sharang/compliance-scanner-agent
1
0
Fork 0
Code Issues 51 Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity
Files
681201ff45eee4a40776a38dabc888a303cdcde9
compliance-scanner-agent/deploy/docker-compose.mailserver.yml
Sharang Parnerkar 37690ce734
Some checks failed
CI / Check (pull_request) Failing after 5m55s
Details
CI / Detect Changes (pull_request) Has been skipped
Details
CI / Deploy Agent (pull_request) Has been skipped
Details
CI / Deploy Dashboard (pull_request) Has been skipped
Details
CI / Deploy Docs (pull_request) Has been skipped
Details
CI / Deploy MCP (pull_request) Has been skipped
Details
feat: browser session persistence, auto-screenshots, context optimization, user cleanup 
Browser tool:
- Session-persistent Chrome tab (same tab reused across all calls in a pentest)
- Auto-screenshot on every navigate and click (stored in attack chain for report)
- Fill uses CDP Input.insertText (fixes WebSocket corruption on special chars)
- Switched from browserless/chromium to chromedp/headless-shell (stable WS)

Context window optimization:
- Strip screenshot_base64 from LLM conversation (kept in DB for report)
- Truncate HTML to 2KB, page text to 1.5KB in LLM messages
- Cap element/link arrays at 15 items
- SAST triage: batch 30 findings per LLM call instead of all at once

Report improvements:
- Auto-embed screenshots in attack chain timeline (navigate + click nodes)
- Cover page shows best app screenshot
- Attack chain phases capped at 8 (no more 20x "Final")

User cleanup:
- TestUserRecord model tracks created test users per session
- cleanup.rs: Keycloak (Admin REST API), Auth0 (Management API), Okta (Users API)
- Auto-cleanup on session completion when cleanup_test_user is enabled
- Env vars: KEYCLOAK_ADMIN_USERNAME, KEYCLOAK_ADMIN_PASSWORD

System prompt:
- Explicit browser usage instructions (navigate → get_content → click → fill)
- SPA auth bypass guidance (check page content, not HTTP status)
- Screenshot instructions for evidence collection

Other:
- Pin mongo:7 in docker-compose (mongo:latest/8 segfaults on kernel 6.19)
- Add deploy/docker-compose.mailserver.yml for Postfix + Dovecot

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-17 19:53:55 +01:00

64 lines
1.6 KiB
YAML
Raw Blame History

version: "3.8"
services:
mailserver:
image: ghcr.io/docker-mailserver/docker-mailserver:14
hostname: mail.scanner.meghsakha.com
domainname: scanner.meghsakha.com
container_name: mailserver
ports:
- "25:25" # SMTP (inbound mail)
- "143:143" # IMAP (orchestrator reads mail)
- "993:993" # IMAPS (TLS)
- "587:587" # Submission (outbound, if needed)
volumes:
- maildata:/var/mail
- mailstate:/var/mail-state
- maillogs:/var/log/mail
- /etc/localtime:/etc/localtime:ro
environment:
# Hostname
- OVERRIDE_HOSTNAME=mail.scanner.meghsakha.com
# Disable features we don't need
- ENABLE_SPAMASSASSIN=0
- ENABLE_CLAMAV=0
- ENABLE_FAIL2BAN=0
- ENABLE_POSTGREY=0
- ENABLE_AMAVIS=0
# Enable what we need
- ENABLE_IMAP=1
- ENABLE_POP3=0
# Plus-addressing (critical for pentest)
- POSTFIX_RECIPIENT_DELIMITER=+
# SSL (start with no TLS, add Let's Encrypt later)
- SSL_TYPE=
# Accept mail for our domain
- PERMIT_DOCKER=none
# Disable inbound SPF checking — we need to accept verification
# emails from Keycloak and other external senders
- ENABLE_OPENDKIM=0
- ENABLE_OPENDMARC=0
- ENABLE_POLICYD_SPF=0
- SPOOF_PROTECTION=0
# One domain
- POSTFIX_MYDESTINATION=scanner.meghsakha.com, localhost
restart: unless-stopped
healthcheck:
test: ["CMD", "ss", "-tlnp", "|", "grep", "25"]
interval: 30s
timeout: 10s
retries: 3
volumes:
maildata:
mailstate:
maillogs:
Reference in New Issue View Git Blame Copy Permalink