From b73a8ee4b9681636283f77f33b76bf5ead181a49 Mon Sep 17 00:00:00 2001 From: Cristian Hernandez Date: Wed, 11 Oct 2023 08:20:31 -0700 Subject: [PATCH 1/5] Add OSV Scanner and Horusec action --- .github/workflows/dart_analyzer.yml | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dart_analyzer.yml b/.github/workflows/dart_analyzer.yml index 916d490..f9eaccb 100644 --- a/.github/workflows/dart_analyzer.yml +++ b/.github/workflows/dart_analyzer.yml @@ -78,4 +78,23 @@ jobs: - run: semgrep ci env: - SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }} \ No newline at end of file + SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }} + + # SCA - find existing vulnerabilities affecting your project’s dependencies. + osv-scanner: + name: OSV Scanner + uses: "google/osv-scanner/.github/workflows/osv-scanner-reusable-pr.yml@main" + + # Dart SAST + horusec-security: + name: horusec-security + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Running Horusec Security + run: | + curl -fsSL https://raw.githubusercontent.com/ZupIT/horusec/main/deployments/scripts/install.sh | bash -s latest + horusec start -p="./" -e="true" \ No newline at end of file From ed5e134ffccc14764d4003079c42df3fd54a6873 Mon Sep 17 00:00:00 2001 From: Cristian Hernandez Date: Wed, 11 Oct 2023 08:28:21 -0700 Subject: [PATCH 2/5] Beta Horusec. Comment out osv --- .github/workflows/dart_analyzer.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/dart_analyzer.yml b/.github/workflows/dart_analyzer.yml index f9eaccb..88cddd3 100644 --- a/.github/workflows/dart_analyzer.yml +++ b/.github/workflows/dart_analyzer.yml @@ -81,9 +81,10 @@ jobs: SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }} # SCA - find existing vulnerabilities affecting your project’s dependencies. - osv-scanner: - name: OSV Scanner - uses: "google/osv-scanner/.github/workflows/osv-scanner-reusable-pr.yml@main" + # REPO NEEDS TO BE PUBLIC + #osv-scanner: + # name: OSV Scanner + # uses: "google/osv-scanner/.github/workflows/osv-scanner-reusable-pr.yml@main" # Dart SAST horusec-security: @@ -96,5 +97,5 @@ jobs: fetch-depth: 0 - name: Running Horusec Security run: | - curl -fsSL https://raw.githubusercontent.com/ZupIT/horusec/main/deployments/scripts/install.sh | bash -s latest + curl -fsSL https://raw.githubusercontent.com/ZupIT/horusec/main/deployments/scripts/install.sh | bash -s latest-beta horusec start -p="./" -e="true" \ No newline at end of file From f8ae8baa6110523d0bf1d87471e6d4e7e2f777aa Mon Sep 17 00:00:00 2001 From: Cristian Hernandez Date: Mon, 16 Oct 2023 15:38:44 -0700 Subject: [PATCH 3/5] Create horusec-config.json --- horusec-config.json | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 horusec-config.json diff --git a/horusec-config.json b/horusec-config.json new file mode 100644 index 0000000..695eb04 --- /dev/null +++ b/horusec-config.json @@ -0,0 +1,21 @@ +{ + "horusec": { + "projectName": "Angeleno My Account Flutter", + "analysis": { + "tools": [ + { + "language": "Dart", + "customPath": "./lib/", + "isToIgnore": false, + "isLocal": true, + "config": { + "DartCmd": "dart", + "Severity": "low", + "FilesOrPaths": "./**/*.dart", + "OutputFile": "./horusec-output-dart.json" + } + } + ] + } + } +} From c2620e74bdf1c619c4c4e3c5850213ec59618325 Mon Sep 17 00:00:00 2001 From: Cristian Hernandez Date: Mon, 16 Oct 2023 16:09:50 -0700 Subject: [PATCH 4/5] Update horusec-config.json --- horusec-config.json | 149 +++++++++++++++++++++++++++++++++++++++----- 1 file changed, 132 insertions(+), 17 deletions(-) diff --git a/horusec-config.json b/horusec-config.json index 695eb04..992f893 100644 --- a/horusec-config.json +++ b/horusec-config.json @@ -1,21 +1,136 @@ { - "horusec": { - "projectName": "Angeleno My Account Flutter", - "analysis": { - "tools": [ - { - "language": "Dart", - "customPath": "./lib/", - "isToIgnore": false, - "isLocal": true, - "config": { - "DartCmd": "dart", - "Severity": "low", - "FilesOrPaths": "./**/*.dart", - "OutputFile": "./horusec-output-dart.json" - } - } - ] + "horusecCliCertInsecureSkipVerify": false, + "horusecCliCertPath": "", + "horusecCliContainerBindProjectPath": "", + "horusecCliCustomImages": { + "c": "", + "csharp": "", + "elixir": "", + "generic": "", + "go": "", + "hcl": "", + "javascript": "", + "leaks": "", + "php": "", + "python": "", + "ruby": "", + "shell": "" + }, + "horusecCliCustomRulesPath": "", + "horusecCliDisableDocker": false, + "horusecCliEnableCommitAuthor": false, + "horusecCliEnableGitHistoryAnalysis": false, + "horusecCliEnableInformationSeverity": false, + "horusecCliEnableOwaspDependencyCheck": false, + "horusecCliEnableShellcheck": false, + "horusecCliFalsePositiveHashes": null, + "horusecCliFilesOrPathsToIgnore": [ + "*tmp*", + "**/.vscode/**" + ], + "horusecCliHeaders": {}, + "horusecCliHorusecApiUri": "http://0.0.0.0:8000", + "horusecCliJsonOutputFilepath": "", + "horusecCliMonitorRetryInSeconds": 15, + "horusecCliPrintOutputType": "", + "horusecCliProjectPath": "./", + "horusecCliRepositoryAuthorization": "00000000-0000-0000-0000-000000000000", + "horusecCliRepositoryName": "angeleno-my-account-flutter", + "horusecCliReturnErrorIfFoundVulnerability": true, + "horusecCliRiskAcceptHashes": null, + "horusecCliSeveritiesToIgnore": [ + "INFO" + ], + "horusecCliShowVulnerabilitiesTypes": [ + "Vulnerability" + ], + "horusecCliTimeoutInSecondsAnalysis": 600, + "horusecCliTimeoutInSecondsRequest": 300, + "horusecCliToolsConfig": { + "Bandit": { + "istoignore": false + }, + "Brakeman": { + "istoignore": false + }, + "BundlerAudit": { + "istoignore": false + }, + "Checkov": { + "istoignore": false + }, + "DotnetCli": { + "istoignore": false + }, + "Flawfinder": { + "istoignore": false + }, + "GitLeaks": { + "istoignore": false + }, + "GoSec": { + "istoignore": false + }, + "HorusecEngine": { + "istoignore": false + }, + "MixAudit": { + "istoignore": false + }, + "Nancy": { + "istoignore": false + }, + "NpmAudit": { + "istoignore": false + }, + "OwaspDependencyCheck": { + "istoignore": false + }, + "PhpCS": { + "istoignore": false + }, + "Safety": { + "istoignore": false + }, + "SecurityCodeScan": { + "istoignore": false + }, + "Semgrep": { + "istoignore": false + }, + "ShellCheck": { + "istoignore": false + }, + "Sobelow": { + "istoignore": false + }, + "TfSec": { + "istoignore": false + }, + "Trivy": { + "istoignore": false + }, + "YarnAudit": { + "istoignore": false } + }, + "horusecCliWorkDir": { + "go": [], + "csharp": [], + "ruby": [], + "python": [], + "java": [], + "kotlin": [], + "javaScript": [], + "leaks": [], + "hcl": [], + "php": [], + "c": [], + "yaml": [], + "generic": [], + "elixir": [], + "shell": [], + "dart": ["./lib/"], + "nginx": [] } } From 6476820c6eb46b184b8ef95fe7f3847f0e7fcafe Mon Sep 17 00:00:00 2001 From: Cristian Hernandez Date: Mon, 23 Oct 2023 14:32:53 -0700 Subject: [PATCH 5/5] Trigger horusec-dart positive --- horusec-config.json | 140 +++++++++++++++++++++++++++++ lib/views/screens/home_screen.dart | 4 +- 2 files changed, 143 insertions(+), 1 deletion(-) create mode 100644 horusec-config.json diff --git a/horusec-config.json b/horusec-config.json new file mode 100644 index 0000000..d4142ce --- /dev/null +++ b/horusec-config.json @@ -0,0 +1,140 @@ +{ + "horusecCliCertInsecureSkipVerify": false, + "horusecCliCertPath": "", + "horusecCliContainerBindProjectPath": "", + "horusecCliCustomImages": { + "c": "", + "csharp": "", + "elixir": "", + "generic": "", + "go": "", + "hcl": "", + "javascript": "", + "leaks": "", + "php": "", + "python": "", + "ruby": "", + "shell": "" + }, + "horusecCliCustomRulesPath": "", + "horusecCliDisableDocker": false, + "horusecCliEnableCommitAuthor": false, + "horusecCliEnableGitHistoryAnalysis": false, + "horusecCliEnableInformationSeverity": false, + "horusecCliEnableOwaspDependencyCheck": false, + "horusecCliEnableShellcheck": false, + "horusecCliFalsePositiveHashes": null, + "horusecCliFilesOrPathsToIgnore": [ + "*tmp*", + "**/.vscode/**" + ], + "horusecCliHeaders": {}, + "horusecCliHorusecApiUri": "http://0.0.0.0:8000", + "horusecCliJsonOutputFilepath": "", + "horusecCliLogFilePath": "C:\\Users\\506474\\AppData\\Local\\Temp\\horusec-2023-10-16-16-04-09.log", + "horusecCliMonitorRetryInSeconds": 15, + "horusecCliPrintOutputType": "", + "horusecCliProjectPath": "./", + "horusecCliRepositoryAuthorization": "00000000-0000-0000-0000-000000000000", + "horusecCliRepositoryName": "angeleno-my-account-flutter", + "horusecCliReturnErrorIfFoundVulnerability": true, + "horusecCliRiskAcceptHashes": null, + "horusecCliSeveritiesToIgnore": [ + "INFO" + ], + "horusecCliShowVulnerabilitiesTypes": [ + "Vulnerability" + ], + "horusecCliTimeoutInSecondsAnalysis": 600, + "horusecCliTimeoutInSecondsRequest": 300, + "horusecCliToolsConfig": { + "Bandit": { + "istoignore": false + }, + "Brakeman": { + "istoignore": false + }, + "BundlerAudit": { + "istoignore": false + }, + "Checkov": { + "istoignore": false + }, + "DotnetCli": { + "istoignore": false + }, + "Flawfinder": { + "istoignore": false + }, + "GitLeaks": { + "istoignore": false + }, + "GoSec": { + "istoignore": false + }, + "HorusecDart": { + "istoignore": false + }, + "HorusecEngine": { + "istoignore": false + }, + "MixAudit": { + "istoignore": false + }, + "Nancy": { + "istoignore": false + }, + "NpmAudit": { + "istoignore": false + }, + "OwaspDependencyCheck": { + "istoignore": false + }, + "PhpCS": { + "istoignore": false + }, + "Safety": { + "istoignore": false + }, + "SecurityCodeScan": { + "istoignore": false + }, + "Semgrep": { + "istoignore": false + }, + "ShellCheck": { + "istoignore": false + }, + "Sobelow": { + "istoignore": false + }, + "TfSec": { + "istoignore": false + }, + "Trivy": { + "istoignore": false + }, + "YarnAudit": { + "istoignore": false + } + }, + "horusecCliWorkDir": { + "go": [], + "csharp": [], + "ruby": [], + "python": [], + "java": [], + "kotlin": [], + "javaScript": [], + "leaks": [], + "hcl": [], + "php": [], + "c": [], + "yaml": [], + "generic": [], + "elixir": [], + "shell": [], + "dart": ["./lib/"], + "nginx": [] + } +} \ No newline at end of file diff --git a/lib/views/screens/home_screen.dart b/lib/views/screens/home_screen.dart index 6e12176..95a5430 100644 --- a/lib/views/screens/home_screen.dart +++ b/lib/views/screens/home_screen.dart @@ -80,7 +80,9 @@ class _MyHomePageState extends State { @override Widget build(final BuildContext context) { final bool smallScreen = MediaQuery.of(context).size.width < 720; - userProvider = context.watch(); + userProvider = context.watch(); + + print('%'); return Container( margin: const EdgeInsets.fromLTRB(0, 47.0, 0, 0),