diff --git a/security-c4po-angular/src/app/pentest/pentest-content/pentest-findings/pentest-findings.component.html b/security-c4po-angular/src/app/pentest/pentest-content/pentest-findings/pentest-findings.component.html
index 38bfbd8..2a10991 100644
--- a/security-c4po-angular/src/app/pentest/pentest-content/pentest-findings/pentest-findings.component.html
+++ b/security-c4po-angular/src/app/pentest/pentest-content/pentest-findings/pentest-findings.component.html
@@ -49,6 +49,7 @@
size="small"
shape="round"
class="add-finding-button"
+ [disabled]="pentestInfo$.getValue().status === notStartedStatus"
(click)="onClickAddFinding()">
{{'finding.add' | translate}}
diff --git a/security-c4po-angular/src/app/pentest/pentest-content/pentest-findings/pentest-findings.component.ts b/security-c4po-angular/src/app/pentest/pentest-content/pentest-findings/pentest-findings.component.ts
index 656c5a2..2f8ec49 100644
--- a/security-c4po-angular/src/app/pentest/pentest-content/pentest-findings/pentest-findings.component.ts
+++ b/security-c4po-angular/src/app/pentest/pentest-content/pentest-findings/pentest-findings.component.ts
@@ -1,16 +1,23 @@
import {Component, Input, OnInit} from '@angular/core';
import {PentestService} from '@shared/services/pentest.service';
import {BehaviorSubject, Observable} from 'rxjs';
-import {Pentest} from '@shared/models/pentest.model';
+import {Pentest, transformPentestToRequestBody} from '@shared/models/pentest.model';
import {UntilDestroy, untilDestroyed} from '@ngneat/until-destroy';
import {filter, mergeMap, tap} from 'rxjs/operators';
import {NotificationService, PopupType} from '@shared/services/notification.service';
-import {Finding, FindingDialogBody, FindingEntry, transformFindingsToObjectiveEntries} from '@shared/models/finding.model';
+import {
+ Finding,
+ FindingDialogBody,
+ FindingEntry,
+ transformFindingsToObjectiveEntries,
+ transformFindingToRequestBody
+} from '@shared/models/finding.model';
import {NbGetters, NbTreeGridDataSource, NbTreeGridDataSourceBuilder} from '@nebular/theme';
import * as FA from '@fortawesome/free-solid-svg-icons';
import {isNotNullOrUndefined} from 'codelyzer/util/isNotNullOrUndefined';
import {FindingDialogService} from '@shared/modules/finding-dialog/service/finding-dialog.service';
import {FindingDialogComponent} from '@shared/modules/finding-dialog/finding-dialog.component';
+import {PentestStatus} from '@shared/models/pentest-status.model';
@UntilDestroy()
@Component({
@@ -20,6 +27,13 @@ import {FindingDialogComponent} from '@shared/modules/finding-dialog/finding-dia
})
export class PentestFindingsComponent implements OnInit {
+ constructor(private readonly pentestService: PentestService,
+ private dataSourceBuilder: NbTreeGridDataSourceBuilder,
+ private notificationService: NotificationService,
+ private findingDialogService: FindingDialogService) {
+ this.dataSource = dataSourceBuilder.create(this.data, this.getters);
+ }
+
@Input()
pentestInfo$: BehaviorSubject = new BehaviorSubject(null);
@@ -40,12 +54,8 @@ export class PentestFindingsComponent implements OnInit {
expandedGetter: (node: FindingEntry) => !!node.expanded,
};
- constructor(private readonly pentestService: PentestService,
- private dataSourceBuilder: NbTreeGridDataSourceBuilder,
- private notificationService: NotificationService,
- private findingDialogService: FindingDialogService) {
- this.dataSource = dataSourceBuilder.create(this.data, this.getters);
