Skip to content

Commit b4aa13f

Browse files
jay-nandurijay-nanduri
authored
Change to typescript (#1)
Convert the JS functions to Typescript(Pending action is to remove these JS files and rename the typescript files after merge) Test cases to create scan, list scans, list projects are added Automate the test scans after changes to master / pull requests to master Automate publishing to GitHub packages after a release is created.
1 parent ef22a3d commit b4aa13f

24 files changed

+6375
-10
lines changed

.github/workflows/main.yml

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
# This workflow will do a clean install of node dependencies, build the source code and run tests across different versions of node
2+
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
3+
4+
name: Integration Tests
5+
6+
on:
7+
push:
8+
branches: [ master ]
9+
pull_request:
10+
branches: [ master ]
11+
12+
jobs:
13+
build:
14+
15+
runs-on: ubuntu-latest
16+
17+
strategy:
18+
matrix:
19+
#node-version: [10.x, 12.x, 14.x, 15.x]
20+
node-version: [ 15.x ]
21+
# See supported Node.js release schedule at https://nodejs.org/en/about/releases/
22+
23+
steps:
24+
- uses: actions/checkout@v2
25+
- name: Copy executable
26+
run: cp ./src/main/resources/cx-linux /tmp/
27+
- name: Permissions to executable
28+
run: sudo chmod 777 /tmp/cx-linux
29+
- name: Use Node.js ${{ matrix.node-version }}
30+
uses: actions/setup-node@v2
31+
with:
32+
node-version: ${{ matrix.node-version }}
33+
- run: npm ci
34+
- run: npm run build --if-present
35+
- name: Run tests
36+
env:
37+
CX_CLIENT_ID: ${{ secrets.CLIENT_ID}}
38+
CX_CLIENT_SECRET: ${{ secrets.CLIENT_SECRET}}
39+
CX_BASE_URI: ${{ secrets.BASE_URI }}
40+
PATH_TO_EXECUTABLE: /tmp/cx-linux
41+
run: npm test

.github/workflows/npm-publish.yml

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created
2+
# For more information see: https://help.github.com/actions/language-and-framework-guides/publishing-nodejs-packages
3+
4+
name: Node.js Package
5+
6+
on:
7+
release:
8+
types: [created]
9+
10+
jobs:
11+
publish-gpr:
12+
runs-on: ubuntu-latest
13+
steps:
14+
- uses: actions/checkout@v2
15+
- uses: actions/setup-node@v2
16+
with:
17+
node-version: 12
18+
registry-url: https://npm.pkg.github.com/
19+
- run: npm ci
20+
- name: Set up NPM authentication
21+
run: echo "//npm.pkg.github.com/:_authToken=${{ secrets.GITHUB_TOKEN }}" >> ~/.npmrc
22+
- run: npm publish --access public
23+
env:
24+
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}

babel.config.js

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
module.exports = {
2+
presets: ['@babel/typescript', ['@babel/env', {loose: true}], '@babel/react'],
3+
plugins: [['@babel/proposal-class-properties', {loose: true}]]
4+
};

jest.config.js

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
module.exports = {
2+
"testMatch": [
3+
"**/.tests./**/*.+(ts|tsx)",
4+
"**/?(*.)+(spec|test).+(ts|tsx)"
5+
],
6+
setupFilesAfterEnv: ['./jest.setup.js']
7+
};

jest.setup.js

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
jest.setTimeout(1000000);

