Comments (2)
marcorosa
commented on June 11, 2024
Hello @ManishYadav-SAP thanks for opening this issue.
The current HTTPS setting works when running docker containers, but it doesn't work when running directly the web server from terminal.
I test the code and take some note in this issue not to lose track.
from credential-digger.
marcorosa
commented on June 11, 2024
Notes on the issue:
- the
.envmust list certificate and private key with a path relative to wsgi.py for running in the docker container (because the Dockerfile copies the content ofuiinto/credential-digger-uiso these files would be lost), whereas these paths must be relative to the project root when running from the terminal. - when running from the terminal, we run directly
ui/server.py, whereas the Dockerfile works with entry pointrun.sh, that runswsgi:appusinggunicorn(both in case of https enabled or not)
Ideas on possible fix:
- the certificate and private key, if set, have to be copied from dockerfile (and not dropped directly with
COPY . /credential-digger-ui) - if running with docker, then we can't use local (absolute or relative) paths because the certificates have to be copied in the container. Then, we need to override the env variables.
wsgi.pyandserver.pyshould be unified (only server.py should stay), if possible. Keeping both of them is confusing and hard to maintain (indeed, we lost track of this after 1 or 2 years)- if we only keep
server.py, then we need to define a ssl_context and pass it to app.run or the app configs
Once we decide how to fix this issue, we need to update the instructions in the wiki accordingly.
from credential-digger.
Related Issues (20)
- export_discoveries crash
- OSError during compute_embeddings HOT 2
- Show credential digger version in UI
- Update the the total discoveries counter with the real number of issues
- broken scans shown as completed in the UI
- broken hyperscan dependency HOT 3
- Scan local repo without remote causes the scan to break
- Scan is slow when copying local repo
- Pull request scan trigger hook HOT 3
- update psycopg HOT 1
- postgres add_discoveries broken for NUL characters
- Macbook M1|2|3 support HOT 3
- scan single commit
- Error, blank web page HOT 1
- Unable to authorize privite Github repositories HOT 3
- Error while installing on brand new KALI linux VM HOT 5
- Cred digger CLI base scan is not showing on UI
- ui/server.py breaks while performing the scan
- Update python versions support HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from credential-digger.