中通开源的接口越权检测工具secscan-authcheck安装记录

一、项目介绍

查看项目文档:https://mp.weixin.qq.com/s/vwF7aTvk-U-SnJqO3f80gA 项目地址:https://github.com/ztosec/secscan-authcheck

二、安装记录

2.1 下载源码

git clone https://github.com/ztosec/secscan-authcheck.git

2.2 越权检测工具的安装

cd authcheck
docker-compose up -d

2.3 启动会报错,对应的报错解决方

报错1:“no module name pip”

解决办法: 修改authcheck目录下的Dockerfile文件,在RUN apk update && apk upgrade && apk add ......这块最后面加上 py-pip 即可,即

RUN apk update && apk upgrade && apk add gcc g++ linux-headers python3 python3-dev py-pip

报错2: internal server error

报错3:Only timezones from the pytz library are supported

解决办法: 修改authcheck目录下的requirements.txt文件,为以下内容:

Flask==1.0.2
requests==2.21.0
Flask-Cors==3.0.8
mongoengine==0.23.1
APScheduler==3.8.1
uWSGI==2.0.18
redis==3.2.1
tzlocal==2.1

以上报错修复后,需要执行以下命令:

docker-compose build
docker-compose  up

2.4 example网站安装

报错1 :AttributeError: can't set attribute

修改examole目录下的requirements.txt文件,为以下内容:

Flask>=0.12.3
mock==2.0.0
oauthlib==2.0.6
requests-oauthlib==0.8.0
Flask-SQLAlchemy==2.5
Flask-OAuthlib==0.9.6
werkzeug==0.16.1

参考文档: https://www.jianshu.com/p/98cad66b0e9c https://discuss.helloflask.com/t/topic/659/5 https://blog.csdn.net/weixin_43323146/article/details/115000871

报错2:pip 或者 gcc 报错

参考文档: https://blog.csdn.net/weixin_43198291/article/details/115274358


安装时的参考文档

  1. https://blog.csdn.net/weixin_43198291/article/details/115274358
  2. https://www.cnblogs.com/starrys/p/13935730.html