diff --git a/README.md b/README.md
index 10c79f02c..e432560f9 100644
--- a/README.md
+++ b/README.md
@@ -24,6 +24,8 @@ Currently, performance analysis consists of:
You can see more details about the horusec /assets/horusec-complete-architecture.jpg
+### For more details see our [DOCUMENTATION](https://zup-products.gitbook.io/horusec)
+
## Project roadmap
We started the project to aggregate within our company, but as the search grew more and more we chose to apply good practices and open it up for everyone to collaborate with this incredible project.
diff --git a/development-kit/pkg/services/middlewares/repository_authz.go b/development-kit/pkg/services/middlewares/repository_authz.go
index 32ee3c1a2..d623c9ade 100644
--- a/development-kit/pkg/services/middlewares/repository_authz.go
+++ b/development-kit/pkg/services/middlewares/repository_authz.go
@@ -110,8 +110,13 @@ func (rm *repositoryAuthzMiddleware) IsRepositorySupervisor(next http.Handler) h
repositoryID, _ := uuid.Parse(chi.URLParam(r, "repositoryID"))
accountRepository, err := rm.repoAccountRepository.GetAccountRepository(accountID, repositoryID)
if err != nil || accountRepository.Role != accountEnums.Supervisor && accountRepository.Role != accountEnums.Admin {
- httpUtil.StatusForbidden(w, errors.ErrorUnauthorized)
- return
+ companyID, _ := uuid.Parse(chi.URLParam(r, "companyID"))
+ accountCompany, errCompany := rm.repositoryRepo.GetAccountCompanyRole(accountID, companyID)
+
+ if errCompany != nil || accountCompany.Role != accountEnums.Admin {
+ httpUtil.StatusForbidden(w, errors.ErrorUnauthorized)
+ return
+ }
}
next.ServeHTTP(w, r)
})
diff --git a/horusec-api/docs/docs.go b/horusec-api/docs/docs.go
index d7fff2fb6..b40f0eeba 100644
--- a/horusec-api/docs/docs.go
+++ b/horusec-api/docs/docs.go
@@ -278,6 +278,234 @@ var doc = `{
}
}
},
+ "/api/companies/{companyID}/repositories/{repositoryID}/management": {
+ "get": {
+ "security": [
+ {
+ "ApiKeyAuth": []
+ }
+ ],
+ "description": "Get all vuln vulnerability data in repository",
+ "consumes": [
+ "application/json"
+ ],
+ "produces": [
+ "application/json"
+ ],
+ "tags": [
+ "Management"
+ ],
+ "operationId": "get-vuln-data",
+ "parameters": [
+ {
+ "type": "string",
+ "description": "repositoryID of the repository",
+ "name": "repositoryID",
+ "in": "path",
+ "required": true
+ },
+ {
+ "type": "string",
+ "description": "page query string",
+ "name": "page",
+ "in": "query"
+ },
+ {
+ "type": "string",
+ "description": "size query string",
+ "name": "size",
+ "in": "query"
+ },
+ {
+ "type": "string",
+ "description": "vulnHash query string",
+ "name": "vulnHash",
+ "in": "query"
+ },
+ {
+ "type": "string",
+ "description": "vulnType query string",
+ "name": "vulnType",
+ "in": "query"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "allOf": [
+ {
+ "$ref": "#/definitions/http.Response"
+ },
+ {
+ "type": "object",
+ "properties": {
+ "content": {
+ "type": "string"
+ }
+ }
+ }
+ ]
+ }
+ },
+ "400": {
+ "description": "BAD REQUEST",
+ "schema": {
+ "allOf": [
+ {
+ "$ref": "#/definitions/http.Response"
+ },
+ {
+ "type": "object",
+ "properties": {
+ "content": {
+ "type": "string"
+ }
+ }
+ }
+ ]
+ }
+ },
+ "500": {
+ "description": "INTERNAL SERVER ERROR",
+ "schema": {
+ "allOf": [
+ {
+ "$ref": "#/definitions/http.Response"
+ },
+ {
+ "type": "object",
+ "properties": {
+ "content": {
+ "type": "string"
+ }
+ }
+ }
+ ]
+ }
+ }
+ }
+ }
+ },
+ "/api/companies/{companyID}/repositories/{repositoryID}/management/{vulnerabilityID}/type": {
+ "put": {
+ "security": [
+ {
+ "ApiKeyAuth": []
+ }
+ ],
+ "description": "update vulnerability type",
+ "consumes": [
+ "application/json"
+ ],
+ "produces": [
+ "application/json"
