From de1fdfe9327110745eddcdcfa0323763b76d2e01 Mon Sep 17 00:00:00 2001 From: kbellouard Date: Wed, 2 Jul 2025 15:25:05 +0200 Subject: [PATCH 01/25] feat: ci-cd --- .github/workflows/ci-cd.yml | 92 +++++++++++++++++++++++ src/main/resources/application.properties | 2 + 2 files changed, 94 insertions(+) create mode 100644 .github/workflows/ci-cd.yml diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml new file mode 100644 index 0000000..13ee229 --- /dev/null +++ b/.github/workflows/ci-cd.yml @@ -0,0 +1,92 @@ +name: CI/CD Pipeline + +on: + push: + branches: + - main + pull_request: + branches: + - main + +jobs: + sonarqube: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Set up JDK 21 + uses: actions/setup-java@v3 + with: + java-version: "21" + distribution: "temurin" + - name: Run SonarQube analysis + run: | + ./mvnw sonar:sonar \ + -Dsonar.projectKey=MSPRProject_Front \ + -Dsonar.host.url=${{ secrets.SONAR_HOST_URL }} \ + -Dsonar.login=${{ secrets.SONAR_TOKEN }} + + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Set up JDK 21 + uses: actions/setup-java@v3 + with: + java-version: "21" + distribution: "temurin" + - name: Run tests + run: ./mvnw test + + owasp-zap: + runs-on: ubuntu-latest + services: + postgres: + image: postgres:latest + env: + POSTGRES_USER: sanalyz + POSTGRES_PASSWORD: sanalyz + POSTGRES_DB: sanalyz + ports: + - 5432:5432 + options: --health-cmd pg_isready --health-interval 10s + steps: + - uses: actions/checkout@v3 + - name: Start the application + run: | + nohup ./mvnw spring-boot:run & + echo "Waiting for the application to start..." + sleep 30 + - name: Run OWASP ZAP + uses: zaproxy/action-full-scan@v0.5.0 + with: + target: "http://localhost:8080" + rules_file_name: ".zap/rules.tsv" + fail_action: true + - name: Stop the application + run: | + echo "Stopping the application..." + pkill -f 'spring-boot:run' + + e2e-tests: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Clone E2E Scripting Repo + run: git clone https://github.com/your-org/e2e-scripting-repo.git + - name: Run E2E Tests + run: | + echo "Running E2E tests..." + + deploy: + runs-on: ubuntu-latest + needs: [sonarqube, test, owasp-zap, e2e-tests] + steps: + - uses: actions/checkout@v3 + - name: Set up JDK 21 + uses: actions/setup-java@v3 + with: + java-version: "21" + distribution: "temurin" + - name: Deploy + run: | + echo "Deploying application..." diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 5e7597d..4c352e0 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -4,6 +4,8 @@ spring.datasource.username=sanalyz spring.datasource.password=sanalyz spring.datasource.driver-class-name=org.postgresql.Driver +server.port=8080 + # Hibernate & JPA settings spring.jpa.hibernate.ddl-auto=update spring.jpa.show-sql=true From 0ccd744eb721899c2c1c6c04274be1a257a90f25 Mon Sep 17 00:00:00 2001 From: kbellouard Date: Wed, 2 Jul 2025 15:40:48 +0200 Subject: [PATCH 02/25] fix: ci --- .github/workflows/ci-cd.yml | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 13ee229..9d3faed 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -20,6 +20,7 @@ jobs: distribution: "temurin" - name: Run SonarQube analysis run: | + chmod +x ./mvnw ./mvnw sonar:sonar \ -Dsonar.projectKey=MSPRProject_Front \ -Dsonar.host.url=${{ secrets.SONAR_HOST_URL }} \ @@ -35,7 +36,9 @@ jobs: java-version: "21" distribution: "temurin" - name: Run