Javascritpt eslint security #146
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nathannascimentozup
requested review from
igorreiszup,
lucasbrunozup,
nathanmartinszup and
wiliansilvazup
as code owners
wiliansilvazup
added
the
kind/enhancement
wiliansilvazup
approved these changes
Nov 19, 2020
…to feature/eslint-sec-scan
nathannascimentozup
changed the title
horusec-cli/internal/services/formatters/javascript/eslint/config.go
Outdated
Show resolved
Hide resolved
wiliansilvazup
approved these changes
Nov 20, 2020
wiliansilvazup
added a commit
that referenced
this pull request
Nov 23, 2020
* feature/automatic-csproj (#23) * adding dynamic detection of csproj, yarn.lock, package-lock.json and requirements.txt * file path by ext unity tests * Template email of organization invited (#22) * e-mail Added the template of e-mail to a user is invited to the organization * Fixing go lint * 🔒 The screen dashboard of organization is visible something the admin users (#26) * Organizing i18n values in frontend (#30) * Rewrite i18n values for external pages and dashsboard screen * Adjusting i18 values in repositories screen * 🛠️ Adjusting redirect routes when the call is external of manager (#19) * Hotfix/fixing redirect and output bigger (#21) * Fixing redirect in email template reset-password * Fixing code output when exists many content and bad read * Fixing fmt and set total output to down * Hotfix/unique names (#28) * Adding unique names migration * Adding validations to unique names and unity tests * Fixing swagger in horusec-analytics (#27) * Add i18n values to enUS Co-authored-by: Wilian Gabriel <63816070+wiliansilvazup@users.noreply.github.com> Co-authored-by: nathanmartinszup <63246935+nathanmartinszup@users.noreply.github.com> * Removing fields type, vulnerableBellow and version from Vulnerability (#24) * Removing fields type, vulnerableBellow and version from Vulnerability * Fixing e2e and unit testss * Change pipeline to use docker-compose * Fixing docker-compose.test * Fixing deployment * Fixing compose * Merge master into develop (#36) * 🛠️ Adjusting redirect routes when the call is external of manager (#19) * Hotfix/fixing redirect and output bigger (#21) * Fixing redirect in email template reset-password * Fixing code output when exists many content and bad read * Fixing fmt and set total output to down * Hotfix/unique names (#28) * Adding unique names migration * Adding validations to unique names and unity tests * Fixing swagger in horusec-analytics (#27) * Hotfix/change images generate token (#31) * Change images to generate token * Adding gif usage horusec * Adding gif usage horusec Co-authored-by: Lucas Bruno <69604366+lucasbrunozup@users.noreply.github.com> Co-authored-by: nathanmartinszup <63246935+nathanmartinszup@users.noreply.github.com> * Adding company role in get all companies (#33) * Adding company role in get all companies * Adding unity tests * Tokens of organization (#32) * 🔑 Handler tokens of organization * 🛡️ Added rules in manager organizations * Not found screen (#34) * 👷 Initial structure to not found page * 👌 Finalizing page of not found * 🔙 Added option to back to organization screen when in home page * 🔨 Fixing version in package json * Fixing error in unique company name not necessary, and removings wrong constraints in database (#38) * [skip ci] update versioning file * Added component of pagination (#47) * CLI docker image (#25) * Adding cli dockerfile * Adding horusec as entrypoint * Removing docker from image * Adding docker-entrypoint * Using docker dind * Downgrade docker dind * Using entrypoint * Renaming entrypoint to horusec-cli * Updating documentation * Adding license * Updating vendor Co-authored-by: Horusec <horusec@zup.com.br> * 💅 Adjusting button dialog styles, scrollbar and select component (#48) * Adjusting the texts in portugueses (#52) * ✅ Added option to success message from flash message component and added in all handlers (#53) * Feature/create repository cli (#55) * Create repository by cli flag, update list repository to list all repositories to company admin * Adding tests and validation to list all repositories of company if i am admin * Removing duplicated code to list repositories to company admin * Removing unnecessary unity test * Fixing unity tests and adding middleware to company admin * Adding missing test * Updating analytic routes by repository to accept admins of company * Fixing broken e2e tests Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> * Frontend false positive (#54) * Initial strucute for false positive screen * Finished false posite screen and add supervisor role * Implementing false-positive and risk accept (#35) * Change struct of analysis * Fixing fmt lint entity and create migration files * Adding get all dto and method * Fixing migration * Adding base management repository * Adding get all vuln management data * Adding management repository unity tests * adding management controller get all * adding get all management data * adding management handler unity tests * Adding update method in repository * Adding update method in controller * adding management handler put * Adding management handler unity tests * Fixing create analysis * Adding app sec role * Fixing list vuln management error where vulns are duplicating, fixing swagger errors * Removing unnecessary nolint and improving code * Fixing to send analysis correctly to horusec-api * Adding separated api to update status and type * Adding new vulnerability status and type enums * Fixing lint * Fixing lint errors * Removing status and updating apis * Updating migration * Fixing output to show vulnerability to fix * Fixing lint and project errors * Fixing management unit tests * Fixing errors in list vulns * Fixing some type errors * Updating output to print false positive and risk accept * Start fixing tests * Fixing tests * Fixing vulnerabilities unity tests * Fixing analytic queries * Fixing tests * Fixing analytic repositoty unit tests * Adding tests on cli * Adding more content * Fixing hash generator * Fixing hash generator * Fixing vulnerability test * Adding devkit entities and types units tests * Adding Unit tests * Adding unit tests * Fixing license * Adding analysis tests * Fixing lint * fixing e2e tests * Updating e2e tests * Fixing tests in repository * FIxing fmt lint * Parse horusec analysis response correctly * Fixing lint * Fixing errors in vulns details * Fixing e2e test * Updating api cors * Updating cors Co-authored-by: nathan <nathan.martins@zup.com.br> Co-authored-by: lucas.bruno <lucas.bruno@zup.com.br> * Fixing wrong text in output * Bugfix/false positive (#58) * Fixing supervisor middleware validation to company admins * Fixing load data in vulnerabilities table * Fixing false positive in CLI * Updating swagger * Fixing docs * Fixing lint Co-authored-by: lucas.bruno <lucas.bruno@zup.com.br> Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> * Fixing regex d34b3ba5-b988-4a0f-9344-467274cd98be (#59) * Removing deprecated manager (#60) * Fixing security pipeline in horusec (#61) * Fixing security pipeline in horusec * Fixing security pipeline in horusec * Fixing security pipeline in horusec * Fixing security pipeline in horusec * Fixing readme cli * Fixing readme cli * Update README.md * Update README.md * Change filter to receive Severity and remove Type (#64) * Feature/improving false positive (#66) * Adding order by severity and type * Adding filter by type * Fixing lint errors and adding unity tests * Fixing order by error * Updating swagger * Fixing fmt errors * [Frontend] Improvements false positive (#67) * Added new filter in false positive screen * Added success messages * Added tag with color in severity * List vulnerabilities in management screen to repository members (#68) * [Frontend] - Improvements false positive (#69) * Added new filter in false positive screen * Added success messages * Added tag with color in severity * Removing supervisor role in company * Added permission to handler repository * Migration deploy hook (#65) * Adding migration dockerfile * Improving migration dockerfile * Using env in migration * Adding migration template * Fixing migration template * Adding migration image script * Updating helm hook * Fixing mingration version * Fixing service image script builder Co-authored-by: Horusec <horusec@zup.com.br> * Adding api to delete account and permissions (#85) * Adding api to delete account and permissions * Adding license in docs * Adding jwt auth middleware in delete account * Feature/horusec auth (#62) * Adding horusec auth base project * Adding auth handler, with auth types enum and credetials * Finishing handlers and adding auth controller with factory by type * Change filter to receive Severity and remove Type * Adding missing unity tests in devkit * Adding auth handler tests * Adding swagger, updating router and configs * Fixing lint and tests * Adding horus service authenticate method * Adding authorize handler * Updating auth interface * Adding postgres read * Adding keycloak service auth and keycloak shared service * Adding unit test * Adding horusec roles enum * Fixing return * Adding validation to authorize by horus roles * Renaming packges to horusec * Fixing some horusec name errors and unity tests * Removing nolint and improving code * Renaming file to horusec * Adding create user from keycloak token * Adding create user from keycloak token * Adding create user from keycloak token * Adding horusec service unity testes * Adding auth controller unity tests and updating mocks * Adding auth in compose and fixing docs * Adding auth in compose and fixing docs * Updating health check * Fixing lint * Fixing keycloak unity tests * Adding unit tests * Adding unit tests * Updating middlewares to use auth service * Fixing auth type * Fixing tests fmt lint * Fixing tests fmt lint * Fixing Security * Improving code and adding unity tests * Adding more devkit unity tests * Adding some unit tests * Adding middleware service unity tests * Removing unnecessary test * Adding horusec auth readme * Fixing dockerfiles * Adding validation to actual auth type * Removing auth type header * Updating composes * Removing groups from authorization data * Updating account, api and analytic readme * Updating compose with auth url env var * Updating compose and compose dev * Fixing unity tests and fmt errors * Fixing auth pipeline and hashes false positives * Fixing error that token was static to accept only jwt * Addding role validation in keycloak * Fixing token size and swagger error * Removing bearer from keycloak token * Adding api to get account id by token and auth type * Chaging create account from keycloak to auth * Updating auth swagger * Improving keycloak devkit service and fixing tests * Fixing account unity tests * Fixing account unity tests in auth * Adding auth unity tests * Fixing middleware tests * Fixing fmt error * Improving interface convertion to avoid conversion error Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> * Frontend - Many authentication types (#77) * 🛸 Added fields in create company and repsitory to LDAP roules * ⚙️ Separe modules of authenticantion, and add splash animation in login screen * 🛰 Horusec default authenticator * 🔑 Add auth environment * Initialize integration with keycloack * Adjustin keycloack authentication * Add get user info in keycloack auth and adjusting logout * ⚙️ Alter service to create account from keycloak * 🛠 Adjusting styles, and settings to microfrontend integration and devcraft use * Fixing keycloack config when in other auth type, and adjusting function types * Fixing lint * 🇺🇸 Translate e-mail templates to english (#95) * Feature/application admin (#86) * Adding horusec auth base project * Adding auth handler, with auth types enum and credetials * Finishing handlers and adding auth controller with factory by type * Change filter to receive Severity and remove Type * Adding missing unity tests in devkit * Adding auth handler tests * Adding swagger, updating router and configs * Fixing lint and tests * Adding horus service authenticate method * Adding authorize handler * Updating auth interface * Adding postgres read * Adding keycloak service auth and keycloak shared service * Adding unit test * Adding horusec roles enum * Fixing return * Adding validation to authorize by horus roles * Renaming packges to horusec * Fixing some horusec name errors and unity tests * Removing nolint and improving code * Renaming file to horusec * Adding create user from keycloak token * Adding create user from keycloak token * Adding create user from keycloak token * Adding horusec service unity testes * Adding auth controller unity tests and updating mocks * Adding auth in compose and fixing docs * Adding auth in compose and fixing docs * Updating health check * Fixing lint * Fixing keycloak unity tests * Adding unit tests * Adding unit tests * Updating middlewares to use auth service * Fixing auth type * Fixing tests fmt lint * Fixing tests fmt lint * Fixing Security * Improving code and adding unity tests * Adding more devkit unity tests * Adding some unit tests * Adding middleware service unity tests * Removing unnecessary test * Adding horusec auth readme * Fixing dockerfiles * Adding validation to actual auth type * Removing auth type header * Updating composes * Removing groups from authorization data * Updating account, api and analytic readme * Updating compose with auth url env var * Updating compose and compose dev * Fixing unity tests and fmt errors * Adding application admin role * Fixing auth pipeline and hashes false positives * Adding is application admin middleware * Fixing error that token was static to accept only jwt * Addding role validation in keycloak * Fixing token size and swagger error * Adding route to show config, adding field is_super_admin, adding method to create account default super admin * Fixing to get account admin data and create with this params * Removing bearer from keycloak token * Fixing docs account * Adding route to get config of horusec-account * Adding create company with admin application * Adding api to get account id by token and auth type * Chaging create account from keycloak to auth * Updating auth swagger * Adding validation to create company if user logged is appplication admin * Fixing lint and tests * Fixing security step * Improving keycloak devkit service and fixing tests * Fixing account unity tests * Fixing account unity tests in auth * Adding auth unity tests * Fixing middleware tests * Fixing fmt lint * Fixing fmt error * Adding Application admin in auth * Fixing test * Fixing fmt and lint * Fixing horusec-config.json * Adding validation to create default user only auth type horusec * Fixing README.md in horusec-account * Improving interface convertion to avoid conversion error * Fixing fmt lint and units test * Adding more unit test * Adding more unit test * Adding more unit test * Fixing horusec-config.json * Adding more unit test * Fixing tests e2e * Fixing fmt lint * Fixing docs auth * Fixing docs horusec-account * Fixing security * Update arquitecture images * Fixing deploy service Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> * Adding return content when create account from keycloak (#98) * Adding return content when create account from keycloak * Adding return content when create account from keycloak * Adding return content when create account from keycloak * Fixing fmt and lint * Fixing unit test * Fixing integration middleware * Frontend admin application (#100) * 🗃 Alter the route to fetch config of application and save it in a localStorage * Added suport to admin application * [WIP] Feature/improving test (#99) * Adding TESTBOOK.md correclty * Adding testbook * Updating setup external dependences * Updating setup external dependences * Updating setup external dependences * Updating setup external dependences * Updating setup external dependences * Fixing horusec-config.json * Updating setup external dependences * Update e2e and account pipeline * Fixing dockerfile.dev * Fixing dockerfile account * Change compose internal to run in dev mod * Update cli pipeline * Adding new unit test * Removing old e2e tests and separate correctly e2e tests * Ignoring up vendor folder in git * Fixing e2e running * Fixing compose e2e * 🛠 Fixing method to verify admin application (#111) * Frontend environments in compose files (#110) * 🔑 Added envionments to frontend in compose files * Adjusting .env.example file with all posible values * Feature/auth grpc (#112) * Adding grpc server in auth * Adding generated proto go files * Removing unnecessary field in proto * adding grpc calls to replace http calls in midlewares * Fixing middleware tests * Updating compose and grpc config * Adding certificates options and updating readme * Updating compose files * Updating e2e compose file * Adding auth new port * Updating e2e compose * Improving error logs and lint * Fixing fmt error * Feature/improving test (#102) * Adding more e2e tests * Adding more e2e tests * Adding more tests e2e * Fixing fmt lint * Update test e2e * Update test e2e * Fixing workflow e2e * Fixing e2e running * Adding validation to restart service with up migratin * Fixing tests e2e * Fixing tests e2e * Fixing e2e * Adding e2e to check if send messages correctly * Update testbook * Fixing gomod * Starting add keycloak e2e tests * Adding Request to configure keycloak service * Adding correctly form to run tests using keycloak server * Fixing makefile * Adding tests in keycloak to validate invite user * Fixing makefile * Fixing names and docs of e2e * Removing trash of tests of analysis * Fixing e2e * Fixing e2e messages * Fixing create company * Fixing create company * Fixing e2e * Fixing e2e * Fixing e2e * Fixing e2e * Fixing e2e * Fixing e2e * Fixing e2e * Fixing keycloak compose e2e * [WIP] Ldap auth service integration (#71) * Adding horusec auth base project * Adding auth handler, with auth types enum and credetials * Finishing handlers and adding auth controller with factory by type * Change filter to receive Severity and remove Type * Adding missing unity tests in devkit * Adding auth handler tests * Adding swagger, updating router and configs * Fixing lint and tests * Adding horus service authenticate method * Adding authorize handler * Updating auth interface * Adding postgres read * Adding keycloak service auth and keycloak shared service * Adding unit test * Adding ldap client dependency * Adding horusec roles enum * Adding ldap client config * Fixing old references * Fixing return * Adding validation to authorize by horus roles * Renaming packges to horusec * Fixing some horusec name errors and unity tests * Updating ldap to implement auth service * Removing nolint and improving code * Renaming file to horusec * Adding create user from keycloak token * Adding create user from keycloak token * Adding create user from keycloak token * Adding horusec service unity testes * Adding auth controller unity tests and updating mocks * Adding auth in compose and fixing docs * Adding auth in compose and fixing docs * Updating health check * Fixing lint * Fixing keycloak unity tests * Adding unit tests * Adding unit tests * Updating middlewares to use auth service * Fixing auth type * Fixing tests fmt lint * Fixing tests fmt lint * Fixing Security * Improving code and adding unity tests * Adding more devkit unity tests * Adding some unit tests * Adding middleware service unity tests * Removing unnecessary test * Adding horusec auth readme * Fixing dockerfiles * Adding validation to actual auth type * 🛸 Added fields in create company and repsitory to LDAP roules * Removing auth type header * Adding company authz fields * Adding ldap service in the auth * Updating composes * Removing groups from authorization data * Updating account, api and analytic readme * WIP ldap authz * Updating compose with auth url env var * Updating compose and compose dev * Adding ldap company authz * Fixing unity tests and fmt errors * Adding repository authz * Adding ldap login logic * Removing ldap refresh token * ⚙️ Separe modules of authenticantion, and add splash animation in login screen * 🛰 Horusec default authenticator * 🔑 Add auth environment * Adding ldap authz migration * Adding ldap service in the handler * Fixing vendor * Fixing ldap permision migration * Removing not null constraint from account password column * Initialize integration with keycloack * Adding ldap mock * Adding ldap service * Fixing ldap service interface * Fixing auth pipeline and hashes false positives * Fixing ldap service * Improving ldap service * Improving ldap service * Improving ldap service * Improving ldap service package name * Improving ldap client service * Fixing lint problems * Fixing error that token was static to accept only jwt * Addding role validation in keycloak * Fixing token size and swagger error * Adjustin keycloack authentication * Removing bearer from keycloak token * Add get user info in keycloack auth and adjusting logout * Testing ldap service * Improving fn name * Adding api to get account id by token and auth type * Chaging create account from keycloak to auth * Updating auth swagger * ⚙️ Alter service to create account from keycloak * Fixing mail attribute from ldap * Improving keycloak devkit service and fixing tests * Fixing account unity tests * Fixing account unity tests in auth * Adding auth unity tests * Fixing middleware tests * Fixing fmt error * Adding ldap user uid condition * Improving interface convertion to avoid conversion error * 🛠 Adjusting styles, and settings to microfrontend integration and devcraft use * Merging with the base branch * Using auth route * Fixing migration error * Removing supervisor role from company * Updating dependencies * Updating ldap service to fix get groups error * Fixing some role issues in ldap service * Adding missing ldap unity tests and improving code * Adding ldap devkit service unity tests * Fixing connnect error * Updating swagger * Updating vendor * Adding example ldap env in composes * Fixing string error in compose * Fixing lint error in account service * Removing vendor * Updating config hashes * Adding ldap service in compose * Updating auth compose * Alter the screnn of login to receiver username * Updating ldap response * Removing login horusec native from account to