Welcome to the OWASP-SKF chat room, if you need help or have questions then you are at the right place! https://securityknowledgeframework.org You can also ask our Chatbot questions regarding to security vulnerabilities: @botSKF_gitlab what is xss?
hey @blabla1337 is there any documentation on deploying the skf bot? also, does it have slack bindings?
Riccardo ten Cate
@northdpole yeah the skf bot is a Hubot so that Works with slack also 😄
awesome, is there any documentation on how to add it to slack?
Hi, I'm looking at deploying SKF at my workplace for our engineering teams. I'm planning on doing an AOT build of the Angular site to stick in S3 for static hosting, and deploying the Flask app as a HA container setup. I was wondering if there would be any appetite for a PR that gives users the options of using an external DB
works great with containers, less great with servers
I tried using an external db using the SKF_DB_URL environment variable, see my above comments. It didn't work, if you can help me how to troubleshoot I appreciate. My requests to the api just fail with error 500
gimme a sec
which image are you using?
@northdpole I was looking at the 2.0.1 tag, which looked like it wouldn't play nicely with another DB
you could just set it and rebuild the images, i'm testing if it works
No i don't have this version, master is usingvthe env
hmm, let me check somethings
so @scrissti i got good news and bad news, good news: you can use skf-api and skf-angular from the same dockerhub repo to get the functionality you want. they need some more env variables which you can find here: https://github.com/blabla1337/skf-flask/blob/master/Docker/alpine-cloud/k8s/configmaps.yaml skf-back is the api and front is the angular. Bad news is that the functionality you're looking for seems to be on the dev branch and not stable enough yet. you can try building your own containers and using the dev version as per documentation. An alternative would be to work with kubernetes if you're familiar with it but if you're not it's a decent learning curve and if you're time constrained perhaps not a good avenue
i think i've prodded Glenn enough to work on this for now :p
Thanks, i ll look into it
Glenn ten Cate
@DanHatesNumbers@scrissti Hi guys, sorry let me make a new image and push it to the docker hub
so then you can use the way mentioned by @northdpole as well using the all in one docker image or the other solution use the api docker and the flask docker as those have already this ENV settings enabled
@northdpole For the chatbot we have 2 docker images available to be able to deploy it with documentation, Slack and Gitter
@botSKF_gitlab how to fix XSS?
Glenn ten Cate
Hi guys there is now a latest label on docker hub
and a skf-flask-3.0.0
this includes the ENV variable stuff @northdpole was mentioning
or you go with the angular docker image and the api docker image
2 flavours :)
@botSKF_gitlab what is CSRF?
@Ravi Mahankali (ravi-mrk) Description for CSRF on REST is : CrossSite Request Forgery (CSRF) is a type of attack that occurs when a malicious Web site, email, blog, instant message, or program causes a users Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated.The impact of a successful crosssite request forgery attack is limited to the capabilities exposed by the vulnerable application. For example, this attack could result in a transfer of funds, changing a password, or purchasing an item in the users context. In effect, CSRF attacks are used by an attacker to make a target system perform a function (funds Transfer, form submission etc.) via the targets browser without knowledge of the target user at least until the unauthorized function has been committed. (2:37:25 PM)