From 4c241d4eb1af9e4b4fa50ca87f907133c60647ec Mon Sep 17 00:00:00 2001
From: mo khan <mo.khan@gmail.com>
Date: Tue, 27 Oct 2020 16:01:27 -0600
Subject: fix: use minbox because the webgoat is locked behind authz

---
 spec/fixtures/docker/minbox-Dockerfile  |  1 +
 spec/fixtures/docker/webgoat/Dockerfile |  1 -
 spec/integration/klar_spec.rb           | 11 ++++++++---
 3 files changed, 9 insertions(+), 4 deletions(-)
 create mode 100644 spec/fixtures/docker/minbox-Dockerfile
 delete mode 100644 spec/fixtures/docker/webgoat/Dockerfile

(limited to 'spec')

diff --git a/spec/fixtures/docker/minbox-Dockerfile b/spec/fixtures/docker/minbox-Dockerfile
new file mode 100644
index 0000000..a5ea581
--- /dev/null
+++ b/spec/fixtures/docker/minbox-Dockerfile
@@ -0,0 +1 @@
+FROM mokhan/minbox:latest
diff --git a/spec/fixtures/docker/webgoat/Dockerfile b/spec/fixtures/docker/webgoat/Dockerfile
deleted file mode 100644
index 6b4ce3c..0000000
--- a/spec/fixtures/docker/webgoat/Dockerfile
+++ /dev/null
@@ -1 +0,0 @@
-FROM registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0@sha256:bc09fe2e0721dfaeee79364115aeedf2174cce0947b9ae5fe7c33312ee019a4e
diff --git a/spec/integration/klar_spec.rb b/spec/integration/klar_spec.rb
index 903d96b..1e8810d 100644
--- a/spec/integration/klar_spec.rb
+++ b/spec/integration/klar_spec.rb
@@ -4,11 +4,16 @@ RSpec.describe 'klar' do
   let(:scanner) { 'klar' }
 
   context "when scanning a vulnerable webgoat image" do
-    let(:project_fixture) { 'docker/webgoat' }
-    let(:env) { { DOCKER_IMAGE: 'registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0@sha256:bc09fe2e0721dfaeee79364115aeedf2174cce0947b9ae5fe7c33312ee019a4e' } }
+    let(:project_fixture) { 'docker' }
+    let(:env) do
+      {
+        DOCKER_IMAGE: "mokhan/minbox:latest",
+        DOCKERFILE_PATH: project.path.join("minbox-Dockerfile")
+      }
+    end
 
     pending { expect(subject).to match_schema(:container_scanning) }
-    specify { expect(subject['vulnerabilities'].length).to be > 1 }
+    specify { expect(subject['vulnerabilities'].length).to be > 0 }
     specify { expect(subject['vulnerabilities']).to all(include('category' => 'container_scanning')) }
   end
 end
-- 
cgit v1.2.3