auth * Fixing fmt errors * Adding missing unity tests * Fixing e2e * Updating security pipeline * Updating cli pipeline and hashes * Improving authorize handler * Added integration with backend for ldap auth * Fixing companies loading * Adding ldap memoize * Adding ldap groups in repository cration and update * Fixing ldap company update * Fixing repository creation * Fixing repository update * Fixing company list return * Fixing company form with groups pre filled * Adding repository autzh fields * Adding authz fields prefilled * Fixing repository authz Company admin is mandatory for authz * Fixing wrong company role * Fixing lint * Adding application admin * Updating compose ldap host * Adding isApplicationAdmin attr in ldap authentication * Adding username in native horus authentication * Removing unecessary log in manager * Fixing company creation * Fixing repository update Co-authored-by: nathan <nathan.martins@zup.com.br> Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> Co-authored-by: Horusec <horusec@zup.com.br> Co-authored-by: lucas.bruno <lucas.bruno@zup.com.br> * Adding validation to horusec login errors (#118) * [WIP] Fixing e2e (#115) * Fixing e2e * Fixing e2e * Fixing e2e * Fixing e2e * Fixing order for run e2e * Fixing order for run e2e * Fixing order for run e2e * Fixing e2e * Fixing e2e * Tests Application admin horusec * Fixing messages validation * Fixing messages validation * Updating keycloak to login by auth * Adding jwt validation keycloak e2e * Removing authentication by auth service * Run duplicate * rollback * Comment keycloak in pipeline Co-authored-by: nathan <nathan.martins@zup.com.br> * Fixing repository authz groups (#116) * Fixing e2e * Fixing e2e * Fixing e2e * Fixing repository authz groups * Fixing repository tests * Fixing e2e * Fixing ldap service tests * Fixing order for run e2e * Fixing order for run e2e * Fixing order for run e2e * Fixing e2e * Fixing e2e * Tests Application admin horusec * Fixing messages validation * Fixing messages validation * Updating keycloak to login by auth * Adding jwt validation keycloak e2e * Removing authentication by auth service * Run duplicate * rollback * Testing repository authz groups setted by company Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> Co-authored-by: nathan <nathan.martins@zup.com.br> * Fixing compose content * Removing minimum version and adding version recommendation message (#119) * feature/auth-account-operations (#122) * Adding account operations in auth * Removing account operations from account service, improving entities strutuctre * Fixing error multiple packages * Fixing error in account middlewares and some minor issues * Updating composes with new env vars * Updating compose files and pipeline errors * Updating auth readme and auth compose * Updating messsages e2e compose * Updating auth coverage and fixing e2e messages pipeline * Updating manager to use auth service * Adjusting to view field of email to app admin when create new organiz… (#127) * Adjusting to view field of email to app admin when create new organization (#125) * Adding validation for user response when ask if run in current directory (#124) Co-authored-by: Lucas Bruno <69604366+lucasbrunozup@users.noreply.github.com> * Improving cli to print error message by line, and removing missing pa… (#126) * Improving cli to print error message by line, and removing missing packge-lock or yarn-lock as errors, fixing some misspelling * Fixing unity test * Feature/semgrep (#128) * Adding semgrep to horus cli * Adding semgrep languages, updating semprep formatter * Adding method to get severity * Fixing lint errors * Fixing cli unity tests * Improving code and adding unity tests * Changing semgrep config to use docker hub image * Updating api to accept new languages * Fixing lint errors * Adding workdir to generic scan * feature choice-tool (#132) * Adding flag to choice if user need ignore tool run in your analysis * Fixing fmt lint * Fixing hashes security * Feature/webhook (#113) * Adding base webhook service * Fixing webhook configs and docs * Adding dispatch http request via broker to destiny saved in database * Adding dispatch http request via broker to destiny saved in database * Start crud of webhook * Start crud of webhook * Adding handler of webhook * Fixing swagger * Fixing lint and handler webhook * Adding description on struct webhook * Adding description on struct webhook * Fixing docs * Adding repository and calling in controller * Adding migration script * Adding controller validations and fixing datatype JSONB in postgresql * Adding unit tests in webhook * Finish tests of webhook crud * Adding deployments and adding tests in horusec-api * Fixing lint and add health check broker * Adding helm in auth service * upgrade coverage webhook * Fixing horusec-api to not necessary up broker * Closing body in http response * Fixing http request to close body in response * Fixing units tests * Adding tests of integration of see se dispatch to destiny correctly * Fixing e2e * Adding put in cors * Adding README.md in wehbhoook * Fixing hash security * [Frontend] Webhook (#117) * Item of webhook screen in the side menu, initial structure for the screen * Added the table to render list of webhooks * Adding base webhook service * Adjusting spaces in table of webhooks list * Fixing webhook configs and docs * Adding dispatch http request via broker to destiny saved in database * Adding dispatch http request via broker to destiny saved in database * Added modal to add new webhook * Start crud of webhook * Start crud of webhook * Adjusting spaces of text input * Adding handler of webhook * Fixing swagger * Fixing lint and handler webhook * Adding description on struct webhook * Adding description on struct webhook * Fixing docs * Adding repository and calling in controller * Adding migration script * Add Webhook interface and adjust method http select in create new webhook * Adding controller validations and fixing datatype JSONB in postgresql * Adding unit tests in webhook * Finish tests of webhook crud * Adding deployments and adding tests in horusec-api * Fixing lint and add health check broker * Adding helm in auth service * upgrade coverage webhook * Fixing horusec-api to not necessary up broker * Closing body in http response * Fixing http request to close body in response * Fixing units tests * Adding tests of integration of see se dispatch to destiny correctly * Fixing e2e * Adding put in cors * Added delete and edit webhook * Fixing lint * Adjusting role for webhook screen * Adding README.md in wehbhoook Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> Co-authored-by: Nathan Tavares Nascimento <nathan.nascimento@zup.com.br> * Fixing auth cors (#133) * Update account username and email (#135) * Adding update account handler * Adding update account feature * Fixing account controller interface * Fixing account controller mock * Fixing account update handler * Fixing lint * Adding handler test * Adding updation validate * Testing update account handler * Improving update account controller * Testing update account controller * Adding vuln as risk accepeted hash 45aa5c46df5ba51d7e59da826544412352c189a6acf5707f941922181c94f989 * Repository form authz groups (#134) * Adding repository groups from company * Adding repository creation groups inital value * Update pt-br.json (#139) Fixed typo in text. * Feature/horusec-csharp (#131) * Adding base horusec csharp cli * Adding csharp rules structure * Fixing security hashes * Adding horusec csharp cli injetion rules * Adding others rules * Adding sql injection linq rule * Update leaks with set pwd * Update make file and adding pipeline of horusec-csharp * Adding password validation * Adding sql injection rules in csharp cli * Adding rules of cookies, view state * Fixing errors * Adding some cryptography rules to csharp cli * Fixing total rules csharp * Adding weak cipher rules * Adding more rules of csharp * Fixing test * Adding more csharp rules * add NewCsharpRegularDebugBuildEnabled * add NewCsharpRegularDebugBuildEnabled * Adding custom errors disabled rule * Adding rules csharp * Adding rule vulnerable package reference * Adding rule jwt signature validation disabled * Add cors allow origin wildcard rules * Adding NewCsharpAndFormsAuthenticationCookielessMode * Adding regular anti forgery token rule * Adding form validations * Adding missing authorize attribute rule * Adding rules of xml in csharp * Fix test * Adding more csharp rules * Adding password lockout disabled rule * Adding more rules in csharp of cookies and assinatures * Adding cross site rules * Weak password rule * Adding ldap injection filter rule * Adding more rules in csharp * Adding more rules in csharp * Adding more rules in csharp * Adding ldap injection rules * Adding more rules in csharp * Adding csharp in deployments to up version * Adding csharp in deployments to up version * Rename test zip to csharp * Adding horusec csharp cli * Change language to csharp * Adding test to check netcore is deprecated * Updating regular rules * Adding rule no log sensitive information in console * Fix conflict * Fixing error removing old regular expressions * Update weak rsa key length * Removing deplicated rule * Fixing rules of java min 128 bits in key generator * Adding unit tests in csharp engine * Fixing fmt lint * Fixing test * Fixing test * Adding readme.md in horusec-csharp * Update README.md * Fixing tests * Merge and update doc Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> Co-authored-by: Wilian Gabriel <63816070+wiliansilvazup@users.noreply.github.com> * Removing Landing Page (#141) * Adding eslint dockerfile * Change name dotnet to csharp (#144) * WIP adding eslint formatter * Update version csharp * WIP cleanup formatter code * Wip adding eslint formatter docker execution * Adding analyser eslint formatter * Fixing eslint configuration * Adding eslint security rules config * Improving eslint formatter * Adding eslint output struct * Adding eslint results into analysis * Adding eslint javascript analyse * Feature/update docs (#140) * Update composes and check if are go pass in pipeline * Fixing env wrong * Update docs * Fix docs * Adding estlint image script * Adding eslint tool in deploy workflow * Fixing eslint tool name * Updating ignore tool flag description * Fixing lint problem * Fixing eslint file pattern * Testing eslint formatter * Testing eslint formatter * Adding eslint scan in readme * Fixing code sample length * Fixing eslint config * Removing eslint object injection * Feature/horusec nodejs (#143) * Adding base of horusec nodejs * Merge with develop * Adding Horusec-NodeJS in CLI * Fixing fmt lint * Adding initial rules for sql injection, xss, others * Fixing fmtg * Adding rules of cripto in nodejs * Adding some vulnerabilities in nodejs * Fixing total vuln nodejs * Adding more rules injection in nodejs * Adding rules of http-proxy, no log, ip address, others * Adding more rules in nodejs * Fixing fmt lint * Fixing docs * Fixing name * Fixing tests fmt lint * Adding jsx e tsx * Fixing sql injection query * Update no log sensitive information * Update no log sensitive information * Fixing total found in nodejs * Adding docs * Feature/k8s cli (#148) * Adding some kubernetes rules * Adding kubernetes cli * Updating docs * Adding horusec kubernetes cli in make file * Adding kubernetes cli in horusec cli * Updating go modules Co-authored-by: Nathan Tavares Nascimento <nathan.nascimento@zup.com.br> * Update deploy-cli-tools.yml * Update update-image-tool.sh * Adding docs kubernetes (#149) * Adding docs kubernetes * Fixing readme * Update image nodejs and kubernetes * Updating analysis cli images Co-authored-by: nathan <nathan.martins@zup.com.br> * Adding eslint in analysis slice * Fixing eslint config * Javascritpt eslint security (#146) * Adding eslint dockerfile * WIP adding eslint formatter * WIP cleanup formatter code * Wip adding eslint formatter docker execution * Adding analyser eslint formatter * Fixing eslint configuration * Adding eslint security rules config * Improving eslint formatter * Adding eslint output struct * Adding eslint results into analysis * Adding eslint javascript analyse * Adding estlint image script * Adding eslint tool in deploy workflow * Fixing eslint tool name * Updating ignore tool flag description * Fixing lint problem * Fixing eslint file pattern * Testing eslint formatter * Testing eslint formatter * Adding eslint scan in readme * Fixing code sample length * Fixing eslint config * Removing eslint object injection * Adding eslint in analysis slice * Fixing eslint config Co-authored-by: Wilian Gabriel <63816070+wiliansilvazup@users.noreply.github.com> * Fixing eslint extensions * Fixing eslint file paht * Fixing generics bugs (#150) * Adding typescript vulnerabilities separated * Adding validation to not dispatch typescript in js * Adding node js cli in validation * Fixing lint error * Fixing unity test * Fixing tsx and jsx run in javascript * Fix fmt * Fixing versions * Fixing auth cors * Fixing log very sensitive in csharp * Update version of leaks * Update version of leaks * Fixing test * Update analyser to log not existing hash * Update analyser to log not existing hash * Fixing version eslint * Fixing vuln in frontend * Fixing lint manager * Fixing horusec-config * Fix lint Co-authored-by: nathan <nathan.martins@zup.com.br> * Downgrade severity no use localstorage * Adding files license * Adding yaml license * Added INFO severity and add colors of languages (#152) * Update README.md * [skip ci] update versioning file * [skip ci] update versioning file * [skip ci] update versioning file Co-authored-by: Lucas Bruno <69604366+lucasbrunozup@users.noreply.github.com> Co-authored-by: Wilian Gabriel <63816070+wiliansilvazup@users.noreply.github.com> Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> Co-authored-by: nathannascimentozup <65020170+nathannascimentozup@users.noreply.github.com> Co-authored-by: Horusec <horusec@zup.com.br> Co-authored-by: lucas.bruno <lucas.bruno@zup.com.br> Co-authored-by: Nathan Tavares Nascimento <nathan.nascimento@zup.com.br> Co-authored-by: Gleyton Lima <GleytonLima@users.noreply.github.com>
wiliansilvazup
added a commit
that referenced
this pull request
Dec 8, 2020
* feature/automatic-csproj (#23) * adding dynamic detection of csproj, yarn.lock, package-lock.json and requirements.txt * file path by ext unity tests * Template email of organization invited (#22) * e-mail Added the template of e-mail to a user is invited to the organization * Fixing go lint * 🔒 The screen dashboard of organization is visible something the admin users (#26) * Organizing i18n values in frontend (#30) * Rewrite i18n values for external pages and dashsboard screen * Adjusting i18 values in repositories screen * 🛠️ Adjusting redirect routes when the call is external of manager (#19) * Hotfix/fixing redirect and output bigger (#21) * Fixing redirect in email template reset-password * Fixing code output when exists many content and bad read * Fixing fmt and set total output to down * Hotfix/unique names (#28) * Adding unique names migration * Adding validations to unique names and unity tests * Fixing swagger in horusec-analytics (#27) * Add i18n values to enUS Co-authored-by: Wilian Gabriel <63816070+wiliansilvazup@users.noreply.github.com> Co-authored-by: nathanmartinszup <63246935+nathanmartinszup@users.noreply.github.com> * Removing fields type, vulnerableBellow and version from Vulnerability (#24) * Removing fields type, vulnerableBellow and version from Vulnerability * Fixing e2e and unit testss * Change pipeline to use docker-compose * Fixing docker-compose.test * Fixing deployment * Fixing compose * Merge master into develop (#36) * 🛠️ Adjusting redirect routes when the call is external of manager (#19) * Hotfix/fixing redirect and output bigger (#21) * Fixing redirect in email template reset-password * Fixing code output when exists many content and bad read * Fixing fmt and set total output to down * Hotfix/unique names (#28) * Adding unique names migration * Adding validations to unique names and unity tests * Fixing swagger in horusec-analytics (#27) * Hotfix/change images generate token (#31) * Change images to generate token * Adding gif usage horusec * Adding gif usage horusec Co-authored-by: Lucas Bruno <69604366+lucasbrunozup@users.noreply.github.com> Co-authored-by: nathanmartinszup <63246935+nathanmartinszup@users.noreply.github.com> * Adding company role in get all companies (#33) * Adding company role in get all companies * Adding unity tests * Tokens of organization (#32) * 🔑 Handler tokens of organization * 🛡️ Added rules in manager organizations * Not found screen (#34) * 👷 Initial structure to not found page * 👌 Finalizing page of not found * 🔙 Added option to back to organization screen when in home page * 🔨 Fixing version in package json * Fixing error in unique company name not necessary, and removings wrong constraints in database (#38) * [skip ci] update versioning file * Added component of pagination (#47) * CLI docker image (#25) * Adding cli dockerfile * Adding horusec as entrypoint * Removing docker from image * Adding docker-entrypoint * Using docker dind * Downgrade docker dind * Using entrypoint * Renaming entrypoint to horusec-cli * Updating documentation * Adding license * Updating vendor Co-authored-by: Horusec <horusec@zup.com.br> * 💅 Adjusting button dialog styles, scrollbar and select component (#48) * Adjusting the texts in portugueses (#52) * ✅ Added option to success message from flash message component and added in all handlers (#53) * Feature/create repository cli (#55) * Create repository by cli flag, update list repository to list all repositories to company admin * Adding tests and validation to list all repositories of company if i am admin * Removing duplicated code to list repositories to company admin * Removing unnecessary unity test * Fixing unity tests and adding middleware to company admin * Adding missing test * Updating analytic routes by repository to accept admins of company * Fixing broken e2e tests Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> * Frontend false positive (#54) * Initial strucute for false positive screen * Finished false posite screen and add supervisor role * Implementing false-positive and risk accept (#35) * Change struct of analysis * Fixing fmt lint entity and create migration files * Adding get all dto and method * Fixing migration * Adding base management repository * Adding get all vuln management data * Adding management repository unity tests * adding management controller get all * adding get all management data * adding management handler unity tests * Adding update method in repository * Adding update method in controller * adding management handler put * Adding management handler unity tests * Fixing create analysis * Adding app sec role * Fixing list vuln management error where vulns are duplicating, fixing swagger errors * Removing unnecessary nolint and improving code * Fixing to send analysis correctly to horusec-api * Adding separated api to update status and type * Adding new vulnerability status and type enums * Fixing lint * Fixing lint errors * Removing status and updating apis * Updating migration * Fixing output to show vulnerability to fix * Fixing lint and project errors * Fixing management unit tests * Fixing errors in list vulns * Fixing some type errors * Updating output to print false positive and risk accept * Start fixing tests * Fixing tests * Fixing vulnerabilities unity tests * Fixing analytic queries * Fixing tests * Fixing analytic repositoty unit tests * Adding tests on cli * Adding more content * Fixing hash generator * Fixing hash generator * Fixing vulnerability test * Adding devkit entities and types units tests * Adding Unit tests * Adding unit tests * Fixing license * Adding analysis tests * Fixing lint * fixing e2e tests * Updating e2e tests * Fixing tests in repository * FIxing fmt lint * Parse horusec analysis response correctly * Fixing lint * Fixing errors in vulns details * Fixing e2e test * Updating api cors * Updating cors Co-authored-by: nathan <nathan.martins@zup.com.br> Co-authored-by: lucas.bruno <lucas.bruno@zup.com.br> * Fixing wrong text in output * Bugfix/false positive (#58) * Fixing supervisor middleware validation to company admins * Fixing load data in vulnerabilities table * Fixing false positive in CLI * Updating swagger * Fixing docs * Fixing lint Co-authored-by: lucas.bruno <lucas.bruno@zup.com.br> Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> * Fixing regex d34b3ba5-b988-4a0f-9344-467274cd98be (#59) * Removing deprecated manager (#60) * Fixing security pipeline in horusec (#61) * Fixing security pipeline in horusec * Fixing security pipeline in horusec * Fixing security pipeline in horusec * Fixing security pipeline in horusec * Fixing readme cli * Fixing readme cli * Update README.md * Update README.md * Change filter to receive Severity and remove Type (#64) * Feature/improving false positive (#66) * Adding order by severity and type * Adding filter by type * Fixing lint errors and adding unity tests * Fixing order by error * Updating swagger * Fixing fmt errors * [Frontend] Improvements false positive (#67) * Added new filter in false positive screen * Added success messages * Added tag with color in severity * List vulnerabilities in management screen to repository members (#68) * [Frontend] - Improvements false positive (#69) * Added new filter in false positive screen * Added success messages * Added tag with color in severity * Removing supervisor role in company * Added permission to handler repository * Migration deploy hook (#65) * Adding migration dockerfile * Improving migration dockerfile * Using env in migration * Adding migration template * Fixing migration template * Adding migration image script * Updating helm hook * Fixing mingration version * Fixing service image script builder Co-authored-by: Horusec <horusec@zup.com.br> * Adding api to delete account and permissions (#85) * Adding api to delete account and permissions * Adding license in docs * Adding jwt auth middleware in delete account * Feature/horusec auth (#62) * Adding horusec auth base project * Adding auth handler, with auth types enum and credetials * Finishing handlers and adding