- }
+ // HTML only
+ notStartedStatus: PentestStatus = PentestStatus.NOT_STARTED;
ngOnInit(): void {
this.loadFindingsData();
@@ -87,7 +97,10 @@ export class PentestFindingsComponent implements OnInit {
filter(value => !!value),
tap((value) => console.warn('FindingDialogBody: ', value)),
mergeMap((value: FindingDialogBody) =>
- this.pentestService.saveFinding(this.pentestInfo$.getValue() ? this.pentestInfo$.getValue().id : '', value)
+ this.pentestService.saveFinding(
+ this.pentestInfo$.getValue() ? this.pentestInfo$.getValue().id : '',
+ transformFindingToRequestBody(value)
+ )
),
untilDestroyed(this)
).subscribe({
@@ -110,7 +123,6 @@ export class PentestFindingsComponent implements OnInit {
console.info('Coming soon..');
}
- // HTML only
isLoading(): Observable {
return this.loading$.asObservable();
}
diff --git a/security-c4po-angular/src/shared/models/finding.model.ts b/security-c4po-angular/src/shared/models/finding.model.ts
index 3f2beb6..f254dd3 100644
--- a/security-c4po-angular/src/shared/models/finding.model.ts
+++ b/security-c4po-angular/src/shared/models/finding.model.ts
@@ -1,5 +1,7 @@
import {v4 as UUID} from 'uuid';
import {Severity} from '@shared/models/severity.enum';
+import {Category} from '@shared/models/category.model';
+import {Pentest} from '@shared/models/pentest.model';
export class Finding {
id?: string;
@@ -56,6 +58,25 @@ export function transformFindingsToObjectiveEntries(findings: Finding[]): Findin
return findingEntries;
}
+export function transformFindingToRequestBody(finding: FindingDialogBody | Finding): Finding {
+ const transformedFinding = {
+ ...finding,
+ severity: typeof finding.severity === 'number' ? Severity[finding.severity] : finding.severity,
+ title: finding.title,
+ description: finding.description,
+ impact: finding.impact,
+ affectedUrls: finding.affectedUrls ? finding.affectedUrls : [],
+ reproduction: finding.reproduction,
+ mitigation: finding.mitigation,
+ /* Remove Table Entry Object Properties */
+ childEntries: undefined,
+ kind: undefined,
+ findings: undefined,
+ expanded: undefined,
+ } as unknown as Finding;
+ return transformedFinding;
+}
+
export interface FindingDialogBody {
title: string;
severity: Severity;
diff --git a/security-c4po-angular/src/shared/services/pentest.service.ts b/security-c4po-angular/src/shared/services/pentest.service.ts
index e42a519..b639b75 100644
--- a/security-c4po-angular/src/shared/services/pentest.service.ts
+++ b/security-c4po-angular/src/shared/services/pentest.service.ts
@@ -133,7 +133,8 @@ export class PentestService {
* @param pentestId the id of the pentest
* @param finding the information of the finding
*/
- public saveFinding(pentestId: string, finding: FindingDialogBody): Observable {
+ public saveFinding(pentestId: string, finding: Finding): Observable {
+ console.warn('Finding: ', finding);
return this.http.post(`${this.apiBaseURL}/${pentestId}/finding`, finding);
}
diff --git a/security-c4po-api/security-c4po-api.postman_collection.json b/security-c4po-api/security-c4po-api.postman_collection.json
index 3c2f2c0..e0f4490 100644
--- a/security-c4po-api/security-c4po-api.postman_collection.json
+++ b/security-c4po-api/security-c4po-api.postman_collection.json
@@ -258,6 +258,55 @@
{
"name": "pentests",
"item": [
+ {
+ "name": "Finding",
+ "item": [
+ {
+ "name": "saveFinding",
+ "request": {
+ "auth": {
+ "type": "bearer",
+ "bearer": [