tests - run: ./mvnw test + run: | + chmod +x ./mvnw + ./mvnw test owasp-zap: runs-on: ubuntu-latest @@ -53,6 +56,7 @@ jobs: - uses: actions/checkout@v3 - name: Start the application run: | + chmod +x ./mvnw nohup ./mvnw spring-boot:run & echo "Waiting for the application to start..." sleep 30 @@ -67,15 +71,15 @@ jobs: echo "Stopping the application..." pkill -f 'spring-boot:run' - e2e-tests: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Clone E2E Scripting Repo - run: git clone https://github.com/your-org/e2e-scripting-repo.git - - name: Run E2E Tests - run: | - echo "Running E2E tests..." + # e2e-tests: + # runs-on: ubuntu-latest + # steps: + # - uses: actions/checkout@v3 + # - name: Clone E2E Scripting Repo + # run: git clone https://github.com/your-org/e2e-scripting-repo.git + # - name: Run E2E Tests + # run: | + # echo "Running E2E tests..." deploy: runs-on: ubuntu-latest From 0ec9e32187514dbd4d6a669e1b949c3aa78dc65e Mon Sep 17 00:00:00 2001 From: kbellouard Date: Wed, 2 Jul 2025 15:43:08 +0200 Subject: [PATCH 03/25] fix: ci --- .github/workflows/ci-cd.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 9d3faed..c81a2ae 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -83,7 +83,8 @@ jobs: deploy: runs-on: ubuntu-latest - needs: [sonarqube, test, owasp-zap, e2e-tests] + # needs: [sonarqube, test, owasp-zap, e2e-tests] + needs: [sonarqube, test, owasp-zap] steps: - uses: actions/checkout@v3 - name: Set up JDK 21 From d066ae1e6483180bca8b6eb24fad0e5a2b31cd68 Mon Sep 17 00:00:00 2001 From: kbellouard Date: Wed, 2 Jul 2025 15:46:09 +0200 Subject: [PATCH 04/25] fix: missing maven wrapper --- .gitignore | 2 +- .mvn/wrapper/maven-wrapper.properties | 19 +++++++++++++++++++ mvnw | 0 3 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 .mvn/wrapper/maven-wrapper.properties mode change 100644 => 100755 mvnw diff --git a/.gitignore b/.gitignore index 798a56c..0142ae7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,10 +1,10 @@ HELP.md target/ +.mvn/ !.mvn/wrapper/maven-wrapper.jar !**/src/main/**/target/ !**/src/test/**/target/ !**/src/main/resources/ -.mvn/ ### STS ### .apt_generated diff --git a/.mvn/wrapper/maven-wrapper.properties b/.mvn/wrapper/maven-wrapper.properties new file mode 100644 index 0000000..d58dfb7 --- /dev/null +++ b/.mvn/wrapper/maven-wrapper.properties @@ -0,0 +1,19 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +wrapperVersion=3.3.2 +distributionType=only-script +distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.9/apache-maven-3.9.9-bin.zip diff --git a/mvnw b/mvnw old mode 100644 new mode 100755 From ea63f50fe73fc2644d406de3c1d5f1650d7b7366 Mon Sep 17 00:00:00 2001 From: kbellouard Date: Wed, 2 Jul 2025 16:01:06 +0200 Subject: [PATCH 05/25] fix: ci --- .github/workflows/ci-cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index c81a2ae..62b686b 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -22,7 +22,7 @@ jobs: run: | chmod +x ./mvnw ./mvnw sonar:sonar \ - -Dsonar.projectKey=MSPRProject_Front \ + -Dsonar.projectKey=MSPRProject_Api \ -Dsonar.host.url=${{ secrets.SONAR_HOST_URL }} \ -Dsonar.login=${{ secrets.SONAR_TOKEN }} From 2edea4c9333bed7b94511f00610492276a07fce5 Mon Sep 17 00:00:00 2001 From: kbellouard Date: Wed, 2 Jul 2025 16:02:52 +0200 Subject: [PATCH 06/25] fix: ci --- .github/workflows/ci-cd.