auth controller with factory by type * Change filter to receive Severity and remove Type * Adding missing unity tests in devkit * Adding auth handler tests * Adding swagger, updating router and configs * Fixing lint and tests * Adding horus service authenticate method * Adding authorize handler * Updating auth interface * Adding postgres read * Adding keycloak service auth and keycloak shared service * Adding unit test * Adding horusec roles enum * Fixing return * Adding validation to authorize by horus roles * Renaming packges to horusec * Fixing some horusec name errors and unity tests * Removing nolint and improving code * Renaming file to horusec * Adding create user from keycloak token * Adding create user from keycloak token * Adding create user from keycloak token * Adding horusec service unity testes * Adding auth controller unity tests and updating mocks * Adding auth in compose and fixing docs * Adding auth in compose and fixing docs * Updating health check * Fixing lint * Fixing keycloak unity tests * Adding unit tests * Adding unit tests * Updating middlewares to use auth service * Fixing auth type * Fixing tests fmt lint * Fixing tests fmt lint * Fixing Security * Improving code and adding unity tests * Adding more devkit unity tests * Adding some unit tests * Adding middleware service unity tests * Removing unnecessary test * Adding horusec auth readme * Fixing dockerfiles * Adding validation to actual auth type * Removing auth type header * Updating composes * Removing groups from authorization data * Updating account, api and analytic readme * Updating compose with auth url env var * Updating compose and compose dev * Fixing unity tests and fmt errors * Fixing auth pipeline and hashes false positives * Fixing error that token was static to accept only jwt * Addding role validation in keycloak * Fixing token size and swagger error * Removing bearer from keycloak token * Adding api to get account id by token and auth type * Chaging create account from keycloak to auth * Updating auth swagger * Improving keycloak devkit service and fixing tests * Fixing account unity tests * Fixing account unity tests in auth * Adding auth unity tests * Fixing middleware tests * Fixing fmt error * Improving interface convertion to avoid conversion error Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> * Frontend - Many authentication types (#77) * 🛸 Added fields in create company and repsitory to LDAP roules * ⚙️ Separe modules of authenticantion, and add splash animation in login screen * 🛰 Horusec default authenticator * 🔑 Add auth environment * Initialize integration with keycloack * Adjustin keycloack authentication * Add get user info in keycloack auth and adjusting logout * ⚙️ Alter service to create account from keycloak * 🛠 Adjusting styles, and settings to microfrontend integration and devcraft use * Fixing keycloack config when in other auth type, and adjusting function types * Fixing lint * 🇺🇸 Translate e-mail templates to english (#95) * Feature/application admin (#86) * Adding horusec auth base project * Adding auth handler, with auth types enum and credetials * Finishing handlers and adding auth controller with factory by type * Change filter to receive Severity and remove Type * Adding missing unity tests in devkit * Adding auth handler tests * Adding swagger, updating router and configs * Fixing lint and tests * Adding horus service authenticate method * Adding authorize handler * Updating auth interface * Adding postgres read * Adding keycloak service auth and keycloak shared service * Adding unit test * Adding horusec roles enum * Fixing return * Adding validation to authorize by horus roles * Renaming packges to horusec * Fixing some horusec name errors and unity tests * Removing nolint and improving code * Renaming file to horusec * Adding create user from keycloak token * Adding create user from keycloak token * Adding create user from keycloak token * Adding horusec service unity testes * Adding auth controller unity tests and updating mocks * Adding auth in compose and fixing docs * Adding auth in compose and fixing docs * Updating health check * Fixing lint * Fixing keycloak unity tests * Adding unit tests * Adding unit tests * Updating middlewares to use auth service * Fixing auth type * Fixing tests fmt lint * Fixing tests fmt lint * Fixing Security * Improving code and adding unity tests * Adding more devkit unity tests * Adding some unit tests * Adding middleware service unity tests * Removing unnecessary test * Adding horusec auth readme * Fixing dockerfiles * Adding validation to actual auth type * Removing auth type header * Updating composes * Removing groups from authorization data * Updating account, api and analytic readme * Updating compose with auth url env var * Updating compose and compose dev * Fixing unity tests and fmt errors * Adding application admin role * Fixing auth pipeline and hashes false positives * Adding is application admin middleware * Fixing error that token was static to accept only jwt * Addding role validation in keycloak * Fixing token size and swagger error * Adding route to show config, adding field is_super_admin, adding method to create account default super admin * Fixing to get account admin data and create with this params * Removing bearer from keycloak token * Fixing docs account * Adding route to get config of horusec-account * Adding create company with admin application * Adding api to get account id by token and auth type * Chaging create account from keycloak to auth * Updating auth swagger * Adding validation to create company if user logged is appplication admin * Fixing lint and tests * Fixing security step * Improving keycloak devkit service and fixing tests * Fixing account unity tests * Fixing account unity tests in auth * Adding auth unity tests * Fixing middleware tests * Fixing fmt lint * Fixing fmt error * Adding Application admin in auth * Fixing test * Fixing fmt and lint * Fixing horusec-config.json * Adding validation to create default user only auth type horusec * Fixing README.md in horusec-account * Improving interface convertion to avoid conversion error * Fixing fmt lint and units test * Adding more unit test * Adding more unit test * Adding more unit test * Fixing horusec-config.json * Adding more unit test * Fixing tests e2e * Fixing fmt lint * Fixing docs auth * Fixing docs horusec-account * Fixing security * Update arquitecture images * Fixing deploy service Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> * Adding return content when create account from keycloak (#98) * Adding return content when create account from keycloak * Adding return content when create account from keycloak * Adding return content when create account from keycloak * Fixing fmt and lint * Fixing unit test * Fixing integration middleware * Frontend admin application (#100) * 🗃 Alter the route to fetch config of application and save it in a localStorage * Added suport to admin application * [WIP] Feature/improving test (#99) * Adding TESTBOOK.md correclty * Adding testbook * Updating setup external dependences * Updating setup external dependences * Updating setup external dependences * Updating setup external dependences * Updating setup external dependences * Fixing horusec-config.json * Updating setup external dependences * Update e2e and account pipeline * Fixing dockerfile.dev * Fixing dockerfile account * Change compose internal to run in dev mod * Update cli pipeline * Adding new unit test * Removing old e2e tests and separate correctly e2e tests * Ignoring up vendor folder in git * Fixing e2e running * Fixing compose e2e * 🛠 Fixing method to verify admin application (#111) * Frontend environments in compose files (#110) * 🔑 Added envionments to frontend in compose files * Adjusting .env.example file with all posible values * Feature/auth grpc (#112) * Adding grpc server in auth * Adding generated proto go files * Removing unnecessary field in proto * adding grpc calls to replace http calls in midlewares * Fixing middleware tests * Updating compose and grpc config * Adding certificates options and updating readme * Updating compose files * Updating e2e compose file * Adding auth new port * Updating e2e compose * Improving error logs and lint * Fixing fmt error * Feature/improving test (#102) * Adding more e2e tests * Adding more e2e tests * Adding more tests e2e * Fixing fmt lint * Update test e2e * Update test e2e * Fixing workflow e2e * Fixing e2e running * Adding validation to restart service with up migratin * Fixing tests e2e * Fixing tests e2e * Fixing e2e * Adding e2e to check if send messages correctly * Update testbook * Fixing gomod * Starting add keycloak e2e tests * Adding Request to configure keycloak service * Adding correctly form to run tests using keycloak server * Fixing makefile * Adding tests in keycloak to validate invite user * Fixing makefile * Fixing names and docs of e2e * Removing trash of tests of analysis * Fixing e2e * Fixing e2e messages * Fixing create company * Fixing create company * Fixing e2e * Fixing e2e * Fixing e2e * Fixing e2e * Fixing e2e * Fixing e2e * Fixing e2e * Fixing keycloak compose e2e * [WIP] Ldap auth service integration (#71) * Adding horusec auth base project * Adding auth handler, with auth types enum and credetials * Finishing handlers and adding auth controller with factory by type * Change filter to receive Severity and remove Type * Adding missing unity tests in devkit * Adding auth handler tests * Adding swagger, updating router and configs * Fixing lint and tests * Adding horus service authenticate method * Adding authorize handler * Updating auth interface * Adding postgres read * Adding keycloak service auth and keycloak shared service * Adding unit test * Adding ldap client dependency * Adding horusec roles enum * Adding ldap client config * Fixing old references * Fixing return * Adding validation to authorize by horus roles * Renaming packges to horusec * Fixing some horusec name errors and unity tests * Updating ldap to implement auth service * Removing nolint and improving code * Renaming file to horusec * Adding create user from keycloak token * Adding create user from keycloak token * Adding create user from keycloak token * Adding horusec service unity testes * Adding auth controller unity tests and updating mocks * Adding auth in compose and fixing docs * Adding auth in compose and fixing docs * Updating health check * Fixing lint * Fixing keycloak unity tests * Adding unit tests * Adding unit tests * Updating middlewares to use auth service * Fixing auth type * Fixing tests fmt lint * Fixing tests fmt lint * Fixing Security * Improving code and adding unity tests * Adding more devkit unity tests * Adding some unit tests * Adding middleware service unity tests * Removing unnecessary test * Adding horusec auth readme * Fixing dockerfiles * Adding validation to actual auth type * 🛸 Added fields in create company and repsitory to LDAP roules * Removing auth type header * Adding company authz fields * Adding ldap service in the auth * Updating composes * Removing groups from authorization data * Updating account, api and analytic readme * WIP ldap authz * Updating compose with auth url env var * Updating compose and compose dev * Adding ldap company authz * Fixing unity tests and fmt errors * Adding repository authz * Adding ldap login logic * Removing ldap refresh token * ⚙️ Separe modules of authenticantion, and add splash animation in login screen * 🛰 Horusec default authenticator * 🔑 Add auth environment * Adding ldap authz migration * Adding ldap service in the handler * Fixing vendor * Fixing ldap permision migration * Removing not null constraint from account password column * Initialize integration with keycloack * Adding ldap mock * Adding ldap service * Fixing ldap service interface * Fixing auth pipeline and hashes false positives * Fixing ldap service * Improving ldap service * Improving ldap service * Improving ldap service * Improving ldap service package name * Improving ldap client service * Fixing lint problems * Fixing error that token was static to accept only jwt * Addding role validation in keycloak * Fixing token size and swagger error * Adjustin keycloack authentication * Removing bearer from keycloak token * Add get user info in keycloack auth and adjusting logout * Testing ldap service * Improving fn name * Adding api to get account id by token and auth type * Chaging create account from keycloak to auth * Updating auth swagger * ⚙️ Alter service to create account from keycloak * Fixing mail attribute from ldap * Improving keycloak devkit service and fixing tests * Fixing account unity tests * Fixing account unity tests in auth * Adding auth unity tests * Fixing middleware tests * Fixing fmt error * Adding ldap user uid condition * Improving interface convertion to avoid conversion error * 🛠 Adjusting styles, and settings to microfrontend integration and devcraft use * Merging with the base branch * Using auth route * Fixing migration error * Removing supervisor role from company * Updating dependencies * Updating ldap service to fix get groups error * Fixing some role issues in ldap service * Adding missing ldap unity tests and improving code * Adding ldap devkit service unity tests * Fixing connnect error * Updating swagger * Updating vendor * Adding example ldap env in composes * Fixing string error in compose * Fixing lint error in account service * Removing vendor * Updating config hashes * Adding ldap service in compose * Updating auth compose * Alter the screnn of login to receiver username * Updating ldap response * Removing login horusec native from account to auth * Fixing fmt errors * Adding missing unity tests * Fixing e2e * Updating security pipeline * Updating cli pipeline and hashes * Improving authorize handler * Added integration with backend for ldap auth * Fixing companies loading * Adding ldap memoize * Adding ldap groups in repository cration and update * Fixing ldap company update * Fixing repository creation * Fixing repository update * Fixing company list return * Fixing company form with groups pre filled * Adding repository autzh fields * Adding authz fields prefilled * Fixing repository authz Company admin is mandatory for authz * Fixing wrong company role * Fixing lint * Adding application admin * Updating compose ldap host * Adding isApplicationAdmin attr in ldap authentication * Adding username in native horus authentication * Removing unecessary log in manager * Fixing company creation * Fixing repository update Co-authored-by: nathan <nathan.martins@zup.com.br> Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> Co-authored-by: Horusec <horusec@zup.com.br> Co-authored-by: lucas.bruno <lucas.bruno@zup.com.br> * Adding validation to horusec login errors (#118) * [WIP] Fixing e2e (#115) * Fixing e2e * Fixing e2e * Fixing e2e * Fixing e2e * Fixing order for run e2e * Fixing order for run e2e * Fixing order for run e2e * Fixing e2e * Fixing e2e * Tests Application admin horusec * Fixing messages validation * Fixing messages validation * Updating keycloak to login by auth * Adding jwt validation keycloak e2e * Removing authentication by auth service * Run duplicate * rollback * Comment keycloak in pipeline Co-authored-by: nathan <nathan.martins@zup.com.br> * Fixing repository authz groups (#116) * Fixing e2e * Fixing e2e * Fixing e2e * Fixing repository authz groups * Fixing repository tests * Fixing e2e * Fixing ldap service tests * Fixing order for run e2e * Fixing order for run e2e * Fixing order for run e2e * Fixing e2e * Fixing e2e * Tests Application admin horusec * Fixing messages validation * Fixing messages validation * Updating keycloak to login by auth * Adding jwt validation keycloak e2e * Removing authentication by auth service * Run duplicate * rollback * Testing repository authz groups setted by company Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> Co-authored-by: nathan <nathan.martins@zup.com.br> * Fixing compose content * Removing minimum version and adding version recommendation message (#119) * feature/auth-account-operations (#122) * Adding account operations in auth * Removing account operations from account service, improving entities strutuctre * Fixing error multiple packages * Fixing error in account middlewares and some minor issues * Updating composes with new env vars * Updating compose files and pipeline errors * Updating auth readme and auth compose * Updating messsages e2e compose * Updating auth coverage and fixing e2e messages pipeline * Updating manager to use auth service * Adjusting to view field of email to app admin when create new organiz… (#127) * Adjusting to view field of email to app admin when create new organization (#125) * Adding validation for user response when ask if run in current directory (#124) Co-authored-by: Lucas Bruno <69604366+lucasbrunozup@users.noreply.github.com> * Improving cli to print error message by line, and removing missing pa… (#126) * Improving cli to print error message by line, and removing missing packge-lock or yarn-lock as errors, fixing some misspelling * Fixing unity test * Feature/semgrep (#128) * Adding semgrep to horus cli * Adding semgrep languages, updating semprep formatter * Adding method to get severity * Fixing lint errors * Fixing cli unity tests * Improving code and adding unity tests * Changing semgrep config to use docker hub image * Updating api to accept new languages * Fixing lint errors * Adding workdir to generic scan * feature choice-tool (#132) * Adding flag to choice if user need ignore tool run in your analysis * Fixing fmt lint * Fixing hashes security * Feature/webhook (#113) * Adding base webhook service * Fixing webhook configs and docs * Adding dispatch http request via broker to destiny saved in database * Adding dispatch http request via broker to destiny saved in database * Start crud of webhook * Start crud of webhook * Adding handler of webhook * Fixing swagger * Fixing lint and handler webhook * Adding description on struct webhook * Adding description on struct webhook * Fixing docs * Adding repository and calling in controller * Adding migration script * Adding controller validations and fixing datatype JSONB in postgresql * Adding unit tests in webhook * Finish tests of webhook crud * Adding deployments and adding tests in horusec-api * Fixing lint and add health check broker * Adding helm in auth service * upgrade coverage webhook * Fixing horusec-api to not necessary up broker * Closing body in http response * Fixing http request to close body in response * Fixing units tests * Adding tests of integration of see se dispatch to destiny correctly * Fixing e2e * Adding put in cors * Adding README.md in wehbhoook * Fixing hash security * [Frontend] Webhook (#117) * Item of webhook screen in the side menu, initial structure for the screen * Added the table to render list of webhooks * Adding base webhook service * Adjusting spaces in table of webhooks list * Fixing webhook configs and docs * Adding dispatch http request via broker to destiny saved in database * Adding dispatch http request via broker to destiny saved in database * Added modal to add new webhook * Start crud of webhook * Start crud of webhook * Adjusting spaces of text input * Adding handler of webhook * Fixing swagger * Fixing lint and handler webhook * Adding description on struct webhook * Adding description on struct webhook * Fixing docs * Adding repository and calling in controller * Adding migration script * Add Webhook interface and adjust method http select in create new webhook * Adding controller validations and fixing datatype JSONB in postgresql * Adding unit tests in webhook * Finish tests of webhook crud * Adding deployments and adding tests in horusec-api * Fixing lint and add health check broker * Adding helm in auth service * upgrade coverage webhook * Fixing horusec-api to not necessary up broker * Closing body in http response * Fixing http request to close body in response * Fixing units tests * Adding tests of integration of see se dispatch to destiny correctly * Fixing e2e * Adding put in cors * Added delete and edit webhook * Fixing lint * Adjusting role for webhook screen * Adding README.md in wehbhoook Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> Co-authored-by: Nathan Tavares Nascimento <nathan.nascimento@zup.com.br> * Fixing auth cors (#133) * Update account username and email (#135) * Adding update account handler * Adding update account feature * Fixing account controller interface * Fixing account controller mock * Fixing account update handler * Fixing lint * Adding handler test * Adding updation validate * Testing update account handler * Improving update account controller * Testing update account controller * Adding vuln as risk accepeted hash 45aa5c46df5ba51d7e59da826544412352c189a6acf5707f941922181c94f989 * Repository form authz groups (#134) * Adding repository groups from company * Adding repository creation groups inital value * Update pt-br.json (#139) Fixed typo in text. * Feature/horusec-csharp (#131) * Adding base horusec csharp cli * Adding csharp rules structure * Fixing security hashes * Adding horusec csharp cli injetion rules * Adding others rules * Adding sql injection linq rule * Update leaks with set pwd * Update make file and adding pipeline of horusec-csharp * Adding password validation * Adding sql injection rules in csharp cli * Adding rules of cookies, view state * Fixing errors * Adding some cryptography rules to csharp cli * Fixing total rules csharp * Adding weak cipher rules * Adding more rules of csharp * Fixing test * Adding more csharp rules * add NewCsharpRegularDebugBuildEnabled * add NewCsharpRegularDebugBuildEnabled * Adding custom errors disabled rule * Adding rules csharp * Adding rule vulnerable package reference * Adding rule jwt signature validation disabled * Add cors allow origin wildcard rules * Adding NewCsharpAndFormsAuthenticationCookielessMode * Adding regular anti forgery token rule * Adding form validations * Adding missing authorize attribute rule * Adding rules of xml in csharp * Fix test * Adding more csharp rules * Adding password lockout disabled rule * Adding more rules in csharp of cookies and assinatures * Adding cross site rules * Weak password rule * Adding ldap injection filter