Giters

CERTCC / VINCE

VINCE is the Vulnerability Information and Coordination Environment developed and used by the CERT Coordination Center to improve coordinated vulnerability disclosure. VINCE is a Python-based web platform.

Home Page:https://kb.cert.org/vince/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Run on-premises

zmanion opened this issue · comments

commented

VINCE is tightly integrated into AWS (Cognito, SQS, etc). Consider changes to allow VINCE to be operated on-premises, possibly using LocalStack?

commented

We have had success running VINCE via LocalStack.

Once we complete testing, we will PR to the development branch.

Included is a ‘toggle’ flag within environment variables. Necessary parts within the application will rely on this flag to either run normally or with LocalStack.

This does require more environment variables set in an .env file

This will include a docker-compose for:
Postgresql
Localstack
Dockerfile (for vince spinup)

A few shell scripts that are called by docker-compose and the Dockerfile to automate vince installation and set up localstack.

There are a few additional 'fixtures' that we created to add items to localstack such as ticket queues and users/groups as a starting point.

A separate readme in /doc

commented

@z-priest I have an implementation with Localstack using docker-compose at https://github.com/mcutshaw/VINCE/tree/localstack. @sei-vsarvepalli, when you have time would you be able to be able to look at the 2 commits on that branch, and see what changes would need to be made before I make a full pull request?

commented

Hello Michael,

Seems like adding the kwargs endpoint_url=get_cognito_url() , breaks Cognito authentication MFA.

*** views.py    2022-11-22 19:59:28.997864618 +0000
*** 196,202 ****
      def form_valid(self, form):
          logger.debug("in form valid")
          coguser = self.get_user()
!         client= boto3.client('cognito-idp', region_name=settings.COGNITO_REGION)
          u = Cognito(settings.COGNITO_USER_POOL_ID, settings.COGNITO_APP_ID,
                      user_pool_region=settings.COGNITO_REGION,
                      id_token=coguser.id_token, refresh_token=coguser.refresh_token,
--- 206,212 ----
      def form_valid(self, form):
          logger.debug("in form valid")
          coguser = self.get_user()
!         client= boto3.client('cognito-idp',  endpoint_url=get_cognito_url(), region_name=settings.COGNITO_REGION)
commented

I'm assuming that it due to the "HTTP" and not "HTTPS", correct, and not due to the URL being wrong?
image

commented

Yeh - confirmed. It is http in the URL issue.

If you are able to put a full docker setup together, please go ahead and add those. Then get a signed PR, that I can merge. We can get this to CERT-BUND and others to help test Localstack setup to be first adopters.

Thanks for your work on this!
Vijay

commented

PR #74 is mostly there. Just have to run a few more tests on the front-end ugh! Thanks to @mcutshaw

commented

Development branch tested to work with Docker and LocalStack.