mock-results.json

Lines changed: 269 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,269 @@
1+
{
2+
"date": "4/21/2021",
3+
"version": "0.0.1",
4+
"engines": [
5+
"sast",
6+
"sca",
7+
"kics"
8+
],
9+
"results": [
10+
{
11+
"id": "12345",
12+
"similarityId": -868420736,
13+
"vulnerabilityDetails": {
14+
"cweId": 602,
15+
"owasp2017": "A1"
16+
},
17+
"severity": "LOW",
18+
"firstScanId": "fc6a6e5e-3dab-4b3f-af2b-6dcf446626ef",
19+
"firstFoundAt": "2021-03-25T19:09:06Z",
20+
"foundAt": "2021-03-25T20:07:30Z",
21+
"status": "RECURRENT",
22+
"state": "NOT_EXPLOITABLE",
23+
"type": "sast",
24+
"data": {
25+
"queryId": 10526212270892872000,
26+
"queryName": "Client Side Only Validation",
27+
"group": "VbNet_Low_Visibility",
28+
"pathSystemId": "CF0SQeGPoCwKDphvpEFO5OUHZME=",
29+
"resultHash": "CF0SQeGPoCwKDphvpEFO5OUHZME=",
30+
"languageName": "VbNet",
31+
"nodes": [
32+
{
33+
"column": 15,
34+
"fileName": "test.cs",
35+
"fullName": "/bookstore/test.php",
36+
"length": 14,
37+
"line": 1,
38+
"methodLine": 1,
39+
"name": "bookdetailpage",
40+
"domType": "ClassDecl"
41+
},
42+
{
43+
"column": 15,
44+
"fileName": "source.cs",
45+
"fullName": "/bookstore/src/source.cs",
46+
"length": 14,
47+
"line": 22,
48+
"methodLine": 1,
49+
"name": "bookdetailpage",
50+
"domType": "ClassDecl"
51+
}
52+
]
53+
},
54+
"comments": "This is long standing SASt error?"
55+
},
56+
{
57+
"id": "12345",
58+
"similarityId": -868420736,
59+
"vulnerabilityDetails": {
60+
"cweId": 602,
61+
"owasp2017": "A1"
62+
},
63+
"severity": "LOW",
64+
"firstScanId": "fc6a6e5e-3dab-4b3f-af2b-6dcf446626ef",
65+
"firstFoundAt": "2021-03-25T19:09:06Z",
66+
"foundAt": "2021-03-25T20:07:30Z",
67+
"status": "NEW",
68+
"state": "NOT_EXPLOITABLE",
69+
"type": "sast",
70+
"data": {
71+
"queryId": 10526212270892872000,
72+
"queryName": "Jeff Major Issue",
73+
"group": "VbNet_Low_Visibility",
74+
"pathSystemId": "CF0SQeGPoCwKDphvpEFO5OUHZME=",
75+
"resultHash": "CF0SQeGPoCwKDphvpEFO5OUHZME=",
76+
"languageName": "Java",
77+
"nodes": [
78+
{
79+
"column": 15,
80+
"fileName": "BookDetail.aspx",
81+
"fullName": "/bookstore/BookDetail.aspx",
82+
"length": 14,
83+
"line": 68,
84+
"methodLine": 1,
85+
"name": "bookdetailpage",
86+
"domType": "ClassDecl",
87+
"nodeSystemId": "fTPHOKt18pwXgBGUaMx8XV7rL5s=",
88+
"nodeHash": "fTPHOKt18pwXgBGUaMx8XV7rL5s="
89+
}
90+
]
91+
},
92+
"comments": "This is long standing SASt error?"
93+
},
94+
{
95+
"id": "12345",
96+
"similarityId": -868420736,
97+
"vulnerabilityDetails": {
98+
"cweId": 602,
99+
"owasp2017": "A1"
100+
},
101+
"severity": "HIGH",
102+
"firstScanId": "fc6a6e5e-3dab-4b3f-af2b-6dcf446626ef",
103+
"firstFoundAt": "2021-03-25T19:09:06Z",
104+
"foundAt": "2021-03-25T20:07:30Z",
105+
"status": "NEW",
106+
"state": "NOT_EXPLOITABLE",
107+
"type": "sast",
108+
"data": {
109+
"queryId": 10526212270892872000,
110+
"queryName": "SQL Injection",
111+
"group": "VbNet_Low_Visibility",
112+
"pathSystemId": "CF0SQeGPoCwKDphvpEFO5OUHZME=",
113+
"resultHash": "CF0SQeGPoCwKDphvpEFO5OUHZME=",
114+
"languageName": "VbNet",
115+
"nodes": [
116+
{
117+
"column": 15,
118+
"fileName": "BookDetail.aspx",
119+
"fullName": "/bookstore/BookDetail.aspx",
120+
"length": 14,
121+
"line": 90,
122+
"methodLine": 1,
123+
"name": "bookdetailpage",
124+
"domType": "ClassDecl",
125+
"nodeSystemId": "fTPHOKt18pwXgBGUaMx8XV7rL5s=",
126+
"nodeHash": "fTPHOKt18pwXgBGUaMx8XV7rL5s="
127+
}
128+
]
129+
},
130+
"comments": "This another error we created for testing."
131+
},
132+
{
133+
"id": "12345",
134+
"similarityId": -868420736,
135+
"vulnerabilityDetails": {
136+
"cweId": 602,
137+
"owasp2017": "A1"
138+
},
139+
"severity": "MEDIUM",
140+
"firstScanId": "fc6a6e5e-3dab-4b3f-af2b-6dcf446626ef",
141+
"firstFoundAt": "2021-03-25T19:09:06Z",
142+
"foundAt": "2021-03-25T20:07:30Z",
143+
"status": "RECURRENT",
144+
"state": "NOT_EXPLOITABLE",
145+
"type": "sast",
146+
"data": {
147+
"queryId": 10526212270892872000,
148+