+ {
+ "key": "token",
+ "value": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICItdG1lbEV0ZHhGTnRSMW9aNXlRdE5jaFFpX0RVN2VNeV9YcU44aXY0S3hzIn0.eyJleHAiOjE2Njg0MjU2MjgsImlhdCI6MTY2ODQyNTMyOCwianRpIjoiODQyMjE5ODgtMDhkNC00YTg1LWEwNTYtZjI0N2QxZThkNDg2IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4ODg4L2F1dGgvcmVhbG1zL2M0cG9fcmVhbG1fbG9jYWwiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiMTBlMDZkN2EtOGRkMC00ZWNkLTg5NjMtMDU2YjQ1MDc5YzRmIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYzRwb19sb2NhbCIsInNlc3Npb25fc3RhdGUiOiJjYmMxMTJiNy03MGRlLTRhNjctYWRmYS1lNTA0NGE1ZDNjZDQiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbIioiXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbImM0cG9fdXNlciIsIm9mZmxpbmVfYWNjZXNzIiwidW1hX2F1dGhvcml6YXRpb24iXX0sInJlc291cmNlX2FjY2VzcyI6eyJjNHBvX2xvY2FsIjp7InJvbGVzIjpbInVzZXIiXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoicHJvZmlsZSBlbWFpbCIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwibmFtZSI6InRlc3QgdXNlciIsInByZWZlcnJlZF91c2VybmFtZSI6InR0dCIsImdpdmVuX25hbWUiOiJ0ZXN0IiwiZmFtaWx5X25hbWUiOiJ1c2VyIn0.glSjoxDFWzA4ApXGLMMaurfzfm0z9QU2mo1ZmPsH24pNjdp4A5CgxOIGkU6SKeHaPfeHvdaxevAWrkFdNGTJn_XLmAcqitNIEsrbIv76LKkNN2KNSltm1cfPM1fJPOXy91egX0SB3WoHzylw7zZZTsDncAcJEa1OCf6UUpKmKxmaqQLLTS4CMN82PNxeZFNgripoH5WqlutPdYCBK8WCgNoDh1njCIwevY12yi0gzAFtAH0I5Eqa5QwWpMWzB_Zs4WlqzSiuJVI7aqTRfrmZHe_qjR9riLMvgVoobLB0stbRH5VnHom-MNuUIw6SKVA0I9DPQb4jpF7Q4vqz8UBOMQ",
+ "type": "string"
+ },
+ {
+ "key": "undefined",
+ "type": "any"
+ }
+ ]
+ },
+ "method": "POST",
+ "header": [],
+ "body": {
+ "mode": "raw",
+ "raw": "{\n \"title\": \"Test Title\",\n \"severity\": \"LOW\",\n \"description\": \"Test Description\",\n \"impact\": \"Test Impact\",\n \"affectedUrls\": [\n \"https://akveo.github.io/nebular/docs/components/progress-bar/examples#nbprogressbarcomponent\"\n ],\n \"reproduction\": \"Step 1: Test\",\n \"mitigation\": \"Test Mitigatin\"\n}",
+ "options": {
+ "raw": {
+ "language": "json"
+ }
+ }
+ },
+ "url": {
+ "raw": "http://localhost:8443/pentests/11601f51-bc17-47fd-847d-0c53df5405b5/finding",
+ "protocol": "http",
+ "host": [
+ "localhost"
+ ],
+ "port": "8443",
+ "path": [
+ "pentests",
+ "11601f51-bc17-47fd-847d-0c53df5405b5",
+ "finding"
+ ]
+ }
+ },
+ "response": []
+ }
+ ]
+ },
{
"name": "getPentestsByProjectIdAndCategory",
"request": {
diff --git a/security-c4po-api/src/main/kotlin/comment/Comment.kt b/security-c4po-api/src/main/kotlin/com/securityc4po/api/comment/Comment.kt
similarity index 89%
rename from security-c4po-api/src/main/kotlin/comment/Comment.kt
rename to security-c4po-api/src/main/kotlin/com/securityc4po/api/comment/Comment.kt
index d2d1a33..3775d71 100644
--- a/security-c4po-api/src/main/kotlin/comment/Comment.kt
+++ b/security-c4po-api/src/main/kotlin/com/securityc4po/api/comment/Comment.kt
@@ -1,4 +1,4 @@
-package comment
+package com.securityc4po.api.comment
import org.springframework.data.mongodb.core.index.Indexed
import java.util.*
diff --git a/security-c4po-api/src/main/kotlin/comment/CommentEntity.kt b/security-c4po-api/src/main/kotlin/com/securityc4po/api/comment/CommentEntity.kt
similarity index 91%
rename from security-c4po-api/src/main/kotlin/comment/CommentEntity.kt
rename to security-c4po-api/src/main/kotlin/com/securityc4po/api/comment/CommentEntity.kt
index 62c7e5f..cc7352c 100644
--- a/security-c4po-api/src/main/kotlin/comment/CommentEntity.kt
