node.id}"] + subnet_id = "${aws_subnet.web_subnet.id}" + user_data = <