"queryName": "XSS",
149+
"group": "VbNet_Low_Visibility",
150+
"pathSystemId": "CF0SQeGPoCwKDphvpEFO5OUHZME=",
151+
"resultHash": "CF0SQeGPoCwKDphvpEFO5OUHZME=",
152+
"languageName": "VbNet",
153+
"nodes": [
154+
{
155+
"column": 15,
156+
"fileName": "StoreFront.aspx",
157+
"fullName": "/bookstore/StoreFront.aspx",
158+
"length": 14,
159+
"line": 44,
160+
"methodLine": 1,
161+
"name": "bookdetailpage",
162+
"domType": "ClassDecl",
163+
"nodeSystemId": "fTPHOKt18pwXgBGUaMx8XV7rL5s=",
164+
"nodeHash": "fTPHOKt18pwXgBGUaMx8XV7rL5s="
165+
}
166+
]
167+
},
168+
"comments": "The alternative test page."
169+
},
170+
171+
{
172+
"id": "12346",
173+
"type": "dependency",
174+
"similarityId": "?? Null currently CVE?",
175+
"vulnerabilityMetadata": {
176+
"cvssScore": 7.5,
177+
"cveName": "CVE-2014-0114",
178+
"cweId": 20,
179+
"cvss*": "any cvss calc values"
180+
},
181+
"severity": "INFO",
182+
"firstScanId": "fc6a6e5e-3dab-4b3f-af2b-6dcf446626ef",
183+
"firstFoundAt": "2021-03-25T19:09:06Z",
184+
"foundAt": "2021-03-25T20:07:30Z",
185+
"status": "RECURRENT",
186+
"state": "CONFIRMED",
187+
"data": {
188+
"description": "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.3, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.",
189+
"recommendations": "",
190+
"packageId": "Maven-commons-beanutils:commons-beanutils-1.8.3",
191+
"recommendedVersion": "1.9.4",
192+
"exploitableMethods": [
193+
""
194+
],
195+
"packagePublishDate": "2014-04-30T10:49:00Z",
196+
"packageData": [
197+
{
198+
"url": "https://issues.apache.org/jira/browse/BEANUTILS-520",
199+
"type": "Issue",
200+
"comment": "Apache Commons BeanUtils"
201+
},
202+
{
203+
"url": "https://github.com/apache/commons-beanutils/pull/7",
204+
"type": "Pull request",
205+
"comment": ""
206+
}
207+
]
208+
},
209+
"comments": "href to comments?"
210+
},
211+
{
212+
"id": "12347",
213+
"similarityId": "-1",
214+
"vulnerabilityDetails": {
215+
"royaltyFree": "Free",
216+
"copyrightRiskScore": "3",
217+
"linking": "NonViral",
218+
"copyLeft": "NoCopyleft",
219+
"patentRiskScore": "3"
220+
},
221+
"severity": "LOW",
222+
"firstScanId": "fc6a6e5e-3dab-4b3f-af2b-6dcf446626ef",
223+
"firstFoundAt": "2021-03-25T19:09:06Z",
224+
"foundAt": "2021-03-25T20:07:30Z",
225+
"status": "RECURRENT",
226+
"state": "CONFIRMED",
227+
"type": "license",
228+
"data": {
229+
"queryId": "Unknown-abbrev-1.0.9-ISC",
230+
"queryName": "ISC",
231+
"queryUrl": "https://opensource.org/licenses/ISC",
232+
"packageType": "Npm",
233+
"packageUrl": "https://www.npmjs.com/package/abbrev/v/1.0.9"
234+
},
235+
"comments": "href to comments?"
236+
},
237+
{
238+
"id": "12348",
239+
"type": "infrastructure",
240+
"similarityId": "80c80ca05c3cd6fdddc808e042d3a404aee120a7419d89649c909409d6235614",
241+
"vulnerabilityDetails": {
242+
"tbd": "tbd"
243+
},
244+
"severity": "MEDIUM",
245+
"firstScanId": "fc6a6e5e-3dab-4b3f-af2b-6dcf446626ef",
246+
"firstFoundAt": "2021-03-25T19:09:06Z",
247+
"foundAt": "2021-03-25T20:07:30Z",
248+
"status": "RECURRENT",
249+
"state": "NOT_EXPLOITABLE",
250+
"data": {
251+
"queryId": "a3a055d2-9a2e-4cc9-b9fb-12850a1a3a4b",
252+
"queryName": "AD Admin Not Configured For SQL Server",
253+
"group": "Build Process",
254+
"queryUrl": "https://docs.docker.com/engine/reference/builder/#entrypoint",
255+
"fileName": "/terraform/azure/sql.tf",
256+
"line": 9,
257+
"platform": "Terraform",
258+
"issueType": "IncorrectValue",
259+
"searchKey": "FROM={{alpine:3.12.0}}.{{CMD /entrypoint.sh && crond -l 2 -f}}",
260+
"searchValue": "",
261+
"expectedValue": "FROM={{alpine:3.12.0}}.{{CMD /entrypoint.sh && crond -l 2 -f}} is in the JSON Notation",
262+
"actualValue": "FROM={{alpine:3.12.0}}.{{CMD /entrypoint.sh && crond -l 2 -f}} isn't in the JSON Notation",
263+
"value": null,
264+
"description": "Ensure that we are using JSON in the CMD and ENTRYPOINT Arguments"
265+
},
266+
"comments": "href to comments?"
267+
}
268+
]
269+
}

0 commit comments

Comments
 (0)