rule * Adding more rules in csharp * Adding more rules in csharp * Adding more rules in csharp * Adding ldap injection rules * Adding more rules in csharp * Adding csharp in deployments to up version * Adding csharp in deployments to up version * Rename test zip to csharp * Adding horusec csharp cli * Change language to csharp * Adding test to check netcore is deprecated * Updating regular rules * Adding rule no log sensitive information in console * Fix conflict * Fixing error removing old regular expressions * Update weak rsa key length * Removing deplicated rule * Fixing rules of java min 128 bits in key generator * Adding unit tests in csharp engine * Fixing fmt lint * Fixing test * Fixing test * Adding readme.md in horusec-csharp * Update README.md * Fixing tests * Merge and update doc Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> Co-authored-by: Wilian Gabriel <63816070+wiliansilvazup@users.noreply.github.com> * Removing Landing Page (#141) * Adding eslint dockerfile * Change name dotnet to csharp (#144) * WIP adding eslint formatter * Update version csharp * WIP cleanup formatter code * Wip adding eslint formatter docker execution * Adding analyser eslint formatter * Fixing eslint configuration * Adding eslint security rules config * Improving eslint formatter * Adding eslint output struct * Adding eslint results into analysis * Adding eslint javascript analyse * Feature/update docs (#140) * Update composes and check if are go pass in pipeline * Fixing env wrong * Update docs * Fix docs * Adding estlint image script * Adding eslint tool in deploy workflow * Fixing eslint tool name * Updating ignore tool flag description * Fixing lint problem * Fixing eslint file pattern * Testing eslint formatter * Testing eslint formatter * Adding eslint scan in readme * Fixing code sample length * Fixing eslint config * Removing eslint object injection * Feature/horusec nodejs (#143) * Adding base of horusec nodejs * Merge with develop * Adding Horusec-NodeJS in CLI * Fixing fmt lint * Adding initial rules for sql injection, xss, others * Fixing fmtg * Adding rules of cripto in nodejs * Adding some vulnerabilities in nodejs * Fixing total vuln nodejs * Adding more rules injection in nodejs * Adding rules of http-proxy, no log, ip address, others * Adding more rules in nodejs * Fixing fmt lint * Fixing docs * Fixing name * Fixing tests fmt lint * Adding jsx e tsx * Fixing sql injection query * Update no log sensitive information * Update no log sensitive information * Fixing total found in nodejs * Adding docs * Feature/k8s cli (#148) * Adding some kubernetes rules * Adding kubernetes cli * Updating docs * Adding horusec kubernetes cli in make file * Adding kubernetes cli in horusec cli * Updating go modules Co-authored-by: Nathan Tavares Nascimento <nathan.nascimento@zup.com.br> * Update deploy-cli-tools.yml * Update update-image-tool.sh * Adding docs kubernetes (#149) * Adding docs kubernetes * Fixing readme * Update image nodejs and kubernetes * Updating analysis cli images Co-authored-by: nathan <nathan.martins@zup.com.br> * Adding eslint in analysis slice * Fixing eslint config * Javascritpt eslint security (#146) * Adding eslint dockerfile * WIP adding eslint formatter * WIP cleanup formatter code * Wip adding eslint formatter docker execution * Adding analyser eslint formatter * Fixing eslint configuration * Adding eslint security rules config * Improving eslint formatter * Adding eslint output struct * Adding eslint results into analysis * Adding eslint javascript analyse * Adding estlint image script * Adding eslint tool in deploy workflow * Fixing eslint tool name * Updating ignore tool flag description * Fixing lint problem * Fixing eslint file pattern * Testing eslint formatter * Testing eslint formatter * Adding eslint scan in readme * Fixing code sample length * Fixing eslint config * Removing eslint object injection * Adding eslint in analysis slice * Fixing eslint config Co-authored-by: Wilian Gabriel <63816070+wiliansilvazup@users.noreply.github.com> * Fixing eslint extensions * Fixing eslint file paht * Fixing generics bugs (#150) * Adding typescript vulnerabilities separated * Adding validation to not dispatch typescript in js * Adding node js cli in validation * Fixing lint error * Fixing unity test * Fixing tsx and jsx run in javascript * Fix fmt * Fixing versions * Fixing auth cors * Fixing log very sensitive in csharp * Update version of leaks * Update version of leaks * Fixing test * Update analyser to log not existing hash * Update analyser to log not existing hash * Fixing version eslint * Fixing vuln in frontend * Fixing lint manager * Fixing horusec-config * Fix lint Co-authored-by: nathan <nathan.martins@zup.com.br> * Downgrade severity no use localstorage * Adding files license * Adding yaml license * Added INFO severity and add colors of languages (#152) * Update README.md * [skip ci] update versioning file * [skip ci] update versioning file * [skip ci] update versioning file * Merge with master * Adding vulnerabilities tests for horusec-leaks rules (#158) * Adding vulnerabilities tests for horusec-leaks rules * Adding rule twitter * Fixing gcp token * Fixing development-kit * Adding project path in file with vulnerability (#156) * Fix Reset password validation (#160) * Fix Reset password validation * Fixing lint * Fixing tests * Fixing horusec-config * Fixing hash * [Frontend] Webhook improvements (#136) * Added search bar to webhook screen and option to delete header in add and edit modal * Added option to copy a existing webhook * Adjusting text to create new webhook * Adding validation for get password correctly * Adding validation for get password correctly * Bugfix/update account (#166) * Fixing update password * Update swagger auth * Adding stable version to migrate (#167) (#168) * Updating develop with master (#170) * Adding stable version to migrate (#167) * Updating validate email url (#169) * Squashed commit of the following: commit 44042db Author: Wilian Gabriel <63816070+wiliansilvazup@users.noreply.github.com> Date: Wed Dec 2 10:20:14 2020 -0300 Update helm charts (#165) * Upgrade environments horusec-auth * Update helm values of micro services * Update helm values of micro services * Update helm values of micro services * Update helm values of micro services * Update helm account * Update helm account * Removing license comentary in chart * Fixing helm charts * Fixing version fixed * Fixing charts * Fixing environments on values * Fixing fmt * Fixing databasemigration * Fix commit a29ee71 Author: nathannascimentozup <65020170+nathannascimentozup@users.noreply.github.com> Date: Wed Dec 2 10:06:03 2020 -0300 Adding support for root path horusec-config file (#161) * Fixing abs path for horusec-config.json * Adding config path flag * Adding inputs package * Removing uncessary code * Removing config flag commit 1acf85b Author: nathanmartinszup <63246935+nathanmartinszup@users.noreply.github.com> Date: Tue Dec 1 13:32:51 2020 -0300 Updating validate email url (#169) commit 2765a44 Author: nathanmartinszup <63246935+nathanmartinszup@users.noreply.github.com> Date: Mon Nov 30 16:23:49 2020 -0300 Adding stable version to migrate (#167) * Settings screen (#137) * Added option in side menu to access the settings screen * Structure of settings screen * Add dialog to change informations of account * Add modal to change password * Fixing auth service cors * Added integration with api to update email and username * Added option to delete account * Updating auth cors * Fixing account update * Fixing account update * Finalizing delete account flow * Add service to change password * Added message for error in same password when change it * Fixing auth * Update logic to update user and pass * Fixing patch * Add rule to view te screen something when authType is a default * Fixing coverage auth * Fixing fmt lint Co-authored-by: Nathan Tavares Nascimento <nathan.nascimento@zup.com.br> Co-authored-by: nathan <nathan.martins@zup.com.br> Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> * Merge with master * Feature/flawfinder (#171) * Adding flawfinder c analysis tool * Adding formatter for flawfinder * Fixing commit authors in flawfinder * Adding license * Updating docs and adding unity tests * Adding c++ in doc * Fixing auth grpc Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> * Update README.md * Added rules when the the option of broker service is disabled in backend (#175) Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> * Feature/phpcs (#177) * Adding flawfinder c analysis tool * Adding formatter for flawfinder * Fixing commit authors in flawfinder * Adding license * Updating docs and adding unity tests * Adding c++ in doc * Adding phpcs dockerfile * Fixing auth grpc * Adding php phpcs security tool * Adding missing unity tests and fixing lint * =Fixing git blame and updating docs * Fixing lint error * Fixing readme Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> * Bugfix/improving-grpc-logs (#178) * Adding log for received grpc requests * Improving midlewares errors * Fixing error when load the donut chart with empty data (#179) * Add headers dynamic to send on request (#182) * Add headers dynamic to send on request * Adding unit test * Fix fmt lint * Update doc * Update doc * Fix test * Updating Authorization header to X-Horusec-Authorization (#183) * Updating Authorization header to X-Horusec-Authorization * Updating token in refresh function * Fixing pipeline * Adjusting colors of svg icons and add new webhook icon (#184) * Fixing clear inputs when create new webhook (#185) * [skip ci] update versioning file Co-authored-by: nathanmartinszup <63246935+nathanmartinszup@users.noreply.github.com> Co-authored-by: Wilian Gabriel <63816070+wiliansilvazup@users.noreply.github.com> Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> Co-authored-by: nathannascimentozup <65020170+nathannascimentozup@users.noreply.github.com> Co-authored-by: Horusec <horusec@zup.com.br> Co-authored-by: nathan <nathan.martins@zup.com.br> Co-authored-by: Nathan Tavares Nascimento <nathan.nascimento@zup.com.br> Co-authored-by: Gleyton Lima <GleytonLima@users.noreply.github.com>
wiliansilvazup
added a commit
that referenced
this pull request
Dec 14, 2020
* feature/automatic-csproj (#23) * adding dynamic detection of csproj, yarn.lock, package-lock.json and requirements.txt * file path by ext unity tests * Template email of organization invited (#22) * e-mail Added the template of e-mail to a user is invited to the organization * Fixing go lint * 🔒 The screen dashboard of organization is visible something the admin users (#26) * Organizing i18n values in frontend (#30) * Rewrite i18n values for external pages and dashsboard screen * Adjusting i18 values in repositories screen * 🛠️ Adjusting redirect routes when the call is external of manager (#19) * Hotfix/fixing redirect and output bigger (#21) * Fixing redirect in email template reset-password * Fixing code output when exists many content and bad read * Fixing fmt and set total output to down * Hotfix/unique names (#28) * Adding unique names migration * Adding validations to unique names and unity tests * Fixing swagger in horusec-analytics (#27) * Add i18n values to enUS Co-authored-by: Wilian Gabriel <63816070+wiliansilvazup@users.noreply.github.com> Co-authored-by: nathanmartinszup <63246935+nathanmartinszup@users.noreply.github.com> * Removing fields type, vulnerableBellow and version from Vulnerability (#24) * Removing fields type, vulnerableBellow and version from Vulnerability * Fixing e2e and unit testss * Change pipeline to use docker-compose * Fixing docker-compose.test * Fixing deployment * Fixing compose * Merge master into develop (#36) * 🛠️ Adjusting redirect routes when the call is external of manager (#19) * Hotfix/fixing redirect and output bigger (#21) * Fixing redirect in email template reset-password * Fixing code output when exists many content and bad read * Fixing fmt and set total output to down * Hotfix/unique names (#28) * Adding unique names migration * Adding validations to unique names and unity tests * Fixing swagger in horusec-analytics (#27) * Hotfix/change images generate token (#31) * Change images to generate token * Adding gif usage horusec * Adding gif usage horusec Co-authored-by: Lucas Bruno <69604366+lucasbrunozup@users.noreply.github.com> Co-authored-by: nathanmartinszup <63246935+nathanmartinszup@users.noreply.github.com> * Adding company role in get all companies (#33) * Adding company role in get all companies * Adding unity tests * Tokens of organization (#32) * 🔑 Handler tokens of organization * 🛡️ Added rules in manager organizations * Not found screen (#34) * 👷 Initial structure to not found page * 👌 Finalizing page of not found * 🔙 Added option to back to organization screen when in home page * 🔨 Fixing version in package json * Fixing error in unique company name not necessary, and removings wrong constraints in database (#38) * [skip ci] update versioning file * Added component of pagination (#47) * CLI docker image (#25) * Adding cli dockerfile * Adding horusec as entrypoint * Removing docker from image * Adding docker-entrypoint * Using docker dind * Downgrade docker dind * Using entrypoint * Renaming entrypoint to horusec-cli * Updating documentation * Adding license * Updating vendor Co-authored-by: Horusec <horusec@zup.com.br> * 💅 Adjusting button dialog styles, scrollbar and select component (#48) * Adjusting the texts in portugueses (#52) * ✅ Added option to success message from flash message component and added in all handlers (#53) * Feature/create repository cli (#55) * Create repository by cli flag, update list repository to list all repositories to company admin * Adding tests and validation to list all repositories of company if i am admin * Removing duplicated code to list repositories to company admin * Removing unnecessary unity test * Fixing unity tests and adding middleware to company admin * Adding missing test * Updating analytic routes by repository to accept admins of company * Fixing broken e2e tests Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> * Frontend false positive (#54) * Initial strucute for false positive screen * Finished false posite screen and add supervisor role * Implementing false-positive and risk accept (#35) * Change struct of analysis * Fixing fmt lint entity and create migration files * Adding get all dto and method * Fixing migration * Adding base management repository * Adding get all vuln management data * Adding management repository unity tests * adding management controller get all * adding get all management data * adding management handler unity tests * Adding update method in repository * Adding update method in controller * adding management handler put * Adding management handler unity tests * Fixing create analysis * Adding app sec role * Fixing list vuln management error where vulns are duplicating, fixing swagger errors * Removing unnecessary nolint and improving code * Fixing to send analysis correctly to horusec-api * Adding separated api to update status and type * Adding new vulnerability status and type enums * Fixing lint * Fixing lint errors * Removing status and updating apis * Updating migration * Fixing output to show vulnerability to fix * Fixing lint and project errors * Fixing management unit tests * Fixing errors in list vulns * Fixing some type errors * Updating output to print false positive and risk accept * Start fixing tests * Fixing tests * Fixing vulnerabilities unity tests * Fixing analytic queries * Fixing tests * Fixing analytic repositoty unit tests * Adding tests on cli * Adding more content * Fixing hash generator * Fixing hash generator * Fixing vulnerability test * Adding devkit entities and types units tests * Adding Unit tests * Adding unit tests * Fixing license * Adding analysis tests * Fixing lint * fixing e2e tests * Updating e2e tests * Fixing tests in repository * FIxing fmt lint * Parse horusec analysis response correctly * Fixing lint * Fixing errors in vulns details * Fixing e2e test * Updating api cors * Updating cors Co-authored-by: nathan <nathan.martins@zup.com.br> Co-authored-by: lucas.bruno <lucas.bruno@zup.com.br> * Fixing wrong text in output * Bugfix/false positive (#58) * Fixing supervisor middleware validation to company admins * Fixing load data in vulnerabilities table * Fixing false positive in CLI * Updating swagger * Fixing docs * Fixing lint Co-authored-by: lucas.bruno <lucas.bruno@zup.com.br> Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> * Fixing regex d34b3ba5-b988-4a0f-9344-467274cd98be (#59) * Removing deprecated manager (#60) * Fixing security pipeline in horusec (#61) * Fixing security pipeline in horusec * Fixing security pipeline in horusec * Fixing security pipeline in horusec * Fixing security pipeline in horusec * Fixing readme cli * Fixing readme cli * Update README.md * Update README.md * Change filter to receive Severity and remove Type (#64) * Feature/improving false positive (#66) * Adding order by severity and type * Adding filter by type * Fixing lint errors and adding unity tests * Fixing order by error * Updating swagger * Fixing fmt errors * [Frontend] Improvements false positive (#67) * Added new filter in false positive screen * Added success messages * Added tag with color in severity * List vulnerabilities in management screen to repository members (#68) * [Frontend] - Improvements false positive (#69) * Added new filter in false positive screen * Added success messages * Added tag with color in severity * Removing supervisor role in company * Added permission to handler repository * Migration deploy hook (#65) * Adding migration dockerfile * Improving migration dockerfile * Using env in migration * Adding migration template * Fixing migration template * Adding migration image script * Updating helm hook * Fixing mingration version * Fixing service image script builder Co-authored-by: Horusec <horusec@zup.com.br> * Adding api to delete account and permissions (#85) * Adding api to delete account and permissions * Adding license in docs * Adding jwt auth middleware in delete account * Feature/horusec auth (#62) * Adding horusec auth base project * Adding auth handler, with auth types enum and credetials * Finishing handlers and adding auth controller with factory by type * Change filter to receive Severity and remove Type * Adding missing unity tests in devkit * Adding auth handler tests * Adding swagger, updating router and configs * Fixing lint and tests * Adding horus service authenticate method * Adding authorize handler * Updating auth interface * Adding postgres read * Adding keycloak service auth and keycloak shared service * Adding unit test * Adding horusec roles enum * Fixing return * Adding validation to authorize by horus roles * Renaming packges to horusec * Fixing some horusec name errors and unity tests * Removing nolint and improving code * Renaming file to horusec * Adding create user from keycloak token * Adding create user from keycloak token * Adding create user from keycloak token * Adding horusec service unity testes * Adding auth controller unity tests and updating mocks * Adding auth in compose and fixing docs * Adding auth in compose and fixing docs * Updating health check * Fixing lint * Fixing keycloak unity tests * Adding unit tests * Adding unit tests * Updating middlewares to use auth service * Fixing auth type * Fixing tests fmt lint * Fixing tests fmt lint * Fixing Security * Improving code and adding unity tests * Adding more devkit unity tests * Adding some unit tests * Adding middleware service unity tests * Removing unnecessary test * Adding horusec auth readme * Fixing dockerfiles * Adding validation to actual auth type * Removing auth type header * Updating composes * Removing groups from authorization data * Updating account, api and analytic readme * Updating compose with auth url env var * Updating compose and compose dev * Fixing unity tests and fmt errors * Fixing auth pipeline and hashes false positives * Fixing error that token was static to accept only jwt * Addding role validation in keycloak * Fixing token size and swagger error * Removing bearer from keycloak token * Adding api to get account id by token and auth type * Chaging create account from keycloak to auth * Updating auth swagger * Improving keycloak devkit service and fixing tests * Fixing account unity tests * Fixing account unity tests in auth * Adding auth unity tests * Fixing middleware tests * Fixing fmt error * Improving interface convertion to avoid conversion error Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> * Frontend - Many authentication types (#77) * 🛸 Added fields in create company and repsitory to LDAP roules * ⚙️ Separe modules of authenticantion, and add splash animation in login screen * 🛰 Horusec default authenticator * 🔑 Add auth environment * Initialize integration with keycloack * Adjustin keycloack authentication * Add get user info in keycloack auth and adjusting logout * ⚙️ Alter service to create account from keycloak * 🛠 Adjusting styles, and settings to microfrontend integration and devcraft use * Fixing keycloack config when in other auth type, and adjusting function types * Fixing lint * 🇺🇸 Translate e-mail templates to english (#95) * Feature/application admin (#86) * Adding horusec auth base project * Adding auth handler, with auth types enum and credetials * Finishing handlers and adding auth controller with factory by type * Change filter to receive Severity and remove Type * Adding missing unity tests in devkit * Adding auth handler tests * Adding swagger, updating router and configs * Fixing lint and tests * Adding horus service authenticate method * Adding authorize handler * Updating auth interface * Adding postgres read * Adding keycloak service auth and keycloak shared service * Adding unit test * Adding horusec roles enum * Fixing return * Adding validation to authorize by horus roles * Renaming packges to horusec * Fixing some horusec name errors and unity tests * Removing nolint and improving code * Renaming file to horusec * Adding create user from keycloak token * Adding create user from keycloak token * Adding create user from keycloak token * Adding horusec service unity testes * Adding auth controller unity tests and updating