Merge branch 'custom-config' into snyk-actions

pickford-snyk · Jun 4, 2024 · 082b519 · 082b519
2 parents 85a425f + d240896
commit 082b519
Show file tree

Hide file tree

Showing 15 changed files with 112 additions and 94 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -39,7 +39,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

diff --git a/.github/workflows/snyk-code-manual.yml b/.github/workflows/snyk-code-manual.yml
@@ -8,9 +8,9 @@ jobs:
     permissions:
       security-events: write
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Upload SARIF
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: sarif.json
           # sarif_file: example111.json
diff --git a/.github/workflows/snyk-code.yml b/.github/workflows/snyk-code.yml
@@ -4,14 +4,14 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - uses: snyk/actions/setup@master
       - name: Snyk Test
         run: snyk code test --org=${{ secrets.SNYK_ORG }} --sarif > snyk-sarif2.json
         continue-on-error: true
         env:
            SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: snyk-sarif2.json
diff --git a/.github/workflows/snyk-test-sarif.yml b/.github/workflows/snyk-test-sarif.yml
@@ -4,12 +4,15 @@ jobs:
   security:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@master
-      - name: Run Snyk to check for vulnerabilities
-        uses: snyk/actions/node@master
-        continue-on-error: true # To make sure that SARIF upload gets called
+      - uses: actions/checkout@v3
+      - uses: snyk/actions/setup@master
+      - name: Snyk Test
+        run: snyk test --sarif-file-output=snyk-sarif1.json
+        continue-on-error: true
         env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v2
         with:
           args: --sarif-file-output=snyk.sarif
       - name: Upload result to GitHub Code Scanning

diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 # FROM node:6-stretch
-FROM node:14.1.0
+FROM node:18.13.0
 
 RUN mkdir /usr/src/goof
 RUN mkdir /tmp/extracted_files

diff --git a/README.md b/README.md
@@ -14,12 +14,20 @@ This vulnerable app includes the following capabilities to experiment with:
 ```bash
 mongod &
 
-git clone https://github.com/snyk/goof.git
+git clone https://github.com/snyk-labs/nodejs-goof
 npm install
 npm start
 ```
 This will run Goof locally, using a local mongo on the default port and listening on port 3001 (http://localhost:3001)
 
+Note: You *have* to use an old version of MongoDB version due to some of these old libraries' database server APIs. MongoDB 3 is known to work ok.
+
+You can also run the MongoDB server individually via Docker, such as:
+
+```sh
+docker run --rm -p 27017:27017 mongo:3
+```
+
 ## Running with docker-compose
 ```bash
 docker-compose up --build
@@ -193,7 +201,7 @@ To run the Node.js app with runtime monitoring:
 SNYK_PROJECT_ID=<PROJECT_ID> npm start
 ```
 
-** The app will continue to work normally even if not provided a project id
+** The app will continue to work normally even if it's not provided a project id
 
 ## Fixing the issues
 To find these flaws in this application (and in your own apps), run:

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -14,7 +14,7 @@ services:
       - goof-mongo
   goof-mongo:
     container_name: goof-mongo
-    image: mongo
+    image: mongo:3
     ports:
       - "27017:27017"
   good-mysql:
@@ -24,4 +24,4 @@ services:
       MYSQL_ROOT_PASSWORD: root
       MYSQL_DATABASE: acme
     ports:
-      - "3306:3306"
+      - "3306:3306"
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -8,8 +8,8 @@
     "url": "https://github.com/Snyk/snyk-todo-list-demo-app/"
   },
   "scripts": {
-    "dev": "nodemon ./app.js",
-    "start": "node app.js",
+    "dev": "NODE_OPTIONS=--openssl-legacy-provider nodemon ./app.js",
+    "start": "NODE_OPTIONS=--openssl-legacy-provider node app.js",
     "build": "browserify -r jquery > public/js/bundle.js",
     "cleanup": "mongo express-todo --eval 'db.todos.remove({});'",
     "test": "snyk test"

diff --git a/public/css/screen.css b/public/css/screen.css
@@ -23,6 +23,7 @@ time, mark, audio, video {
 /* line 20, ../../../../../Users/fred/.rvm/gems/ruby-1.9.3-p0/gems/compass-0.12.1/frameworks/compass/stylesheets/compass/reset/_utilities.scss */
 body {
   line-height: 1;
+  height: 100vh;
 }
 
 /* line 22, ../../../../../Users/fred/.rvm/gems/ruby-1.9.3-p0/gems/compass-0.12.1/frameworks/compass/stylesheets/compass/reset/_utilities.scss */
@@ -72,10 +73,9 @@ body {
 #page-title {
   color: #666666;
   background-color: #f8f8f8;
-  font-size: 32px;
-  line-height: 1.35;
-  padding: 20px 0;
-  text-align: center;
+  font-size: 3rem;
+  margin: 1rem 1rem 0 0;
+  padding: 1rem 2rem 0 2rem;
   text-shadow: 0 1px 1px white;
 }
 
