Skip to content

Commit

Permalink
Develop (#181)
Browse files Browse the repository at this point in the history 
* feature/automatic-csproj (#23)

* adding dynamic detection of csproj, yarn.lock, package-lock.json and requirements.txt

* file path by ext unity tests

* Template email of organization invited (#22)

* e-mail Added the template of e-mail to a user is invited to the organization

* Fixing go lint

* 🔒 The screen dashboard of organization is visible something the admin users (#26)

* Organizing i18n values in frontend (#30)

* Rewrite i18n values for external pages and dashsboard screen

* Adjusting i18 values in repositories screen

* 🛠️  Adjusting redirect routes when the call is external of manager (#19)

* Hotfix/fixing redirect and output bigger (#21)

* Fixing redirect in email template reset-password

* Fixing code output when exists many content and bad read

* Fixing fmt and set total output to down

* Hotfix/unique names (#28)

* Adding unique names migration

* Adding validations to unique names and unity tests

* Fixing swagger in horusec-analytics (#27)

* Add i18n values to enUS

Co-authored-by: Wilian Gabriel <63816070+wiliansilvazup@users.noreply.github.com>
Co-authored-by: nathanmartinszup <63246935+nathanmartinszup@users.noreply.github.com>

* Removing fields type, vulnerableBellow and version from Vulnerability (#24)

* Removing fields type, vulnerableBellow and version from Vulnerability

* Fixing e2e and unit testss

* Change pipeline to use docker-compose

* Fixing docker-compose.test

* Fixing deployment

* Fixing compose

* Merge master into develop (#36)

* 🛠️  Adjusting redirect routes when the call is external of manager (#19)

* Hotfix/fixing redirect and output bigger (#21)

* Fixing redirect in email template reset-password

* Fixing code output when exists many content and bad read

* Fixing fmt and set total output to down

* Hotfix/unique names (#28)

* Adding unique names migration

* Adding validations to unique names and unity tests

* Fixing swagger in horusec-analytics (#27)

* Hotfix/change images generate token (#31)

* Change images to generate token

* Adding gif usage horusec

* Adding gif usage horusec

Co-authored-by: Lucas Bruno <69604366+lucasbrunozup@users.noreply.github.com>
Co-authored-by: nathanmartinszup <63246935+nathanmartinszup@users.noreply.github.com>

* Adding company role in get all companies (#33)

* Adding company role in get all companies

* Adding unity tests

* Tokens of organization (#32)

* 🔑 Handler tokens of organization

* 🛡️  Added rules in manager organizations

* Not found screen (#34)

* 👷 Initial structure to not found page

* 👌 Finalizing page of not found

* 🔙 Added option to back to organization screen when in home page

* 🔨 Fixing version in package json

* Fixing error in unique company name not necessary, and removings wrong constraints in database (#38)

* [skip ci] update versioning file

* Added component of pagination (#47)

* CLI docker image (#25)

* Adding cli dockerfile

* Adding horusec as entrypoint

* Removing docker from image

* Adding docker-entrypoint

* Using docker dind

* Downgrade docker dind

* Using entrypoint

* Renaming entrypoint to horusec-cli

* Updating documentation

* Adding license

* Updating vendor

Co-authored-by: Horusec <horusec@zup.com.br>

* 💅 Adjusting button dialog styles, scrollbar and select component (#48)

* Adjusting the texts in portugueses (#52)

* ✅ Added option to success message from flash message component and added in all handlers (#53)

* Feature/create repository cli (#55)

* Create repository by cli flag, update list repository to list all repositories to company admin

* Adding tests and validation to list all repositories of company if i am admin

* Removing duplicated code to list repositories to company admin

* Removing unnecessary unity test

* Fixing unity tests and adding middleware to company admin

* Adding missing test

* Updating analytic routes by repository to accept admins of company

* Fixing broken e2e tests

Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>

* Frontend false positive (#54)

* Initial strucute for false positive screen

* Finished false posite screen and add supervisor role

* Implementing false-positive and risk accept (#35)

* Change struct of analysis

* Fixing fmt lint entity and create migration files

* Adding get all dto and method

* Fixing migration

* Adding base management repository

* Adding get all vuln management data

* Adding management repository unity tests

* adding management controller get all

* adding get all management data

* adding management handler unity tests

* Adding update method in repository

* Adding update method in controller

* adding management handler put

* Adding management handler unity tests

* Fixing create analysis

* Adding app sec role

* Fixing list vuln management error where vulns are duplicating, fixing swagger errors

* Removing unnecessary nolint and improving code

* Fixing to send analysis correctly to horusec-api

* Adding separated api to update status and type

* Adding new vulnerability status and type enums

* Fixing lint

* Fixing lint errors

* Removing status and updating apis

* Updating migration

* Fixing output to show vulnerability to fix

* Fixing lint and project errors

* Fixing management unit tests

* Fixing errors in list vulns

* Fixing some type errors

* Updating output to print false positive and risk accept

* Start fixing tests

* Fixing tests

* Fixing vulnerabilities unity tests

* Fixing analytic queries

* Fixing tests

* Fixing analytic repositoty unit tests

* Adding tests on cli

* Adding more content

* Fixing hash generator

* Fixing hash generator

* Fixing vulnerability test

* Adding devkit entities and types units tests

* Adding Unit tests

* Adding unit tests

* Fixing license

* Adding analysis tests

* Fixing lint

* fixing e2e tests

* Updating e2e tests

* Fixing tests in repository

* FIxing fmt lint

* Parse horusec analysis response correctly

* Fixing lint

* Fixing errors in vulns details

* Fixing e2e test

* Updating api cors

* Updating cors

Co-authored-by: nathan <nathan.martins@zup.com.br>
Co-authored-by: lucas.bruno <lucas.bruno@zup.com.br>

* Fixing wrong text in output

* Bugfix/false positive (#58)

* Fixing supervisor middleware validation to company admins

* Fixing load data in vulnerabilities table

* Fixing false positive in CLI

* Updating swagger

* Fixing docs

* Fixing lint

Co-authored-by: lucas.bruno <lucas.bruno@zup.com.br>
Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>

* Fixing regex d34b3ba5-b988-4a0f-9344-467274cd98be (#59)

* Removing deprecated manager (#60)

* Fixing security pipeline in horusec (#61)

* Fixing security pipeline in horusec

* Fixing security pipeline in horusec

* Fixing security pipeline in horusec

* Fixing security pipeline in horusec

* Fixing readme cli

* Fixing readme cli

* Update README.md

* Update README.md

* Change filter to receive Severity and remove Type (#64)

