JarCasting
JarCasting JarCasting

Cognifide's SecureCQ Apache Maven plugin

Apache Maven Plugin integration of the https://github.com/Cognifide/SecureCQ

Categories

Categories

Maven Build Tools
GroupId

GroupId

com.adobe.granite.maven
ArtifactId

ArtifactId

securecq-maven-plugin
Last Version

Last Version

0.0.1
Release Date

Release Date
Type

Type

maven-plugin
Description

Description

Cognifide's SecureCQ Apache Maven plugin
Apache Maven Plugin integration of the https://github.com/Cognifide/SecureCQ
Source Code Management

Source Code Management

https://github.com/adobe-marketing-cloud/experiencemanager-java-securecq-maven-plugin/tree/master

Download securecq-maven-plugin

Filename Size
securecq-maven-plugin-0.0.1.pom
securecq-maven-plugin-0.0.1.jar 20 KB
securecq-maven-plugin-0.0.1-sources.jar 11 KB
securecq-maven-plugin-0.0.1-javadoc.jar 43 KB
Browse

How to add to project

<plugin>
    <groupId>com.adobe.granite.maven</groupId>
    <artifactId>securecq-maven-plugin</artifactId>
    <version>0.0.1</version>
</plugin>

Dependencies

compile (4)

Group / Artifact Type Version
org.apache.maven : maven-core jar 3.0
org.apache.maven : maven-plugin-api jar 3.0
com.cognifide.securecq : secure-cq jar 1.0.1
com.google.inject : guice jar 3.0

provided (1)

Group / Artifact Type Version
org.apache.maven.plugin-tools : maven-plugin-annotations jar 3.2

Project Modules

There are no modules declared in this project.

cq-java-securecq-maven-plugin

This is a simple Maven Plugin integration of the Cognifide's SecureCQ, a tool to find the most popular security problems in your CQ instance.

Plugin quick reference

Name Type Since Description
authorUrl String - The author CQ instance URL.
Default value is: http://localhost:4502.
User property is: scq.url.author.
dispatcherUrl String - The dispatcher CQ instance URL.
User property is: scq.url.dispatcher.
enabledTests String[] - The list of tests have to be performed, config-validation, default-passwords, dispatcher-access, shindig-proxy, etc-tools, content-grabbing, feed-selector, wcm-debug, webdav, webdav, geometrixx and redundant-selectors by default.
publishUrl String - The publish CQ instance URL.
User property is: scq.url.publish.

Usage

  • Run a CQ instance:

    java -Djava.net.preferIPv4Stack=true -jar cq5-5.6.0.20130129-author.jar

  • Perform the tests

    mvn com.adobe.adobemarketingcloud.github.maven:securecq-maven-plugin:0.0.1:securecq [-Dscq.url.author=http://${host}:${port} -Dscq.url.publish=http://${host}:${port} -Dscq.url.dispatcher=http://${host}:${port}]

    It will produce an output like the following one:

[INFO] ------------------------------------------------------------------------
[INFO] Building Cognifide's SecureCQ Maven plugin 0.0.1
[INFO] ------------------------------------------------------------------------
[INFO] 
[INFO] --- securecq-maven-plugin:0.0.1-SNAPSHOT:securecq (default-cli) @ securecq-maven-plugin ---
[INFO] Performing security check 'config-validation'...
[INFO] 'config-validation' result: OK
[INFO] 'config-validation' passed tests:
[INFO]  - URL [http://localhost:4502] for instance author looks OK
[INFO]  - URL [http://localhost:4502] for instance publish looks OK
[INFO]  - URL [http://localhost:4502] for instance dispatcher looks OK
[INFO] Performing security check 'default-passwords'...
[INFO] 'default-passwords' result: FAIL
[WARNING] 'default-passwords' detected some failures:
[WARNING]  - User admin:admin exists on author
[WARNING]  - User author:author exists on author
[WARNING]  - User [email protected]:jdoe exists on author
[WARNING]  - User [email protected]:aparker exists on author
[WARNING]  - User admin:admin exists on publish
[WARNING]  - User author:author exists on publish
[WARNING]  - User [email protected]:jdoe exists on publish
[WARNING]  - User [email protected]:aparker exists on publish
[INFO] 'default-passwords' passed tests:
[INFO]  - User replication-receiver:replication-receiver doesn't exists on author
[INFO]  - User replication-receiver:replication-receiver doesn't exists on publish
[INFO] Performing security check 'dispatcher-access'...
[INFO] 'dispatcher-access' result: OK
[INFO] 'dispatcher-access' passed tests:
[INFO]  - [http://localhost:4502/.json] is restricted
[INFO]  - [http://localhost:4502/.1.json] is restricted
[INFO]  - [http://localhost:4502/.2.json] is restricted
[INFO]  - [http://localhost:4502/apps.json] is restricted
[INFO]  - [http://localhost:4502/bin.1.json] is restricted
[INFO]  - [http://localhost:4502/bin/querybuilder.json] is restricted
[INFO]  - [http://localhost:4502/bin/receive] is restricted
[INFO]  - [http://localhost:4502/bin/workflow] is restricted
[INFO]  - [http://localhost:4502/libs.json] is restricted
[INFO]  - [http://localhost:4502/tmp.json] is restricted
[INFO]  - [http://localhost:4502/var.json] is restricted
[INFO]  - [http://localhost:4502/libs/cq/search/content/querydebug.html] is restricted
[INFO]  - [http://localhost:4502/home/groups/e/everyone.json] is restricted
[INFO] Performing security check 'shindig-proxy'...
[INFO] 'shindig-proxy' result: OK
[INFO] 'shindig-proxy' passed tests:
[INFO]  - [http://localhost:4502/libs/shindig/proxy] is restricted
[INFO] Performing security check 'etc-tools'...
[INFO] 'etc-tools' result: FAIL
[WARNING] 'etc-tools' detected some failures:
[WARNING]  - [http://localhost:4502/crx/de/index.jsp] is not restricted
[INFO] Performing security check 'content-grabbing'...
[INFO] 'content-grabbing' result: FAIL
[WARNING] 'content-grabbing' detected some failures:
[WARNING]  - [http://localhost:4502/.infinity.json] is not restricted
[WARNING]  - [http://localhost:4502/.tidy.json] is not restricted
[WARNING]  - [http://localhost:4502/.sysview.xml] is not restricted
[WARNING]  - [http://localhost:4502/.docview.json] is not restricted
[WARNING]  - [http://localhost:4502/.docview.xml] is not restricted
[WARNING]  - [http://localhost:4502/.2.json] is not restricted
[WARNING]  - [http://localhost:4502/.query.json] is not restricted
[INFO] Performing security check 'feed-selector'...
[INFO] 'feed-selector' result: FAIL
[WARNING] 'feed-selector' detected some failures:
[WARNING]  - [http://localhost:4502/.feed.xml] is not restricted
[WARNING]  - [http://localhost:4502/.feed.html] is not restricted
[INFO] Performing security check 'wcm-debug'...
[INFO] 'wcm-debug' result: OK
[INFO] 'wcm-debug' passed tests:
[INFO]  - WCM debug filter is disabled at [http://localhost:4502/?debug=layout]
[INFO] Performing security check 'webdav'...
[INFO] 'webdav' result: FAIL
[WARNING] 'webdav' detected some failures:
[WARNING]  - WebDAV is enabled at publish
[INFO] Performing security check 'geometrixx'...
[INFO] 'geometrixx' result: OK
[INFO] 'geometrixx' passed tests:
[INFO]  - [http://localhost:4502/content/geometrixx/en.html] is restricted
[INFO] Performing security check 'redundant-selectors'...
[INFO] 'redundant-selectors' result: FAIL
[WARNING] 'redundant-selectors' detected some failures:
[WARNING]  - [http://localhost:4502/.thisIsAdditionalSelector.html] is not restricted
[WARNING]  - [http://localhost:4502/.this.is.additional.selector.html] is not restricted
[WARNING]  - [http://localhost:4502/.html/thisIsAdditionalSuffix] is not restricted
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.653s
[INFO] Finished at: Mon Jun 24 15:47:51 CEST 2013
[INFO] Final Memory: 9M/2031M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal com.adobe.adobemarketingcloud.github.maven:securecq-maven-plugin:0.0.1-SNAPSHOT:securecq (default-cli) on project securecq-maven-plugin: SequreCQ detected secutity vulnerabilities in your instances, see the log for details.
com.adobe.granite.maven

Adobe Experience Cloud

SDKs, samples and tools contributed by Adobe engineering and the whole developer community.

Versions

Version
0.0.1