+ ],
+ "tags": [
+ "Management"
+ ],
+ "operationId": "update-vuln-type",
+ "parameters": [
+ {
+ "description": "type of vulnerability",
+ "name": "UpdateVulnType",
+ "in": "body",
+ "required": true,
+ "schema": {
+ "$ref": "#/definitions/dto.UpdateVulnType"
+ }
+ },
+ {
+ "type": "string",
+ "description": "vulnerabilityID of the vulnerability",
+ "name": "vulnerabilityID",
+ "in": "path",
+ "required": true
+ },
+ {
+ "type": "string",
+ "description": "repositoryID of the repository",
+ "name": "repositoryID",
+ "in": "path",
+ "required": true
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "allOf": [
+ {
+ "$ref": "#/definitions/http.Response"
+ },
+ {
+ "type": "object",
+ "properties": {
+ "content": {
+ "type": "string"
+ }
+ }
+ }
+ ]
+ }
+ },
+ "400": {
+ "description": "BAD REQUEST",
+ "schema": {
+ "allOf": [
+ {
+ "$ref": "#/definitions/http.Response"
+ },
+ {
+ "type": "object",
+ "properties": {
+ "content": {
+ "type": "string"
+ }
+ }
+ }
+ ]
+ }
+ },
+ "404": {
+ "description": "NOT FOUND",
+ "schema": {
+ "allOf": [
+ {
+ "$ref": "#/definitions/http.Response"
+ },
+ {
+ "type": "object",
+ "properties": {
+ "content": {
+ "type": "string"
+ }
+ }
+ }
+ ]
+ }
+ },
+ "500": {
+ "description": "INTERNAL SERVER ERROR",
+ "schema": {
+ "allOf": [
+ {
+ "$ref": "#/definitions/http.Response"
+ },
+ {
+ "type": "object",
+ "properties": {
+ "content": {
+ "type": "string"
+ }
+ }
+ }
+ ]
+ }
+ }
+ }
+ }
+ },
"/api/companies/{companyID}/repositories/{repositoryID}/tokens": {
"get": {
"security": [
@@ -1009,234 +1237,6 @@ var doc = `{
}
}
}
- },
- "/api/repositories/{repositoryID}/management": {
- "get": {
- "security": [
- {
- "ApiKeyAuth": []
- }
- ],
- "description": "Get all vuln vulnerability data in repository",
- "consumes": [
- "application/json"
- ],
- "produces": [
- "application/json"
- ],
- "tags": [
- "Management"
- ],
- "operationId": "get-vuln-data",
- "parameters": [
- {
- "type": "string",
- "description": "repositoryID of the repository",
- "name": "repositoryID",
- "in": "path",
- "required": true
- },
- {
- "type": "string",
- "description": "page query string",
- "name": "page",
- "in": "query"
- },
- {
- "type": "string",
- "description": "size query string",
- "name": "size",
- "in": "query"
- },
- {
- "type": "string",
- "description": "vulnHash query string",
- "name": "vulnHash",
- "in": "query"
- },
- {
- "type": "string",
- "description": "vulnType query string",
- "name": "vulnType",
- "in": "query"
- }
- ],
- "responses": {
- "200": {
- "description": "OK",
- "schema": {
- "allOf": [
- {
- "$ref": "#/definitions/http.Response"
- },
- {
- "type": "object",
- "properties": {
- "content": {
- "type": "string"
- }
- }
- }
- ]
- }
- },
- "400": {
- "description": "BAD REQUEST",
- "schema": {
- "allOf": [
- {
- "$ref": "#/definitions/http.Response"
- },
- {
- "type": "object",
- "properties": {
- "content": {
- "type": "string"
- }
- }
- }
- ]
- }
- },
- "500": {
- "description": "INTERNAL SERVER ERROR",
- "schema": {
- "allOf": [
- {
- "$ref": "#/definitions/http.Response"
- },
- {
- "type": "object",
- "properties": {
- "content": {
- "type": "string"
- }
- }
- }
- ]
- }
- }
- }
- }
- },
- "/api/repositories/{repositoryID}/management/{vulnerabilityID}/type": {
- "put": {
- "security": [
- {
- "ApiKeyAuth": []
- }
- ],
- "description": "update vulnerability type",
- "consumes": [
- "application/json"
- ],
- "produces": [
- "application/json"
- ],
- "tags": [
- "Management"
- ],
- "operationId": "update-vuln-type",
- "parameters": [
- {
- "description": "type of vulnerability",
- "name": "UpdateVulnType",
- "in": "body",
- "required": true,
- "schema": {
- "$ref": "#/definitions/dto.UpdateVulnType"
