Merge pull request #109 from Mixeway/feature/codeproject-branches

Feature/codeproject branches
Mixeway · Feb 1, 2024 · d345b66 · d345b66
2 parents a56f3ca + 139f7a4
commit d345b66
Show file tree

Hide file tree

Showing 63 changed files with 1,509 additions and 237 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -18,23 +18,23 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-  mixeway-scan:
-    name: Mixeway Scanning
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v1
-      - name: Prepare variables
-        id: vars
-        shell: bash
-        run: |
-          echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
-          echo "::set-output name=sha_short::$(git rev-parse HEAD)"
-      - name: Prepare Mixeway docker image
-        run: |
-          docker pull mixeway/scanner:latest
-      - name: Run Scan
-        run: |
-          docker run -e MODE=STANDALONE -e OSS_USERNAME=${{ secrets.oss_username }} -e OSS_KEY=${{ secrets.oss_key }} -e COMMIT_ID=${{ steps.vars.outputs.sha_short }} -e BRANCH=${{ steps.vars.outputs.branch }} -e MIXEWAY_PROJECT_NAME=${{ github.event.repository.name }} -e MIXEWAY_PROJECT_ID=${{ secrets.mixeway_project_id }} -e MIXEWAY_KEY=${{ secrets.mixeway_key }} -v $PWD:/opt/sources mixeway/scanner:latest
+#  mixeway-scan:
+#    name: Mixeway Scanning
+#    runs-on: ubuntu-latest
+#    steps:
+#      - uses: actions/checkout@v1
+#      - name: Prepare variables
+#        id: vars
+#        shell: bash
+#        run: |
+#          echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
+#          echo "::set-output name=sha_short::$(git rev-parse HEAD)"
+#      - name: Prepare Mixeway docker image
+#        run: |
+#          docker pull mixeway/scanner:latest
+#      - name: Run Scan
+#        run: |
+#          docker run -e MODE=STANDALONE -e OSS_USERNAME=${{ secrets.oss_username }} -e OSS_KEY=${{ secrets.oss_key }} -e COMMIT_ID=${{ steps.vars.outputs.sha_short }} -e BRANCH=${{ steps.vars.outputs.branch }} -e MIXEWAY_PROJECT_NAME=${{ github.event.repository.name }} -e MIXEWAY_PROJECT_ID=${{ secrets.mixeway_project_id }} -e MIXEWAY_KEY=${{ secrets.mixeway_key }} -v $PWD:/opt/sources mixeway/scanner:latest
 
   integration-testing:
     name: Integration test

diff --git a/.github/workflows/deploybeta.yml b/.github/workflows/deploybeta.yml
@@ -25,23 +25,23 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-  mixeway-scan:
-    name: Mixeway Scanning
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v1
-      - name: Prepare variables
-        id: vars
-        shell: bash
-        run: |
-          echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
-          echo "::set-output name=sha_short::$(git rev-parse HEAD)"
-      - name: Prepare Mixeway docker image
-        run: |
-          docker pull mixeway/scanner:latest
-      - name: Run Scan
-        run: |
-          docker run -e MODE=STANDALONE -e OSS_USERNAME=${{ secrets.oss_username }} -e OSS_KEY=${{ secrets.oss_key }} -e COMMIT_ID=${{ steps.vars.outputs.sha_short }} -e BRANCH=${{ steps.vars.outputs.branch }} -e MIXEWAY_PROJECT_NAME=${{ github.event.repository.name }} -e MIXEWAY_PROJECT_ID=${{ secrets.mixeway_project_id }} -e MIXEWAY_KEY=${{ secrets.mixeway_key }} -v $PWD:/opt/sources mixeway/scanner:latest
+#  mixeway-scan:
+#    name: Mixeway Scanning
+#    runs-on: ubuntu-latest
+#    steps:
+#      - uses: actions/checkout@v1
+#      - name: Prepare variables
+#        id: vars
+#        shell: bash
+#        run: |
+#          echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
+#          echo "::set-output name=sha_short::$(git rev-parse HEAD)"
+#      - name: Prepare Mixeway docker image
+#        run: |
+#          docker pull mixeway/scanner:latest
+#      - name: Run Scan
+#        run: |
+#          docker run -e MODE=STANDALONE -e OSS_USERNAME=${{ secrets.oss_username }} -e OSS_KEY=${{ secrets.oss_key }} -e COMMIT_ID=${{ steps.vars.outputs.sha_short }} -e BRANCH=${{ steps.vars.outputs.branch }} -e MIXEWAY_PROJECT_NAME=${{ github.event.repository.name }} -e MIXEWAY_PROJECT_ID=${{ secrets.mixeway_project_id }} -e MIXEWAY_KEY=${{ secrets.mixeway_key }} -v $PWD:/opt/sources mixeway/scanner:latest
 
