Running FAST Node via the Wallarm API¶
Chapter Prerequisites
To follow the steps described in this chapter, you need to obtain a token.
The following values are used as examples throughout this chapter:
token_Qwe12345as a token.tr_1234as an identifier of a test run.rec_0001as an identifier of a test record.
Running and configuration of FAST node comprises the following steps:
Deployment of the Docker Container with the FAST Node¶
Grant Access to Wallarm API Servers
It is crucial for the proper operation for the FAST node to have access to the us1.api.wallarm.com or api.wallarm.com Wallarm API servers via the HTTPS protocol (TCP/443).
Make sure that your firewall does not restrict the Docker host from accessing the Wallarm API servers.
Some configuration is required prior to running the Docker container with the FAST node. To configure the node, place the token into the container using the WALLARM_API_TOKEN environment variable. Additionally, you could use the ALLOWED_HOSTS variable if you need to limit the number of requests to be recorded.
To pass the environment variables to the container, place the variables in a text file and specify the path to the file using the --env-file parameter of the docker run command (see the instructions in the “Quick Start” guide).
Run a container with the FAST node by executing the following command:
docker run \
--rm \
--name <name> \
--env-file=<environment variables file> \
-p <target port>:8080 \
wallarm/fast
This guide assumes that the container runs only once for the given CI/CD job and is removed when the job ends. Therefore, the --rm parameter was added to the command listed above.
Please refer to the “Quick Start” guide for a detailed description of the command’s parameters.
Example
This example assumes that the FAST node uses the token_Qwe12345 token and is set up to record all the incoming baseline requests which have example.local as a substring of the Host header’s value.
The content of a file with environment variables is shown in the following example:
| fast.cfg |
|---|
WALLARM_API_TOKEN=token_Qwe12345ALLOWED_HOSTS=example.local |
The command below runs the Docker container named fast-poc-demo with the following behavior:
- The container is removed after its job is done.
- The environment variables are passed to the container using the
fast.cfgfile. - The container’s
8080port is published to the Docker host’s9090port.
If the FAST node deployment is successful, the container’s console and log file will contain the following informational messages:
Now the FAST node is listening on the Docker host’s IP address, and the port you specified earlier with the -p parameter of the docker run command.
Obtaining a Test Run¶
You need either to create a test run or copy one. The choice depends on the test run creation scenario that is suitable to you.
Acquiring a Test Policy Identifier¶
If you plan to employ your own test policy, then create one and get the policy’s identifier. Later, pass the identifier to the policy_id parameter when doing an API call to create or copy the test run.
Otherwise, if you choose to use the default test policy, then the policy_id parameter should be omitted from the API call.
Example of Test Policy
The “Quick Start” guide contains step-by-step instructions on how to create a sample test policy.
Creating a Test Run¶
When a test run is created, a new test record is created as well.
This method of test run creation should be used if it is required to test a target application along with recording of baseline requests.
How to Create a Test Run
This process is described in detail here.
The FAST node needs a certain amount of time to pass after the creation of the test run in order to record requests.
Make sure that the FAST node is ready to record requests before you send any requests to the target application using the test tool.
To do so, periodically check the test run status by sending the GET request to the URL https://us1.api.wallarm.com/v1/test_run/test_run_id:
| API call: | GET /v1/test_run/test_run_id | |
|---|---|---|
| Authorization: | Required | Authorization is provided by the token |
| HTTP header with the token: | X-WallarmAPI-Token | Serves to pass the token’s value to the API server |
| Parameters: | test_run_id (required) | The identifier of the test run whose state is to be obtained |
Example of a request:
curl --request GET \
--url https://us1.api.wallarm.com/v1/test_run/tr_1234 \
--header 'Host: us1.api.wallarm.com' \
--header 'X-WallarmAPI-Token: token_Qwe12345'
Example of a response:
{
"status": 200,
"body": {
"id": tr_1234,
"name": "demo-testrun",
...
"ready_for_recording": true,
...
}
}
If the request to the API server is successful, you will be presented with the server’s response. This response provides useful information, including the state of the recording process (the ready_for_recording parameter’s value).
If the parameter’s value is true, then the FAST node is ready to record and you can fire up your test tool to start sending requests to the target application.
Otherwise, repeatedly issue the same API call until the node is ready.
Copying a Test Run¶
When a test run is being copied, an existing test record is reused.
This way of test run creation is to be used if it is required to test a target application using already recorded baseline requests.
How to Copy a Test Run
This process is described in detail here.
Provided that a test run's has been successfully created, the FAST node begins testing immediately. There is no need to take any additional actions.
The Next Steps¶
The testing process can take a lot of time to complete. Use information from this document to determine if security testing with FAST has finished.
You could refer back to the “Deployment via API” or the “CI/CD Workflow with FAST” documents if necessary.