Define cypress-run github action #746

KentoHyono · 2025-02-03T18:37:46Z

No description provided.

…D-ADMIN into ui-inst-mt

…D-ADMIN into institute-connection

…ADMIN into institute-connection

Institute connection

…ui-inst-mt

…release/v1.27.0

took out extra message alert on Student profile

interim fix for batch school select, now points at v2 endpoint

…status card

Changes for GRAD status to start using institute

…release/v1.27.0

added institute to configmap update script

…itute routes

…ADMIN into GRAD2-2751-Sam

GRAD2-2538 clean up

Grad2 2972

… GitHub Action

GRAD2-2751 fix for offshore school

GRAD2-2751 fix for offshore school at GRAD

…ADMIN into cypress-devop

into cypress-devop

sonarqubecloud · 2025-02-03T18:38:56Z

Quality Gate failed

Failed conditions
0.0% Coverage on New Code (required ≥ 80%)
8.6% Duplication on New Code (required ≤ 3%)
C Reliability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

backend/src/app.js

+  session({
+    name: "grad_admin_cookie",
+    secret: config.get("oidc:clientSecret"),
+    resave: false,
+    saveUninitialized: true,
+    cookie: cookie,
+    store: dbSession,
+  })


To fix the problem, we need to add CSRF protection middleware to the Express application. The lusca package provides a convenient way to implement CSRF protection. We will install the lusca package and use its CSRF middleware in the application.

Install the lusca package.

Import the lusca package in the backend/src/app.js file.

Add the CSRF middleware to the Express application before defining any routes that handle state-changing requests.

backend/src/routes/algorithmrules-router.js

+router.get(
+  "*",
+  passport.authenticate("jwt", { session: false }, undefined),
+  isValidUiTokenWithStaffRoles,


To fix the problem, we need to introduce rate limiting to the route handler. The best way to do this is by using the express-rate-limit package, which allows us to easily set up rate limiting for our Express application. We will configure a rate limiter to limit the number of requests that can be made to the route within a specified time window.

Install the express-rate-limit package if it is not already installed.

Import the express-rate-limit package in the file.

Configure a rate limiter with appropriate settings (e.g., maximum number of requests per time window).

Apply the rate limiter to the route handler.

backend/src/routes/batch-router.js

+router.get(
+  "/*",
+  passport.authenticate("jwt", { session: false }, undefined),
+  isValidUiTokenWithStaffRoles,


To fix the problem, we need to introduce rate limiting to the route handlers in the batch-router.js file. The best way to do this is by using the express-rate-limit middleware. This middleware allows us to set a maximum number of requests that can be made to the server within a specified time window. We will apply this middleware to all the routes defined in the batch-router.js file to ensure that the application is protected against denial-of-service attacks.

We will need to:

Install the express-rate-limit package.

Import the express-rate-limit package in the batch-router.js file.

Set up a rate limiter with appropriate configuration.

Apply the rate limiter to all the routes in the batch-router.js file.

backend/src/routes/batch-router.js

+router.post(
+  "/*",
+  passport.authenticate("jwt", { session: false }, undefined),
+  isValidUiTokenWithStaffRoles,


To fix the problem, we need to introduce rate limiting to the route handlers in the batch-router.js file. The best way to do this is by using the express-rate-limit middleware. This middleware allows us to set a maximum number of requests that can be made to the server within a specified time window. We will apply this middleware to all the routes in the batch-router.js file to ensure that the application is protected against denial-of-service attacks.

We will:

Install the express-rate-limit package.

Import the express-rate-limit package in the batch-router.js file.

Set up a rate limiter with appropriate configuration.

Apply the rate limiter to all the routes in the batch-router.js file.

backend/src/routes/batch-router.js

+router.delete(
+  "/*",
+  passport.authenticate("jwt", { session: false }, undefined),
+  isValidUiTokenWithStaffRoles,


To fix the problem, we need to introduce rate limiting to the routes in the batch-router.js file. The best way to do this is by using the express-rate-limit middleware. This middleware allows us to set a maximum number of requests that can be made to the server within a specified time window. We will apply this middleware to all the routes in the batch-router.js file to ensure that they are protected against denial-of-service attacks.

We will need to:

Install the express-rate-limit package.

Import the express-rate-limit package in the batch-router.js file.

Set up a rate limiter with appropriate configuration.