* Feature/improving false positive (#66)

* Adding order by severity and type

* Adding filter by type

* Fixing lint errors and adding unity tests

* Fixing order by error

* Updating swagger

* Fixing fmt errors

* [Frontend] Improvements false positive (#67)

* Added new filter in false positive screen

* Added success messages

* Added tag with color in severity

* List vulnerabilities in management screen to repository members (#68)

* [Frontend] - Improvements false positive (#69)

* Added new filter in false positive screen

* Added success messages

* Added tag with color in severity

* Removing supervisor role in company

* Added permission to handler repository

* Migration deploy hook (#65)

* Adding migration dockerfile

* Improving migration dockerfile

* Using env in migration

* Adding migration template

* Fixing migration template

* Adding migration image script

* Updating helm hook

* Fixing mingration version

* Fixing  service image script builder

Co-authored-by: Horusec <horusec@zup.com.br>

* Adding api to delete account and permissions (#85)

* Adding api to delete account and permissions

* Adding license in docs

* Adding jwt auth middleware in delete account

* Feature/horusec auth (#62)

* Adding horusec auth base project

* Adding auth handler, with auth types enum and credetials

* Finishing handlers and adding auth controller with factory by type

* Change filter to receive Severity and remove Type

* Adding missing unity tests in devkit

* Adding auth handler tests

* Adding swagger, updating router and configs

* Fixing lint and tests

* Adding horus service authenticate method

* Adding authorize handler

* Updating auth interface

* Adding postgres read

* Adding keycloak service auth and keycloak shared service

* Adding unit test

* Adding horusec roles enum

* Fixing return

* Adding validation to authorize by horus roles

* Renaming packges to horusec

* Fixing some  horusec name errors and unity tests

* Removing nolint and improving code

* Renaming file to horusec

* Adding create user from keycloak token

* Adding create user from keycloak token

* Adding create user from keycloak token

* Adding horusec service unity testes

* Adding auth controller unity tests and updating mocks

* Adding auth in compose and fixing docs

* Adding auth in compose and fixing docs

* Updating health check

* Fixing lint

* Fixing keycloak unity tests

* Adding unit tests

* Adding unit tests

* Updating middlewares to use auth service

* Fixing auth type

* Fixing tests fmt lint

* Fixing tests fmt lint

* Fixing Security

* Improving code and adding unity tests

* Adding more devkit unity tests

* Adding some unit tests

* Adding middleware service unity tests

* Removing unnecessary test

* Adding horusec auth readme

* Fixing dockerfiles

* Adding validation to actual auth type

* Removing auth type header

* Updating composes

* Removing groups from authorization data

* Updating account, api and analytic readme

* Updating compose with auth url env var

* Updating compose and compose dev

* Fixing unity tests and fmt errors

* Fixing auth pipeline and hashes false positives

* Fixing error that token was static to accept only jwt

* Addding role validation in keycloak

* Fixing token size and swagger error

* Removing bearer from keycloak token

* Adding api to get account id by token and auth type

* Chaging create account from keycloak to auth

* Updating auth swagger

* Improving keycloak devkit service and fixing tests

* Fixing account unity tests

* Fixing account unity tests in auth

* Adding auth unity tests

* Fixing middleware tests

* Fixing fmt error

* Improving interface convertion to avoid conversion error

Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>

* Frontend - Many authentication types (#77)

* 🛸 Added fields in create company and repsitory to LDAP roules

* ⚙️ Separe modules of authenticantion, and add splash animation in login screen

* 🛰  Horusec default authenticator

* 🔑 Add auth environment

* Initialize integration with keycloack

* Adjustin keycloack authentication

* Add get user info in keycloack auth and adjusting logout

* ⚙️ Alter service to create account from keycloak

* 🛠  Adjusting styles, and settings to microfrontend integration and devcraft use

* Fixing keycloack config when in other auth type, and adjusting function types

* Fixing lint

* 🇺🇸 Translate e-mail templates to english (#95)

* Feature/application admin (#86)

* Adding horusec auth base project

* Adding auth handler, with auth types enum and credetials

* Finishing handlers and adding auth controller with factory by type

* Change filter to receive Severity and remove Type

* Adding missing unity tests in devkit

* Adding auth handler tests

* Adding swagger, updating router and configs

* Fixing lint and tests

* Adding horus service authenticate method

* Adding authorize handler

* Updating auth interface

* Adding postgres read

* Adding keycloak service auth and keycloak shared service

* Adding unit test

* Adding horusec roles enum

* Fixing return

* Adding validation to authorize by horus roles

* Renaming packges to horusec

* Fixing some  horusec name errors and unity tests

* Removing nolint and improving code

* Renaming file to horusec

* Adding create user from keycloak token

* Adding create user from keycloak token

* Adding create user from keycloak token

* Adding horusec service unity testes

* Adding auth controller unity tests and updating mocks

* Adding auth in compose and fixing docs

* Adding auth in compose and fixing docs

* Updating health check

* Fixing lint

* Fixing keycloak unity tests

* Adding unit tests

* Adding unit tests

* Updating middlewares to use auth service

* Fixing auth type

* Fixing tests fmt lint

* Fixing tests fmt lint

* Fixing Security

* Improving code and adding unity tests

* Adding more devkit unity tests

* Adding some unit tests

* Adding middleware service unity tests

* Removing unnecessary test

* Adding horusec auth readme

* Fixing dockerfiles

* Adding validation to actual auth type

* Removing auth type header

* Updating composes

* Removing groups from authorization data

* Updating account, api and analytic readme

* Updating compose with auth url env var

* Updating compose and compose dev

* Fixing unity tests and fmt errors

* Adding application admin role

* Fixing auth pipeline and hashes false positives

* Adding is application admin middleware

* Fixing error that token was static to accept only jwt

* Addding role validation in keycloak

* Fixing token size and swagger error

* Adding route to show config, adding field is_super_admin, adding method to create account default super admin