mocks * Adding auth in compose and fixing docs * Adding auth in compose and fixing docs * Updating health check * Fixing lint * Fixing keycloak unity tests * Adding unit tests * Adding unit tests * Updating middlewares to use auth service * Fixing auth type * Fixing tests fmt lint * Fixing tests fmt lint * Fixing Security * Improving code and adding unity tests * Adding more devkit unity tests * Adding some unit tests * Adding middleware service unity tests * Removing unnecessary test * Adding horusec auth readme * Fixing dockerfiles * Adding validation to actual auth type * Removing auth type header * Updating composes * Removing groups from authorization data * Updating account, api and analytic readme * Updating compose with auth url env var * Updating compose and compose dev * Fixing unity tests and fmt errors * Adding application admin role * Fixing auth pipeline and hashes false positives * Adding is application admin middleware * Fixing error that token was static to accept only jwt * Addding role validation in keycloak * Fixing token size and swagger error * Adding route to show config, adding field is_super_admin, adding method to create account default super admin * Fixing to get account admin data and create with this params * Removing bearer from keycloak token * Fixing docs account * Adding route to get config of horusec-account * Adding create company with admin application * Adding api to get account id by token and auth type * Chaging create account from keycloak to auth * Updating auth swagger * Adding validation to create company if user logged is appplication admin * Fixing lint and tests * Fixing security step * Improving keycloak devkit service and fixing tests * Fixing account unity tests * Fixing account unity tests in auth * Adding auth unity tests * Fixing middleware tests * Fixing fmt lint * Fixing fmt error * Adding Application admin in auth * Fixing test * Fixing fmt and lint * Fixing horusec-config.json * Adding validation to create default user only auth type horusec * Fixing README.md in horusec-account * Improving interface convertion to avoid conversion error * Fixing fmt lint and units test * Adding more unit test * Adding more unit test * Adding more unit test * Fixing horusec-config.json * Adding more unit test * Fixing tests e2e * Fixing fmt lint * Fixing docs auth * Fixing docs horusec-account * Fixing security * Update arquitecture images * Fixing deploy service Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> * Adding return content when create account from keycloak (#98) * Adding return content when create account from keycloak * Adding return content when create account from keycloak * Adding return content when create account from keycloak * Fixing fmt and lint * Fixing unit test * Fixing integration middleware * Frontend admin application (#100) * 🗃 Alter the route to fetch config of application and save it in a localStorage * Added suport to admin application * [WIP] Feature/improving test (#99) * Adding TESTBOOK.md correclty * Adding testbook * Updating setup external dependences * Updating setup external dependences * Updating setup external dependences * Updating setup external dependences * Updating setup external dependences * Fixing horusec-config.json * Updating setup external dependences * Update e2e and account pipeline * Fixing dockerfile.dev * Fixing dockerfile account * Change compose internal to run in dev mod * Update cli pipeline * Adding new unit test * Removing old e2e tests and separate correctly e2e tests * Ignoring up vendor folder in git * Fixing e2e running * Fixing compose e2e * 🛠 Fixing method to verify admin application (#111) * Frontend environments in compose files (#110) * 🔑 Added envionments to frontend in compose files * Adjusting .env.example file with all posible values * Feature/auth grpc (#112) * Adding grpc server in auth * Adding generated proto go files * Removing unnecessary field in proto * adding grpc calls to replace http calls in midlewares * Fixing middleware tests * Updating compose and grpc config * Adding certificates options and updating readme * Updating compose files * Updating e2e compose file * Adding auth new port * Updating e2e compose * Improving error logs and lint * Fixing fmt error * Feature/improving test (#102) * Adding more e2e tests * Adding more e2e tests * Adding more tests e2e * Fixing fmt lint * Update test e2e * Update test e2e * Fixing workflow e2e * Fixing e2e running * Adding validation to restart service with up migratin * Fixing tests e2e * Fixing tests e2e * Fixing e2e * Adding e2e to check if send messages correctly * Update testbook * Fixing gomod * Starting add keycloak e2e tests * Adding Request to configure keycloak service * Adding correctly form to run tests using keycloak server * Fixing makefile * Adding tests in keycloak to validate invite user * Fixing makefile * Fixing names and docs of e2e * Removing trash of tests of analysis * Fixing e2e * Fixing e2e messages * Fixing create company * Fixing create company * Fixing e2e * Fixing e2e * Fixing e2e * Fixing e2e * Fixing e2e * Fixing e2e * Fixing e2e * Fixing keycloak compose e2e * [WIP] Ldap auth service integration (#71) * Adding horusec auth base project * Adding auth handler, with auth types enum and credetials * Finishing handlers and adding auth controller with factory by type * Change filter to receive Severity and remove Type * Adding missing unity tests in devkit * Adding auth handler tests * Adding swagger, updating router and configs * Fixing lint and tests * Adding horus service authenticate method * Adding authorize handler * Updating auth interface * Adding postgres read * Adding keycloak service auth and keycloak shared service * Adding unit test * Adding ldap client dependency * Adding horusec roles enum * Adding ldap client config * Fixing old references * Fixing return * Adding validation to authorize by horus roles * Renaming packges to horusec * Fixing some horusec name errors and unity tests * Updating ldap to implement auth service * Removing nolint and improving code * Renaming file to horusec * Adding create user from keycloak token * Adding create user from keycloak token * Adding create user from keycloak token * Adding horusec service unity testes * Adding auth controller unity tests and updating mocks * Adding auth in compose and fixing docs * Adding auth in compose and fixing docs * Updating health check * Fixing lint * Fixing keycloak unity tests * Adding unit tests * Adding unit tests * Updating middlewares to use auth service * Fixing auth type * Fixing tests fmt lint * Fixing tests fmt lint * Fixing Security * Improving code and adding unity tests * Adding more devkit unity tests * Adding some unit tests * Adding middleware service unity tests * Removing unnecessary test * Adding horusec auth readme * Fixing dockerfiles * Adding validation to actual auth type * 🛸 Added fields in create company and repsitory to LDAP roules * Removing auth type header * Adding company authz fields * Adding ldap service in the auth * Updating composes * Removing groups from authorization data * Updating account, api and analytic readme * WIP ldap authz * Updating compose with auth url env var * Updating compose and compose dev * Adding ldap company authz * Fixing unity tests and fmt errors * Adding repository authz * Adding ldap login logic * Removing ldap refresh token * ⚙️ Separe modules of authenticantion, and add splash animation in login screen * 🛰 Horusec default authenticator * 🔑 Add auth environment * Adding ldap authz migration * Adding ldap service in the handler * Fixing vendor * Fixing ldap permision migration * Removing not null constraint from account password column * Initialize integration with keycloack * Adding ldap mock * Adding ldap service * Fixing ldap service interface * Fixing auth pipeline and hashes false positives * Fixing ldap service * Improving ldap service * Improving ldap service * Improving ldap service * Improving ldap service package name * Improving ldap client service * Fixing lint problems * Fixing error that token was static to accept only jwt * Addding role validation in keycloak * Fixing token size and swagger error * Adjustin keycloack authentication * Removing bearer from keycloak token * Add get user info in keycloack auth and adjusting logout * Testing ldap service * Improving fn name * Adding api to get account id by token and auth type * Chaging create account from keycloak to auth * Updating auth swagger * ⚙️ Alter service to create account from keycloak * Fixing mail attribute from ldap * Improving keycloak devkit service and fixing tests * Fixing account unity tests * Fixing account unity tests in auth * Adding auth unity tests * Fixing middleware tests * Fixing fmt error * Adding ldap user uid condition * Improving interface convertion to avoid conversion error * 🛠 Adjusting styles, and settings to microfrontend integration and devcraft use * Merging with the base branch * Using auth route * Fixing migration error * Removing supervisor role from company * Updating dependencies * Updating ldap service to fix get groups error * Fixing some role issues in ldap service * Adding missing ldap unity tests and improving code * Adding ldap devkit service unity tests * Fixing connnect error * Updating swagger * Updating vendor * Adding example ldap env in composes * Fixing string error in compose * Fixing lint error in account service * Removing vendor * Updating config hashes * Adding ldap service in compose * Updating auth compose * Alter the screnn of login to receiver username * Updating ldap response * Removing login horusec native from account to auth * Fixing fmt errors * Adding missing unity tests * Fixing e2e * Updating security pipeline * Updating cli pipeline and hashes * Improving authorize handler * Added integration with backend for ldap auth * Fixing companies loading * Adding ldap memoize * Adding ldap groups in repository cration and update * Fixing ldap company update * Fixing repository creation * Fixing repository update * Fixing company list return * Fixing company form with groups pre filled * Adding repository autzh fields * Adding authz fields prefilled * Fixing repository authz Company admin is mandatory for authz * Fixing wrong company role * Fixing lint * Adding application admin * Updating compose ldap host * Adding isApplicationAdmin attr in ldap authentication * Adding username in native horus authentication * Removing unecessary log in manager * Fixing company creation * Fixing repository update Co-authored-by: nathan <nathan.martins@zup.com.br> Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> Co-authored-by: Horusec <horusec@zup.com.br> Co-authored-by: lucas.bruno <lucas.bruno@zup.com.br> * Adding validation to horusec login errors (#118) * [WIP] Fixing e2e (#115) * Fixing e2e * Fixing e2e * Fixing e2e * Fixing e2e * Fixing order for run e2e * Fixing order for run e2e * Fixing order for run e2e * Fixing e2e * Fixing e2e * Tests Application admin horusec * Fixing messages validation * Fixing messages validation * Updating keycloak to login by auth * Adding jwt validation keycloak e2e * Removing authentication by auth service * Run duplicate * rollback * Comment keycloak in pipeline Co-authored-by: nathan <nathan.martins@zup.com.br> * Fixing repository authz groups (#116) * Fixing e2e * Fixing e2e * Fixing e2e * Fixing repository authz groups * Fixing repository tests * Fixing e2e * Fixing ldap service tests * Fixing order for run e2e * Fixing order for run e2e * Fixing order for run e2e * Fixing e2e * Fixing e2e * Tests Application admin horusec * Fixing messages validation * Fixing messages validation * Updating keycloak to login by auth * Adding jwt validation keycloak e2e * Removing authentication by auth service * Run duplicate * rollback * Testing repository authz groups setted by company Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> Co-authored-by: nathan <nathan.martins@zup.com.br> * Fixing compose content * Removing minimum version and adding version recommendation message (#119) * feature/auth-account-operations (#122) * Adding account operations in auth * Removing account operations from account service, improving entities strutuctre * Fixing error multiple packages * Fixing error in account middlewares and some minor issues * Updating composes with new env vars * Updating compose files and pipeline errors * Updating auth readme and auth compose * Updating messsages e2e compose * Updating auth coverage and fixing e2e messages pipeline * Updating manager to use auth service * Adjusting to view field of email to app admin when create new organiz… (#127) * Adjusting to view field of email to app admin when create new organization (#125) * Adding validation for user response when ask if run in current directory (#124) Co-authored-by: Lucas Bruno <69604366+lucasbrunozup@users.noreply.github.com> * Improving cli to print error message by line, and removing missing pa… (#126) * Improving cli to print error message by line, and removing missing packge-lock or yarn-lock as errors, fixing some misspelling * Fixing unity test * Feature/semgrep (#128) * Adding semgrep to horus cli * Adding semgrep languages, updating semprep formatter * Adding method to get severity * Fixing lint errors * Fixing cli unity tests * Improving code and adding unity tests * Changing semgrep config to use docker hub image * Updating api to accept new languages * Fixing lint errors * Adding workdir to generic scan * feature choice-tool (#132) * Adding flag to choice if user need ignore tool run in your analysis * Fixing fmt lint * Fixing hashes security * Feature/webhook (#113) * Adding base webhook service * Fixing webhook configs and docs * Adding dispatch http request via broker to destiny saved in database * Adding dispatch http request via broker to destiny saved in database * Start crud of webhook * Start crud of webhook * Adding handler of webhook * Fixing swagger * Fixing lint and handler webhook * Adding description on struct webhook * Adding description on struct webhook * Fixing docs * Adding repository and calling in controller * Adding migration script * Adding controller validations and fixing datatype JSONB in postgresql * Adding unit tests in webhook * Finish tests of webhook crud * Adding deployments and adding tests in horusec-api * Fixing lint and add health check broker * Adding helm in auth service * upgrade coverage webhook * Fixing horusec-api to not necessary up broker * Closing body in http response * Fixing http request to close body in response * Fixing units tests * Adding tests of integration of see se dispatch to destiny correctly * Fixing e2e * Adding put in cors * Adding README.md in wehbhoook * Fixing hash security * [Frontend] Webhook (#117) * Item of webhook screen in the side menu, initial structure for the screen * Added the table to render list of webhooks * Adding base webhook service * Adjusting spaces in table of webhooks list * Fixing webhook configs and docs * Adding dispatch http request via broker to destiny saved in database * Adding dispatch http request via broker to destiny saved in database * Added modal to add new webhook * Start crud of webhook * Start crud of webhook * Adjusting spaces of text input * Adding handler of webhook * Fixing swagger * Fixing lint and handler webhook * Adding description on struct webhook * Adding description on struct webhook * Fixing docs * Adding repository and calling in controller * Adding migration script * Add Webhook interface and adjust method http select in create new webhook * Adding controller validations and fixing datatype JSONB in postgresql * Adding unit tests in webhook * Finish tests of webhook crud * Adding deployments and adding tests in horusec-api * Fixing lint and add health check broker * Adding helm in auth service * upgrade coverage webhook * Fixing horusec-api to not necessary up broker * Closing body in http response * Fixing http request to close body in response * Fixing units tests * Adding tests of integration of see se dispatch to destiny correctly * Fixing e2e * Adding put in cors * Added delete and edit webhook * Fixing lint * Adjusting role for webhook screen * Adding README.md in wehbhoook Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> Co-authored-by: Nathan Tavares Nascimento <nathan.nascimento@zup.com.br> * Fixing auth cors (#133) * Update account username and email (#135) * Adding update account handler * Adding update account feature * Fixing account controller interface * Fixing account controller mock * Fixing account update handler * Fixing lint * Adding handler test * Adding updation validate * Testing update account handler * Improving update account controller * Testing update account controller * Adding vuln as risk accepeted hash 45aa5c46df5ba51d7e59da826544412352c189a6acf5707f941922181c94f989 * Repository form authz groups (#134) * Adding repository groups from company * Adding repository creation groups inital value * Update pt-br.json (#139) Fixed typo in text. * Feature/horusec-csharp (#131) * Adding base horusec csharp cli * Adding csharp rules structure * Fixing security hashes * Adding horusec csharp cli injetion rules * Adding others rules * Adding sql injection linq rule * Update leaks with set pwd * Update make file and adding pipeline of horusec-csharp * Adding password validation * Adding sql injection rules in csharp cli * Adding rules of cookies, view state * Fixing errors * Adding some cryptography rules to csharp cli * Fixing total rules csharp * Adding weak cipher rules * Adding more rules of csharp * Fixing test * Adding more csharp rules * add NewCsharpRegularDebugBuildEnabled * add NewCsharpRegularDebugBuildEnabled * Adding custom errors disabled rule * Adding rules csharp * Adding rule vulnerable package reference * Adding rule jwt signature validation disabled * Add cors allow origin wildcard rules * Adding NewCsharpAndFormsAuthenticationCookielessMode * Adding regular anti forgery token rule * Adding form validations * Adding missing authorize attribute rule * Adding rules of xml in csharp * Fix test * Adding more csharp rules * Adding password lockout disabled rule * Adding more rules in csharp of cookies and assinatures * Adding cross site rules * Weak password rule * Adding ldap injection filter rule * Adding more rules in csharp * Adding more rules in csharp * Adding more rules in csharp * Adding ldap injection rules * Adding more rules in csharp * Adding csharp in deployments to up version * Adding csharp in deployments to up version * Rename test zip to csharp * Adding horusec csharp cli * Change language to csharp * Adding test to check netcore is deprecated * Updating regular rules * Adding rule no log sensitive information in console * Fix conflict * Fixing error removing old regular expressions * Update weak rsa key length * Removing deplicated rule * Fixing rules of java min 128 bits in key generator * Adding unit tests in csharp engine * Fixing fmt lint * Fixing test * Fixing test * Adding readme.md in horusec-csharp * Update README.md * Fixing tests * Merge and update doc Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> Co-authored-by: Wilian Gabriel <63816070+wiliansilvazup@users.noreply.github.com> * Removing Landing Page (#141) * Adding eslint dockerfile * Change name dotnet to csharp (#144) * WIP adding eslint formatter * Update version csharp * WIP cleanup formatter code * Wip adding eslint formatter docker execution * Adding analyser eslint formatter * Fixing eslint configuration * Adding eslint security rules config * Improving eslint formatter * Adding eslint output struct * Adding eslint results into analysis * Adding eslint javascript analyse * Feature/update docs (#140) * Update composes and check if are go pass in pipeline * Fixing env wrong * Update docs * Fix docs * Adding estlint image script * Adding eslint tool in deploy workflow * Fixing eslint tool name * Updating ignore tool flag description * Fixing lint problem * Fixing eslint file pattern * Testing eslint formatter * Testing eslint formatter * Adding eslint scan in readme * Fixing code sample length * Fixing eslint config * Removing eslint object injection * Feature/horusec nodejs (#143) * Adding base of horusec nodejs * Merge with develop * Adding Horusec-NodeJS in CLI * Fixing fmt lint * Adding initial rules for sql injection, xss, others * Fixing fmtg * Adding rules of cripto in nodejs * Adding some vulnerabilities in nodejs * Fixing total vuln nodejs * Adding more rules injection in nodejs * Adding rules of http-proxy, no log, ip address, others * Adding more rules in nodejs * Fixing fmt lint * Fixing docs * Fixing name * Fixing tests fmt lint * Adding jsx e tsx * Fixing sql injection query * Update no log sensitive information * Update no log sensitive information * Fixing total found in nodejs * Adding docs * Feature/k8s cli (#148) * Adding some kubernetes rules * Adding kubernetes cli * Updating docs * Adding horusec kubernetes cli in make file * Adding kubernetes cli in horusec cli * Updating go modules Co-authored-by: Nathan Tavares Nascimento <nathan.nascimento@zup.com.br> * Update deploy-cli-tools.yml * Update update-image-tool.sh * Adding docs kubernetes (#149) * Adding docs kubernetes * Fixing readme * Update image nodejs and kubernetes * Updating analysis cli images Co-authored-by: nathan <nathan.martins@zup.com.br> * Adding eslint in analysis slice * Fixing eslint config * Javascritpt eslint security (#146) * Adding eslint dockerfile * WIP adding eslint formatter * WIP cleanup formatter code * Wip adding eslint formatter docker execution * Adding analyser eslint formatter * Fixing eslint configuration * Adding eslint security rules config * Improving eslint formatter * Adding eslint output struct * Adding eslint results into analysis * Adding eslint javascript analyse * Adding estlint image script * Adding eslint tool in deploy workflow * Fixing eslint tool name * Updating ignore tool flag description * Fixing lint problem * Fixing eslint file pattern * Testing eslint formatter * Testing eslint formatter * Adding eslint scan in readme * Fixing code sample length * Fixing eslint config * Removing eslint object injection * Adding eslint in analysis slice * Fixing eslint config Co-authored-by: Wilian Gabriel <63816070+wiliansilvazup@users.noreply.github.com> * Fixing