- }
- },
- {
- "type": "string",
- "description": "vulnerabilityID of the vulnerability",
- "name": "vulnerabilityID",
- "in": "path",
- "required": true
- },
- {
- "type": "string",
- "description": "repositoryID of the repository",
- "name": "repositoryID",
- "in": "path",
- "required": true
- }
- ],
- "responses": {
- "200": {
- "description": "OK",
- "schema": {
- "allOf": [
- {
- "$ref": "#/definitions/http.Response"
- },
- {
- "type": "object",
- "properties": {
- "content": {
- "type": "string"
- }
- }
- }
- ]
- }
- },
- "400": {
- "description": "BAD REQUEST",
- "schema": {
- "allOf": [
- {
- "$ref": "#/definitions/http.Response"
- },
- {
- "type": "object",
- "properties": {
- "content": {
- "type": "string"
- }
- }
- }
- ]
- }
- },
- "404": {
- "description": "NOT FOUND",
- "schema": {
- "allOf": [
- {
- "$ref": "#/definitions/http.Response"
- },
- {
- "type": "object",
- "properties": {
- "content": {
- "type": "string"
- }
- }
- }
- ]
- }
- },
- "500": {
- "description": "INTERNAL SERVER ERROR",
- "schema": {
- "allOf": [
- {
- "$ref": "#/definitions/http.Response"
- },
- {
- "type": "object",
- "properties": {
- "content": {
- "type": "string"
- }
- }
- }
- ]
- }
- }
- }
- }
}
},
"definitions": {
diff --git a/horusec-api/docs/swagger.json b/horusec-api/docs/swagger.json
index 126372a04..9b61bebb2 100644
--- a/horusec-api/docs/swagger.json
+++ b/horusec-api/docs/swagger.json
@@ -246,6 +246,234 @@
}
}
},
+ "/api/companies/{companyID}/repositories/{repositoryID}/management": {
+ "get": {
+ "security": [
+ {
+ "ApiKeyAuth": []
+ }
+ ],
+ "description": "Get all vuln vulnerability data in repository",
+ "consumes": [
+ "application/json"
+ ],
+ "produces": [
+ "application/json"
+ ],
+ "tags": [
+ "Management"
+ ],
+ "operationId": "get-vuln-data",
+ "parameters": [
+ {
+ "type": "string",
+ "description": "repositoryID of the repository",
+ "name": "repositoryID",
+ "in": "path",
+ "required": true
+ },
+ {
+ "type": "string",
+ "description": "page query string",
+ "name": "page",
+ "in": "query"
+ },
+ {
+ "type": "string",
+ "description": "size query string",
+ "name": "size",
+ "in": "query"
+ },
+ {
+ "type": "string",
+ "description": "vulnHash query string",
+ "name": "vulnHash",
+ "in": "query"
+ },
+ {
+ "type": "string",
+ "description": "vulnType query string",
+ "name": "vulnType",
+ "in": "query"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "allOf": [
+ {
+ "$ref": "#/definitions/http.Response"
+ },
+ {
+ "type": "object",
+ "properties": {
+ "content": {
+ "type": "string"
+ }
+ }
+ }
+ ]
+ }
+ },
+ "400": {
+ "description": "BAD REQUEST",
+ "schema": {
+ "allOf": [
+ {
+ "$ref": "#/definitions/http.Response"
+ },
+ {
+ "type": "object",
+ "properties": {
+ "content": {
+ "type": "string"
+ }
+ }
+ }
+ ]
+ }
+ },
+ "500": {
+ "description": "INTERNAL SERVER ERROR",
+ "schema": {
+ "allOf": [
+ {
+ "$ref": "#/definitions/http.Response"
+ },
+ {
+ "type": "object",
+ "properties": {
+ "content": {
+ "type": "string"
+ }
+ }
+ }
+ ]
+ }
+ }
+ }
+ }
+ },
+ "/api/companies/{companyID}/repositories/{repositoryID}/management/{vulnerabilityID}/type": {
+ "put": {
+ "security": [
+ {
+ "ApiKeyAuth": []
+ }
+ ],
+ "description": "update vulnerability type",
+ "consumes": [
+ "application/json"
+ ],
+ "produces": [
+ "application/json"
+ ],
+ "tags": [
+ "Management"
+ ],
+ "operationId": "update-vuln-type",
+ "parameters": [
+ {
+ "description": "type of vulnerability",
+ "name": "UpdateVulnType",
+ "in": "body",
+ "required": true,
+ "schema": {
+ "$ref": "#/definitions/dto.UpdateVulnType"
+ }
+ },
+ {
+ "type": "string",
+ "description": "vulnerabilityID of the vulnerability",
+ "name": "vulnerabilityID",