   integration-testing:
     name: Integration test

diff --git a/pom.xml b/pom.xml
@@ -4,7 +4,7 @@
 
 	<groupId>io.mixeway</groupId>
 	<artifactId>mixeway</artifactId>
-	<version>1.8.0</version>
+	<version>1.8.2</version>
 	<packaging>jar</packaging>
 
 	<name>Mixeway</name>
@@ -183,7 +183,7 @@
 		<dependency>
 			<groupId>com.google.guava</groupId>
 			<artifactId>guava</artifactId>
-			<version>30.0-jre</version>
+			<version>32.0.0-jre</version>
 		</dependency>
 		<!-- Testing -->
 		<dependency>
@@ -297,7 +297,7 @@
 			<dependency>
 				<groupId>ch.qos.logback</groupId>
 				<artifactId>logback-core</artifactId>
-				<version>1.2.9</version>
+				<version>1.3.12</version>
 			</dependency>
 		</dependencies>
 	</dependencyManagement>

diff --git a/src/main/java/io/mixeway/api/cicd/controller/CICDController.java b/src/main/java/io/mixeway/api/cicd/controller/CICDController.java
@@ -0,0 +1,117 @@
+package io.mixeway.api.cicd.controller;
+
+import io.mixeway.api.cicd.model.LoadSCA;
+import io.mixeway.api.cicd.service.CICDService;
+import io.mixeway.api.cioperations.model.LoadVulnModel;
+import io.mixeway.api.cioperations.model.ZapReportModel;
+import io.mixeway.api.protocol.cioperations.GetInfoRequest;
+import io.mixeway.api.protocol.cioperations.PrepareCIOperation;
+import io.mixeway.api.protocol.securitygateway.SecurityGatewayResponse;
+import io.mixeway.utils.Status;
+import lombok.RequiredArgsConstructor;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.*;
+
+import javax.validation.Valid;
+import java.io.IOException;
+import java.net.UnknownHostException;
+import java.security.*;
+import java.security.cert.CertificateException;
+
+@RequiredArgsConstructor
+@Controller
+@RequestMapping("/v3/api/cicd")
+@PreAuthorize("hasAuthority('ROLE_API')")
+public class CICDController {
+    private final CICDService cicdService;
+
+
+    /**
+     *
+     * Request that meant to create CodeProject or return CodeProject by repoUrl contained in getInfoRequest
+     *
+     * @param getInfoRequest - info with repoURL and branch
+     */
+    @PostMapping(value = "/codeproject/info")
+    public ResponseEntity<PrepareCIOperation> getCPInfo(@Valid @RequestBody GetInfoRequest getInfoRequest, Principal principal) throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyManagementException, KeyStoreException, IOException {
+        return cicdService.getCPInfo(getInfoRequest, principal);
+    }
+
+    /**
+     *
+     * Request that meant to
+     * 1. Create or get proper branch for CodeProject with given ID
+     * 2. Call SCA scanner to load vulnerabilities and link those with pair codeproject - codeprojectbranch
+     *
+     * @param loadSCA
+     */
+    @PostMapping(value = "/codeproject/load/sca")
+    public ResponseEntity<Status> loadSca(@Valid @RequestBody LoadSCA loadSCA, Principal principal) throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyManagementException, KeyStoreException, IOException {
+        return cicdService.loadSca(loadSCA, principal);
+    }
+
+
+    /**
+     *
+     * Request that load vulnerabilities from arbitrary sources such as GitLeaks and KICS:
+     * 1. Create or get proper branch for CodeProject with given ID
+     * 2. Load vulnerabilities to DB and link those with pair CodeProject - CodeProjectBranch