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 62b686b..fbb604a 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -24,7 +24,8 @@ jobs: ./mvnw sonar:sonar \ -Dsonar.projectKey=MSPRProject_Api \ -Dsonar.host.url=${{ secrets.SONAR_HOST_URL }} \ - -Dsonar.login=${{ secrets.SONAR_TOKEN }} + -Dsonar.login=${{ secrets.SONAR_TOKEN }} \ + -Dsonar.organization=MSPRProject test: runs-on: ubuntu-latest From 24266d82acfb2fc666731e1e5c742b7675298caf Mon Sep 17 00:00:00 2001 From: kbellouard Date: Wed, 2 Jul 2025 16:03:52 +0200 Subject: [PATCH 07/25] fix: ci --- .github/workflows/ci-cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index fbb604a..055cddb 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -25,7 +25,7 @@ jobs: -Dsonar.projectKey=MSPRProject_Api \ -Dsonar.host.url=${{ secrets.SONAR_HOST_URL }} \ -Dsonar.login=${{ secrets.SONAR_TOKEN }} \ - -Dsonar.organization=MSPRProject + -Dsonar.organization=msprproject test: runs-on: ubuntu-latest From fb6ab68211ba784ff8122db3ac7d11d025050ed5 Mon Sep 17 00:00:00 2001 From: kbellouard Date: Wed, 2 Jul 2025 16:08:05 +0200 Subject: [PATCH 08/25] fix: ci --- .github/workflows/ci-cd.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 055cddb..2ab9a9b 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -18,9 +18,12 @@ jobs: with: java-version: "21" distribution: "temurin" - - name: Run SonarQube analysis + - name: Compile the project run: | chmod +x ./mvnw + ./mvnw clean compile + - name: Run SonarQube analysis + run: | ./mvnw sonar:sonar \ -Dsonar.projectKey=MSPRProject_Api \ -Dsonar.host.url=${{ secrets.SONAR_HOST_URL }} \ From f4d72507168ab1f9cbd8e0e7349dc195d51c9a48 Mon Sep 17 00:00:00 2001 From: kbellouard Date: Wed, 2 Jul 2025 16:10:14 +0200 Subject: [PATCH 09/25] fix: ci --- .github/workflows/ci-cd.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 2ab9a9b..36009d8 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -32,6 +32,16 @@ jobs: test: runs-on: ubuntu-latest + services: + postgres: + image: postgres:latest + env: + POSTGRES_USER: sanalyz + POSTGRES_PASSWORD: sanalyz + POSTGRES_DB: sanalyz + ports: + - 5432:5432 + options: --health-cmd pg_isready --health-interval 10s steps: - uses: actions/checkout@v3 - name: Set up JDK 21 From cd15013027007853b68fc0e215de374113964f5f Mon Sep 17 00:00:00 2001 From: kbellouard Date: Wed, 2 Jul 2025 16:13:04 +0200 Subject: [PATCH 10/25] fix: ci --- .github/workflows/ci-cd.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 36009d8..a5af46c 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -79,6 +79,7 @@ jobs: with: target: "http://localhost:8080" rules_file_name: ".zap/rules.tsv" + docker_name: zaproxy/zap-stable fail_action: true - name: Stop the application run: | From d6e725f7ebe906a25e6c48455b4f704ee4c5d4de Mon Sep 17 00:00:00 2001 From: kbellouard Date: Wed, 2 Jul 2025 16:15:26 +0200 Subject: [PATCH 11/25] fix: ci --- .github/workflows/ci-cd.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index a5af46c..a614ae7 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -66,8 +66,14 @@ jobs: ports: - 5432:5432 options: --health-cmd pg_isready --health-interval 10s + steps: - uses: actions/checkout@v3 + - name: Set up JDK 21 + uses: actions/setup-java@v3 + with: + java-version: "21" + distribution: "temurin" - name: Start the application run: | chmod +x ./mvnw From 1607ee2cc9635260b29bdcc0ab6ece1105a5fd24 Mon Sep 17 00:00:00 2001 From: kbellouard