* Fixing to get account admin data and create with this params

* Removing bearer from keycloak token

* Fixing docs account

* Adding route to get config of horusec-account

* Adding create company with admin application

* Adding api to get account id by token and auth type

* Chaging create account from keycloak to auth

* Updating auth swagger

* Adding validation to create company if user logged is appplication admin

* Fixing lint and tests

* Fixing security step

* Improving keycloak devkit service and fixing tests

* Fixing account unity tests

* Fixing account unity tests in auth

* Adding auth unity tests

* Fixing middleware tests

* Fixing fmt lint

* Fixing fmt error

* Adding Application admin in auth

* Fixing test

* Fixing fmt and lint

* Fixing horusec-config.json

* Adding validation to create default user only auth type horusec

* Fixing README.md in horusec-account

* Improving interface convertion to avoid conversion error

* Fixing fmt lint and units test

* Adding more unit test

* Adding more unit test

* Adding more unit test

* Fixing horusec-config.json

* Adding more unit test

* Fixing tests e2e

* Fixing fmt lint

* Fixing docs auth

* Fixing docs horusec-account

* Fixing security

* Update arquitecture images

* Fixing deploy service

Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>

* Adding return content when create account from keycloak (#98)

* Adding return content when create account from keycloak

* Adding return content when create account from keycloak

* Adding return content when create account from keycloak

* Fixing fmt and lint

* Fixing unit test

* Fixing integration middleware

* Frontend admin application (#100)

* 🗃  Alter the route to fetch config of application and save it in a localStorage

* Added suport to admin application

* [WIP] Feature/improving test (#99)

* Adding TESTBOOK.md correclty

* Adding testbook

* Updating setup external dependences

* Updating setup external dependences

* Updating setup external dependences

* Updating setup external dependences

* Updating setup external dependences

* Fixing horusec-config.json

* Updating setup external dependences

* Update e2e and account pipeline

* Fixing dockerfile.dev

* Fixing dockerfile account

* Change compose internal to run in dev mod

* Update cli pipeline

* Adding new unit test

* Removing old e2e tests and separate correctly e2e tests

* Ignoring up vendor folder in git

* Fixing e2e running

* Fixing compose e2e

* 🛠 Fixing method to verify admin application (#111)

* Frontend environments in compose files (#110)

* 🔑 Added envionments to frontend in compose files

* Adjusting .env.example file with all posible values

* Feature/auth grpc (#112)

* Adding grpc server in auth

* Adding generated proto go files

* Removing unnecessary field in proto

* adding grpc calls to replace http calls in midlewares

* Fixing middleware tests

* Updating compose and grpc config

* Adding certificates options and updating readme

* Updating compose files

* Updating e2e compose file

* Adding auth new port

* Updating e2e compose

* Improving error logs and lint

* Fixing fmt error

* Feature/improving test (#102)

* Adding more e2e tests

* Adding more e2e tests

* Adding more tests e2e

* Fixing fmt lint

* Update test e2e

* Update test e2e

* Fixing workflow e2e

* Fixing e2e running

* Adding validation to restart service with up migratin

* Fixing tests e2e

* Fixing tests e2e

* Fixing e2e

* Adding e2e to check if send messages correctly

* Update testbook

* Fixing gomod

* Starting add keycloak e2e tests

* Adding Request to configure keycloak service

* Adding correctly form to run tests using keycloak server

* Fixing makefile

* Adding tests in keycloak to validate invite user

* Fixing makefile

* Fixing names and docs of e2e

* Removing trash of tests of analysis

* Fixing e2e

* Fixing e2e messages

* Fixing create company

* Fixing create company

* Fixing e2e

* Fixing e2e

* Fixing e2e

* Fixing e2e

* Fixing e2e

* Fixing e2e

* Fixing e2e

* Fixing keycloak compose e2e

* [WIP] Ldap auth service integration (#71)

* Adding horusec auth base project

* Adding auth handler, with auth types enum and credetials

* Finishing handlers and adding auth controller with factory by type

* Change filter to receive Severity and remove Type

* Adding missing unity tests in devkit

* Adding auth handler tests

* Adding swagger, updating router and configs

* Fixing lint and tests

* Adding horus service authenticate method

* Adding authorize handler

* Updating auth interface

* Adding postgres read

* Adding keycloak service auth and keycloak shared service

* Adding unit test

* Adding ldap client dependency

* Adding horusec roles enum

* Adding ldap client config

* Fixing old references

* Fixing return

* Adding validation to authorize by horus roles

* Renaming packges to horusec

* Fixing some  horusec name errors and unity tests

* Updating ldap to implement auth service

* Removing nolint and improving code

* Renaming file to horusec

* Adding create user from keycloak token

* Adding create user from keycloak token

* Adding create user from keycloak token

* Adding horusec service unity testes

* Adding auth controller unity tests and updating mocks

* Adding auth in compose and fixing docs

* Adding auth in compose and fixing docs

* Updating health check

* Fixing lint

* Fixing keycloak unity tests

* Adding unit tests

* Adding unit tests

* Updating middlewares to use auth service

* Fixing auth type

* Fixing tests fmt lint

* Fixing tests fmt lint

* Fixing Security

* Improving code and adding unity tests

* Adding more devkit unity tests

* Adding some unit tests

* Adding middleware service unity tests

* Removing unnecessary test

* Adding horusec auth readme

* Fixing dockerfiles

* Adding validation to actual auth type

* 🛸 Added fields in create company and repsitory to LDAP roules

* Removing auth type header

* Adding company authz fields

* Adding ldap service in the auth

* Updating composes

* Removing groups from authorization data

* Updating account, api and analytic readme

* WIP ldap authz

* Updating compose with auth url env var

* Updating compose and compose dev

* Adding ldap company authz

* Fixing unity tests and fmt errors

* Adding repository authz

* Adding ldap login logic

* Removing ldap refresh token

* ⚙️ Separe modules of authenticantion, and add splash animation in login screen

* 🛰  Horusec default authenticator

* 🔑 Add auth environment

* Adding ldap authz migration

* Adding ldap service in the handler

* Fixing vendor

* Fixing ldap permision migration

* Removing not null constraint from account password column

* Initialize integration with keycloack

* Adding ldap mock

* Adding ldap service

* Fixing ldap service interface

* Fixing auth pipeline and hashes false positives

* Fixing ldap service

* Improving ldap service

* Improving ldap service

* Improving ldap service

* Improving ldap service package name

* Improving ldap client service

* Fixing lint problems

* Fixing error that token was static to accept only jwt

* Addding role validation in keycloak

* Fixing token size and swagger error

* Adjustin keycloack authentication

* Removing bearer from keycloak token

* Add get user info in keycloack auth and adjusting logout

* Testing ldap service

* Improving fn name

* Adding api to get account id by token and auth type

* Chaging create account from keycloak to auth

* Updating auth swagger

* ⚙️ Alter service to create account from keycloak

* Fixing mail attribute from ldap

* Improving keycloak devkit service and fixing tests

* Fixing account unity tests

* Fixing account unity tests in auth

* Adding auth unity tests

* Fixing middleware tests

* Fixing fmt error

* Adding ldap user uid condition

* Improving interface convertion to avoid conversion error

* 🛠  Adjusting styles, and settings to microfrontend integration and devcraft use