+ "in": "path",
+ "required": true
+ },
+ {
+ "type": "string",
+ "description": "repositoryID of the repository",
+ "name": "repositoryID",
+ "in": "path",
+ "required": true
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "allOf": [
+ {
+ "$ref": "#/definitions/http.Response"
+ },
+ {
+ "type": "object",
+ "properties": {
+ "content": {
+ "type": "string"
+ }
+ }
+ }
+ ]
+ }
+ },
+ "400": {
+ "description": "BAD REQUEST",
+ "schema": {
+ "allOf": [
+ {
+ "$ref": "#/definitions/http.Response"
+ },
+ {
+ "type": "object",
+ "properties": {
+ "content": {
+ "type": "string"
+ }
+ }
+ }
+ ]
+ }
+ },
+ "404": {
+ "description": "NOT FOUND",
+ "schema": {
+ "allOf": [
+ {
+ "$ref": "#/definitions/http.Response"
+ },
+ {
+ "type": "object",
+ "properties": {
+ "content": {
+ "type": "string"
+ }
+ }
+ }
+ ]
+ }
+ },
+ "500": {
+ "description": "INTERNAL SERVER ERROR",
+ "schema": {
+ "allOf": [
+ {
+ "$ref": "#/definitions/http.Response"
+ },
+ {
+ "type": "object",
+ "properties": {
+ "content": {
+ "type": "string"
+ }
+ }
+ }
+ ]
+ }
+ }
+ }
+ }
+ },
"/api/companies/{companyID}/repositories/{repositoryID}/tokens": {
"get": {
"security": [
@@ -977,234 +1205,6 @@
}
}
}
- },
- "/api/repositories/{repositoryID}/management": {
- "get": {
- "security": [
- {
- "ApiKeyAuth": []
- }
- ],
- "description": "Get all vuln vulnerability data in repository",
- "consumes": [
- "application/json"
- ],
- "produces": [
- "application/json"
- ],
- "tags": [
- "Management"
- ],
- "operationId": "get-vuln-data",
- "parameters": [
- {
- "type": "string",
- "description": "repositoryID of the repository",
- "name": "repositoryID",
- "in": "path",
- "required": true
- },
- {
- "type": "string",
- "description": "page query string",
- "name": "page",
- "in": "query"
- },
- {
- "type": "string",
- "description": "size query string",
- "name": "size",
- "in": "query"
- },
- {
- "type": "string",
- "description": "vulnHash query string",
- "name": "vulnHash",
- "in": "query"
- },
- {
- "type": "string",
- "description": "vulnType query string",
- "name": "vulnType",
- "in": "query"
- }
- ],
- "responses": {
- "200": {
- "description": "OK",
- "schema": {
- "allOf": [
- {
- "$ref": "#/definitions/http.Response"
- },
- {
- "type": "object",
- "properties": {
- "content": {
- "type": "string"
- }
- }
- }
- ]
- }
- },
- "400": {
- "description": "BAD REQUEST",
- "schema": {
- "allOf": [
- {
- "$ref": "#/definitions/http.Response"
- },
- {
- "type": "object",
- "properties": {
- "content": {
- "type": "string"
- }
- }
- }
- ]
- }
- },
- "500": {
- "description": "INTERNAL SERVER ERROR",
- "schema": {
- "allOf": [
- {
- "$ref": "#/definitions/http.Response"
- },
- {
- "type": "object",
- "properties": {
- "content": {
- "type": "string"
- }
- }
- }
- ]
- }
- }
- }
- }
- },
- "/api/repositories/{repositoryID}/management/{vulnerabilityID}/type": {
- "put": {
- "security": [
- {
- "ApiKeyAuth": []
- }
- ],
- "description": "update vulnerability type",
- "consumes": [
- "application/json"
- ],
- "produces": [
- "application/json"
- ],
- "tags": [
- "Management"
- ],
- "operationId": "update-vuln-type",
- "parameters": [
- {
- "description": "type of vulnerability",
- "name": "UpdateVulnType",
- "in": "body",
- "required": true,
- "schema": {
- "$ref": "#/definitions/dto.UpdateVulnType"
- }
- },
- {
- "type": "string",
- "description": "vulnerabilityID of the vulnerability",
- "name": "vulnerabilityID",
- "in": "path",
- "required": true
- },
- {
- "type": "string",
- "description": "repositoryID of the repository",
- "name": "repositoryID",
- "in": "path",
- "required": true
- }
- ],
- "responses": {
- "200": {
- "description": "OK",
- "schema": {
- "allOf": [