+     *
+     */
+    @PreAuthorize("hasAuthority('ROLE_API')")
+    @PostMapping(value="/codeproject/loadvulns/{codeProjectId}")
+    public ResponseEntity<Status> loadVulns (@RequestBody LoadVulnModel loadVulnModel,
+                                             @PathVariable(value = "codeProjectId") Long id,
+                                             Principal principal) throws Exception {
+        return cicdService.loadVulnerabilitiesFromCICDToProject(
+                loadVulnModel.getVulns(),
+                id,
+                loadVulnModel.getBranch(),
+                loadVulnModel.getCommitId(),
+                principal);
+    }
+
+    /**
+     *
+     * Request that start SAST Scan for given scope:
+     * 1. Create or get proper branch for CodeProject with given ID
+     * 2. Load vulnerabilities to DB and link those with pair CodeProject - CodeProjectBranch
+     *
+     */
+    @PreAuthorize("hasAuthority('ROLE_API')")
+    @PostMapping(value = "/codeproject/run/sast")
+    public ResponseEntity<Status> performSastScanForCodeProject( @RequestBody LoadSCA loadSCA, Principal principal) throws UnrecoverableKeyException, CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException {
+        return cicdService.performSastScanForCodeProject(loadSCA, principal);
+    }
+
+
+    /**
+     *
+     * Request that load vulnerabilities from arbitrary sources such as ZAP:
+     * 1. Create or get proper branch for CodeProject with given ID
+     * 2. Load vulnerabilities to DB and link those with pair CodeProject - CodeProjectBranch
+     * TODO Upload report ZAP with info regarding repoUrl to link repo with webapp
+     *
+     */
+
+    @PreAuthorize("hasAuthority('ROLE_API')")
+    @PostMapping(value="/loadvulns/zap/{ciid}")
+    public ResponseEntity<Status> loadVulnsZap (@RequestBody ZapReportModel loadVulnModel,
+                                                @PathVariable(value = "ciid") String ciid,
+                                                Principal principal) throws Exception {
+        return cicdService.loadVulnZap(loadVulnModel,ciid,principal);
+    }
+
+    /**
+     * Validate State of security for given CodeProject and Branch
+     */
+    @CrossOrigin(origins="*")
+    @PreAuthorize("hasAuthority('ROLE_API')")
+    @PostMapping(value = "/codeproject/validate",produces = "application/json")
+    public ResponseEntity<SecurityGatewayResponse> cicdValidate(@RequestBody LoadSCA loadSCA,
+                                                                                    Principal principal) throws UnknownHostException {
+        return cicdService.validate(loadSCA, principal);
+    }
+}
diff --git a/src/main/java/io/mixeway/api/cicd/model/CodeProjectInfo.java b/src/main/java/io/mixeway/api/cicd/model/CodeProjectInfo.java
@@ -0,0 +1,7 @@
+package io.mixeway.api.cicd.model;
+
+public class CodeProjectInfo {
+
+
+
+}
diff --git a/src/main/java/io/mixeway/api/cicd/model/LoadSCA.java b/src/main/java/io/mixeway/api/cicd/model/LoadSCA.java
@@ -0,0 +1,16 @@
+package io.mixeway.api.cicd.model;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+@Getter
+@Setter
+@NoArgsConstructor
+@AllArgsConstructor
+public class LoadSCA {
+    private Long codeProjectId;
+    private String branch;
+    private String commitId;
+}