* Merging with the base branch

* Using auth route

* Fixing migration error

* Removing supervisor role from company

* Updating dependencies

* Updating ldap service to fix get groups error

* Fixing some role issues in ldap service

* Adding missing ldap unity tests and improving code

* Adding ldap devkit service unity tests

* Fixing connnect error

* Updating swagger

* Updating vendor

* Adding example ldap env in composes

* Fixing string error in compose

* Fixing lint error in account service

* Removing vendor

* Updating config hashes

* Adding ldap service in compose

* Updating auth compose

* Alter the screnn of login to receiver username

* Updating ldap response

* Removing login horusec native from account to auth

* Fixing fmt errors

* Adding missing unity tests

* Fixing e2e

* Updating security pipeline

* Updating cli pipeline and hashes

* Improving authorize handler

* Added integration with backend for ldap auth

* Fixing companies loading

* Adding ldap memoize

* Adding ldap groups in repository cration and update

* Fixing ldap company update

* Fixing repository creation

* Fixing repository update

* Fixing company list return

* Fixing company form with groups pre filled

* Adding repository autzh fields

* Adding authz fields prefilled

* Fixing repository authz

Company admin is mandatory for authz

* Fixing wrong company role

* Fixing lint

* Adding application admin

* Updating compose ldap host

* Adding isApplicationAdmin attr in ldap authentication

* Adding username in native horus authentication

* Removing unecessary log in manager

* Fixing company creation

* Fixing repository update

Co-authored-by: nathan <nathan.martins@zup.com.br>
Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>
Co-authored-by: Horusec <horusec@zup.com.br>
Co-authored-by: lucas.bruno <lucas.bruno@zup.com.br>

* Adding validation to horusec login errors (#118)

* [WIP] Fixing e2e (#115)

* Fixing e2e

* Fixing e2e

* Fixing e2e

* Fixing e2e

* Fixing order for run e2e

* Fixing order for run e2e

* Fixing order for run e2e

* Fixing e2e

* Fixing e2e

* Tests Application admin horusec

* Fixing messages validation

* Fixing messages validation

* Updating keycloak to login by auth

* Adding jwt validation keycloak e2e

* Removing authentication by auth service

* Run duplicate

* rollback

* Comment keycloak in pipeline

Co-authored-by: nathan <nathan.martins@zup.com.br>

* Fixing repository authz groups (#116)

* Fixing e2e

* Fixing e2e

* Fixing e2e

* Fixing repository authz groups

* Fixing repository tests

* Fixing e2e

* Fixing ldap service tests

* Fixing order for run e2e

* Fixing order for run e2e

* Fixing order for run e2e

* Fixing e2e

* Fixing e2e

* Tests Application admin horusec

* Fixing messages validation

* Fixing messages validation

* Updating keycloak to login by auth

* Adding jwt validation keycloak e2e

* Removing authentication by auth service

* Run duplicate

* rollback

* Testing repository authz groups setted by company

Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>
Co-authored-by: nathan <nathan.martins@zup.com.br>

* Fixing compose content

* Removing minimum version and adding version recommendation message (#119)

* feature/auth-account-operations (#122)

* Adding account operations in auth

* Removing account operations from account service, improving entities strutuctre

* Fixing error multiple packages

* Fixing error in account middlewares and some minor issues

* Updating composes with new env vars

* Updating compose files and pipeline errors

* Updating auth readme and auth compose

* Updating messsages e2e compose

* Updating auth coverage and fixing e2e messages pipeline

* Updating manager to use auth service

* Adjusting to view field of email to app admin when create new organiz… (#127)

* Adjusting to view field of email to app admin when create new organization (#125)

* Adding validation for user response when ask if run in current directory (#124)

Co-authored-by: Lucas Bruno <69604366+lucasbrunozup@users.noreply.github.com>

* Improving cli to print error message by line, and removing missing pa… (#126)

* Improving cli to print error message by line, and removing missing packge-lock or yarn-lock as errors, fixing some misspelling

* Fixing unity test

* Feature/semgrep (#128)

* Adding semgrep to horus cli

* Adding semgrep languages, updating semprep formatter

* Adding method to get severity

* Fixing lint errors

* Fixing cli unity tests

* Improving code and adding unity tests

* Changing semgrep config to use docker hub image

* Updating api to accept new languages

* Fixing lint errors

* Adding workdir to generic scan

* feature choice-tool (#132)

* Adding flag to choice if user need ignore tool run in your analysis

* Fixing fmt lint

* Fixing hashes security

* Feature/webhook (#113)

* Adding base webhook service

* Fixing webhook configs and docs

* Adding dispatch http request via broker to destiny saved in database

* Adding dispatch http request via broker to destiny saved in database

* Start crud of webhook

* Start crud of webhook

* Adding handler of webhook

* Fixing swagger

* Fixing lint and handler webhook

* Adding description on struct webhook

* Adding description on struct webhook

* Fixing docs

* Adding repository and calling in controller

* Adding migration script

* Adding controller validations and fixing datatype JSONB in postgresql

* Adding unit tests in webhook

* Finish tests of webhook crud

* Adding deployments and adding tests in horusec-api

* Fixing lint and add health check broker

* Adding helm in auth service

* upgrade coverage webhook

* Fixing horusec-api to not necessary up broker

* Closing body in http response

* Fixing http request to close body in response

* Fixing units tests

* Adding tests of integration of see se dispatch to destiny correctly

* Fixing e2e

* Adding put in cors

* Adding README.md in wehbhoook

* Fixing hash security

* [Frontend] Webhook (#117)