- {
- "$ref": "#/definitions/http.Response"
- },
- {
- "type": "object",
- "properties": {
- "content": {
- "type": "string"
- }
- }
- }
- ]
- }
- },
- "400": {
- "description": "BAD REQUEST",
- "schema": {
- "allOf": [
- {
- "$ref": "#/definitions/http.Response"
- },
- {
- "type": "object",
- "properties": {
- "content": {
- "type": "string"
- }
- }
- }
- ]
- }
- },
- "404": {
- "description": "NOT FOUND",
- "schema": {
- "allOf": [
- {
- "$ref": "#/definitions/http.Response"
- },
- {
- "type": "object",
- "properties": {
- "content": {
- "type": "string"
- }
- }
- }
- ]
- }
- },
- "500": {
- "description": "INTERNAL SERVER ERROR",
- "schema": {
- "allOf": [
- {
- "$ref": "#/definitions/http.Response"
- },
- {
- "type": "object",
- "properties": {
- "content": {
- "type": "string"
- }
- }
- }
- ]
- }
- }
- }
- }
}
},
"definitions": {
diff --git a/horusec-api/docs/swagger.yaml b/horusec-api/docs/swagger.yaml
index 1a870e71e..23c9584f6 100644
--- a/horusec-api/docs/swagger.yaml
+++ b/horusec-api/docs/swagger.yaml
@@ -236,6 +236,134 @@ paths:
- ApiKeyAuth: []
tags:
- Analysis
+ /api/companies/{companyID}/repositories/{repositoryID}/management:
+ get:
+ consumes:
+ - application/json
+ description: Get all vuln vulnerability data in repository
+ operationId: get-vuln-data
+ parameters:
+ - description: repositoryID of the repository
+ in: path
+ name: repositoryID
+ required: true
+ type: string
+ - description: page query string
+ in: query
+ name: page
+ type: string
+ - description: size query string
+ in: query
+ name: size
+ type: string
+ - description: vulnHash query string
+ in: query
+ name: vulnHash
+ type: string
+ - description: vulnType query string
+ in: query
+ name: vulnType
+ type: string
+ produces:
+ - application/json
+ responses:
+ "200":
+ description: OK
+ schema:
+ allOf:
+ - $ref: '#/definitions/http.Response'
+ - properties:
+ content:
+ type: string
+ type: object
+ "400":
+ description: BAD REQUEST
+ schema:
+ allOf:
+ - $ref: '#/definitions/http.Response'
+ - properties:
+ content:
+ type: string
+ type: object
+ "500":
+ description: INTERNAL SERVER ERROR
+ schema:
+ allOf:
+ - $ref: '#/definitions/http.Response'
+ - properties:
+ content:
+ type: string
+ type: object
+ security:
+ - ApiKeyAuth: []
+ tags:
+ - Management
+ /api/companies/{companyID}/repositories/{repositoryID}/management/{vulnerabilityID}/type:
+ put:
+ consumes:
+ - application/json
+ description: update vulnerability type
+ operationId: update-vuln-type
+ parameters:
+ - description: type of vulnerability
+ in: body
+ name: UpdateVulnType
+ required: true
+ schema:
+ $ref: '#/definitions/dto.UpdateVulnType'
+ - description: vulnerabilityID of the vulnerability
+ in: path
+ name: vulnerabilityID
+ required: true
+ type: string
+ - description: repositoryID of the repository
+ in: path
+ name: repositoryID
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ "200":
+ description: OK
+ schema:
+ allOf:
+ - $ref: '#/definitions/http.Response'
+ - properties:
+ content:
+ type: string
+ type: object
+ "400":
+ description: BAD REQUEST
+ schema:
+ allOf:
+ - $ref: '#/definitions/http.Response'
+ - properties:
+ content:
+ type: string
+ type: object
+ "404":
+ description: NOT FOUND
+ schema:
+ allOf:
+ - $ref: '#/definitions/http.Response'
+ - properties:
+ content:
+ type: string
+ type: object
+ "500":
+ description: INTERNAL SERVER ERROR
+ schema:
+ allOf:
+ - $ref: '#/definitions/http.Response'
+ - properties:
+ content:
+ type: string
+ type: object
+ security:
+ - ApiKeyAuth: []
+ tags:
+ - Management
/api/companies/{companyID}/repositories/{repositoryID}/tokens:
get:
description: Delete a repository token
@@ -632,134 +760,6 @@ paths:
type: object
tags:
- Health
- /api/repositories/{repositoryID}/management:
- get:
- consumes:
- - application/json
- description: Get all vuln vulnerability data in repository
- operationId: get-vuln-data
- parameters:
- - description: repositoryID of the repository
- in: path
- name: repositoryID
- required: true
- type: string
- - description: page query string
- in: query
- name: page
- type: string
- - description: size query string
- in: query
- name: size
- type: string
- - description: vulnHash query string
- in: query
- name: vulnHash
- type: string
- - description: vulnType query string
- in: query
- name: vulnType
- type: string
- produces:
- - application/json
- responses:
- "200":
- description: OK
- schema:
- allOf:
- - $ref: '#/definitions/http.Response'
- - properties:
- content:
- type: string
- type: object
- "400":
- description: BAD REQUEST
- schema:
- allOf:
- - $ref: '#/definitions/http.Response'
- - properties:
- content:
- type: string
- type: object
- "500":
- description: INTERNAL SERVER ERROR
- schema:
- allOf:
- - $ref: '#/definitions/http.Response'
- - properties:
- content:
- type: string
- type: object
- security:
- - ApiKeyAuth: []
- tags:
- - Management
- /api/repositories/{repositoryID}/management/{vulnerabilityID}/type:
- put:
- consumes:
- - application/json
- description: update vulnerability type
- operationId: update-vuln-type
- parameters:
- - description: type of vulnerability
- in: body
- name: UpdateVulnType
- required: true
- schema:
- $ref: '#/definitions/dto.UpdateVulnType'
- - description: vulnerabilityID of the vulnerability
- in: path
- name: vulnerabilityID
- required: true
- type: string
- - description: repositoryID of the repository
- in: path
- name: repositoryID
- required: true
- type: string
- produces:
- - application/json
- responses:
- "200":
- description: OK
- schema:
- allOf:
- - $ref: '#/definitions/http.Response'
- - properties:
- content:
- type: string
- type: object
- "400":
- description: BAD REQUEST
- schema:
- allOf:
- - $ref: '#/definitions/http.Response'
- - properties:
- content:
- type: string
- type: object
- "404":
- description: NOT FOUND
- schema:
- allOf:
- - $ref: '#/definitions/http.Response'
- - properties:
- content:
- type: string
- type: object
- "500":
- description: INTERNAL SERVER ERROR
- schema:
- allOf:
- - $ref: '#/definitions/http.Response'
- - properties:
- content:
- type: string
- type: object
- security:
- - ApiKeyAuth: []
- tags:
- - Management
securityDefinitions:
ApiKeyAuth:
in: header
diff --git a/horusec-api/internal/handlers/management/management.go b/horusec-api/internal/handlers/management/management.go
index dd619974b..33a7d91f7 100644
--- a/horusec-api/internal/handlers/management/management.go
+++ b/horusec-api/internal/handlers/management/management.go
@@ -58,7 +58,7 @@ func (h *Handler) Options(w netHTTP.ResponseWriter, _ *netHTTP.Request) {
// @Success 200 {object} http.Response{content=string} "OK"
// @Failure 400 {object} http.Response{content=string} "BAD REQUEST"
// @Failure 500 {object} http.Response{content=string} "INTERNAL SERVER ERROR"
-// @Router /api/repositories/{repositoryID}/management [get]
+// @Router /api/companies/{companyID}/repositories/{repositoryID}/management [get]
func (h *Handler) Get(w netHTTP.ResponseWriter, r *netHTTP.Request) {
repositoryID, err := uuid.Parse(chi.URLParam(r, "repositoryID"))
if err != nil {
@@ -104,7 +104,7 @@ func (h *Handler) getVulnHash(r *netHTTP.Request) string {
// @Success 400 {object} http.Response{content=string} "BAD REQUEST"
// @Success 404 {object} http.Response{content=string} "NOT FOUND"
// @Failure 500 {object} http.Response{content=string} "INTERNAL SERVER ERROR"
