Skip to content

Updated Email version of Fortify EightBall demo app

Notifications You must be signed in to change notification settings

fortify-presales/EmailEightBall

Repository files navigation

Email version of Fortify EightBall demo app

This is a simple email based version of the Fortify Magic EightBall demo app that has a few security issues that can be found using Fortify Static Code Analyzer and Fortify Software Composition Analysis.

To build/run the application you will need to have a Java JDK (1.11 or later) and the Gradle Build Tool installed.

To build:

gradlew clean build

To run, first start the included "fake" email server:

java -Dspring.config.location=.\etc\fake-smtp-server.properties -jar .\lib\fake-smtp-server-1.8.1.jar

and then in different console to run (with defaults):

java -jar .\build\libs\EmailEightBall.jar

You can specify different options on the command line to ask different questions and/or send the results to a different email address, for example:

java -jar .\build\libs\EmailEightBall.jar "Does my bum look big in this?" biggie@localhost.com

You can see the resultant emails on the console or on the email server UI.

To run a Fortify SCA scan on the source code you can use the provided PowerShell script fortify-sca.ps1. In order for the script to work you will need to create a .env file in the project root directory with contents similar to the following:

# The URL of Software Security Center
SSC_URL=http://localhost:8080/ssc
SSC_USERNAME=username
SSC_PASSWORD=passwod
# SSC Authentication Token (recommended to use CIToken)
SSC_AUTH_TOKEN=xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx
# Name of the application in SSC
SSC_APP_NAME=EmailEightBall
# Name of the application version in SSC
SSC_APP_VER_NAME=1.0
SCANCENTRAL_CTRL_URL=http://localhost:8080/scancentral-ctrl
SCANCENTRAL_CTRL_TOKEN=xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx
SCANCENTRAL_POOL_ID=00000000-0000-0000-0000-000000000002
SCANCENTRAL_EMAIL=<your email address>
NEXUS_IQ_URL=http://localhost:8070
NEXUS_IQ_AUTH=XXX:YYY
NEXUS_IQ_APP_ID=EmailEightBall
FOD_API_URL=https://api.emea.fortify.com
FOD_API_KEY=xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx
FOD_API_SECRET=xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx

Note: this file should NOT be added to source control.

About

Updated Email version of Fortify EightBall demo app

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published