* Item of webhook screen in the side menu, initial structure for the screen

* Added the table to render list of webhooks

* Adding base webhook service

* Adjusting spaces in table of webhooks list

* Fixing webhook configs and docs

* Adding dispatch http request via broker to destiny saved in database

* Adding dispatch http request via broker to destiny saved in database

* Added modal to add new webhook

* Start crud of webhook

* Start crud of webhook

* Adjusting spaces of text input

* Adding handler of webhook

* Fixing swagger

* Fixing lint and handler webhook

* Adding description on struct webhook

* Adding description on struct webhook

* Fixing docs

* Adding repository and calling in controller

* Adding migration script

* Add Webhook interface and adjust method http select in create new webhook

* Adding controller validations and fixing datatype JSONB in postgresql

* Adding unit tests in webhook

* Finish tests of webhook crud

* Adding deployments and adding tests in horusec-api

* Fixing lint and add health check broker

* Adding helm in auth service

* upgrade coverage webhook

* Fixing horusec-api to not necessary up broker

* Closing body in http response

* Fixing http request to close body in response

* Fixing units tests

* Adding tests of integration of see se dispatch to destiny correctly

* Fixing e2e

* Adding put in cors

* Added delete and edit webhook

* Fixing lint

* Adjusting role for webhook screen

* Adding README.md in wehbhoook

Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>
Co-authored-by: Nathan Tavares Nascimento <nathan.nascimento@zup.com.br>

* Fixing auth cors (#133)

* Update account username and email (#135)

* Adding update account handler

* Adding update account feature

* Fixing account controller interface

* Fixing account controller mock

* Fixing account update handler

* Fixing lint

* Adding handler test

* Adding updation validate

* Testing update account handler

* Improving update account controller

* Testing update account controller

* Adding vuln as risk accepeted

hash 45aa5c46df5ba51d7e59da826544412352c189a6acf5707f941922181c94f989

* Repository form authz groups (#134)

* Adding repository groups from company

* Adding repository creation groups inital value

* Update pt-br.json (#139)

Fixed typo in text.

* Feature/horusec-csharp (#131)

* Adding base horusec csharp cli

* Adding csharp rules structure

* Fixing security hashes

* Adding horusec csharp cli injetion rules

* Adding others rules

* Adding sql injection linq rule

* Update leaks with set pwd

* Update make file and adding pipeline of horusec-csharp

* Adding password validation

* Adding sql injection rules in csharp cli

* Adding rules of cookies, view state

* Fixing errors

* Adding some cryptography rules to csharp cli

* Fixing total rules csharp

* Adding weak cipher rules

* Adding more rules of csharp

* Fixing test

* Adding more csharp rules

* add NewCsharpRegularDebugBuildEnabled

* add NewCsharpRegularDebugBuildEnabled

* Adding custom errors disabled rule

* Adding rules csharp

* Adding rule vulnerable package reference

* Adding rule jwt signature validation disabled

* Add cors allow origin wildcard rules

* Adding NewCsharpAndFormsAuthenticationCookielessMode

* Adding regular anti forgery token rule

* Adding form validations

* Adding missing authorize attribute rule

* Adding rules of xml in csharp

* Fix test

* Adding more csharp rules

* Adding password lockout disabled rule

* Adding more rules in csharp of cookies and assinatures

* Adding cross site rules

* Weak password rule

* Adding ldap injection filter rule

* Adding more rules in csharp

* Adding more rules in csharp

* Adding more rules in csharp

* Adding ldap injection rules

* Adding more rules in csharp

* Adding csharp in deployments to up version

* Adding csharp in deployments to up version

* Rename test zip to csharp

* Adding horusec csharp cli

* Change language to csharp

* Adding test to check netcore is deprecated

* Updating regular rules

* Adding rule no log sensitive information in console

* Fix conflict

* Fixing error removing old regular expressions

* Update weak rsa key length

* Removing deplicated rule

* Fixing rules of java min 128 bits in key generator

* Adding unit tests in csharp engine

* Fixing fmt lint

* Fixing test

* Fixing test

* Adding readme.md in horusec-csharp

* Update README.md

* Fixing tests

* Merge and update doc

Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>
Co-authored-by: Wilian Gabriel <63816070+wiliansilvazup@users.noreply.github.com>

* Removing Landing Page (#141)

* Adding eslint dockerfile

* Change name dotnet to csharp (#144)

* WIP adding eslint formatter

* Update version csharp

* WIP cleanup formatter code

* Wip adding eslint formatter docker execution

* Adding analyser eslint formatter

* Fixing eslint configuration

* Adding eslint security rules config

* Improving eslint formatter

* Adding eslint output struct

* Adding eslint results into analysis

* Adding eslint javascript analyse

* Feature/update docs (#140)

* Update composes and check if are go pass in pipeline

* Fixing env wrong

* Update docs

* Fix docs

* Adding estlint image script

* Adding eslint tool in deploy workflow

* Fixing eslint tool name

* Updating ignore tool flag description

* Fixing lint problem

* Fixing eslint file pattern

* Testing eslint formatter

* Testing eslint formatter

* Adding eslint scan in readme

* Fixing code sample length

* Fixing eslint config

* Removing eslint object injection

* Feature/horusec nodejs (#143)

* Adding base of horusec nodejs

* Merge with develop

* Adding Horusec-NodeJS in CLI

* Fixing fmt lint

* Adding initial rules for sql injection, xss, others

* Fixing fmtg

* Adding rules of cripto in nodejs

* Adding some vulnerabilities in nodejs

* Fixing total vuln nodejs

* Adding more rules injection in nodejs

* Adding rules of http-proxy, no log, ip address,  others

* Adding more rules in nodejs

* Fixing fmt lint

* Fixing docs

* Fixing name

* Fixing tests fmt lint

* Adding jsx e tsx

* Fixing sql injection query

* Update no log sensitive information

* Update no log sensitive information

* Fixing total found in nodejs

* Adding docs

* Feature/k8s cli (#148)

* Adding some kubernetes rules

* Adding kubernetes cli

* Updating docs

* Adding horusec kubernetes cli in make file

* Adding kubernetes cli in horusec cli

* Updating go modules

Co-authored-by: Nathan Tavares Nascimento <nathan.nascimento@zup.com.br>

* Update deploy-cli-tools.yml

* Update update-image-tool.sh

* Adding docs kubernetes (#149)

* Adding docs kubernetes

* Fixing readme

* Update image nodejs and kubernetes

* Updating analysis cli images

Co-authored-by: nathan <nathan.martins@zup.com.br>

* Adding eslint in analysis slice

* Fixing eslint config

* Javascritpt eslint security (#146)

* Adding eslint dockerfile

* WIP adding eslint formatter

* WIP cleanup formatter code

* Wip adding eslint formatter docker execution

* Adding analyser eslint formatter

* Fixing eslint configuration

* Adding eslint security rules config

* Improving eslint formatter

* Adding eslint output struct

* Adding eslint results into analysis

* Adding eslint javascript analyse

* Adding estlint image script

* Adding eslint tool in deploy workflow

* Fixing eslint tool name

* Updating ignore tool flag description

* Fixing lint problem

* Fixing eslint file pattern

* Testing eslint formatter

* Testing eslint formatter

* Adding eslint scan in readme

* Fixing code sample length

* Fixing eslint config

* Removing eslint object injection

* Adding eslint in analysis slice

* Fixing eslint config

Co-authored-by: Wilian Gabriel <63816070+wiliansilvazup@users.noreply.github.com>