Date: Wed, 2 Jul 2025 16:28:39 +0200 Subject: [PATCH 12/25] fix: add spring-boot security --- pom.xml | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/pom.xml b/pom.xml index 98370b2..a3e9358 100644 --- a/pom.xml +++ b/pom.xml @@ -1,30 +1,33 @@ - - + + 4.0.0 org.springframework.boot spring-boot-starter-parent 3.1.3 - + fr mspr_api 0.0.1-SNAPSHOT mspr_api Demo project for Spring Boot - + - + - + - - - - + + + + 21 @@ -52,6 +55,11 @@ spring-boot-starter-validation + + org.springframework.boot + spring-boot-starter-security + + org.postgresql postgresql From 7bf010b6df35ca2b28f7187e89d6020cd8ad5837 Mon Sep 17 00:00:00 2001 From: kbellouard Date: Wed, 2 Jul 2025 16:47:24 +0200 Subject: [PATCH 13/25] fix: security --- .zap/ruoles.tsv | 2 ++ src/main/resources/application.properties | 3 +++ 2 files changed, 5 insertions(+) create mode 100644 .zap/ruoles.tsv diff --git a/.zap/ruoles.tsv b/.zap/ruoles.tsv new file mode 100644 index 0000000..4e631f6 --- /dev/null +++ b/.zap/ruoles.tsv @@ -0,0 +1,2 @@ +Rule ID Enabled Risk Confidence Custom Configuration +10105 false Medium Medium diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 4c352e0..69e2bc7 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -5,6 +5,9 @@ spring.datasource.password=sanalyz spring.datasource.driver-class-name=org.postgresql.Driver server.port=8080 +server.servlet.session.cookie.same-site=strict +server.servlet.session.cookie.secure=true +server.servlet.session.cookie.http-only=true # Hibernate & JPA settings spring.jpa.hibernate.ddl-auto=update From 4e666d492ebaf45c9abc6e7cf297fa4e2808839e Mon Sep 17 00:00:00 2001 From: kbellouard Date: Wed, 2 Jul 2025 16:49:14 +0200 Subject: [PATCH 14/25] fix: incorrect file name --- .zap/{ruoles.tsv => rules.tsv} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .zap/{ruoles.tsv => rules.tsv} (100%) diff --git a/.zap/ruoles.tsv b/.zap/rules.tsv similarity index 100% rename from .zap/ruoles.tsv rename to .zap/rules.tsv From 872ea240aa164f283981308996a0c70418d180b1 Mon Sep 17 00:00:00 2001 From: kbellouard Date: Wed, 2 Jul 2025 18:36:12 +0200 Subject: [PATCH 15/25] fix: zap --- .zap/rules.tsv | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.zap/rules.tsv b/.zap/rules.tsv index 4e631f6..52c825d 100644 --- a/.zap/rules.tsv +++ b/.zap/rules.tsv @@ -1,2 +1 @@ -Rule ID Enabled Risk Confidence Custom Configuration -10105 false Medium Medium +10105 IGNORE Weak Authentication Method From a6c4c46cdd250802422d4d338cfb96adb7180f7c Mon Sep 17 00:00:00 2001 From: kbellouard Date: Wed, 2 Jul 2025 18:47:34 +0200 Subject: [PATCH 16/25] fix: security --- src/main/java/fr/mspr_api/MsprAPIApplication.java | 3 ++- src/main/resources/application.properties | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/main/java/fr/mspr_api/MsprAPIApplication.java b/src/main/java/fr/mspr_api/MsprAPIApplication.java index 39a5d09..851a3bb 100644 --- a/src/main/java/fr/mspr_api/MsprAPIApplication.java +++ b/src/main/java/fr/mspr_api/MsprAPIApplication.java @@ -2,9 +2,10 @@ import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration; import org.springframework.boot.context.properties.ConfigurationPropertiesScan; -@SpringBootApplication +@SpringBootApplication(exclude = SecurityAutoConfiguration.class) @ConfigurationPropertiesScan("fr.mspr_api.config") public class MsprAPIApplication { diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 