Skip to content

Commit

Permalink
added auth-zap-scan
Browse files Browse the repository at this point in the history
  • Loading branch information
DmByK committed Oct 8, 2024
1 parent 5305bdf commit bafed0a
Show file tree
Hide file tree
Showing 2 changed files with 111 additions and 5 deletions.
27 changes: 22 additions & 5 deletions .github/workflows/zap_scan.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,14 @@ env:
DATABASE_URL: postgres://postgres:postgres@localhost:5432/postgres?schema=public

jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Review Dependencies
uses: actions/dependency-review-action@v4

install:
runs-on: ubuntu-latest
steps:
Expand All @@ -30,18 +38,25 @@ jobs:
uses: actions/cache@v4
with:
path: ${{ steps.npm-cache-dir.outputs.dir }}
key: "${{ runner.os }}-npm-${{ hashFiles('package-lock.json') }}"
key: "${{ runner.os }}-npm-${{ env.NODE_VERSION }}-${{ hashFiles('package-lock.json') }}"
restore-keys: |
${{ runner.os }}-npm-
- name: Cache node modules
uses: actions/cache@v4
with:
path: ./node_modules
key: "${{ runner.os }}-node_modules-${{ hashFiles('package-lock.json') }}-${{ hashFiles('**/schema.prisma') }}"
key: "${{ runner.os }}-node_modules-${{ env.NODE_VERSION }}-${{ hashFiles('package-lock.json') }}-${{ hashFiles('**/schema.prisma') }}"
restore-keys: |
${{ runner.os }}-node_modules-
- name: Cache e2e node modules
uses: actions/cache@v4
with:
path: ./e2e/node_modules
key: "${{ runner.os }}-node_modules_e2e-${{ env.NODE_VERSION }}-${{ hashFiles('./e2e/package-lock.json') }}"
restore-keys: |
${{ runner.os }}-node_modules_e2e-
- name: Install node dependencies
run: npm ci
run: npm install
- name: Generate prisma types
run: npm run prisma -- generate

Expand All @@ -68,9 +83,10 @@ jobs:
run: |
cd development
chmod +x ./init/elasticsearch/init.sh
chmod +r ./init/elasticsearch/mappings/swissgeol_asset_asset.json
sed -i 's/- \.\/volumes\/elasticsearch\/data:\/usr\/share\/elasticsearch\/data//g' ./docker-compose.yaml
docker compose up -d db oidc elasticsearch
sleep 60
sleep 120
- name: Migrate database
run: npm run prisma -- migrate deploy
- name: Start frontend
Expand All @@ -82,7 +98,8 @@ jobs:
uses: zaproxy/[email protected]
with:
target: "http://localhost:4200"
cmd_options: "-a"
fail_action: "false"
cmd_options: -a -j -U "admin" -n /zap/context/default.context
- name: Upload ZAP Scan Results
uses: actions/upload-artifact@v4
with:
Expand Down
89 changes: 89 additions & 0 deletions zap/context/default.context
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<configuration>
<context>
<name>Standard-Kontext</name>
<desc/>
<inscope>true</inscope>
<incregexes>http://localhost:4011.*</incregexes>
<incregexes>http://localhost:4200.*</incregexes>
<tech>
<include>Db.PostgreSQL</include>
<include>Language.ASP</include>
<include>Language.JSP/Servlet</include>
<include>Language.Java</include>
<include>Language.Java.Spring</include>
<include>Language.JavaScript</include>
<include>Language.XML</include>
<include>OS.Linux</include>
<include>OS.Windows</include>
<include>SCM.Git</include>
<include>WS.Apache</include>
<include>WS.Tomcat</include>
<exclude>Db</exclude>
<exclude>Db.CouchDB</exclude>
<exclude>Db.Firebird</exclude>
<exclude>Db.HypersonicSQL</exclude>
<exclude>Db.IBM DB2</exclude>
<exclude>Db.MariaDB</exclude>
<exclude>Db.Microsoft Access</exclude>
<exclude>Db.Microsoft SQL Server</exclude>
<exclude>Db.MongoDB</exclude>
<exclude>Db.MySQL</exclude>
<exclude>Db.Oracle</exclude>
<exclude>Db.SAP MaxDB</exclude>
<exclude>Db.SQLite</exclude>
<exclude>Db.Sybase</exclude>
<exclude>Language</exclude>
<exclude>Language.C</exclude>
<exclude>Language.PHP</exclude>
<exclude>Language.Python</exclude>
<exclude>Language.Ruby</exclude>
<exclude>OS</exclude>
<exclude>OS.MacOS</exclude>
<exclude>SCM</exclude>
<exclude>SCM.SVN</exclude>
<exclude>WS</exclude>
<exclude>WS.IIS</exclude>
</tech>
<urlparser>
<class>org.zaproxy.zap.model.StandardParameterParser</class>
<config>{"kvps":"&amp;","kvs":"=","struct":[]}</config>
</urlparser>
<postparser>
<class>org.zaproxy.zap.model.StandardParameterParser</class>
<config>{"kvps":"&amp;","kvs":"=","struct":[]}</config>
</postparser>
<authentication>
<type>2</type>
<strategy>EACH_RESP</strategy>
<pollurl/>
<polldata/>
<pollheaders/>
<pollfreq>60</pollfreq>
<pollunits>REQUESTS</pollunits>
<loggedin>\Qid_token\E</loggedin>
<loggedout>\QLogout\E</loggedout>
<form>
<loginurl>http://localhost:4011/Account/Login</loginurl>
<loginbody>Input.ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Dcode%26client_id%3Dassets%26state%3DSU5kZlpCanU1bFkydFFVSTVyMVdEVFBpdFh2WEs1SERaLnJ4YWJOcUNRTkRG%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%253A4200%26scope%3Dopenid%2520profile%2520email%2520cognito%26code_challenge%3DzQOsMsXRWejLxaINRJtgwpnJfg6blQjzO2p0Av_ghDY%26code_challenge_method%3DS256%26nonce%3DSU5kZlpCanU1bFkydFFVSTVyMVdEVFBpdFh2WEs1SERaLnJ4YWJOcUNRTkRG&amp;Input.Username={%username%}&amp;Input.Password={%password%}&amp;Input.Button=login&amp;__RequestVerificationToken=CfDJ8J9zj19_xjZOumsf_DtW9A0qnKNQFTcBhLJ35LoRFoxjUmXvMVvsN82mEDDWhVM_qlMHI9HhagwnbEeLp-eac5vWEvRIRkxzZS7aFWThs1zxMCkxe5QByRRCI89MbiC-njZelIq17MrtiyhP2xqz3mI&amp;Input.RememberLogin=false</loginbody>
<loginpageurl>http://localhost:4011/Account/Login</loginpageurl>
</form>
</authentication>
<users>
<user>267;true;YWRtaW4=;2;YWRtaW4=~YWRtaW4=~</user>
</users>
<forceduser>267</forceduser>
<session>
<type>0</type>
</session>
<authorization>
<type>0</type>
<basic>
<header/>
<body/>
<logic>AND</logic>
<code>-1</code>
</basic>
</authorization>
</context>
</configuration>

0 comments on commit bafed0a

Please sign in to comment.