* Fixing eslint extensions

* Fixing eslint file paht

* Fixing generics bugs (#150)

* Adding typescript vulnerabilities separated

* Adding validation to not dispatch typescript in js

* Adding node js cli in validation

* Fixing lint error

* Fixing unity test

* Fixing tsx and jsx run in javascript

* Fix fmt

* Fixing versions

* Fixing auth cors

* Fixing log very sensitive in csharp

* Update version of leaks

* Update version of leaks

* Fixing test

* Update analyser to log not existing hash

* Update analyser to log not existing hash

* Fixing version eslint

* Fixing vuln in frontend

* Fixing lint manager

* Fixing horusec-config

* Fix lint

Co-authored-by: nathan <nathan.martins@zup.com.br>

* Downgrade severity no use localstorage

* Adding files license

* Adding yaml license

* Added INFO severity and add colors of languages (#152)

* Update README.md

* [skip ci] update versioning file

* [skip ci] update versioning file

* [skip ci] update versioning file

* Merge with master

* Adding vulnerabilities tests for horusec-leaks rules (#158)

* Adding vulnerabilities tests for horusec-leaks rules

* Adding rule twitter

* Fixing gcp token

* Fixing development-kit

* Adding project path in file with vulnerability (#156)

* Fix Reset password validation (#160)

* Fix Reset password validation

* Fixing lint

* Fixing tests

* Fixing horusec-config

* Fixing hash

* [Frontend] Webhook improvements (#136)

* Added search bar to webhook screen and option to delete header in add and edit modal

* Added option to copy a existing webhook

* Adjusting text to create new webhook

* Adding validation for get password correctly

* Adding validation for get password correctly

* Bugfix/update account (#166)

* Fixing update password

* Update swagger auth

* Adding stable version to migrate (#167) (#168)

* Updating develop with master (#170)

* Adding stable version to migrate (#167)

* Updating validate email url (#169)

* Squashed commit of the following:

commit 44042db
Author: Wilian Gabriel <63816070+wiliansilvazup@users.noreply.github.com>
Date:   Wed Dec 2 10:20:14 2020 -0300

    Update helm charts (#165)

    * Upgrade environments horusec-auth

    * Update helm values of micro services

    * Update helm values of micro services

    * Update helm values of micro services

    * Update helm values of micro services

    * Update helm account

    * Update helm account

    * Removing license comentary in chart

    * Fixing helm charts

    * Fixing version fixed

    * Fixing charts

    * Fixing environments on values

    * Fixing fmt

    * Fixing databasemigration

    * Fix

commit a29ee71
Author: nathannascimentozup <65020170+nathannascimentozup@users.noreply.github.com>
Date:   Wed Dec 2 10:06:03 2020 -0300

    Adding support for root path horusec-config file (#161)

    * Fixing abs path for horusec-config.json

    * Adding config path flag

    * Adding inputs package

    * Removing uncessary code

    * Removing config flag

commit 1acf85b
Author: nathanmartinszup <63246935+nathanmartinszup@users.noreply.github.com>
Date:   Tue Dec 1 13:32:51 2020 -0300

    Updating validate email url (#169)

commit 2765a44
Author: nathanmartinszup <63246935+nathanmartinszup@users.noreply.github.com>
Date:   Mon Nov 30 16:23:49 2020 -0300

    Adding stable version to migrate (#167)

* Settings screen (#137)

* Added option in side menu to access the settings screen

* Structure of settings screen

* Add dialog to change informations of account

* Add modal to change password

* Fixing auth service cors

* Added integration with api to update email and username

* Added option to delete account

* Updating auth cors

* Fixing account update

* Fixing account update

* Finalizing delete account flow

* Add service to change password

* Added message for error in same password when change it

* Fixing auth

* Update logic to update user and pass

* Fixing patch

* Add rule to view te screen something when authType is a default

* Fixing coverage auth

* Fixing fmt lint

Co-authored-by: Nathan Tavares Nascimento <nathan.nascimento@zup.com.br>
Co-authored-by: nathan <nathan.martins@zup.com.br>
Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>

* Merge with master

* Feature/flawfinder (#171)

* Adding flawfinder c analysis tool

* Adding formatter for flawfinder

* Fixing commit authors in flawfinder

* Adding license

* Updating docs and adding unity tests

* Adding c++ in doc

* Fixing auth grpc

Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>

* Update README.md

* Added rules when the the option of broker service is disabled in backend (#175)

Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>

* Feature/phpcs (#177)

* Adding flawfinder c analysis tool

* Adding formatter for flawfinder

* Fixing commit authors in flawfinder

* Adding license

* Updating docs and adding unity tests

* Adding c++ in doc

* Adding phpcs dockerfile

* Fixing auth grpc

* Adding php phpcs security tool

* Adding missing unity tests and fixing lint

* =Fixing git blame and updating docs

* Fixing lint error

* Fixing readme

Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>

* Bugfix/improving-grpc-logs (#178)

* Adding log for received grpc requests

* Improving midlewares errors

* Fixing error when load the donut chart with empty data (#179)

* Add headers dynamic to send on request (#182)

* Add headers dynamic to send on request

* Adding unit test

* Fix fmt lint

* Update doc

* Update doc

* Fix test

* Updating Authorization header to X-Horusec-Authorization (#183)

* Updating Authorization header to X-Horusec-Authorization

* Updating token in refresh function

* Fixing pipeline

* Adjusting colors of svg icons and add new webhook icon (#184)

* Fixing clear inputs when create new webhook (#185)