69e2bc7..73317f0 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -9,6 +9,8 @@ server.servlet.session.cookie.same-site=strict server.servlet.session.cookie.secure=true server.servlet.session.cookie.http-only=true +security.ignored=/** + # Hibernate & JPA settings spring.jpa.hibernate.ddl-auto=update spring.jpa.show-sql=true From 6128586d517259948e7075d5d44ccae635d9c7b7 Mon Sep 17 00:00:00 2001 From: kbellouard Date: Mon, 7 Jul 2025 08:02:42 +0200 Subject: [PATCH 17/25] fix: security --- .../java/fr/mspr_api/MsprAPIApplication.java | 2 +- .../fr/mspr_api/config/SecurityConfig.java | 37 +++++++++++++++++++ 2 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 src/main/java/fr/mspr_api/config/SecurityConfig.java diff --git a/src/main/java/fr/mspr_api/MsprAPIApplication.java b/src/main/java/fr/mspr_api/MsprAPIApplication.java index 851a3bb..6cebc75 100644 --- a/src/main/java/fr/mspr_api/MsprAPIApplication.java +++ b/src/main/java/fr/mspr_api/MsprAPIApplication.java @@ -5,7 +5,7 @@ import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration; import org.springframework.boot.context.properties.ConfigurationPropertiesScan; -@SpringBootApplication(exclude = SecurityAutoConfiguration.class) +@SpringBootApplication @ConfigurationPropertiesScan("fr.mspr_api.config") public class MsprAPIApplication { diff --git a/src/main/java/fr/mspr_api/config/SecurityConfig.java b/src/main/java/fr/mspr_api/config/SecurityConfig.java new file mode 100644 index 0000000..acb721b --- /dev/null +++ b/src/main/java/fr/mspr_api/config/SecurityConfig.java @@ -0,0 +1,37 @@ +package fr.mspr_api.config; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.header.writers.StaticHeadersWriter; + +@Configuration +public class SecurityConfig { + + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http + .authorizeHttpRequests( + authorize -> authorize.anyRequest().permitAll() // Allow all requests without authentication + ) + .headers(headers -> + headers + .contentTypeOptions(contentTypeOptions -> {}) + .addHeaderWriter( + new StaticHeadersWriter( + "Cross-Origin-Opener-Policy", + "same-origin" + ) + ) + .addHeaderWriter( + new StaticHeadersWriter( + "Cross-Origin-Embedder-Policy", + "require-corp" + ) + ) + ); + + return http.build(); + } +} From 86c6159baed5e24ebb5e58b9efc22c22656d8c42 Mon Sep 17 00:00:00 2001 From: kbellouard Date: Mon, 7 Jul 2025 08:14:21 +0200 Subject: [PATCH 18/25] fix: ignore bugged alert --- .zap/rules.tsv | 1 + 1 file changed, 1 insertion(+) diff --git a/.zap/rules.tsv b/.zap/rules.tsv index 52c825d..8f3c5f2 100644 --- a/.zap/rules.tsv +++ b/.zap/rules.tsv @@ -1 +1,2 @@ 10105 IGNORE Weak Authentication Method +90004 IGNORE Insufficient Site Isolation Against Spectre Vulnerability From 4173620be4863cf17464295a2e75ca7c38e2a6c6 Mon Sep 17 00:00:00 2001 From: kbellouard Date: Mon, 7 Jul 2025 08:14:43 +0200 Subject: [PATCH 19/25] fix:; organize imports --- src/main/java/fr/mspr_api/MsprAPIApplication.java | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main/java/fr/mspr_api/MsprAPIApplication.java b/src/main/java/fr/mspr_api/MsprAPIApplication.java index 6cebc75..39a5d09 100644 --- a/src/main/java/fr/mspr_api/MsprAPIApplication.java +++ b/src/main/java/fr/mspr_api/MsprAPIApplication.java @@ -2,7 +2,6 @@ import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; -import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration; import