Running a FAST Node in Testing Mode

While in testing mode, the FAST node creates a test run based on the test record that was populated with baseline requests in recording mode and executes the security test set for the target application.

Chapter Prerequisites

To follow the steps described in this chapter, you need to obtain a token.

The following values are used as examples throughout this chapter:

  • tr_1234 as an identifier of a test run.
  • rec_0001 as an identifier of a test record.
  • bl_7777 as an identifier of a baseline request.

Install docker-compose

The docker-compose tool will be used throughout this chapter to demonstrate how FAST node operates in the testing mode.

The installation instructions for this tool are available here.

Environment Variables in Testing Mode

FAST node configuration is done via environment variables. The table below holds all environment variables that can be used to configure a FAST node in testing mode.

Environment Variable Value Required?
WALLARM_API_TOKEN Token for a node. Yes
WALLARM_API_HOST The domain name of the Wallarm API server to use.
Allowed values:
us1.api.wallarm.com for use with the US cloud;
api.wallarm.com for use with the EU cloud.
Yes
CI_MODE FAST node's operation mode.
Required value: testing.
Yes
WORKERS The number of processes that work with multiple baseline requests in parallel fashion.
Default value: 10.
No
TEST_RECORD_ID Identifier of a test record.
Default: empty value.
No
TEST_RUN_NAME The name of the test run.
Default value is in a similar format: “TestRun Sep 24 12:31 UTC”.
No
TEST_RUN_DESC The description of the test run.
Default value: empty string.
No
TEST_RUN_POLICY_ID The identifier of the test policy.
If the parameter is missing, then the default policy takes action.
No
TEST_RUN_RPS The parameter specifies a limit on the number of test requests (RPS, requests per second) to be sent to the target application during test run execution.
Allowed value range: from 1 to 1000 (requests per second)
Default value: unlimited.
No
TEST_RUN_STOP_ON_FIRST_FAIL This parameter specifies FAST’s behavior when a vulnerability is detected:
true: stop the execution of the test run on the first detected vulnerability.
false: process all the baseline requests regardless of whether any vulnerability is detected.
Default value: false.
No
TEST_RUN_URI A URI of the target application.
The IP address of the target application may change during the CI/CD process, so you can use the application URI.
For example, the application address in docker-compose is http://app-test:3000.
No

Acquiring a Test Policy Identifier

If you plan to employ your own test policy, then create one in the Wallarm cloud. Later, pass the identifier to the FAST node's Docker container via the TEST_RUN_POLICY_ID environment variable when running the FAST node in testing mode.

Otherwise, if you choose to use the default test policy, then do not set the TEST_RUN_POLICY_ID environment variable for the container.

How to Create a Test Policy

The “Quick Start” guide contains step-by-step instructions on how to create a sample test policy.

Obtaining a test record identifier

To use a specific test record in testing mode, you can pass the test record's identifier to the FAST node using the TEST_RECORD_ID parameter. Thus, there is no need to run the FAST node in the recording mode first, but you can use a pre-formed test record and use it to perform the same security tests many times (in different nodes and test runs).

You can get the identifier of the test record in the interface of Wallarm portal or from the log of FAST node in the recording mode. If you do not use the TEST_RECORD_ID parameter, the FAST node will use the last test record of the node.

Deployment of a FAST Node in the Testing Mode

The docker-compose.yaml file that was created earlier is suitable for running a FAST node in testing mode. To do so, it is necessary to alter the CI_MODE environment variable's value to the testing one.

You either can change the variable's value by modifying it in the docker-compose.yaml file, or pass the environment variable with the required value to the Docker container via the -e option of the docker-compose run command:

docker-compose run --rm -e CI_MODE=testing fast

Options of the docker-compose command

You can pass any of the environment variables described above to a FAST node Docker container via the -e option.

The --rm option is also used in the example above, so that the FAST node container will be automatically disposed of when the node is stopped.

If the command executes successfully, a console output similar to the one shown here will be generated:

 __      __    _ _
 \ \    / /_ _| | |__ _ _ _ _ __
  \ \/\/ / _` | | / _` | '_| '  \
   \_/\_/\__,_|_|_\__,_|_| |_|_|_|
            ___ _   ___ _____
           | __/_\ / __|_   _|
           | _/ _ \\__ \ | |
           |_/_/ \_\___/ |_|

Loading...
INFO synccloud[13]: Registered new instance 16dd487f-3d40-4834-xxxx-8ff17842d60b
INFO [1]: Loaded 0 custom extensions for fast scanner
INFO [1]: Loaded 44 default extensions for fast scanner
INFO [1]: Use TestRecord#rec_0001 for creating TestRun
INFO [1]: TestRun#tr_1234 created

This output informs us that the test record with the rec_0001 identifier was used to create a test run with the tr_1234 identifier, and this operation was completed successfully.

Next, security tests are created and executed by the FAST node for each baseline request in the test record that satisfies the test policy. The console output will contain similar messages to these:

INFO [1]: Running a test set for the baseline #bl_7777
INFO [1]: Test set for the baseline #bl_7777 is running
INFO [1]: Retrieving the baseline request Hit#["hits_production_202_20xx10_v_1", "AW2xxxxxW26"]
INFO [1]: Use TestPolicy with name 'Default Policy'

This output informs us that the test set is running for the baseline requests with the bl_7777 identifier. Also, it tells us that the default test policy is being used due to a lack of the TEST_RUN_POLICY_ID environment variable.

Stopping and Removing the Docker Container with the FAST Node in Testing Mode

FAST nodes can terminate in different ways, depending on the testing results obtained.

If some vulnerabilities are detected in the target application, the FAST node shows a message similar to this:

INFO [1]: Found 4 vulnerabilities, marking the test set for baseline #bl_7777 as failed
ERROR [1]: TestRun#tr_1234 failed

In this case, four vulnerabilities were found. A test set for the baseline with the bl_7777 identifier is considered failed. The corresponding test run with the tr_1234 identifier is also marked as failed.

If no vulnerabilities are detected in the target application, the FAST node shows a message similar to this:

INFO [1]: No issues found. Test set for baseline #bl_7777 passed.
INFO [1]: TestRun#tr_1234 passed

In this case, the test run with the tr_1234 identifier is considered passed.

About Security Test Sets

Note that the above examples do not imply that only one test set was executed. A test set is formed for each baseline request that complies with the FAST test policy.

A single test-set-related message is shown here for demonstration purposes.

After the FAST node has finished the testing process, it terminates and returns an exit code to the process that runs as part of a CI/CD job.

  • If security test status is “passed” and the FAST node encounters no errors during the testing process, then the 0 exit code is returned.
  • Otherwise, if security tests do fail or the FAST node encounters some errors during the testing process, then the 1 exit code is returned.

The FAST node container in testing mode will stop automatically after security testing is complete. Nonetheless, a CI/CD tool can still be in control of the node and its container lifecycle by the means described earlier.

In the example above the FAST node container was run with the --rm option. That means that the stopped container is automatically removed.

results matching ""

    No results matching ""