* [skip ci] update versioning file

Co-authored-by: nathanmartinszup <63246935+nathanmartinszup@users.noreply.github.com>
Co-authored-by: Wilian Gabriel <63816070+wiliansilvazup@users.noreply.github.com>
Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>
Co-authored-by: nathannascimentozup <65020170+nathannascimentozup@users.noreply.github.com>
Co-authored-by: Horusec <horusec@zup.com.br>
Co-authored-by: nathan <nathan.martins@zup.com.br>
Co-authored-by: Nathan Tavares Nascimento <nathan.nascimento@zup.com.br>
Co-authored-by: Gleyton Lima <GleytonLima@users.noreply.github.com>
  • Loading branch information
@lucasbrunozup @nathanmartinszup
@wiliansilvazup @nathannascimentozup @horusec @GleytonLima
9 people authored Dec 8, 2020
1 parent edbb4fb commit 2a98dc4
Show file tree
Hide file tree
Showing 146 changed files with 6,383 additions and 852 deletions.
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ coverage-horusec-analytic:
deployments/scripts/coverage.sh 98 "./horusec-analytic"
coverage-horusec-auth:
chmod +x deployments/scripts/coverage.sh
deployments/scripts/coverage.sh 97 "./horusec-auth"
deployments/scripts/coverage.sh 96 "./horusec-auth"
coverage-horusec-webhook:
chmod +x deployments/scripts/coverage.sh
deployments/scripts/coverage.sh 99 "./horusec-webhook"
Expand Down
6 changes: 5 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,8 +62,10 @@ Currently, performance analysis consists of:
* [GitLeaks][Gitleaks]
* PHP
* [Semgrep][Semgrep]
* C
* [PHPCS][PHPCS]
* C/C++
* [Semgrep][Semgrep]
* [Flawfinder][Flawfinder]
* HTML
* [Semgrep][Semgrep]
* JSON
Expand Down Expand Up @@ -185,3 +187,5 @@ This project exists thanks to all the [contributors]((https://github.com/ZupIT/h
[SecuriyCodeScan]: https://security-code-scan.github.io/
[Semgrep]: https://github.com/returntocorp/semgrep
[EsLint]: https://github.com/eslint/eslint
[Flawfinder]: https://github.com/david-a-wheeler/flawfinder
[PHPCS]: https://github.com/FloeDesignTechnologies/phpcs-security-audit
4 changes: 4 additions & 0 deletions deployments/dockerfiles/flawfinder/.semver.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
alpha: 0
beta: 0
rc: 0
release: v1.0.0
18 changes: 18 additions & 0 deletions deployments/dockerfiles/flawfinder/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# Copyright 2020 ZUP IT SERVICOS EM TECNOLOGIA E INOVACAO SA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

FROM python:3.7-alpine

RUN apk add --no-cache git bash
RUN pip install flawfinder
4 changes: 4 additions & 0 deletions deployments/dockerfiles/phpcs/.semver.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
alpha: 0
beta: 0
rc: 0
release: v1.0.0
25 changes: 25 additions & 0 deletions deployments/dockerfiles/phpcs/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
# Copyright 2020 ZUP IT SERVICOS EM TECNOLOGIA E INOVACAO SA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

FROM php:7.4-alpine

RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer

RUN composer global config bin-dir /usr/local/bin

RUN composer global require "squizlabs/php_codesniffer=*"

RUN composer require --dev pheromone/phpcs-security-audit

RUN phpcs --config-set installed_paths /vendor/pheromone/phpcs-security-audit/Security
10 changes: 9 additions & 1 deletion deployments/scripts/update-image-tool.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,14 @@ getDirectoryAndImageNameByToolName () {
IMAGE_NAME="horuszup/eslint"
DIRECTORY_CONFIG="$CURRENT_FOLDER/horusec-cli/internal/services/formatters/javascript/eslint/config.go"
DIRECTORY_SEMVER="$CURRENT_FOLDER/deployments/dockerfiles/eslint";;
"phpcs")
IMAGE_NAME="horuszup/horusec-phpcs"
DIRECTORY_CONFIG="$CURRENT_FOLDER/horusec-cli/internal/services/formatters/php/phpcs/config.go"
DIRECTORY_SEMVER="$CURRENT_FOLDER/deployments/dockerfiles/phpcs";;
"flawfinder")
IMAGE_NAME="horuszup/horusec-flawfinder"
DIRECTORY_CONFIG="$CURRENT_FOLDER/horusec-cli/internal/services/formatters/c/flawfinder/config.go"
DIRECTORY_SEMVER="$CURRENT_FOLDER/deployments/dockerfiles/flawfinder";;
"horusec-nodejs")
IMAGE_NAME="horuszup/horusec-nodejs"
DIRECTORY_CONFIG="$CURRENT_FOLDER/horusec-cli/internal/services/formatters/javascript/horusecnodejs/config.go"
Expand All @@ -111,7 +119,7 @@ getDirectoryAndImageNameByToolName () {
DIRECTORY_SEMVER="$CURRENT_FOLDER/horusec-kubernetes";;
*)
echo "Param Tool Name is invalid, please use the examples bellow allowed and try again!"
echo "Params Tool Name allowed: bandit, brakeman, gitleaks, gosec, npmaudit, safety, securitycodescan, hcl, spotbugs, horusec-kotlin, horusec-java, horusec-leaks, horusec-csharp, horusec-nodejs, horusec-kubernetes"
echo "Params Tool Name allowed: bandit, brakeman, gitleaks, gosec, npmaudit, safety, securitycodescan, hcl, spotbugs, horusec-kotlin, horusec-java, horusec-leaks, horusec-csharp, horusec-nodejs, horusec-kubernetes, phpcs, flawfinder"
exit 1;;
esac
}
Expand Down
9 changes: 8 additions & 1 deletion development-kit/pkg/databases/relational/repository/account/account.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ type IAccount interface {
GetByAccountID(accountID uuid.UUID) (*authEntities.Account, error)
GetByEmail(email string) (*authEntities.Account, error)
Update(account *authEntities.Account) error
UpdatePassword(account *authEntities.Account) error
GetByUsername(username string) (*authEntities.Account, error)
DeleteAccount(accountID uuid.UUID) error
}
Expand Down Expand Up @@ -61,7 +62,13 @@ func (a *Account) GetByEmail(email string) (*authEntities.Account, error) {

func (a *Account) Update(account *authEntities.Account) error {
account.SetUpdatedAt()
return a.databaseWrite.Update(account.ToMap(), map[string]interface{}{"account_id": account.AccountID},
return a.databaseWrite.Update(account.ToUpdateMap(), map[string]interface{}{"account_id": account.AccountID},
account.GetTable()).GetError()
}

func (a *Account) UpdatePassword(account *authEntities.Account) error {
account.SetUpdatedAt()
return a.databaseWrite.Update(account.ToUpdatePasswordMap(), map[string]interface{}{"account_id": account.AccountID},
account.GetTable()).GetError()
}

