FINOS Security Scanning

.github/workflows/cve-scanning.yml

@@ -0,0 +1,50 @@
+name: Node.js CVE Scanning
+
+on:
+  pull_request:
+    paths:
+      - 'package.json'
+      - 'toolbox/fdc3-workbench/package.json'
+      - '.github/workflows/cve-scanning.yml'
+      - 'website/package.json'
+  push:
+    paths:
+      - 'package.json'
+      - 'toolbox/fdc3-workbench/package.json'
+      - '.github/workflows/cve-scanning.yml'
+      - 'website/package.json'
+    schedule:
+      # Run every day at 5am and 5pm
+      - cron: '0 5,17 * * *'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: [18.x]
+    steps:
+      - uses: actions/checkout@v3
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node-version }}
+
+      - run: npm install
+
+      - run: npm install
+        working-directory: toolbox/fdc3-workbench
+
+      - run: npm install
+        working-directory: website
+
+      - run: npx --yes auditjs ossi --whitelist allow-list.json
+        if: success() || failure()
+
+      - run: npx --yes auditjs ossi --whitelist ../../allow-list.json
+        working-directory: toolbox/fdc3-workbench
+        if: success() || failure()
+
+      - run: npx --yes auditjs ossi --whitelist ../allow-list.json
+        working-directory: website
+        if: success() || failure()

.github/workflows/semgrep.yml

@@ -0,0 +1,15 @@
+name: Static code analysis
+
+on: [push, pull_request]
+
+jobs:
+  semgrep:
+    name: run-semgrep
+    runs-on: ubuntu-20.04
+    container:
+      image: returntocorp/semgrep
+    steps:
+    - uses: actions/checkout@v3
+    - run: semgrep scan --error --config auto
+      env:
+        SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}

.semgrepignore

@@ -0,0 +1,4 @@
+website/**
+
+# Just used for build so ignoring
+quicktypeUtil.js

toolbox/fdc3-explained/1.0/index.html

@@ -18,17 +18,6 @@
 			<td><span id="providerDetails">FDC3 Not Available</span></td>
     </tr>
 
-		<tr>
-			<td class="header">FDC3 Version:</td>
-			<td>
-				<select id="versions" onchange="window.location.href=`../${this.value}`">
-          <option value="1.0" selected>1.0</option>
-          <option value="1.1">1.1</option>
-          <option value="1.2">1.2</option>
-				</select>
-			</td>
-		</tr>
-
 		<tr>
 			<td colspan="3"><hr/></td>
 		</tr>

toolbox/fdc3-explained/1.0/main.js

@@ -28,18 +28,23 @@ const broadcastText = document.getElementById("broadcastText")
 function enablePage() {
   console.log('FDC3 is available');
 
+  // NOTE: conceptually replaced with fdc3.getInfo
   if (window.FSBL) {
-    window.FSBL.getFSBLInfo().then(info => providerDetails.innerHTML = 'Available - Finsemble ' + info.FSBLVersion);
+    window.FSBL.getFSBLInfo().then(info => updateProviderDetails('Available - Finsemble ' + info.FSBLVersion));
   } else if (window.fin) {
-    providerDetails.innerHTML = 'Available - OpenFin ' + fin.desktop.getVersion();
+    updateProviderDetails('Available - OpenFin ' + fin.desktop.getVersion());
   } else {
-    providerDetails.innerHTML = 'Available - Unknown';
+    updateProviderDetails('Available - Unknown');
   }
 
   broadcastButton.disabled = false;
   broadcastText.disabled = false;
 }
 
+function updateProviderDetails(details){
+  providerDetails.innerText = details;
+}
+
 function broadcastFDC3Context() {
   var context = JSON.parse(broadcastText.value);
   fdc3.broadcast(context);

toolbox/fdc3-explained/1.1/index.html

@@ -29,17 +29,6 @@
 				<td><span id="providerDetails">None</span></td>
 			</tr>
 