Apply the rate limiter to the routes in the batch-router.js file.

backend/src/routes/student-graduation-router.js

+router.get(
+  "*",
+  passport.authenticate("jwt", { session: false }, undefined),
+  isValidUiTokenWithStaffRoles,


To fix the problem, we need to introduce rate limiting to the route handlers in the provided code. The best way to achieve this is by using the express-rate-limit middleware. This middleware allows us to set a maximum number of requests that a client can make within a specified time window. We will apply the rate limiter to the routes that perform authorization and interact with external APIs.

Install the express-rate-limit package.

Import the express-rate-limit package in the file.

Set up a rate limiter with appropriate configuration.

Apply the rate limiter to the routes that need protection.

backend/src/routes/student-graduation-router.js

+router.post(
+  "*",
+  passport.authenticate("jwt", { session: false }, undefined),
+  isValidUiTokenWithStaffRoles,


To fix the problem, we need to introduce rate limiting to the route handlers in the provided code. The best way to do this is by using the express-rate-limit package, which allows us to easily set up and apply rate limiting middleware to the routes.

Install the express-rate-limit package.

Import the express-rate-limit package in the file.

Set up a rate limiter with appropriate configuration (e.g., maximum of 100 requests per 15 minutes).

Apply the rate limiter to the routes that perform expensive operations.

backend/src/routes/studentcourse-router.js

+router.get(
+  "/*",
+  passport.authenticate("jwt", { session: false }, undefined),
+  isValidUiTokenWithStaffRoles,


backend/src/routes/studentexam-router.js

+router.get(
+  "/*",
+  passport.authenticate("jwt", { session: false }, undefined),
+  isValidUiTokenWithStaffRoles,


To fix the problem, we need to introduce rate limiting to the route handler to prevent potential denial-of-service attacks. The best way to achieve this is by using the express-rate-limit package, which allows us to set up rate limiting middleware easily.

Install the express-rate-limit package if it is not already installed.

Import the express-rate-limit package in the file.

Set up a rate limiter with appropriate configuration (e.g., maximum of 100 requests per 15 minutes).

Apply the rate limiter to the specific route handler.

backend/src/routes/trax-router.js

+router.get(
+  "*",
+  passport.authenticate("jwt", { session: false }),
+  isValidUiTokenWithStaffRoles,


To fix the problem, we should introduce rate limiting to the route handler. The best way to do this is by using the express-rate-limit package, which allows us to easily set up and apply rate limiting to our Express routes. We will configure a rate limiter to allow a maximum of 100 requests per 15 minutes and apply it to the route handler.

We need to:

Install the express-rate-limit package.

Import the package in the file.

Configure the rate limiter.

Apply the rate limiter to the route handler.

