Bugfix/false positive (#58)

* Fixing supervisor middleware validation to company admins * Fixing load data in vulnerabilities table * Fixing false positive in CLI * Updating swagger * Fixing docs * Fixing lint Co-authored-by: lucas.bruno <lucas.bruno@zup.com.br> Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>
ZupIT · Oct 15, 2020 · 1c4f516 · 1c4f516
1 parent 7fd4b96
commit 1c4f516
Show file tree

Hide file tree

Showing 12 changed files with 632 additions and 613 deletions.
diff --git a/README.md b/README.md
@@ -24,6 +24,8 @@ Currently, performance analysis consists of:
 
 You can see more details about the horusec <a href="assets/horusec-complete-architecture.jpg">/assets/horusec-complete-architecture.jpg</a>
 
+### For more details see our [DOCUMENTATION](https://zup-products.gitbook.io/horusec)
+
 ## Project roadmap
 
 We started the project to aggregate within our company, but as the search grew more and more we chose to apply good practices and open it up for everyone to collaborate with this incredible project.

diff --git a/development-kit/pkg/services/middlewares/repository_authz.go b/development-kit/pkg/services/middlewares/repository_authz.go
@@ -110,8 +110,13 @@ func (rm *repositoryAuthzMiddleware) IsRepositorySupervisor(next http.Handler) h
 		repositoryID, _ := uuid.Parse(chi.URLParam(r, "repositoryID"))
 		accountRepository, err := rm.repoAccountRepository.GetAccountRepository(accountID, repositoryID)
 		if err != nil || accountRepository.Role != accountEnums.Supervisor && accountRepository.Role != accountEnums.Admin {
-			httpUtil.StatusForbidden(w, errors.ErrorUnauthorized)
-			return
+			companyID, _ := uuid.Parse(chi.URLParam(r, "companyID"))
+			accountCompany, errCompany := rm.repositoryRepo.GetAccountCompanyRole(accountID, companyID)
+
+			if errCompany != nil || accountCompany.Role != accountEnums.Admin {
+				httpUtil.StatusForbidden(w, errors.ErrorUnauthorized)
+				return
+			}
 		}
 		next.ServeHTTP(w, r)
 	})