-			<tr>
-				<td class="header">FDC3 Version:</td>
-				<td>
-          <select id="versions" onchange="window.location.href=`../${this.value}`">
-            <option value="1.0">1.0</option>
-            <option value="1.1" selected>1.1</option>
-            <option value="1.2">1.2</option>
-          </select>
-				</td>
-			</tr>
-
 			<tr>
 				<td colspan="3"><hr/></td>
 			</tr>

toolbox/fdc3-explained/1.1/main.js

@@ -51,18 +51,23 @@ function displayFDC3Support() {
 }
 
 function getPlatform() {
-  const providerDetails = document.getElementById('providerDetails');
-
+
   // TODO: add G42 and FDC3 Desktop Agent to vendors
+  // NOTE: conceptually replaced with fdc3.getInfo
   if (window.FSBL) {
-    window.FSBL.getFSBLInfo().then(info => (providerDetails.innerHTML = 'Finsemble ' + info.FSBLVersion));
+    window.FSBL.getFSBLInfo().then(info => updateProviderDetails('Available - Finsemble ' + info.FSBLVersion));
   } else if (window.fin) {
-    providerDetails.innerHTML = 'OpenFin ' + fin.desktop.getVersion();
+    updateProviderDetails('Available - OpenFin ' + fin.desktop.getVersion());
   } else {
-    providerDetails.innerHTML = 'Unknown';
+    updateProviderDetails('Available - Unknown');
   }
 }
 
+function updateProviderDetails(details){
+  const providerDetails = document.getElementById('providerDetails');
+  providerDetails.innerText = details;
+}
+
 async function populateHTML() {
   try {
     //populate available channels list with system channels

toolbox/fdc3-explained/1.2/index.html

@@ -29,13 +29,7 @@
 
 			<tr>
 				<td class="header">FDC3 Version:</td>
-				<td>
-          <select id="versions" onchange="window.location.href=`../${this.value}`">
-            <option value="1.0">1.0</option>
-            <option value="1.1">1.1</option>
-            <option value="1.2" selected>1.2</option>
-          </select>
-				</td>
+				<td><span id="fdc3Details">None</span></td>
 			</tr>
 
 			<tr>
@@ -115,8 +109,8 @@
 
 			<tr>
 				<td>
-					<div id="context-result">
-						<i>Context result will appear here.</i>
+					<div>
+						<pre id="context-result"><i>Context result will appear here.</i></pre>
 					</div>
 				</td>
 			</tr>

toolbox/fdc3-explained/1.2/main.js

@@ -53,11 +53,22 @@ function displayFDC3Support() {
 }
 
 function getPlatform() {
-  const providerDetails = document.getElementById('providerDetails');
   const fdc3Info = window.fdc3.getInfo();
   console.log('FDC3 info', fdc3Info);
 
-  providerDetails.innerHTML = `${fdc3Info.provider} ${fdc3Info.providerVersion}`;
+  //providerDetails.innerHTML = `${fdc3Info.provider} ${fdc3Info.providerVersion}`;
+  updateProviderDetails(`${fdc3Info.provider} ${fdc3Info.providerVersion}`);
+  updateFDC3Version(`${fdc3Info.fdc3Version}`);
+}
+
+function updateProviderDetails(details){
+  const providerDetails = document.getElementById('providerDetails');
+  providerDetails.innerText = details;
+}
+
+function updateFDC3Version(details){
+  const fdc3Details = document.getElementById('fdc3Details');
+  fdc3Details.innerText = details;
 }
 
 async function populateHTML() {
@@ -147,25 +158,29 @@ async function broadcastFDC3Context() {
 
 async function getContext(contextType) {
   try {
-    let contextResultBox = document.getElementById('context-result');
     if (contextListener) contextListener.unsubscribe();
 
     // if context type is passed in then only listen on that specific context
     if (contextType) {
       contextListener = fdc3.addContextListener(
         contextType,
-        context => (contextResultBox.innerHTML = "<pre>" + JSON.stringify(context, null, 2)) + "</pre>"
+        context => displayContext(JSON.stringify(context, null, 2))
       );
     } else {
       contextListener = fdc3.addContextListener(
-        context => (contextResultBox.innerHTML=  "<pre>" + JSON.stringify(context, null, 2)) + "</pre>"
+        context => displayContext(JSON.stringify(context, null, 2))
       );
     }
   } catch (error) {
     console.error('Unable to add a context listener', error);
   }
 }
 
+function displayContext(text){
+  let contextResultBox = document.getElementById('context-result');
+  contextResultBox.innerText = text;
+}
+
 async function addAppChannel() {
   try {
     let appChannelName = document.getElementById('app-channel').value;

toolbox/fdc3-explained/index.html

@@ -13,6 +13,11 @@
         color: white;
       }
 
+      a  {
+        color: white;
+        text-decoration: none;
+      }
+
       .main {
         margin: 10px 0;
         padding: 0;
@@ -26,7 +31,6 @@
         width: 25%;
         padding: 5px;
         text-align: center;
-        cursor: pointer;
         font-weight: 700;
       }
 
