nuget firewall demo - michaelmworthington/codesamples GitHub Wiki
This page walks through the steps to set up NXRM and a DotNet Docker container to test NuGet Firewall using https://api.nuget.org/v3/index.json
See the official docs at https://help.sonatype.com/repomanager3/formats/nuget-repositories
- Prerequisites
- Step 1. Create a new Proxy Repository in NXRM
- Step 2. Enable Firewall for the New Proxy Repo
- Step 3. Run Docker Image for the Dependency Manager
- Step 4. Set the environment to download packages from NXRM
- Step 5. Install a package
- Step 6. Browse NXRM to view it
- Step 7. View the Firewall Report
- Step 8. Test Quarantine
- Step 9. Notes
- IQ Server installed and running
- NXRM 3 installed and running and configured with the IQ Server
- Docker for Mac installed and running
Use https://api.nuget.org/v3/index.json as the Remote URL. Accept default values for the remainder of the settings.
docker run -it --rm mono
nuget install newtonsoft.json -Source http://host.docker.internal:8083/nexus/repository/nuget.org-v3-proxy/index.json
Observe the inbound requests to NXRM in the request.log file:
172.18.0.1 - - [10/Nov/2020:16:27:44 -0500] "GET /nexus/repository/nuget.org-v3-proxy/index.json HTTP/1.1" 200 - 7969 737 "NuGet Command Line/5.5.0 (Unix 5.4.39.0)" [qtp15707558-357] host=host.docker.internal:8083 forwarded-proto=- forwarded-host=- forwarded-port=- forwarded-server=- "new-forwarded=-" "RUT=-" "foo=-"
172.18.0.1 - - [10/Nov/2020:16:27:45 -0500] "GET /nexus/repository/nuget.org-v3-proxy/v3/registration/5/newtonsoft.json/index.json HTTP/1.1" 200 - 142185 526 "NuGet Command Line/5.5.0 (Unix 5.4.39.0)" [qtp15707558-324] host=host.docker.internal:8083 forwarded-proto=- forwarded-host=- forwarded-port=- forwarded-server=- "new-forwarded=-" "RUT=-" "foo=-"
172.18.0.1 - - [10/Nov/2020:16:27:47 -0500] "GET /nexus/repository/nuget.org-v3-proxy/v3/content/0/newtonsoft.json/12.0.3/newtonsoft.json.12.0.3.nupkg HTTP/1.1" 200 - 2596051 1975 "NuGet Command Line/5.5.0 (Unix 5.4.39.0)" [qtp15707558-357] host=host.docker.internal:8083 forwarded-proto=- forwarded-host=- forwarded-port=- forwarded-server=- "new-forwarded=-" "RUT=-" "foo=-"
Repo List
IQ Server Report
AngularJS.Core 1.5.2 has CVE-2019-10768 with CVSS 7.5, so you'll need to have Quarantine enabled in the capability you created in step 2 and Proxy=Fail in your Security-High policy in IQ Server
nuget install AngularJS.Core -Version 1.5.2 -Source http://host.docker.internal:8083/nexus/repository/nuget.org-proxy/
Console Output
Repo List
IQ Server Report
You can reproduce the 403 - Quarantined error by clicking on the "Path" link: http://host.docker.internal:8083/nexus/repository/nuget.org-proxy/AngularJS.Core/1.5.2