eslint extensions * Fixing eslint file paht * Fixing generics bugs (#150) * Adding typescript vulnerabilities separated * Adding validation to not dispatch typescript in js * Adding node js cli in validation * Fixing lint error * Fixing unity test * Fixing tsx and jsx run in javascript * Fix fmt * Fixing versions * Fixing auth cors * Fixing log very sensitive in csharp * Update version of leaks * Update version of leaks * Fixing test * Update analyser to log not existing hash * Update analyser to log not existing hash * Fixing version eslint * Fixing vuln in frontend * Fixing lint manager * Fixing horusec-config * Fix lint Co-authored-by: nathan <nathan.martins@zup.com.br> * Downgrade severity no use localstorage * Adding files license * Adding yaml license * Added INFO severity and add colors of languages (#152) * Update README.md * [skip ci] update versioning file * [skip ci] update versioning file * [skip ci] update versioning file * Merge with master * Adding vulnerabilities tests for horusec-leaks rules (#158) * Adding vulnerabilities tests for horusec-leaks rules * Adding rule twitter * Fixing gcp token * Fixing development-kit * Adding project path in file with vulnerability (#156) * Fix Reset password validation (#160) * Fix Reset password validation * Fixing lint * Fixing tests * Fixing horusec-config * Fixing hash * [Frontend] Webhook improvements (#136) * Added search bar to webhook screen and option to delete header in add and edit modal * Added option to copy a existing webhook * Adjusting text to create new webhook * Adding validation for get password correctly * Adding validation for get password correctly * Bugfix/update account (#166) * Fixing update password * Update swagger auth * Adding stable version to migrate (#167) (#168) * Updating develop with master (#170) * Adding stable version to migrate (#167) * Updating validate email url (#169) * Squashed commit of the following: commit 44042db Author: Wilian Gabriel <63816070+wiliansilvazup@users.noreply.github.com> Date: Wed Dec 2 10:20:14 2020 -0300 Update helm charts (#165) * Upgrade environments horusec-auth * Update helm values of micro services * Update helm values of micro services * Update helm values of micro services * Update helm values of micro services * Update helm account * Update helm account * Removing license comentary in chart * Fixing helm charts * Fixing version fixed * Fixing charts * Fixing environments on values * Fixing fmt * Fixing databasemigration * Fix commit a29ee71 Author: nathannascimentozup <65020170+nathannascimentozup@users.noreply.github.com> Date: Wed Dec 2 10:06:03 2020 -0300 Adding support for root path horusec-config file (#161) * Fixing abs path for horusec-config.json * Adding config path flag * Adding inputs package * Removing uncessary code * Removing config flag commit 1acf85b Author: nathanmartinszup <63246935+nathanmartinszup@users.noreply.github.com> Date: Tue Dec 1 13:32:51 2020 -0300 Updating validate email url (#169) commit 2765a44 Author: nathanmartinszup <63246935+nathanmartinszup@users.noreply.github.com> Date: Mon Nov 30 16:23:49 2020 -0300 Adding stable version to migrate (#167) * Settings screen (#137) * Added option in side menu to access the settings screen * Structure of settings screen * Add dialog to change informations of account * Add modal to change password * Fixing auth service cors * Added integration with api to update email and username * Added option to delete account * Updating auth cors * Fixing account update * Fixing account update * Finalizing delete account flow * Add service to change password * Added message for error in same password when change it * Fixing auth * Update logic to update user and pass * Fixing patch * Add rule to view te screen something when authType is a default * Fixing coverage auth * Fixing fmt lint Co-authored-by: Nathan Tavares Nascimento <nathan.nascimento@zup.com.br> Co-authored-by: nathan <nathan.martins@zup.com.br> Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> * Merge with master * Feature/flawfinder (#171) * Adding flawfinder c analysis tool * Adding formatter for flawfinder * Fixing commit authors in flawfinder * Adding license * Updating docs and adding unity tests * Adding c++ in doc * Fixing auth grpc Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> * Update README.md * Added rules when the the option of broker service is disabled in backend (#175) Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> * Feature/phpcs (#177) * Adding flawfinder c analysis tool * Adding formatter for flawfinder * Fixing commit authors in flawfinder * Adding license * Updating docs and adding unity tests * Adding c++ in doc * Adding phpcs dockerfile * Fixing auth grpc * Adding php phpcs security tool * Adding missing unity tests and fixing lint * =Fixing git blame and updating docs * Fixing lint error * Fixing readme Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> * Bugfix/improving-grpc-logs (#178) * Adding log for received grpc requests * Improving midlewares errors * Fixing error when load the donut chart with empty data (#179) * Add headers dynamic to send on request (#182) * Add headers dynamic to send on request * Adding unit test * Fix fmt lint * Update doc * Update doc * Fix test * Updating Authorization header to X-Horusec-Authorization (#183) * Updating Authorization header to X-Horusec-Authorization * Updating token in refresh function * Fixing pipeline * Adjusting colors of svg icons and add new webhook icon (#184) * Fixing clear inputs when create new webhook (#185) * [skip ci] update versioning file Co-authored-by: nathanmartinszup <63246935+nathanmartinszup@users.noreply.github.com> Co-authored-by: Wilian Gabriel <63816070+wiliansilvazup@users.noreply.github.com> Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> Co-authored-by: nathannascimentozup <65020170+nathannascimentozup@users.noreply.github.com> Co-authored-by: Horusec <horusec@zup.com.br> Co-authored-by: nathan <nathan.martins@zup.com.br> Co-authored-by: Nathan Tavares Nascimento <nathan.nascimento@zup.com.br> Co-authored-by: Gleyton Lima <GleytonLima@users.noreply.github.com> Co-authored-by: Lucas Bruno <69604366+lucasbrunozup@users.noreply.github.com> Co-authored-by: Wilian Gabriel <63816070+wiliansilvazup@users.noreply.github.com> Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br> Co-authored-by: nathannascimentozup <65020170+nathannascimentozup@users.noreply.github.com> Co-authored-by: Horusec <horusec@zup.com.br> Co-authored-by: Nathan Tavares Nascimento <nathan.nascimento@zup.com.br> Co-authored-by: Gleyton Lima <GleytonLima@users.noreply.github.com>
wiliansilvazup
added a commit
that referenced
this pull request
Dec 14, 2020
* feature/automatic-csproj (#23)
* adding dynamic detection of csproj, yarn.lock, package-lock.json and requirements.txt
* file path by ext unity tests
* Template email of organization invited (#22)
* e-mail Added the template of e-mail to a user is invited to the organization
* Fixing go lint
* 🔒 The screen dashboard of organization is visible something the admin users (#26)
* Organizing i18n values in frontend (#30)
* Rewrite i18n values for external pages and dashsboard screen
* Adjusting i18 values in repositories screen
* 🛠️ Adjusting redirect routes when the call is external of manager (#19)
* Hotfix/fixing redirect and output bigger (#21)
* Fixing redirect in email template reset-password
* Fixing code output when exists many content and bad read
* Fixing fmt and set total output to down
* Hotfix/unique names (#28)
* Adding unique names migration
* Adding validations to unique names and unity tests
* Fixing swagger in horusec-analytics (#27)
* Add i18n values to enUS
Co-authored-by: Wilian Gabriel <63816070+wiliansilvazup@users.noreply.github.com>
Co-authored-by: nathanmartinszup <63246935+nathanmartinszup@users.noreply.github.com>
* Removing fields type, vulnerableBellow and version from Vulnerability (#24)
* Removing fields type, vulnerableBellow and version from Vulnerability
* Fixing e2e and unit testss
* Change pipeline to use docker-compose
* Fixing docker-compose.test
* Fixing deployment
* Fixing compose
* Merge master into develop (#36)
* 🛠️ Adjusting redirect routes when the call is external of manager (#19)
* Hotfix/fixing redirect and output bigger (#21)
* Fixing redirect in email template reset-password
* Fixing code output when exists many content and bad read
* Fixing fmt and set total output to down
* Hotfix/unique names (#28)
* Adding unique names migration
* Adding validations to unique names and unity tests
* Fixing swagger in horusec-analytics (#27)
* Hotfix/change images generate token (#31)
* Change images to generate token
* Adding gif usage horusec
* Adding gif usage horusec
Co-authored-by: Lucas Bruno <69604366+lucasbrunozup@users.noreply.github.com>
Co-authored-by: nathanmartinszup <63246935+nathanmartinszup@users.noreply.github.com>
* Adding company role in get all companies (#33)
* Adding company role in get all companies
* Adding unity tests
* Tokens of organization (#32)
* 🔑 Handler tokens of organization
* 🛡️ Added rules in manager organizations
* Not found screen (#34)
* 👷 Initial structure to not found page
* 👌 Finalizing page of not found
* 🔙 Added option to back to organization screen when in home page
* 🔨 Fixing version in package json
* Fixing error in unique company name not necessary, and removings wrong constraints in database (#38)
* [skip ci] update versioning file
* Added component of pagination (#47)
* CLI docker image (#25)
* Adding cli dockerfile
* Adding horusec as entrypoint
* Removing docker from image
* Adding docker-entrypoint
* Using docker dind
* Downgrade docker dind
* Using entrypoint
* Renaming entrypoint to horusec-cli
* Updating documentation
* Adding license
* Updating vendor
Co-authored-by: Horusec <horusec@zup.com.br>
* 💅 Adjusting button dialog styles, scrollbar and select component (#48)
* Adjusting the texts in portugueses (#52)
* ✅ Added option to success message from flash message component and added in all handlers (#53)
* Feature/create repository cli (#55)
* Create repository by cli flag, update list repository to list all repositories to company admin
* Adding tests and validation to list all repositories of company if i am admin
* Removing duplicated code to list repositories to company admin
* Removing unnecessary unity test
* Fixing unity tests and adding middleware to company admin
* Adding missing test
* Updating analytic routes by repository to accept admins of company
* Fixing broken e2e tests
Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>
* Frontend false positive (#54)
* Initial strucute for false positive screen
* Finished false posite screen and add supervisor role
* Implementing false-positive and risk accept (#35)
* Change struct of analysis
* Fixing fmt lint entity and create migration files
* Adding get all dto and method
* Fixing migration
* Adding base management repository
* Adding get all vuln management data
* Adding management repository unity tests
* adding management controller get all
* adding get all management data
* adding management handler unity tests
* Adding update method in repository
* Adding update method in controller
* adding management handler put
* Adding management handler unity tests
* Fixing create analysis
* Adding app sec role
* Fixing list vuln management error where vulns are duplicating, fixing swagger errors
* Removing unnecessary nolint and improving code
* Fixing to send analysis correctly to horusec-api
* Adding separated api to update status and type
* Adding new vulnerability status and type enums
* Fixing lint
* Fixing lint errors
* Removing status and updating apis
* Updating migration
* Fixing output to show vulnerability to fix
* Fixing lint and project errors
* Fixing management unit tests
* Fixing errors in list vulns
* Fixing some type errors
* Updating output to print false positive and risk accept
* Start fixing tests
* Fixing tests
* Fixing vulnerabilities unity tests
* Fixing analytic queries
* Fixing tests
* Fixing analytic repositoty unit tests
* Adding tests on cli
* Adding more content
* Fixing hash generator
* Fixing hash generator
* Fixing vulnerability test
* Adding devkit entities and types units tests
* Adding Unit tests
* Adding unit tests
* Fixing license
* Adding analysis tests
* Fixing lint
* fixing e2e tests
* Updating e2e tests
* Fixing tests in repository
* FIxing fmt lint
* Parse horusec analysis response correctly
* Fixing lint
* Fixing errors in vulns details
* Fixing e2e test
* Updating api cors
* Updating cors
Co-authored-by: nathan <nathan.martins@zup.com.br>
Co-authored-by: lucas.bruno <lucas.bruno@zup.com.br>
* Fixing wrong text in output
* Bugfix/false positive (#58)
* Fixing supervisor middleware validation to company admins
* Fixing load data in vulnerabilities table
* Fixing false positive in CLI
* Updating swagger
* Fixing docs
* Fixing lint
Co-authored-by: lucas.bruno <lucas.bruno@zup.com.br>
Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>
* Fixing regex d34b3ba5-b988-4a0f-9344-467274cd98be (#59)
* Removing deprecated manager (#60)
* Fixing security pipeline in horusec (#61)
* Fixing security pipeline in horusec
* Fixing security pipeline in horusec
* Fixing security pipeline in horusec
* Fixing security pipeline in horusec
* Fixing readme cli
* Fixing readme cli
* Update README.md
* Update README.md
* Change filter to receive Severity and remove Type (#64)
* Feature/improving false positive (#66)
* Adding order by severity and type
* Adding filter by type
* Fixing lint errors and adding unity tests
* Fixing order by error
* Updating swagger
* Fixing fmt errors
* [Frontend] Improvements false positive (#67)
* Added new filter in false positive screen
* Added success messages
* Added tag with color in severity
* List vulnerabilities in management screen to repository members (#68)
* [Frontend] - Improvements false positive (#69)
* Added new filter in false positive screen
* Added success messages
* Added tag with color in severity
* Removing supervisor role in company
* Added permission to handler repository
* Migration deploy hook (#65)
* Adding migration dockerfile
* Improving migration dockerfile
* Using env in migration
* Adding migration template
* Fixing migration template
* Adding migration image script
* Updating helm hook
* Fixing mingration version
* Fixing service image script builder
Co-authored-by: Horusec <horusec@zup.com.br>
* Adding api to delete account and permissions (#85)
* Adding api to delete account and permissions
* Adding license in docs
* Adding jwt auth middleware in delete account
* Feature/horusec auth (#62)
* Adding horusec auth base project
* Adding auth handler, with auth types enum and credetials
* Finishing handlers and adding auth controller with factory by type
* Change filter to receive Severity and remove Type
* Adding missing unity tests in devkit
* Adding auth handler tests
* Adding swagger, updating router and configs
* Fixing lint and tests
* Adding horus service authenticate method
* Adding authorize handler
* Updating auth interface
* Adding postgres read
* Adding keycloak service auth and keycloak shared service
* Adding unit test
* Adding horusec roles enum
* Fixing return
* Adding validation to authorize by horus roles
* Renaming packges to horusec
* Fixing some horusec name errors and unity tests
* Removing nolint and improving code
* Renaming file to horusec
* Adding create user from keycloak token
* Adding create user from keycloak token
* Adding create user from keycloak token
* Adding horusec service unity testes
* Adding auth controller unity tests and updating mocks
* Adding auth in compose and fixing docs
* Adding auth in compose and fixing docs
* Updating health check
* Fixing lint
* Fixing keycloak unity tests
* Adding unit tests
* Adding unit tests
* Updating middlewares to use auth service
* Fixing auth type
* Fixing tests fmt lint
* Fixing tests fmt lint
* Fixing Security
* Improving code and adding unity tests
* Adding more devkit unity tests
* Adding some unit tests
* Adding middleware service unity tests
* Removing unnecessary test
* Adding horusec auth readme
* Fixing dockerfiles
* Adding validation to actual auth type
* Removing auth type header
* Updating composes
* Removing groups from authorization data
* Updating account, api and analytic readme
* Updating compose with auth url env var
* Updating compose and compose dev
* Fixing unity tests and fmt errors
* Fixing auth pipeline and hashes false positives
* Fixing error that token was static to accept only jwt
* Addding role validation in keycloak
* Fixing token size and swagger error
* Removing bearer from keycloak token
* Adding api to get account id by token and auth type
* Chaging create account from keycloak to auth
* Updating auth swagger
* Improving keycloak devkit service and fixing tests
* Fixing account unity tests
* Fixing account unity tests in auth
* Adding auth unity tests
* Fixing middleware tests
* Fixing fmt error
* Improving interface convertion to avoid conversion error
Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>
* Frontend - Many authentication types (#77)
* 🛸 Added fields in create company and repsitory to LDAP roules
* ⚙️ Separe modules of authenticantion, and add splash animation in login screen
* 🛰 Horusec default authenticator
* 🔑 Add auth environment
* Initialize integration with keycloack
* Adjustin keycloack authentication
* Add get user info in keycloack auth and adjusting logout
* ⚙️ Alter service to create account from keycloak
* 🛠 Adjusting styles, and settings to microfrontend integration and devcraft use
* Fixing keycloack config when in other auth type, and adjusting function types
* Fixing lint
* 🇺🇸 Translate e-mail templates to english (#95)
* Feature/application admin (#86)
* Adding horusec auth base project
* Adding auth handler, with auth types enum and credetials
* Finishing handlers and adding auth controller with factory by type
* Change filter to receive Severity and remove Type
* Adding missing unity tests in devkit
* Adding auth handler tests
* Adding swagger, updating router and configs
* Fixing lint and tests
* Adding horus service authenticate method
* Adding authorize handler
* Updating auth interface
* Adding postgres read
* Adding keycloak service auth and keycloak shared service
* Adding unit test
* Adding horusec roles enum
* Fixing return
* Adding validation to authorize by horus roles
* Renaming packges to horusec
* Fixing some horusec name errors and unity tests
* Removing nolint and improving code
* Renaming file to horusec
* Adding create user from keycloak token
* Adding create user from keycloak token
* Adding create user from keycloak token
* Adding horusec service unity testes
* Adding auth controller unity tests and updating mocks
* Adding auth in compose and fixing docs
* Adding auth in compose and fixing docs
* Updating health check
* Fixing lint
* Fixing keycloak unity tests
* Adding unit tests
* Adding unit tests
* Updating middlewares to use auth service
* Fixing auth type
* Fixing tests fmt lint
* Fixing tests fmt lint
* Fixing Security
* Improving code and adding unity tests
* Adding more devkit unity tests
* Adding some unit tests
* Adding middleware service unity tests
* Removing unnecessary test
* Adding horusec auth readme
* Fixing dockerfiles
* Adding validation to actual auth type
* Removing auth type header
* Updating composes
* Removing groups from authorization data
* Updating account, api and analytic readme
* Updating compose with auth url env var
* Updating compose and compose dev
* Fixing unity tests and fmt errors
* Adding application admin role
* Fixing auth pipeline and hashes false positives
* Adding is application admin middleware
* Fixing error that token was static to accept only jwt
* Addding role validation in keycloak
* Fixing token size and swagger error
* Adding route to show config, adding field is_super_admin, adding method to create account default super admin
* Fixing to get account admin data and create with this params
* Removing bearer from keycloak token
* Fixing docs account
* Adding route to get config of horusec-account
* Adding create company with admin application
* Adding api to get account id by token and auth type
* Chaging create account from keycloak to auth
* Updating auth swagger
* Adding validation to create company if user logged is appplication admin
* Fixing lint and tests
* Fixing security step
* Improving keycloak devkit service and fixing tests
* Fixing account unity tests
* Fixing account unity tests in auth
* Adding auth unity tests
* Fixing middleware tests
* Fixing fmt lint
* Fixing fmt error
* Adding Application admin in auth
* Fixing test
* Fixing fmt and lint
* Fixing horusec-config.json
* Adding validation to create default user only auth type horusec
* Fixing README.md in horusec-account
* Improving interface convertion to avoid conversion error
* Fixing fmt lint and units test
* Adding more unit test
* Adding more unit test
* Adding more unit test
* Fixing horusec-config.json
* Adding more unit test
* Fixing tests e2e
* Fixing fmt lint
* Fixing docs auth
* Fixing docs horusec-account
* Fixing security
* Update arquitecture images
* Fixing deploy service
Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>
* Adding return content when create account from keycloak (#98)
* Adding return content when create account from keycloak
* Adding return content when create account from keycloak
* Adding return content when create account from keycloak
* Fixing fmt and lint
* Fixing unit test
* Fixing integration middleware
* Frontend admin application (#100)
* 🗃 Alter the route to fetch config of application and save it in a localStorage
* Added suport to admin application
* [WIP] Feature/improving test (#99)
* Adding TESTBOOK.md correclty
* Adding testbook
* Updating setup external dependences
* Updating setup external dependences
* Updating setup external dependences
* Updating setup external dependences
* Updating setup external dependences
* Fixing horusec-config.json
* Updating setup external dependences
* Update e2e and account pipeline
* Fixing dockerfile.dev
* Fixing dockerfile account
* Change compose internal to run in dev mod
* Update cli pipeline
* Adding new unit test
* Removing old e2e tests and separate correctly e2e tests