org.springframework.boot.context.properties.ConfigurationPropertiesScan; @SpringBootApplication From d3f1e9d7f7d7a78bd8c259aef1a086ebce9dccbc Mon Sep 17 00:00:00 2001 From: kbellouard Date: Mon, 7 Jul 2025 08:17:43 +0200 Subject: [PATCH 20/25] fix: rules.tsv --- .zap/rules.tsv | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.zap/rules.tsv b/.zap/rules.tsv index 8f3c5f2..97e7266 100644 --- a/.zap/rules.tsv +++ b/.zap/rules.tsv @@ -1,2 +1,2 @@ -10105 IGNORE Weak Authentication Method -90004 IGNORE Insufficient Site Isolation Against Spectre Vulnerability +10105 IGNORE (Weak Authentication Method) +90004 IGNORE (Insufficient Site Isolation Against Spectre Vulnerability) From d9bf855ae2bde0f0821f390d4e653d01c6a92377 Mon Sep 17 00:00:00 2001 From: kbellouard Date: Mon, 7 Jul 2025 08:20:41 +0200 Subject: [PATCH 21/25] fix: rules.tsv --- .zap/rules.tsv | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.zap/rules.tsv b/.zap/rules.tsv index 97e7266..e3fa6db 100644 --- a/.zap/rules.tsv +++ b/.zap/rules.tsv @@ -1,2 +1,2 @@ -10105 IGNORE (Weak Authentication Method) -90004 IGNORE (Insufficient Site Isolation Against Spectre Vulnerability) +10105 IGNORE (Weak Authentication Method) +90004 IGNORE (Insufficient Site Isolation Against Spectre Vulnerability) From 45a96ae3f58ea7e7ccfb9c3fde698ed582ec77a6 Mon Sep 17 00:00:00 2001 From: kbellouard Date: Mon, 7 Jul 2025 08:38:39 +0200 Subject: [PATCH 22/25] fix: ci/cd permissions --- .github/workflows/ci-cd.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index a614ae7..85e4c74 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -55,6 +55,8 @@ jobs: ./mvnw test owasp-zap: + permissions: + issues: write runs-on: ubuntu-latest services: postgres: From 716144a7ca31fe88ab6ef861953070d7a4f7e1ac Mon Sep 17 00:00:00 2001 From: kbellouard Date: Mon, 7 Jul 2025 09:09:45 +0200 Subject: [PATCH 23/25] fix: temp fix --- .github/workflows/ci-cd.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 85e4c74..9033571 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -55,8 +55,7 @@ jobs: ./mvnw test owasp-zap: - permissions: - issues: write + permissions: write-all runs-on: ubuntu-latest services: postgres: From 4d06c954b8b7018b44543acaa2bad3b82ecc5f7a Mon Sep 17 00:00:00 2001 From: kbellouard Date: Mon, 7 Jul 2025 09:24:35 +0200 Subject: [PATCH 24/25] update: action-full-scan --- .github/workflows/ci-cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 9033571..f326a47 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -82,7 +82,7 @@ jobs: echo "Waiting for the application to start..." sleep 30 - name: Run OWASP ZAP - uses: zaproxy/action-full-scan@v0.5.0 + uses: zaproxy/action-full-scan@v0.14.0 with: target: "http://localhost:8080" rules_file_name: ".zap/rules.tsv" From b1b62521934133fcc6d2e1418878af112bed5a6a Mon Sep 17 00:00:00 2001 From: kbellouard Date: Mon, 7 Jul 2025 09:26:05 +0200 Subject: [PATCH 25/25] fix: version --- .github/workflows/ci-cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index f326a47..22da6be 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -82,7 +82,7 @@ jobs: echo "Waiting for the application to start..." sleep 30 - name: Run OWASP ZAP - uses: zaproxy/action-full-scan@v0.14.0 + uses: zaproxy/action-full-scan@v0.12.0 with: target: "http://localhost:8080" rules_file_name: ".zap/rules.tsv"