Expand Down
4 changes: 2 additions & 2 deletions development-kit/pkg/engines/leaks/analysis/analysis_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ func TestAnalysis_StartAnalysis(t *testing.T) {
data := []engine.Finding{}
_ = json.Unmarshal(fileBytes, &data)
assert.NoError(t, os.RemoveAll(configs.GetOutputFilePath()))
assert.Equal(t, len(data), 17)
assert.Equal(t, len(data), 19)
})
t.Run("Should return success when read analysis and return two vulnerabilities", func(t *testing.T) {
configs := config.NewConfig()
Expand Down Expand Up @@ -117,6 +117,6 @@ func TestAnalysis_StartRegularAnalysis(t *testing.T) {
vulnCounter++
}
}
assert.Equal(t, vulnCounter, 10)
assert.Equal(t, 12, vulnCounter)
})
}
54 changes: 54 additions & 0 deletions development-kit/pkg/entities/analyser/c/result.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
// Copyright 2020 ZUP IT SERVICOS EM TECNOLOGIA E INOVACAO SA
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package c

import (
"fmt"
"github.com/ZupIT/horusec/development-kit/pkg/enums/severity"
"strconv"
"strings"
)

type Result struct {
File string `json:"file"`
Line string `json:"line"`
Column string `json:"column"`
Level string `json:"level"`
Warning string `json:"warning"`
Suggestion string `json:"suggestion"`
Note string `json:"note"`
Context string `json:"context"`
}

func (r *Result) GetDetails() string {
return fmt.Sprintf("%s %s %s", r.Warning, r.Suggestion, r.Note)
}

func (r *Result) GetSeverity() severity.Severity {
level, _ := strconv.Atoi(r.Level)
if level <= 2 {
return severity.Low
}

if level >= 3 && level <= 4 {
return severity.Medium
}

return severity.High
}

func (r *Result) GetFilename() string {
return strings.ReplaceAll(r.File, "./", "")
}
82 changes: 82 additions & 0 deletions development-kit/pkg/entities/analyser/c/result_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
package c

import (
"github.com/ZupIT/horusec/development-kit/pkg/enums/severity"
"github.com/stretchr/testify/assert"
"testing"
)

func TestGetDetails(t *testing.T) {
result := &Result{
Warning: "test",
Suggestion: "test",
Note: "test",
}

t.Run("should success get details", func(t *testing.T) {
details := result.GetDetails()

assert.NotEmpty(t, details)
assert.Equal(t, "test test test", details)
})

}

func TestGetSeverity(t *testing.T) {
result := &Result{
Level: "0",
}

t.Run("should get severity low", func(t *testing.T) {
assert.Equal(t, severity.Low, result.GetSeverity())

result.Level = "1"
assert.Equal(t, severity.Low, result.GetSeverity())

result.Level = "2"
assert.Equal(t, severity.Low, result.GetSeverity())
})

t.Run("should get severity medium", func(t *testing.T) {
result.Level = "3"
assert.Equal(t, severity.Medium, result.GetSeverity())

result.Level = "4"
assert.Equal(t, severity.Medium, result.GetSeverity())

result.Level = "2"
assert.NotEqual(t, severity.Medium, result.GetSeverity())

result.Level = "5"
assert.NotEqual(t, severity.Medium, result.GetSeverity())
})

t.Run("should get severity high", func(t *testing.T) {
result.Level = "5"
assert.Equal(t, severity.High, result.GetSeverity())

result.Level = "6"
assert.Equal(t, severity.High, result.GetSeverity())

result.Level = "1"
assert.NotEqual(t, severity.High, result.GetSeverity())

result.Level = "4"
assert.NotEqual(t, severity.High, result.GetSeverity())
})
}

func TestGetFilename(t *testing.T) {
result := &Result{
File: "./test.c",
}

t.Run("should success get filename", func(t *testing.T) {
filename := result.GetFilename()

assert.NotEmpty(t, filename)
assert.NotContains(t, filename, "./")
assert.Equal(t, "test.c", filename)
})

}
26 changes: 26 additions & 0 deletions development-kit/pkg/entities/analyser/php/phpcs/message.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
package phpcs

import (
"strconv"
"strings"
)

type Message struct {
Message string `json:"message"`
Line int `json:"line"`
Column int `json:"column"`
Type string `json:"type"`
}

func (m *Message) GetLine() string {
return strconv.Itoa(m.Line)
}

func (m *Message) GetColumn() string {
return strconv.Itoa(m.Column)
}

func (m *Message) IsValidMessage() bool {
return m.Type == "ERROR" &&
!strings.Contains(m.Message, "This implies that some PHP code is not scanned by PHPCS")
}
52 changes: 52 additions & 0 deletions development-kit/pkg/entities/analyser/php/phpcs/message_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
package phpcs

import (
"github.com/stretchr/testify/assert"
"testing"
)

func TestGetLine(t *testing.T) {
message := &Message{
Line: 1,
}

t.Run("should success get line", func(t *testing.T) {
line := message.GetLine()

assert.NotEmpty(t, line)
assert.Equal(t, "1", line)
})
}

func TestGetColumn(t *testing.T) {
message := &Message{
Column: 1,
}

t.Run("should success get column", func(t *testing.T) {
column := message.GetColumn()

assert.NotEmpty(t, column)
assert.Equal(t, "1", column)
})
}

func TestIsValidMessage(t *testing.T) {
t.Run("should return false if invalid message", func(t *testing.T) {
message := &Message{
Message: "This implies that some PHP code is not scanned by PHPCS",
Type: "ERROR",
}

assert.False(t, message.IsValidMessage())
})

t.Run("should return true if valid message", func(t *testing.T) {
message := &Message{
Message: "",
Type: "ERROR",
}

assert.True(t, message.IsValidMessage())
})
}
5 changes: 5 additions & 0 deletions development-kit/pkg/entities/analyser/php/phpcs/result.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
package phpcs

type Result struct {
Messages []Message `json:"messages"`
}
15 changes: 15 additions & 0 deletions development-kit/pkg/entities/auth/account.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,21 @@ func (a *Account) ToMap() map[string]interface{} {
}
}

func (a *Account) ToUpdateMap() map[string]interface{} {
return map[string]interface{}{
"email": a.Email,
"username": a.Username,
"updated_at": a.UpdatedAt,
"is_confirmed": a.IsConfirmed,
}
}

func (a *Account) ToUpdatePasswordMap() map[string]interface{} {
return map[string]interface{}{
"password": a.Password,
}
}

func (a *Account) IsNotApplicationAdminAccount() bool {
return !a.IsApplicationAdmin
}
Loading

0 comments on commit 2a98dc4

Please sign in to comment.