* Ignoring up vendor folder in git
* Fixing e2e running
* Fixing compose e2e
* 🛠 Fixing method to verify admin application (#111)
* Frontend environments in compose files (#110)
* 🔑 Added envionments to frontend in compose files
* Adjusting .env.example file with all posible values
* Feature/auth grpc (#112)
* Adding grpc server in auth
* Adding generated proto go files
* Removing unnecessary field in proto
* adding grpc calls to replace http calls in midlewares
* Fixing middleware tests
* Updating compose and grpc config
* Adding certificates options and updating readme
* Updating compose files
* Updating e2e compose file
* Adding auth new port
* Updating e2e compose
* Improving error logs and lint
* Fixing fmt error
* Feature/improving test (#102)
* Adding more e2e tests
* Adding more e2e tests
* Adding more tests e2e
* Fixing fmt lint
* Update test e2e
* Update test e2e
* Fixing workflow e2e
* Fixing e2e running
* Adding validation to restart service with up migratin
* Fixing tests e2e
* Fixing tests e2e
* Fixing e2e
* Adding e2e to check if send messages correctly
* Update testbook
* Fixing gomod
* Starting add keycloak e2e tests
* Adding Request to configure keycloak service
* Adding correctly form to run tests using keycloak server
* Fixing makefile
* Adding tests in keycloak to validate invite user
* Fixing makefile
* Fixing names and docs of e2e
* Removing trash of tests of analysis
* Fixing e2e
* Fixing e2e messages
* Fixing create company
* Fixing create company
* Fixing e2e
* Fixing e2e
* Fixing e2e
* Fixing e2e
* Fixing e2e
* Fixing e2e
* Fixing e2e
* Fixing keycloak compose e2e
* [WIP] Ldap auth service integration (#71)
* Adding horusec auth base project
* Adding auth handler, with auth types enum and credetials
* Finishing handlers and adding auth controller with factory by type
* Change filter to receive Severity and remove Type
* Adding missing unity tests in devkit
* Adding auth handler tests
* Adding swagger, updating router and configs
* Fixing lint and tests
* Adding horus service authenticate method
* Adding authorize handler
* Updating auth interface
* Adding postgres read
* Adding keycloak service auth and keycloak shared service
* Adding unit test
* Adding ldap client dependency
* Adding horusec roles enum
* Adding ldap client config
* Fixing old references
* Fixing return
* Adding validation to authorize by horus roles
* Renaming packges to horusec
* Fixing some horusec name errors and unity tests
* Updating ldap to implement auth service
* Removing nolint and improving code
* Renaming file to horusec
* Adding create user from keycloak token
* Adding create user from keycloak token
* Adding create user from keycloak token
* Adding horusec service unity testes
* Adding auth controller unity tests and updating mocks
* Adding auth in compose and fixing docs
* Adding auth in compose and fixing docs
* Updating health check
* Fixing lint
* Fixing keycloak unity tests
* Adding unit tests
* Adding unit tests
* Updating middlewares to use auth service
* Fixing auth type
* Fixing tests fmt lint
* Fixing tests fmt lint
* Fixing Security
* Improving code and adding unity tests
* Adding more devkit unity tests
* Adding some unit tests
* Adding middleware service unity tests
* Removing unnecessary test
* Adding horusec auth readme
* Fixing dockerfiles
* Adding validation to actual auth type
* 🛸 Added fields in create company and repsitory to LDAP roules
* Removing auth type header
* Adding company authz fields
* Adding ldap service in the auth
* Updating composes
* Removing groups from authorization data
* Updating account, api and analytic readme
* WIP ldap authz
* Updating compose with auth url env var
* Updating compose and compose dev
* Adding ldap company authz
* Fixing unity tests and fmt errors
* Adding repository authz
* Adding ldap login logic
* Removing ldap refresh token
* ⚙️ Separe modules of authenticantion, and add splash animation in login screen
* 🛰 Horusec default authenticator
* 🔑 Add auth environment
* Adding ldap authz migration
* Adding ldap service in the handler
* Fixing vendor
* Fixing ldap permision migration
* Removing not null constraint from account password column
* Initialize integration with keycloack
* Adding ldap mock
* Adding ldap service
* Fixing ldap service interface
* Fixing auth pipeline and hashes false positives
* Fixing ldap service
* Improving ldap service
* Improving ldap service
* Improving ldap service
* Improving ldap service package name
* Improving ldap client service
* Fixing lint problems
* Fixing error that token was static to accept only jwt
* Addding role validation in keycloak
* Fixing token size and swagger error
* Adjustin keycloack authentication
* Removing bearer from keycloak token
* Add get user info in keycloack auth and adjusting logout
* Testing ldap service
* Improving fn name
* Adding api to get account id by token and auth type
* Chaging create account from keycloak to auth
* Updating auth swagger
* ⚙️ Alter service to create account from keycloak
* Fixing mail attribute from ldap
* Improving keycloak devkit service and fixing tests
* Fixing account unity tests
* Fixing account unity tests in auth
* Adding auth unity tests
* Fixing middleware tests
* Fixing fmt error
* Adding ldap user uid condition
* Improving interface convertion to avoid conversion error
* 🛠 Adjusting styles, and settings to microfrontend integration and devcraft use
* Merging with the base branch
* Using auth route
* Fixing migration error
* Removing supervisor role from company
* Updating dependencies
* Updating ldap service to fix get groups error
* Fixing some role issues in ldap service
* Adding missing ldap unity tests and improving code
* Adding ldap devkit service unity tests
* Fixing connnect error
* Updating swagger
* Updating vendor
* Adding example ldap env in composes
* Fixing string error in compose
* Fixing lint error in account service
* Removing vendor
* Updating config hashes
* Adding ldap service in compose
* Updating auth compose
* Alter the screnn of login to receiver username
* Updating ldap response
* Removing login horusec native from account to auth
* Fixing fmt errors
* Adding missing unity tests
* Fixing e2e
* Updating security pipeline
* Updating cli pipeline and hashes
* Improving authorize handler
* Added integration with backend for ldap auth
* Fixing companies loading
* Adding ldap memoize
* Adding ldap groups in repository cration and update
* Fixing ldap company update
* Fixing repository creation
* Fixing repository update
* Fixing company list return
* Fixing company form with groups pre filled
* Adding repository autzh fields
* Adding authz fields prefilled
* Fixing repository authz
Company admin is mandatory for authz
* Fixing wrong company role
* Fixing lint
* Adding application admin
* Updating compose ldap host
* Adding isApplicationAdmin attr in ldap authentication
* Adding username in native horus authentication
* Removing unecessary log in manager
* Fixing company creation
* Fixing repository update
Co-authored-by: nathan <nathan.martins@zup.com.br>
Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>
Co-authored-by: Horusec <horusec@zup.com.br>
Co-authored-by: lucas.bruno <lucas.bruno@zup.com.br>
* Adding validation to horusec login errors (#118)
* [WIP] Fixing e2e (#115)
* Fixing e2e
* Fixing e2e
* Fixing e2e
* Fixing e2e
* Fixing order for run e2e
* Fixing order for run e2e
* Fixing order for run e2e
* Fixing e2e
* Fixing e2e
* Tests Application admin horusec
* Fixing messages validation
* Fixing messages validation
* Updating keycloak to login by auth
* Adding jwt validation keycloak e2e
* Removing authentication by auth service
* Run duplicate
* rollback
* Comment keycloak in pipeline
Co-authored-by: nathan <nathan.martins@zup.com.br>
* Fixing repository authz groups (#116)
* Fixing e2e
* Fixing e2e
* Fixing e2e
* Fixing repository authz groups
* Fixing repository tests
* Fixing e2e
* Fixing ldap service tests
* Fixing order for run e2e
* Fixing order for run e2e
* Fixing order for run e2e
* Fixing e2e
* Fixing e2e
* Tests Application admin horusec
* Fixing messages validation
* Fixing messages validation
* Updating keycloak to login by auth
* Adding jwt validation keycloak e2e
* Removing authentication by auth service
* Run duplicate
* rollback
* Testing repository authz groups setted by company
Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>
Co-authored-by: nathan <nathan.martins@zup.com.br>
* Fixing compose content
* Removing minimum version and adding version recommendation message (#119)
* feature/auth-account-operations (#122)
* Adding account operations in auth
* Removing account operations from account service, improving entities strutuctre
* Fixing error multiple packages
* Fixing error in account middlewares and some minor issues
* Updating composes with new env vars
* Updating compose files and pipeline errors
* Updating auth readme and auth compose
* Updating messsages e2e compose
* Updating auth coverage and fixing e2e messages pipeline
* Updating manager to use auth service
* Adjusting to view field of email to app admin when create new organiz… (#127)
* Adjusting to view field of email to app admin when create new organization (#125)
* Adding validation for user response when ask if run in current directory (#124)
Co-authored-by: Lucas Bruno <69604366+lucasbrunozup@users.noreply.github.com>
* Improving cli to print error message by line, and removing missing pa… (#126)
* Improving cli to print error message by line, and removing missing packge-lock or yarn-lock as errors, fixing some misspelling
* Fixing unity test
* Feature/semgrep (#128)
* Adding semgrep to horus cli
* Adding semgrep languages, updating semprep formatter
* Adding method to get severity
* Fixing lint errors
* Fixing cli unity tests
* Improving code and adding unity tests
* Changing semgrep config to use docker hub image
* Updating api to accept new languages
* Fixing lint errors
* Adding workdir to generic scan
* feature choice-tool (#132)
* Adding flag to choice if user need ignore tool run in your analysis
* Fixing fmt lint
* Fixing hashes security
* Feature/webhook (#113)
* Adding base webhook service
* Fixing webhook configs and docs
* Adding dispatch http request via broker to destiny saved in database
* Adding dispatch http request via broker to destiny saved in database
* Start crud of webhook
* Start crud of webhook
* Adding handler of webhook
* Fixing swagger
* Fixing lint and handler webhook
* Adding description on struct webhook
* Adding description on struct webhook
* Fixing docs
* Adding repository and calling in controller
* Adding migration script
* Adding controller validations and fixing datatype JSONB in postgresql
* Adding unit tests in webhook
* Finish tests of webhook crud
* Adding deployments and adding tests in horusec-api
* Fixing lint and add health check broker
* Adding helm in auth service
* upgrade coverage webhook
* Fixing horusec-api to not necessary up broker
* Closing body in http response
* Fixing http request to close body in response
* Fixing units tests
* Adding tests of integration of see se dispatch to destiny correctly
* Fixing e2e
* Adding put in cors
* Adding README.md in wehbhoook
* Fixing hash security
* [Frontend] Webhook (#117)
* Item of webhook screen in the side menu, initial structure for the screen
* Added the table to render list of webhooks
* Adding base webhook service
* Adjusting spaces in table of webhooks list
* Fixing webhook configs and docs
* Adding dispatch http request via broker to destiny saved in database
* Adding dispatch http request via broker to destiny saved in database
* Added modal to add new webhook
* Start crud of webhook
* Start crud of webhook
* Adjusting spaces of text input
* Adding handler of webhook
* Fixing swagger
* Fixing lint and handler webhook
* Adding description on struct webhook
* Adding description on struct webhook
* Fixing docs
* Adding repository and calling in controller
* Adding migration script
* Add Webhook interface and adjust method http select in create new webhook
* Adding controller validations and fixing datatype JSONB in postgresql
* Adding unit tests in webhook
* Finish tests of webhook crud
* Adding deployments and adding tests in horusec-api
* Fixing lint and add health check broker
* Adding helm in auth service
* upgrade coverage webhook
* Fixing horusec-api to not necessary up broker
* Closing body in http response
* Fixing http request to close body in response
* Fixing units tests
* Adding tests of integration of see se dispatch to destiny correctly
* Fixing e2e
* Adding put in cors
* Added delete and edit webhook
* Fixing lint
* Adjusting role for webhook screen
* Adding README.md in wehbhoook
Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>
Co-authored-by: Nathan Tavares Nascimento <nathan.nascimento@zup.com.br>
* Fixing auth cors (#133)
* Update account username and email (#135)
* Adding update account handler
* Adding update account feature
* Fixing account controller interface
* Fixing account controller mock
* Fixing account update handler
* Fixing lint
* Adding handler test
* Adding updation validate
* Testing update account handler
* Improving update account controller
* Testing update account controller
* Adding vuln as risk accepeted
hash 45aa5c46df5ba51d7e59da826544412352c189a6acf5707f941922181c94f989
* Repository form authz groups (#134)
* Adding repository groups from company
* Adding repository creation groups inital value
* Update pt-br.json (#139)
Fixed typo in text.
* Feature/horusec-csharp (#131)
* Adding base horusec csharp cli
* Adding csharp rules structure
* Fixing security hashes
* Adding horusec csharp cli injetion rules
* Adding others rules
* Adding sql injection linq rule
* Update leaks with set pwd
* Update make file and adding pipeline of horusec-csharp
* Adding password validation
* Adding sql injection rules in csharp cli
* Adding rules of cookies, view state
* Fixing errors
* Adding some cryptography rules to csharp cli
* Fixing total rules csharp
* Adding weak cipher rules
* Adding more rules of csharp
* Fixing test
* Adding more csharp rules
* add NewCsharpRegularDebugBuildEnabled
* add NewCsharpRegularDebugBuildEnabled
* Adding custom errors disabled rule
* Adding rules csharp
* Adding rule vulnerable package reference
* Adding rule jwt signature validation disabled
* Add cors allow origin wildcard rules
* Adding NewCsharpAndFormsAuthenticationCookielessMode
* Adding regular anti forgery token rule
* Adding form validations
* Adding missing authorize attribute rule
* Adding rules of xml in csharp
* Fix test
* Adding more csharp rules
* Adding password lockout disabled rule
* Adding more rules in csharp of cookies and assinatures
* Adding cross site rules
* Weak password rule
* Adding ldap injection filter rule
* Adding more rules in csharp
* Adding more rules in csharp
* Adding more rules in csharp
* Adding ldap injection rules
* Adding more rules in csharp
* Adding csharp in deployments to up version
* Adding csharp in deployments to up version
* Rename test zip to csharp
* Adding horusec csharp cli
* Change language to csharp
* Adding test to check netcore is deprecated
* Updating regular rules
* Adding rule no log sensitive information in console
* Fix conflict
* Fixing error removing old regular expressions
* Update weak rsa key length
* Removing deplicated rule
* Fixing rules of java min 128 bits in key generator
* Adding unit tests in csharp engine
* Fixing fmt lint
* Fixing test
* Fixing test
* Adding readme.md in horusec-csharp
* Update README.md
* Fixing tests
* Merge and update doc
Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>
Co-authored-by: Wilian Gabriel <63816070+wiliansilvazup@users.noreply.github.com>
* Removing Landing Page (#141)
* Adding eslint dockerfile
* Change name dotnet to csharp (#144)
* WIP adding eslint formatter
* Update version csharp
* WIP cleanup formatter code
* Wip adding eslint formatter docker execution
* Adding analyser eslint formatter
* Fixing eslint configuration
* Adding eslint security rules config
* Improving eslint formatter
* Adding eslint output struct
* Adding eslint results into analysis
* Adding eslint javascript analyse
* Feature/update docs (#140)
* Update composes and check if are go pass in pipeline
* Fixing env wrong
* Update docs
* Fix docs
* Adding estlint image script
* Adding eslint tool in deploy workflow
* Fixing eslint tool name
* Updating ignore tool flag description
* Fixing lint problem
* Fixing eslint file pattern
* Testing eslint formatter
* Testing eslint formatter
* Adding eslint scan in readme
* Fixing code sample length
* Fixing eslint config
* Removing eslint object injection
* Feature/horusec nodejs (#143)
* Adding base of horusec nodejs
* Merge with develop
* Adding Horusec-NodeJS in CLI
* Fixing fmt lint
* Adding initial rules for sql injection, xss, others
* Fixing fmtg
* Adding rules of cripto in nodejs
* Adding some vulnerabilities in nodejs
* Fixing total vuln nodejs
* Adding more rules injection in nodejs
* Adding rules of http-proxy, no log, ip address, others
* Adding more rules in nodejs
* Fixing fmt lint
* Fixing docs
* Fixing name
* Fixing tests fmt lint
* Adding jsx e tsx
* Fixing sql injection query
* Update no log sensitive information
* Update no log sensitive information
* Fixing total found in nodejs
* Adding docs
* Feature/k8s cli (#148)
* Adding some kubernetes rules
* Adding kubernetes cli
* Updating docs
* Adding horusec kubernetes cli in make file
* Adding kubernetes cli in horusec cli
* Updating go modules
Co-authored-by: Nathan Tavares Nascimento <nathan.nascimento@zup.com.br>
* Update deploy-cli-tools.yml
* Update update-image-tool.sh
* Adding docs kubernetes (#149)
* Adding docs kubernetes
* Fixing readme
* Update image nodejs and kubernetes
* Updating analysis cli images
Co-authored-by: nathan <nathan.martins@zup.com.br>
* Adding eslint in analysis slice
* Fixing eslint config
* Javascritpt eslint security (#146)
* Adding eslint dockerfile
* WIP adding eslint formatter
* WIP cleanup formatter code
* Wip adding eslint formatter docker execution
* Adding analyser eslint formatter
* Fixing eslint configuration
* Adding eslint security rules config
* Improving eslint formatter
* Adding eslint output struct
* Adding eslint results into analysis
* Adding eslint javascript analyse
* Adding estlint image script
* Adding eslint tool in deploy workflow
* Fixing eslint tool name
* Updating ignore tool flag description
* Fixing lint problem
* Fixing eslint file pattern
* Testing eslint formatter
* Testing eslint formatter
* Adding eslint scan in readme
* Fixing code sample length
* Fixing eslint config
* Removing eslint object injection
* Adding eslint in analysis slice
* Fixing eslint config
Co-authored-by: Wilian Gabriel <63816070+wiliansilvazup@users.noreply.github.com>
* Fixing eslint extensions
* Fixing eslint file paht
* Fixing generics bugs (#150)
* Adding typescript vulnerabilities separated
* Adding validation to not dispatch typescript in js
* Adding node js cli in validation
* Fixing lint error
* Fixing unity test
* Fixing tsx and jsx run in javascript
* Fix fmt
* Fixing versions
* Fixing auth cors
* Fixing log very sensitive in csharp
* Update version of leaks
* Update version of leaks
* Fixing test
* Update analyser to log not existing hash
* Update analyser to log not existing hash
* Fixing version eslint
* Fixing vuln in frontend
* Fixing lint manager
* Fixing horusec-config
* Fix lint
Co-authored-by: nathan <nathan.martins@zup.com.br>
* Downgrade severity no use localstorage
* Adding files license
* Adding yaml license
* Added INFO severity and add colors of languages (#152)
* Update README.md
* [skip ci] update versioning file
* [skip ci] update versioning file
* [skip ci] update versioning file
* Merge with master
* Adding vulnerabilities tests for horusec-leaks rules (#158)
* Adding vulnerabilities tests for horusec-leaks rules
* Adding rule twitter
* Fixing gcp token
* Fixing development-kit
* Adding project path in file with vulnerability (#156)
* Fix Reset password validation (#160)
* Fix Reset password validation
* Fixing lint
* Fixing tests
* Fixing horusec-config
* Fixing hash
* [Frontend] Webhook improvements (#136)
* Added search bar to webhook screen and option to delete header in add and edit modal
* Added option to copy a existing webhook
* Adjusting text to create new webhook
* Adding validation for get password correctly
* Adding validation for get password correctly
* Bugfix/update account (#166)
* Fixing update password
* Update swagger auth
* Adding stable version to migrate (#167) (#168)
* Updating develop with master (#170)
* Adding stable version to migrate (#167)
* Updating validate email url (#169)
* Squashed commit of the following:
commit 44042db521749a336585430a829c13540de72294
Author: Wilian Gabriel <63816070+wiliansilvazup@users.noreply.github.com>
Date: Wed Dec 2 10:20:14 2020 -0300
Update helm charts (#165)
* Upgrade environments horusec-auth
* Update helm values of micro services
* Update helm values of micro services
* Update helm values of micro services
* Update helm values of micro services
* Update helm account
* Update helm account
* Removing license comentary in chart
* Fixing helm charts
* Fixing version fixed
* Fixing charts
* Fixing environments on values
* Fixing fmt
* Fixing databasemigration
* Fix
commit a29ee719eb7e08d8ad74b5683befb67afb83cf3d
Author: nathannascimentozup <65020170+nathannascimentozup@users.noreply.github.com>
Date: Wed Dec 2 10:06:03 2020 -0300
Adding support for root path horusec-config file (#161)
* Fixing abs path for horusec-config.json
* Adding config path flag
* Adding inputs package
* Removing uncessary code
* Removing config flag
commit 1acf85b1e5a9b125a5f8a7c1ad22e2a5f0478efd
Author: nathanmartinszup <63246935+nathanmartinszup@users.noreply.github.com>
Date: Tue Dec 1 13:32:51 2020 -0300
Updating validate email url (#169)
commit 2765a441d5daa66c99bd6272697df7956cd22c24
Author: nathanmartinszup <63246935+nathanmartinszup@users.noreply.github.com>
Date: Mon Nov 30 16:23:49 2020 -0300
Adding stable version to migrate (#167)
* Settings screen (#137)
* Added option in side menu to access the settings screen
* Structure of settings screen
* Add dialog to change informations of account
* Add modal to change password
* Fixing auth service cors