-// @Router /api/repositories/{repositoryID}/management/{vulnerabilityID}/type [put]
+// @Router /api/companies/{companyID}/repositories/{repositoryID}/management/{vulnerabilityID}/type [put]
func (h *Handler) UpdateVulnType(w netHTTP.ResponseWriter, r *netHTTP.Request) {
updateData, err := h.managementUseCases.NewUpdateVulnTypeFromReadCloser(r.Body)
vulnerabilityID, _ := uuid.Parse(chi.URLParam(r, "vulnerabilityID"))
diff --git a/horusec-api/internal/router/routes/routes.go b/horusec-api/internal/router/routes/routes.go
index d758960ac..1c1f7d3db 100644
--- a/horusec-api/internal/router/routes/routes.go
+++ b/horusec-api/internal/router/routes/routes.go
@@ -19,5 +19,5 @@ const (
TokensRepositoryHandler = "/api/companies/{companyID}/repositories/{repositoryID}/tokens" // nolint
TokensCompanyHandler = "/api/companies/{companyID}/tokens" // nolint
HealthHandler = "/api/health"
- ManagementHandler = "/api/repositories/{repositoryID}/management"
+ ManagementHandler = "/api/companies/{companyID}/repositories/{repositoryID}/management"
)
diff --git a/horusec-cli/internal/controllers/printresults/print_results.go b/horusec-cli/internal/controllers/printresults/print_results.go
index 7fa4fe069..ba595d8a1 100644
--- a/horusec-cli/internal/controllers/printresults/print_results.go
+++ b/horusec-cli/internal/controllers/printresults/print_results.go
@@ -129,7 +129,7 @@ func (pr *PrintResults) checkIfExistVulnerabilityOrNoSec() {
}
func (pr *PrintResults) validateVulnerabilityToCheckTotalErrors(vuln *horusecEntities.Vulnerability) {
- if vuln.Severity.ToString() != "" && !pr.isFalsePositiveOrRiskAccept(vuln) {
+ if vuln.Severity.ToString() != "" && !pr.isTypeVulnToSkip(vuln) {
if !pr.isIgnoredVulnerability(vuln.Severity.ToString()) {
logger.LogDebugWithLevel("{HORUSEC_CLI} Vulnerability Hash expected to be FIXED: "+vuln.VulnHash, logger.DebugLevel)
if logger.CurrentLevel >= logger.DebugLevel {
@@ -140,8 +140,8 @@ func (pr *PrintResults) validateVulnerabilityToCheckTotalErrors(vuln *horusecEnt
}
}
-func (pr *PrintResults) isFalsePositiveOrRiskAccept(vuln *horusecEntities.Vulnerability) bool {
- return vuln.Type == horusec.FalsePositive || vuln.Type == horusec.RiskAccepted
+func (pr *PrintResults) isTypeVulnToSkip(vuln *horusecEntities.Vulnerability) bool {
+ return vuln.Type == horusec.FalsePositive || vuln.Type == horusec.RiskAccepted || vuln.Type == horusec.Corrected
}
func (pr *PrintResults) isIgnoredVulnerability(vulnerabilityType string) (ignore bool) {
diff --git a/horusec-manager/package.json b/horusec-manager/package.json
index cec519e5f..5354cde4d 100644
--- a/horusec-manager/package.json
+++ b/horusec-manager/package.json
@@ -51,6 +51,7 @@
"scripts": {
"start": "react-scripts start",
"build": "react-scripts build",
+ "lint:fix": "eslint './src/**/*.{ts,tsx}' --fix",
"lint": "eslint './src/**/*.{ts,tsx}'",
"test": "react-scripts test --watchAll=false",
"test:coverage": "react-scripts test --watchAll=false --coverage",
diff --git a/horusec-manager/src/pages/Internal/Home/Vulnerabilities/index.tsx b/horusec-manager/src/pages/Internal/Home/Vulnerabilities/index.tsx
index 6062bf762..86036ca45 100644
--- a/horusec-manager/src/pages/Internal/Home/Vulnerabilities/index.tsx
+++ b/horusec-manager/src/pages/Internal/Home/Vulnerabilities/index.tsx
@@ -71,21 +71,22 @@ const Vulnerabilities: React.FC = () => {
repository: Repository,
vulnHash?: string
) => {
- setLoading(true);
+ setCurrentRepository(repository);
- if (repository) {
- setCurrentRepository(repository);
- }
+ setLoading(true);
if (pageSize !== pagination.pageSize) {
currentPage = 1;
}
- const repositoryID =
- currentRepository?.repositoryID || repository?.repositoryID;
-
repositoryService