michaeltangbcgov and others added 30 commits December 3, 2024 13:05

institute grad status changes

09b954d

institute grad status changes

31dffb7

Merge branch 'educ-dev-keycloak' of https://github.com/bcgov/EDUC-GRA…

afe1c31

…D-ADMIN into ui-inst-mt

inst status

eb9ee5e

inst status

e9019f1

inst fixes

1ec8943

inst fixes

c61a121

Added direct institute connection from GRAD UI

62e4558

Merge branch 'educ-dev-keycloak' of https://github.com/bcgov/EDUC-GRA…

00ab4fc

…D-ADMIN into institute-connection

Merge branch 'release/v1.27.0' of https://github.com/bcgov/EDUC-GRAD-…

7a88891

…ADMIN into institute-connection

Merge pull request #698 from bcgov/institute-connection

26cb52a

Institute connection

Merge branch 'main' of https://github.com/bcgov/EDUC-GRAD-ADMIN into …

7f24e54

…ui-inst-mt

Fixed GRAD status update failure

7829f8c

Merge branch 'main' of https://github.com/bcgov/EDUC-GRAD-ADMIN into …

164fd1a

…release/v1.27.0

added get by mincode and disctrict code getters to app store

c3e961f

took out extra message for profile

230c079

getEditedGradStatus

3f10c86

Merge pull request #700 from bcgov/GRAD2-3084

a84ce40

took out extra message alert on Student profile

interim fix for batch school select, now points at v2 endpoint

fc2b490

Merge pull request #701 from bcgov/GRAD2-3188

68ed288

interim fix for batch school select, now points at v2 endpoint

remove TRAX reporting flag from batch school select

75b54fa

fix schoolOfRecord and schoolAtGrad name and mincode display on GRAD …

2ae61a5

…status card

added comment

a8b94fc

Merge pull request #702 from bcgov/ui-inst-mt

d5cf7de

Changes for GRAD status to start using institute

Merge branch 'main' of https://github.com/bcgov/EDUC-GRAD-ADMIN into …

947c315

…release/v1.27.0

Merge branch 'main' of https://github.com/bcgov/EDUC-GRAD-ADMIN into …

2a5cfb5

…release/v1.27.0

added institute URL to configmap update script

41eedd9

Merge pull request #704 from bcgov/institute-connection

3dedd86

added institute to configmap update script

School list, district list, and student GRAD status card now use inst…

5ffd2cb

…itute routes

Merge branch 'release/v1.27.0' of https://github.com/bcgov/EDUC-GRAD-…

af48240

…ADMIN into GRAD2-2751-Sam

suzalflueck and others added 27 commits January 29, 2025 10:05

Merge pull request #742 from bcgov/mt-1.27.0

37e26de

GRAD2-2538 clean up

Integrate student admin (School) with grad.

355d928

Changes to remove fall back behavior of school view.

6e05557

Merge pull request #743 from bcgov/GRAD2-2972

77048dd

Grad2 2972

Initialized cypress-devop branch for incorporating cypress testing in…

a344745

… GitHub Action

Added cypress-run job

8094510

GRAD2-2751 fix for offshore school

2e6e8df

Added cypress-run job

56bfd49

GRAD2-2751 fix for offshore school

f1873ce

Merge pull request #744 from bcgov/mt-1.27.0

e3d36ab

GRAD2-2751 fix for offshore school

GRAD2-2751 fix for offshore school at GRAD

5c60ee6

Merge pull request #745 from bcgov/mt-1.27.0

1ed487d

GRAD2-2751 fix for offshore school at GRAD

Merge branch 'release/v1.27.0' of https://github.com/bcgov/EDUC-GRAD-…

2bb537a

…ADMIN into cypress-devop

Merge branch 'cypress-devop' of https://github.com/bcgov/EDUC-GRAD-ADMIN

6fb5fcd

into cypress-devop

Modified workflow name and action version

908e25d

Fixed typo

3954298

Added project specification

7834eb1

Moved cypress workflow to a seperate file

4174cf0

Trying to specify the testing folder location

a89bd61

Trying to specify the testing folder location

e9cad29

Specified path for config file

973861d

Set working directory to testing

419b9d6

Updated so that cypress rans after deployment is done

9a7e37a

Fixed workflow_run

bbec0d0

Fixed the workflow_dispatch

da3b15e

Fixed workflow_run

465e7c7

Deleted workflow_run to see workflow_dispatch works

302ec68

github-advanced-security bot found potential problems Feb 3, 2025

View reviewed changes

KentoHyono closed this Feb 3, 2025

@@ -13,2 +13,3 @@
             const auth = require("./components/auth");
+            const lusca = require("lusca");
             const bodyParser = require("body-parser");
@@ -112,2 +113,3 @@
             );
+            app.use(lusca.csrf());
             // app.use(require('./routes/health-check').router);

@@ -56,3 +56,4 @@
                 "winston": "^3.5.0",
-                "winston-daily-rotate-file": "^4.5.0"
+                "winston-daily-rotate-file": "^4.5.0",
+                "lusca": "^1.7.0"
               },

Package	Version	Security advisories
lusca (npm)	1.7.0	None

@@ -1,3 +1,4 @@
             const passport = require("passport");
-            const express = require("express");
+            const express = require("express");
+            const rateLimit = require("express-rate-limit");
             const router = express.Router();
@@ -15,10 +16,17 @@
             );
-            //Program Routes
-            router.get(
-              "*",
-              passport.authenticate("jwt", { session: false }, undefined),
-              isValidUiTokenWithStaffRoles,
-              getalgorithmRulesAPI
-            );
+            // Configure rate limiter: maximum of 100 requests per 15 minutes
+            const limiter = rateLimit({
+              windowMs: 15 * 60 * 1000, // 15 minutes
+              max: 100, // limit each IP to 100 requests per windowMs
+            });
+            //Program Routes
+            router.get(
+              "*",
+              limiter,
+              passport.authenticate("jwt", { session: false }, undefined),
+              isValidUiTokenWithStaffRoles,
+              getalgorithmRulesAPI
+            );

@@ -56,3 +56,4 @@
                 "winston": "^3.5.0",
-                "winston-daily-rotate-file": "^4.5.0"
+                "winston-daily-rotate-file": "^4.5.0",
+                "express-rate-limit": "^7.5.0"
               },