* Added integration with api to update email and username
* Added option to delete account
* Updating auth cors
* Fixing account update
* Fixing account update
* Finalizing delete account flow
* Add service to change password
* Added message for error in same password when change it
* Fixing auth
* Update logic to update user and pass
* Fixing patch
* Add rule to view te screen something when authType is a default
* Fixing coverage auth
* Fixing fmt lint
Co-authored-by: Nathan Tavares Nascimento <nathan.nascimento@zup.com.br>
Co-authored-by: nathan <nathan.martins@zup.com.br>
Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>
* Merge with master
* Feature/flawfinder (#171)
* Adding flawfinder c analysis tool
* Adding formatter for flawfinder
* Fixing commit authors in flawfinder
* Adding license
* Updating docs and adding unity tests
* Adding c++ in doc
* Fixing auth grpc
Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>
* Update README.md
* Added rules when the the option of broker service is disabled in backend (#175)
Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>
* Feature/phpcs (#177)
* Adding flawfinder c analysis tool
* Adding formatter for flawfinder
* Fixing commit authors in flawfinder
* Adding license
* Updating docs and adding unity tests
* Adding c++ in doc
* Adding phpcs dockerfile
* Fixing auth grpc
* Adding php phpcs security tool
* Adding missing unity tests and fixing lint
* =Fixing git blame and updating docs
* Fixing lint error
* Fixing readme
Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>
* Bugfix/improving-grpc-logs (#178)
* Adding log for received grpc requests
* Improving midlewares errors
* Fixing error when load the donut chart with empty data (#179)
* Add headers dynamic to send on request (#182)
* Add headers dynamic to send on request
* Adding unit test
* Fix fmt lint
* Update doc
* Update doc
* Fix test
* Updating Authorization header to X-Horusec-Authorization (#183)
* Updating Authorization header to X-Horusec-Authorization
* Updating token in refresh function
* Fixing pipeline
* Adjusting colors of svg icons and add new webhook icon (#184)
* Fixing clear inputs when create new webhook (#185)
* [skip ci] update versioning file
* Feature/horusec cli image (#186)
* Updating horusec cli dockerfile
* Adding flag to project path on host when clicking on docker image
* Updating workdir with the new languages
* Fixing lint
* Fixing project path in print results
* Adding git in docker cli image
* Fixing filepaths (#188)
* Fixing filepaths
* Fixing audit vuln
* Fixing pipeline
* Updating docs
* Updating code build docs
* Develop (#181) (#191)
* feature/automatic-csproj (#23)
* adding dynamic detection of csproj, yarn.lock, package-lock.json and requirements.txt
* file path by ext unity tests
* Template email of organization invited (#22)
* e-mail Added the template of e-mail to a user is invited to the organization
* Fixing go lint
* 🔒 The screen dashboard of organization is visible something the admin users (#26)
* Organizing i18n values in frontend (#30)
* Rewrite i18n values for external pages and dashsboard screen
* Adjusting i18 values in repositories screen
* 🛠️ Adjusting redirect routes when the call is external of manager (#19)
* Hotfix/fixing redirect and output bigger (#21)
* Fixing redirect in email template reset-password
* Fixing code output when exists many content and bad read
* Fixing fmt and set total output to down
* Hotfix/unique names (#28)
* Adding unique names migration
* Adding validations to unique names and unity tests
* Fixing swagger in horusec-analytics (#27)
* Add i18n values to enUS
Co-authored-by: Wilian Gabriel <63816070+wiliansilvazup@users.noreply.github.com>
Co-authored-by: nathanmartinszup <63246935+nathanmartinszup@users.noreply.github.com>
* Removing fields type, vulnerableBellow and version from Vulnerability (#24)
* Removing fields type, vulnerableBellow and version from Vulnerability
* Fixing e2e and unit testss
* Change pipeline to use docker-compose
* Fixing docker-compose.test
* Fixing deployment
* Fixing compose
* Merge master into develop (#36)
* 🛠️ Adjusting redirect routes when the call is external of manager (#19)
* Hotfix/fixing redirect and output bigger (#21)
* Fixing redirect in email template reset-password
* Fixing code output when exists many content and bad read
* Fixing fmt and set total output to down
* Hotfix/unique names (#28)
* Adding unique names migration
* Adding validations to unique names and unity tests
* Fixing swagger in horusec-analytics (#27)
* Hotfix/change images generate token (#31)
* Change images to generate token
* Adding gif usage horusec
* Adding gif usage horusec
Co-authored-by: Lucas Bruno <69604366+lucasbrunozup@users.noreply.github.com>
Co-authored-by: nathanmartinszup <63246935+nathanmartinszup@users.noreply.github.com>
* Adding company role in get all companies (#33)
* Adding company role in get all companies
* Adding unity tests
* Tokens of organization (#32)
* 🔑 Handler tokens of organization
* 🛡️ Added rules in manager organizations
* Not found screen (#34)
* 👷 Initial structure to not found page
* 👌 Finalizing page of not found
* 🔙 Added option to back to organization screen when in home page
* 🔨 Fixing version in package json
* Fixing error in unique company name not necessary, and removings wrong constraints in database (#38)
* [skip ci] update versioning file
* Added component of pagination (#47)
* CLI docker image (#25)
* Adding cli dockerfile
* Adding horusec as entrypoint
* Removing docker from image
* Adding docker-entrypoint
* Using docker dind
* Downgrade docker dind
* Using entrypoint
* Renaming entrypoint to horusec-cli
* Updating documentation
* Adding license
* Updating vendor
Co-authored-by: Horusec <horusec@zup.com.br>
* 💅 Adjusting button dialog styles, scrollbar and select component (#48)
* Adjusting the texts in portugueses (#52)
* ✅ Added option to success message from flash message component and added in all handlers (#53)
* Feature/create repository cli (#55)
* Create repository by cli flag, update list repository to list all repositories to company admin
* Adding tests and validation to list all repositories of company if i am admin
* Removing duplicated code to list repositories to company admin
* Removing unnecessary unity test
* Fixing unity tests and adding middleware to company admin
* Adding missing test
* Updating analytic routes by repository to accept admins of company
* Fixing broken e2e tests
Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>
* Frontend false positive (#54)
* Initial strucute for false positive screen
* Finished false posite screen and add supervisor role
* Implementing false-positive and risk accept (#35)
* Change struct of analysis
* Fixing fmt lint entity and create migration files
* Adding get all dto and method
* Fixing migration
* Adding base management repository
* Adding get all vuln management data
* Adding management repository unity tests
* adding management controller get all
* adding get all management data
* adding management handler unity tests
* Adding update method in repository
* Adding update method in controller
* adding management handler put
* Adding management handler unity tests
* Fixing create analysis
* Adding app sec role
* Fixing list vuln management error where vulns are duplicating, fixing swagger errors
* Removing unnecessary nolint and improving code
* Fixing to send analysis correctly to horusec-api
* Adding separated api to update status and type
* Adding new vulnerability status and type enums
* Fixing lint
* Fixing lint errors
* Removing status and updating apis
* Updating migration
* Fixing output to show vulnerability to fix
* Fixing lint and project errors
* Fixing management unit tests
* Fixing errors in list vulns
* Fixing some type errors
* Updating output to print false positive and risk accept
* Start fixing tests
* Fixing tests
* Fixing vulnerabilities unity tests
* Fixing analytic queries
* Fixing tests
* Fixing analytic repositoty unit tests
* Adding tests on cli
* Adding more content
* Fixing hash generator
* Fixing hash generator
* Fixing vulnerability test
* Adding devkit entities and types units tests
* Adding Unit tests
* Adding unit tests
* Fixing license
* Adding analysis tests
* Fixing lint
* fixing e2e tests
* Updating e2e tests
* Fixing tests in repository
* FIxing fmt lint
* Parse horusec analysis response correctly
* Fixing lint
* Fixing errors in vulns details
* Fixing e2e test
* Updating api cors
* Updating cors
Co-authored-by: nathan <nathan.martins@zup.com.br>
Co-authored-by: lucas.bruno <lucas.bruno@zup.com.br>
* Fixing wrong text in output
* Bugfix/false positive (#58)
* Fixing supervisor middleware validation to company admins
* Fixing load data in vulnerabilities table
* Fixing false positive in CLI
* Updating swagger
* Fixing docs
* Fixing lint
Co-authored-by: lucas.bruno <lucas.bruno@zup.com.br>
Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>
* Fixing regex d34b3ba5-b988-4a0f-9344-467274cd98be (#59)
* Removing deprecated manager (#60)
* Fixing security pipeline in horusec (#61)
* Fixing security pipeline in horusec
* Fixing security pipeline in horusec
* Fixing security pipeline in horusec
* Fixing security pipeline in horusec
* Fixing readme cli
* Fixing readme cli
* Update README.md
* Update README.md
* Change filter to receive Severity and remove Type (#64)
* Feature/improving false positive (#66)
* Adding order by severity and type
* Adding filter by type
* Fixing lint errors and adding unity tests
* Fixing order by error
* Updating swagger
* Fixing fmt errors
* [Frontend] Improvements false positive (#67)
* Added new filter in false positive screen
* Added success messages
* Added tag with color in severity
* List vulnerabilities in management screen to repository members (#68)
* [Frontend] - Improvements false positive (#69)
* Added new filter in false positive screen
* Added success messages
* Added tag with color in severity
* Removing supervisor role in company
* Added permission to handler repository
* Migration deploy hook (#65)
* Adding migration dockerfile
* Improving migration dockerfile
* Using env in migration
* Adding migration template
* Fixing migration template
* Adding migration image script
* Updating helm hook
* Fixing mingration version
* Fixing service image script builder
Co-authored-by: Horusec <horusec@zup.com.br>
* Adding api to delete account and permissions (#85)
* Adding api to delete account and permissions
* Adding license in docs
* Adding jwt auth middleware in delete account
* Feature/horusec auth (#62)
* Adding horusec auth base project
* Adding auth handler, with auth types enum and credetials
* Finishing handlers and adding auth controller with factory by type
* Change filter to receive Severity and remove Type
* Adding missing unity tests in devkit
* Adding auth handler tests
* Adding swagger, updating router and configs
* Fixing lint and tests
* Adding horus service authenticate method
* Adding authorize handler
* Updating auth interface
* Adding postgres read
* Adding keycloak service auth and keycloak shared service
* Adding unit test
* Adding horusec roles enum
* Fixing return
* Adding validation to authorize by horus roles
* Renaming packges to horusec
* Fixing some horusec name errors and unity tests
* Removing nolint and improving code
* Renaming file to horusec
* Adding create user from keycloak token
* Adding create user from keycloak token
* Adding create user from keycloak token
* Adding horusec service unity testes
* Adding auth controller unity tests and updating mocks
* Adding auth in compose and fixing docs
* Adding auth in compose and fixing docs
* Updating health check
* Fixing lint
* Fixing keycloak unity tests
* Adding unit tests
* Adding unit tests
* Updating middlewares to use auth service
* Fixing auth type
* Fixing tests fmt lint
* Fixing tests fmt lint
* Fixing Security
* Improving code and adding unity tests
* Adding more devkit unity tests
* Adding some unit tests
* Adding middleware service unity tests
* Removing unnecessary test
* Adding horusec auth readme
* Fixing dockerfiles
* Adding validation to actual auth type
* Removing auth type header
* Updating composes
* Removing groups from authorization data
* Updating account, api and analytic readme
* Updating compose with auth url env var
* Updating compose and compose dev
* Fixing unity tests and fmt errors
* Fixing auth pipeline and hashes false positives
* Fixing error that token was static to accept only jwt
* Addding role validation in keycloak
* Fixing token size and swagger error
* Removing bearer from keycloak token
* Adding api to get account id by token and auth type
* Chaging create account from keycloak to auth
* Updating auth swagger
* Improving keycloak devkit service and fixing tests
* Fixing account unity tests
* Fixing account unity tests in auth
* Adding auth unity tests
* Fixing middleware tests
* Fixing fmt error
* Improving interface convertion to avoid conversion error
Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>
* Frontend - Many authentication types (#77)
* 🛸 Added fields in create company and repsitory to LDAP roules
* ⚙️ Separe modules of authenticantion, and add splash animation in login screen
* 🛰 Horusec default authenticator
* 🔑 Add auth environment
* Initialize integration with keycloack
* Adjustin keycloack authentication
* Add get user info in keycloack auth and adjusting logout
* ⚙️ Alter service to create account from keycloak
* 🛠 Adjusting styles, and settings to microfrontend integration and devcraft use
* Fixing keycloack config when in other auth type, and adjusting function types
* Fixing lint
* 🇺🇸 Translate e-mail templates to english (#95)
* Feature/application admin (#86)
* Adding horusec auth base project
* Adding auth handler, with auth types enum and credetials
* Finishing handlers and adding auth controller with factory by type
* Change filter to receive Severity and remove Type
* Adding missing unity tests in devkit
* Adding auth handler tests
* Adding swagger, updating router and configs
* Fixing lint and tests
* Adding horus service authenticate method
* Adding authorize handler
* Updating auth interface
* Adding postgres read
* Adding keycloak service auth and keycloak shared service
* Adding unit test
* Adding horusec roles enum
* Fixing return
* Adding validation to authorize by horus roles
* Renaming packges to horusec
* Fixing some horusec name errors and unity tests
* Removing nolint and improving code
* Renaming file to horusec
* Adding create user from keycloak token
* Adding create user from keycloak token
* Adding create user from keycloak token
* Adding horusec service unity testes
* Adding auth controller unity tests and updating mocks
* Adding auth in compose and fixing docs
* Adding auth in compose and fixing docs
* Updating health check
* Fixing lint
* Fixing keycloak unity tests
* Adding unit tests
* Adding unit tests
* Updating middlewares to use auth service
* Fixing auth type
* Fixing tests fmt lint
* Fixing tests fmt lint
* Fixing Security
* Improving code and adding unity tests
* Adding more devkit unity tests
* Adding some unit tests
* Adding middleware service unity tests
* Removing unnecessary test
* Adding horusec auth readme
* Fixing dockerfiles
* Adding validation to actual auth type
* Removing auth type header
* Updating composes
* Removing groups from authorization data
* Updating account, api and analytic readme
* Updating compose with auth url env var
* Updating compose and compose dev
* Fixing unity tests and fmt errors
* Adding application admin role
* Fixing auth pipeline and hashes false positives
* Adding is application admin middleware
* Fixing error that token was static to accept only jwt
* Addding role validation in keycloak
* Fixing token size and swagger error
* Adding route to show config, adding field is_super_admin, adding method to create account default super admin
* Fixing to get account admin data and create with this params
* Removing bearer from keycloak token
* Fixing docs account
* Adding route to get config of horusec-account
* Adding create company with admin application
* Adding api to get account id by token and auth type
* Chaging create account from keycloak to auth
* Updating auth swagger
* Adding validation to create company if user logged is appplication admin
* Fixing lint and tests
* Fixing security step
* Improving keycloak devkit service and fixing tests
* Fixing account unity tests
* Fixing account unity tests in auth
* Adding auth unity tests
* Fixing middleware tests
* Fixing fmt lint
* Fixing fmt error
* Adding Application admin in auth
* Fixing test
* Fixing fmt and lint
* Fixing horusec-config.json
* Adding validation to create default user only auth type horusec
* Fixing README.md in horusec-account
* Improving interface convertion to avoid conversion error
* Fixing fmt lint and units test
* Adding more unit test
* Adding more unit test
* Adding more unit test
* Fixing horusec-config.json
* Adding more unit test
* Fixing tests e2e
* Fixing fmt lint
* Fixing docs auth
* Fixing docs horusec-account
* Fixing security
* Update arquitecture images
* Fixing deploy service
Co-authored-by: Wilian Gabriel <wilian.silva@zup.com.br>
* Adding return content when create account from keycloak (#98)
* Adding return content when create account from keycloak
* Adding return content when create account from keycloak
* Adding return content when create account from keycloak
* Fixing fmt and lint
* Fixing unit test
* Fixing integration middleware
* Frontend admin application (#100)
* 🗃 Alter the route to fetch config of application and save it in a localStorage
* Added suport to admin application
* [WIP] Feature/improving test (#99)
* Adding TESTBOOK.md correclty
* Adding testbook
* Updating setup external dependences
* Updating setup external dependences
* Updating setup external dependences
* Updating setup external dependences
* Updating setup external dependences
* Fixing horusec-config.json
* Updating setup external dependences
* Update e2e and account pipeline
* Fixing dockerfile.dev
* Fixing dockerfile account
* Change compose internal to run in dev mod
* Update cli pipeline
* Adding new unit test
* Removing old e2e tests and separate correctly e2e tests
* Ignoring up vendor folder in git
* Fixing e2e running
* Fixing compose e2e
* 🛠 Fixing method to verify admin application (#111)
* Frontend environments in compose files (#110)
* 🔑 Added envionments to frontend in compose files
* Adjusting .env.example file with all posible values
* Feature/auth grpc (#112)
* Adding grpc server in auth
* Adding generated proto go files
* Removing unnecessary field in proto
* adding grpc calls to replace http calls in midlewares
* Fixing middleware tests
* Updating compose and grpc config
* Adding certificates options and updating readme
* Updating compose files
* Updating e2e compose file
* Adding auth new port
* Updating e2e compose
* Improving error logs and lint
* Fixing fmt error
* Feature/improving test (#102)
* Adding more e2e tests
* Adding more e2e tests
* Adding more tests e2e
* Fixing fmt lint
* Update test e2e
* Update test e2e
* Fixing workflow e2e
* Fixing e2e running
* Adding validation to restart service with up migratin
* Fixing tests e2e
* Fixing tests e2e
* Fixing e2e
* Adding e2e to check if send messages correctly
* Update testbook
* Fixing gomod
* Starting add keycloak e2e tests
* Adding Request to configure keycloak service
* Adding correctly form to run tests using keycloak server
* Fixing makefile
* Adding tests in keycloak to validate invite user
* Fixing makefile
* Fixing names and docs of e2e
* Removing trash of tests of analysis
* Fixing e2e
* Fixing e2e messages
* Fixing create company
* Fixing create company
* Fixing e2e
* Fixing e2e
* Fixing e2e
* Fixing e2e
* Fixing e2e
* Fixing e2e
* Fixing e2e
* Fixing keycloak compose e2e
* [WIP] Ldap auth service integration (#71)
* Adding horusec auth base project
* Adding auth handler, with auth types enum and credetials
* Finishing handlers and adding auth controller with factory by type
* Change filter to receive Severity and remove Type
* Adding missing unity tests in devkit
* Adding auth handler tests
* Adding swagger, updating router and configs
* Fixing lint and tests
* Adding horus service authenticate method
* Adding authorize handler
* Updating auth interface
* Adding postgres read
* Adding keycloak service auth and keycloak shared service
* Adding unit test
* Adding ldap client dependency
* Adding horusec roles enum
* Adding ldap client config
* Fixing old references
* Fixing return
* Adding validation to authorize by horus roles
* Renaming packges to horusec
* Fixing some horusec name errors and unity tests
* Updating ldap to implement auth service
* Removing nolint and improving code
* Renaming file to horusec
* Adding create user from keycloak token
* Adding create user from keycloak token
* Adding create user from keycloak token
* Adding horusec service unity testes
* Adding auth controller unity tests and updating mocks
* Adding auth in compose and fixing docs
* Adding auth in compose and fixing docs
* Updating health check
* Fixing lint
* Fixing keycloak unity tests
* Adding unit tests
* Adding unit tests
* Updating middlewares to use auth service
* Fixing auth type
* Fixing tests fmt lint
* Fixing tests fmt lint
* Fixing Security
* Improving code and adding unity tests
* Adding more devkit unity tests
* Adding some unit tests
* Adding middleware service unity tests
* Removing unnecessary test
* Adding horusec auth readme
* Fixing dockerfiles
* Adding validation to actual auth type
* 🛸 Added fields in create company and repsitory to LDAP roules
* Removing auth type header
* Adding company authz fields
* Adding ldap service in the auth
* Updating composes
* Removing groups from authorization data
* Updating account, api and analytic readme
* WIP ldap authz
* Updating compose with auth url env var
* Updating compose and compose dev
* Adding ldap company authz
* Fixing unity tests and fmt errors
* Adding repository authz
* Adding ldap login logic
* Removing ldap refresh token
* ⚙️ Separe modules of authenticantion, and add splash animation in login screen
* 🛰 Horusec default authenticator
* 🔑 Add aut…
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
- What I did
- How to verify it
- Description for the changelog