@@ -66,14 +70,14 @@
           </td>
         </tr>
         <tr>
-          <td class="linkbox acceptable" onClick="window.location.href='1.0/';">
-            1.0
+          <td class="linkbox acceptable">
+            <a href="1.0/"">1.0</a>
           </td>
-          <td class="linkbox acceptable" onClick="window.location.href='1.1/';">
-            1.1
+          <td class="linkbox acceptable">
+            <a href="1.1/"">1.1</a>
           </td>
-          <td class="linkbox optimal" onClick="window.location.href='1.2/';">
-            1.2
+          <td class="linkbox optimal">
+            <a href="1.2/"">1.2</a>
           </td>
         </tr>
       </table>

toolbox/fdc3-workbench/package.json

@@ -4,27 +4,7 @@
   "private": true,
   "homepage": ".",
   "dependencies": {
-    "@apidevtools/json-schema-ref-parser": "^9.0.9",
-    "@finos/fdc3": "^1.2.0",
-    "@fontsource/roboto": "^4.4.5",
-    "@fontsource/source-code-pro": "^4.5.0",
-    "@material-ui/core": "^4.11.4",
-    "@material-ui/icons": "^4.11.2",
-    "@material-ui/lab": "^4.0.0-alpha.59",
-    "@types/node": "^14.0.0",
-    "@types/react": "^17.0.0",
-    "@types/react-dom": "^17.0.0",
-    "@types/uuid": "^8.3.4",
-    "jsoneditor": "^9.5.6",
-    "mobx": "^6.3.2",
-    "mobx-react": "^7.2.0",
-    "nanoid": "^3.1.31",
-    "normalize.css": "^8.0.1",
-    "react": "^17.0.2",
-    "react-dom": "^17.0.2",
-    "typescript": "^4.1.2",
-    "uuid": "^9.0.0",
-    "web-vitals": "^1.0.1"
+
   },
   "scripts": {
     "dev": "vite",
@@ -65,7 +45,28 @@
     "prettier": "^2.3.1",
     "pretty-quick": "^3.1.0",
     "terser": "^5.16.1",
-    "vite": "^4.0.4"
+    "vite": "^4.0.4",
+    "@apidevtools/json-schema-ref-parser": "^9.0.9",
+    "@finos/fdc3": "^1.2.0",
+    "@fontsource/roboto": "^4.4.5",
+    "@fontsource/source-code-pro": "^4.5.0",
+    "@material-ui/core": "^4.11.4",
+    "@material-ui/icons": "^4.11.2",
+    "@material-ui/lab": "^4.0.0-alpha.59",
+    "@types/node": "^14.0.0",
+    "@types/react": "^17.0.0",
+    "@types/react-dom": "^17.0.0",
+    "@types/uuid": "^8.3.4",
+    "jsoneditor": "^9.5.6",
+    "mobx": "^6.3.2",
+    "mobx-react": "^7.2.0",
+    "nanoid": "^3.1.31",
+    "normalize.css": "^8.0.1",
+    "react": "^17.0.2",
+    "react-dom": "^17.0.2",
+    "typescript": "^4.1.2",
+    "uuid": "^9.0.0",
+    "web-vitals": "^1.0.1"
   },
   "lint-staged": {
     "*.{ts,tsx,js,jsx}": [

website/package.json

@@ -28,7 +28,12 @@
     "docusaurus-delete-version": "0.1.1",
     "replace-in-files-cli": "2.0.0",
     "replace-json-property": "1.8.0",
-    "rimraf": "5.0.0"
+    "rimraf": "5.0.0",
+    "@docusaurus/core": "^2.4.0",
+    "@docusaurus/preset-classic": "^2.4.0",
+    "clsx": "^1.2.1",
+    "react": "^17.0.2",
+    "react-dom": "^17.0.2"
   },
   "resolutions": {
     "got": "^11.8.5", 
@@ -37,12 +42,5 @@
   "overrides": {
     "got": "^11.8.5", 
     "trim": "1.0.1"
-  },
-  "dependencies": {
-    "@docusaurus/core": "^2.4.0",
-    "@docusaurus/preset-classic": "^2.4.0",
-    "clsx": "^1.2.1",
-    "react": "^17.0.2",
-    "react-dom": "^17.0.2"
   }
 }