rubygems firewall demo - michaelmworthington/codesamples GitHub Wiki
This page walks through the steps to set up NXRM and a Ruby Docker container to test RubyGems Firewall using https://rubygems.org/
See the official docs at https://help.sonatype.com/repomanager3/rubygems-repositories
- Prerequisites
- Step 1. Create a new Proxy Repository in NXRM
- Step 2. Enable Firewall for the New Proxy Repo
- Step 3. Run Docker Image for the Dependency Manager
- Step 4. Set the environment to download packages from NXRM
- Step 5. Install a package
- Step 6. Browse NXRM to view it
- Step 7. View the Firewall Report
- Step 8. Test Quarantine
- Step 9. Notes
- IQ Server installed and running
- NXRM 3 installed and running and configured with the IQ Server
- Docker for Mac installed and running
Use https://rubygems.org/ as the Remote URL
docker run -it --rm ruby bash
unlike the centos image used in the Yum Firewall Demo, this image runs the 'ruby' command when starting the container, rather than plain 'bash'. since i want to run a couple gem commands, force docker to run bash.
gem sources --add http://host.docker.internal:8083/nexus/repository/rubygems.org-releases/
gem sources --remove https://rubygems.org/
gem sources -c
Pro Tip - shortcut to remove the last configured source
gem sources --remove `gem sources | tail -n 1`
gem install rdoc
Repo List
IQ Server Report
rdoc 6.0.2 has CVE-2014-0026 with CVSS 5.4, so you'll need to have Quarantine enabled in the capability you created in step 2 and Proxy=Fail in your Security-Medium policy in IQ Server
gem install rdoc -v 6.0.1
Console Output
Repo List
IQ Server Report
You can reproduce the 403 - Quarantined error by clicking on the "Path" link: http://host.docker.internal:8083/nexus/repository/rubygems.org-releases/gems/rdoc-6.0.1.gem