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Define cypress-run github action #746

Define cypress-run github action #746

KentoHyono commented Feb 3, 2025

sonarqubecloud bot commented Feb 3, 2025

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

@@ -1,15 +1,16 @@
-            const passport = require("passport");
-            const express = require("express");
-            const router = express.Router();
-            const config = require("../config/index");
-            const auth = require("../components/auth");
-            const roles = require("../components/roles");
-            const {
-              errorResponse,
-              getData,
-              postData,
-              deleteData,
-              putData,
-            } = require("../components/utils");
-            const { request } = require("../app");
+            const passport = require("passport");
+            const express = require("express");
+            const router = express.Router();
+            const RateLimit = require("express-rate-limit");
+            const config = require("../config/index");
+            const auth = require("../components/auth");
+            const roles = require("../components/roles");
+            const {
+              errorResponse,
+              getData,
+              postData,
+              deleteData,
+              putData,
+            } = require("../components/utils");
+            const { request } = require("../app");
             const isValidUiTokenWithStaffRoles = auth.isValidUiTokenWithRoles(
@@ -22,46 +23,56 @@
             );
-            //Batch Routes
-            router.get(
-              "/*",
-              passport.authenticate("jwt", { session: false }, undefined),
-              isValidUiTokenWithStaffRoles,
-              getBatchInfoAPI
-            );
-            router.post(
-              "/*",
-              passport.authenticate("jwt", { session: false }, undefined),
-              isValidUiTokenWithStaffRoles,
-              postBatchInfoAPI
-            );
-            router.delete(
-              "/*",
-              passport.authenticate("jwt", { session: false }, undefined),
-              isValidUiTokenWithStaffRoles,
-              deleteBatchInfoAPI
-            );
-            router.put(
-              "/*",
-              passport.authenticate("jwt", { session: false }, undefined),
-              isValidUiTokenWithStaffRoles,
-              putBatchInfoAPI
-            );
-            async function getBatchInfoAPI(req, res) {
-              const token = auth.getBackendToken(req);
-              const version = req.version;
-              try {
-                const url = `${config.get("server:batchAPIURL")}/api/${version}/batch${
-                  req.url
-                }`;
-                const data = await getData(token, url, req.session?.correlationID);
-                return res.status(200).json(data);
-              } catch (e) {
-                if (e.data.message) {
-                  return errorResponse(res, e.data.message, e.status);
-                } else {
-                  return errorResponse(res);
-                }
-              }
-            }
+            // Set up rate limiter: maximum of 100 requests per 15 minutes
+            const limiter = RateLimit({
+              windowMs: 15 * 60 * 1000, // 15 minutes
+              max: 100, // max 100 requests per windowMs
+            });
+            //Batch Routes
+            router.get(
+              "/*",
+              limiter,
+              passport.authenticate("jwt", { session: false }, undefined),
+              isValidUiTokenWithStaffRoles,
+              getBatchInfoAPI
+            );
+            router.post(
+              "/*",
+              limiter,
+              passport.authenticate("jwt", { session: false }, undefined),
+              isValidUiTokenWithStaffRoles,
+              postBatchInfoAPI
+            );
+            router.delete(
+              "/*",
+              limiter,
+              passport.authenticate("jwt", { session: false }, undefined),
+              isValidUiTokenWithStaffRoles,
+              deleteBatchInfoAPI
+            );
+            router.put(
+              "/*",
+              limiter,
+              passport.authenticate("jwt", { session: false }, undefined),
+              isValidUiTokenWithStaffRoles,
+              putBatchInfoAPI
+            );
+            async function getBatchInfoAPI(req, res) {
+              const token = auth.getBackendToken(req);
+              const version = req.version;
+              try {
+                const url = `${config.get("server:batchAPIURL")}/api/${version}/batch${
+                  req.url
+                }`;
+                const data = await getData(token, url, req.session?.correlationID);
+                return res.status(200).json(data);
+              } catch (e) {
+                if (e.data.message) {
+                  return errorResponse(res, e.data.message, e.status);
+                } else {
+                  return errorResponse(res);
+                }
+              }
+            }
             async function postBatchInfoAPI(req, res) {

Define cypress-run github action #746

Define cypress-run github action #746

Conversation

KentoHyono commented Feb 3, 2025

sonarqubecloud bot commented Feb 3, 2025

Quality Gate failed