@@ -99,26 +99,23 @@ body {
 
 /* line 32, ../sass/screen.sass */
 #list {
-  width: 283px;
-  margin: 0 auto;
-  padding: 20px 0 15px;
-  position: relative;
+  padding: 2rem 0 0 0;
+  align-self: center;
 }
 
 /* line 38, ../sass/screen.sass */
 .item, .item-new {
   overflow: hidden;
-  *zoom: 1;
   background-color: #f9f9f9;
   border: 1px solid #eeeeee;
   border-radius: 6px 6px 6px 6px;
   list-style: none outside none;
-  margin: 6px 0 0;
-  padding: 8px 9px 9px;
-  position: relative;
+  margin: 0.75rem;
+  padding: 0.75rem;
+  width: 25rem;
   text-shadow: 1px 1px 0 white;
-  width: 250px;
 }
+
 /* line 49, ../sass/screen.sass */
 .item:hover, .item-new:hover {
   border-color: #9be0f9;
@@ -127,8 +124,8 @@ body {
 
 /* line 53, ../sass/screen.sass */
 .item-new {
-  padding: 4px 5px;
-  width: 258px;
+  padding: 0.5rem;
+  width: 25.5rem;
 }
 
 /* line 57, ../sass/screen.sass */
@@ -137,9 +134,8 @@ body {
   color: #666666;
   font-family: "Lucida Grande", "Lucida Sans Unicode", sans-serif;
   font-size: 15px;
-  padding: 3px 4px;
-  width: 248px;
-  height: 19px;
+  width: 25rem;
+  height: 2rem;
 }
 
 /* line 66, ../sass/screen.sass */
@@ -185,11 +181,9 @@ body {
 /* line 92, ../sass/screen.sass */
 #footer {
   overflow: hidden;
-  *zoom: 1;
-  width: 210px;
   margin: 0 auto;
   position: relative;
-  top: 17px;
+  top: 1rem;
 }
 
 /* line 99, ../sass/screen.sass */
@@ -227,27 +221,46 @@ body {
   text-decoration: underline;
 }
 
-/* line 10, ../../../../../Users/fred/.rvm/gems/ruby-1.9.3-p0/gems/compass-0.12.1/frameworks/compass/stylesheets/compass/layout/_sticky-footer.scss */
-html, body {
-  height: 100%;
-}
-
 /* line 12, ../../../../../Users/fred/.rvm/gems/ruby-1.9.3-p0/gems/compass-0.12.1/frameworks/compass/stylesheets/compass/layout/_sticky-footer.scss */
 #layout {
-  clear: both;
-  min-height: 100%;
-  height: auto !important;
-  height: 100%;
-  margin-bottom: -48px;
-}
-/* line 18, ../../../../../Users/fred/.rvm/gems/ruby-1.9.3-p0/gems/compass-0.12.1/frameworks/compass/stylesheets/compass/layout/_sticky-footer.scss */
-#layout #layout-footer {
-  height: 48px;
+  display: flex;
+  flex-direction: column;
 }
 
 /* line 20, ../../../../../Users/fred/.rvm/gems/ruby-1.9.3-p0/gems/compass-0.12.1/frameworks/compass/stylesheets/compass/layout/_sticky-footer.scss */
 #footer-wrap {
-  clear: both;
-  position: relative;
-  height: 48px;
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  position: fixed;
+  bottom: 0;
+  width: 100%;
+  padding: 2rem;
+}
+
+#uploadForm {
+  padding-bottom: 1rem;
+}
+
+.patch {
+  height: 5rem;
+  width: 5rem;
+  padding: 1rem 1rem 0 0;
+}
+
+.patch-header {
+  display: flex;
+  align-self: center;
+}
+
+.snyk-patch {
+  width: 5rem;
+  height: 5rem;
+  margin: 1rem 1rem 0 0;
+}
+
+#footer-wrap a {
+  text-decoration: none;
+  color: #666666;
+  margin: 0 1rem 0 1rem;
 }
diff --git a/public/images/snyk_patch.jpeg b/public/images/snyk_patch.jpeg
diff --git a/routes/index.js b/routes/index.js
@@ -27,7 +27,7 @@ exports.index = function (req, res, next) {
       if (err) return next(err);
 
       res.render('index', {
-        title: 'Goof TODO',
+        title: 'Patch TODO List',
         subhead: 'Vulnerabilities at their best',
         todos: todos,
       });
@@ -299,7 +299,7 @@ exports.about_new = function (req, res, next) {
   console.log(JSON.stringify(req.query));
   return res.render("about_new.dust",
     {
-      title: 'Goof TODO',
+      title: 'Patch TODO List',
       subhead: 'Vulnerabilities at their best',
       device: req.query.device
     });