- .getAllVulnerabilities(repositoryID, currentPage, pageSize, vulnHash)
+ .getAllVulnerabilities(
+ companyID,
+ repository?.repositoryID,
+ currentPage,
+ pageSize,
+ vulnHash
+ )
.then((result) => {
setVulnerabilities(result.data?.content?.data);
const totalItems = result?.data?.content?.totalItems;
@@ -107,7 +108,7 @@ const Vulnerabilities: React.FC = () => {
};
const handleSearch = debounce((searchString: string) => {
- fetchData(1, pagination.pageSize, null, searchString);
+ fetchData(1, pagination.pageSize, currentRepository, searchString);
}, 500);
const handleUpdateVulnerabilityType = (
@@ -116,12 +117,17 @@ const Vulnerabilities: React.FC = () => {
) => {
repositoryService
.updateVulnerabilityType(
+ companyID,
currentRepository?.repositoryID,
vulnerability.vulnerabilityID,
type
)
.then(() => {
- fetchData(pagination.currentPage, pagination.pageSize, null);
+ fetchData(
+ pagination.currentPage,
+ pagination.pageSize,
+ currentRepository
+ );
})
.catch((err) => {
dispatchMessage(err?.response?.data);
@@ -162,9 +168,7 @@ const Vulnerabilities: React.FC = () => {
initialValue={repositories[0]}
options={repositories}
title={t('VULNERABILITIES_SCREEN.REPOSITORY')}
- onChangeValue={(value) =>
- fetchData(pagination.currentPage, pagination.pageSize, value)
- }
+ onChangeValue={(value) => fetchData(1, pagination.pageSize, value)}
/>
@@ -240,7 +244,9 @@ const Vulnerabilities: React.FC = () => {
{vulnerabilities && vulnerabilities.length > 0 ? (
fetchData(pag.currentPage, pag.pageSize, null)}
+ onChange={(pag) =>
+ fetchData(pag.currentPage, pag.pageSize, currentRepository)
+ }
/>
) : null}
diff --git a/horusec-manager/src/routes/internal.routes.tsx b/horusec-manager/src/routes/internal.routes.tsx
index 50e2bbdc7..f044d9779 100644
--- a/horusec-manager/src/routes/internal.routes.tsx
+++ b/horusec-manager/src/routes/internal.routes.tsx
@@ -15,7 +15,7 @@
*/
import React, { lazy } from 'react';
-import { Switch, Route } from 'react-router-dom';
+import { Switch } from 'react-router-dom';
import { PrivateRoute } from 'components';
const InternalRoutes = () => (
@@ -32,7 +32,7 @@ const InternalRoutes = () => (
component={lazy(() => import('./home.routes'))}
/>
- import('pages/NotFound'))} />
+ {/* import('pages/NotFound'))} /> */}
);
diff --git a/horusec-manager/src/services/repository.ts b/horusec-manager/src/services/repository.ts
index 70e2990c4..e08d04d30 100644
--- a/horusec-manager/src/services/repository.ts
+++ b/horusec-manager/src/services/repository.ts
@@ -17,7 +17,7 @@
import renewHTTP from 'services/axios/forceRenewToken';
import defaultHTTP from 'services/axios/default';
-import { SERVICE_COMPANY, SERVICE_API, SERVICE_REPOSITORY } from './enpoints';
+import { SERVICE_COMPANY, SERVICE_API } from './enpoints';
const getAll = (companyId: string) => {
return renewHTTP.get(`${SERVICE_COMPANY}/${companyId}/repositories`);
@@ -123,24 +123,29 @@ const updateUserRole = (
};
const getAllVulnerabilities = (
+ companyId: string,
repositoryId: string,
page: number,
size: number,
vulnHash?: string,
vulnType?: string
) => {
- return defaultHTTP.get(`${SERVICE_REPOSITORY}/${repositoryId}/management`, {
- params: { page, size, vulnType, vulnHash },
- });
+ return defaultHTTP.get(
+ `${SERVICE_API}/${companyId}/repositories/${repositoryId}/management`,
+ {
+ params: { page, size, vulnType, vulnHash },
+ }
+ );
};
const updateVulnerabilityType = (
+ companyId: string,
repositoryId: string,
vulnerabilityId: string,
type: string
) => {
return defaultHTTP.put(
- `${SERVICE_REPOSITORY}/${repositoryId}/management/${vulnerabilityId}/type`,
+ `${SERVICE_API}/${companyId}/repositories/${repositoryId}/management/${vulnerabilityId}/type`,
{
type,
}