TEMPLATE

Find and Replace TODO

Introduction

This page walks through the steps to set up NXRM and a TODO Docker container to test TODO Firewall using https://TODO.org/

See the official docs at https://help.sonatype.com/repomanager3/formats/TODO-repositories

Prerequisites
Step 1. Create a new Proxy Repository in NXRM
Step 2. Enable Firewall for the New Proxy Repo
Step 3. Run Docker Image for the Dependency Manager
Step 4. Set the environment to download packages from NXRM
Step 5. Install a package
Step 6. Browse NXRM to view it
Step 7. View the Firewall Report
Step 8. Test Quarantine
Step 9. Notes

Prerequisites

IQ Server installed and running
NXRM 3 installed and running and configured with the IQ Server
Docker for Mac installed and running

Step 1. Create a new Proxy Repository in NXRM

Use https://TODO.org/ as the Remote URL. Accept default values for the remainder of the settings.

images/TODO-fw-demo-1-create-repo.png

Step 2. Enable Firewall for the New Proxy Repo

images/TODO-fw-demo-2-enable-firewall.png

Step 3. Run the Docker Image in Interactive Mode

docker run -it --rm TODO bash

unlike the centos image used in the Yum Firewall Demo, this image runs the 'TODO' command when starting the container, rather than plain 'bash'. since i want to run a couple TODO commands, force docker to run bash.

Step 4. Use the TODO command line to set up the repo sources

TODO
gem sources --add http://host.docker.internal:8083/nexus/repository/rubygems.org-releases/
gem sources --remove https://rubygems.org/
gem sources -c

Step 5. Use TODO to Install a package

TODO
gem install rdoc

images/TODO-fw-demo-5-install-package.png

Step 6. Browse the Proxy Repo

images/TODO-fw-demo-6-browse-repo.png

Step 7. Go to the Firewall Report

Repo List

images/TODO-fw-demo-7a-repo-list.png

IQ Server Report

images/TODO-fw-demo-7b-iq-report.png

Step 8. Test Quarantine

TODO (use case)

rdoc 6.0.2 has CVE-2014-0026 with CVSS 5.4, so you'll need to have Quarantine enabled in the capability you created in step 2 and Proxy=Fail in your Security-Medium policy in IQ Server

gem install rdoc -v 6.0.1

Console Output

images/TODO-fw-demo-8a-console-output.png

Repo List

images/TODO-fw-demo-8b-repo-list.png

IQ Server Report

images/TODO-fw-demo-8c-iq-report.png

Step 9. Notes

The NXRM Tree View shows the Quarantined component:

You can reproduce the 403 - Quarantined error by clicking on the "Path" link: http://host.docker.internal:8081/repository/TODO-proxy/packages/django/1.6/Django-1.6-py2.py3-none-any.whl

images/TODO-fw-demo-9a-tree-view.png

images/TODO-fw-demo-9b-quarantine.png

You can view the component information panel (CIP) right in NXRM

images/TODO-fw-demo-9c-tree-view-cip.png

TODO firewall demo - michaelmworthington/codesamples GitHub Wiki

TEMPLATE

Introduction

Table of Contents

Prerequisites

Step 1. Create a new Proxy Repository in NXRM

Step 2. Enable Firewall for the New Proxy Repo

Step 3. Run the Docker Image in Interactive Mode

Step 4. Use the TODO command line to set up the repo sources

Step 5. Use TODO to Install a package

Step 6. Browse the Proxy Repo

Step 7. Go to the Firewall Report

Step 8. Test Quarantine

Step 9. Notes

The NXRM Tree View shows the Quarantined component:

You can view the component information panel (CIP) right in NXRM

⚠️ GitHub.com Fallback ⚠️

TODO firewall demo - michaelmworthington/codesamples GitHub Wiki

TEMPLATE

Introduction

Table of Contents

Prerequisites

Step 1. Create a new Proxy Repository in NXRM

Step 2. Enable Firewall for the New Proxy Repo

Step 3. Run the Docker Image in Interactive Mode

Step 4. Use the TODO command line to set up the repo sources

Step 5. Use TODO to Install a package

Step 6. Browse the Proxy Repo

Step 7. Go to the Firewall Report

Step 8. Test Quarantine

Step 9. Notes

The NXRM Tree View shows the Quarantined component:

You can view the component information panel (CIP) right in NXRM

⚠️ **GitHub.com Fallback** ⚠️

⚠️ GitHub.com Fallback ⚠️