+++ b/security-c4po-api/src/main/kotlin/com/securityc4po/api/comment/CommentEntity.kt
@@ -1,4 +1,4 @@
-package comment
+package com.securityc4po.api.comment
import com.securityc4po.api.BaseEntity
import org.springframework.data.mongodb.core.mapping.Document
diff --git a/security-c4po-api/src/main/kotlin/com/securityc4po/api/configuration/error/handler/Errorcode.kt b/security-c4po-api/src/main/kotlin/com/securityc4po/api/configuration/error/handler/Errorcode.kt
index b1c0769..756d55c 100644
--- a/security-c4po-api/src/main/kotlin/com/securityc4po/api/configuration/error/handler/Errorcode.kt
+++ b/security-c4po-api/src/main/kotlin/com/securityc4po/api/configuration/error/handler/Errorcode.kt
@@ -17,6 +17,7 @@ enum class Errorcode(val code: Int) {
InvalidToken(3003),
TokenWithoutField(3004),
UserIdIsEmpty(3005),
+ FindingInvalid(3006),
// 4XXX Unauthorized
ProjectAdjustmentNotAuthorized(4000),
@@ -35,4 +36,5 @@ enum class Errorcode(val code: Int) {
ProjectInsertionFailed(6006),
PentestInsertionFailed(6007),
ProjectPentestInsertionFailed(6008),
+ FindingInsertionFailed(6009),
}
\ No newline at end of file
diff --git a/security-c4po-api/src/main/kotlin/com/securityc4po/api/finding/Finding.kt b/security-c4po-api/src/main/kotlin/com/securityc4po/api/finding/Finding.kt
new file mode 100644
index 0000000..b5efd11
--- /dev/null
+++ b/security-c4po-api/src/main/kotlin/com/securityc4po/api/finding/Finding.kt
@@ -0,0 +1,66 @@
+package com.securityc4po.api.finding
+
+import com.securityc4po.api.ResponseBody
+import org.springframework.data.mongodb.core.index.Indexed
+import java.util.*
+
+data class Finding (
+ @Indexed(background = true, unique = true)
+ val id: String = UUID.randomUUID().toString(),
+ val severity: Severity,
+ val title: String,
+ val description: String,
+ val impact: String,
+ val affectedUrls: List? = emptyList(),
+ val reproduction: String?,
+ val mitigation: String?
+)
+
+data class FindingRequestBody(
+ val severity: String,
+ val title: String,
+ val description: String,
+ val impact: String,
+ val affectedUrls: List? = emptyList(),
+ val reproduction: String?,
+ val mitigation: String?
+)
+
+fun Finding.toFindingResponseBody(): ResponseBody {
+ return mapOf(
+ "id" to id,
+ "title" to title,
+ "description" to description,
+ "impact" to impact,
+ "affectedUrls" to affectedUrls,
+ "reproduction" to reproduction,
+ "mitigation" to mitigation
+ )
+}
+
+/**
+ * Validates if a [FindingRequestBody] is valid
+ *
+ * @return Boolean describing if the body is valid
+ */
+fun FindingRequestBody.isValid(): Boolean {
+ return when {
+ this.title.isBlank() -> false
+ this.description.isBlank() -> false
+ this.impact.isBlank() -> false
+ else -> true
+ }
+}
+
+fun FindingRequestBody.toFinding(): Finding {
+ return Finding(
+ id = UUID.randomUUID().toString(),
+ severity = Severity.valueOf(this.severity),
+ title = this.title,
+ description = this.description,
+ impact = this.impact,
+ affectedUrls = this.affectedUrls,
+ reproduction = this.reproduction,
+ mitigation = this.mitigation
+ )
+}
diff --git a/security-c4po-api/src/main/kotlin/finding/FindingEntity.kt b/security-c4po-api/src/main/kotlin/com/securityc4po/api/finding/FindingEntity.kt
similarity index 89%
rename from security-c4po-api/src/main/kotlin/finding/FindingEntity.kt
rename to security-c4po-api/src/main/kotlin/com/securityc4po/api/finding/FindingEntity.kt
index 026dbba..93f2d79 100644
--- a/security-c4po-api/src/main/kotlin/finding/FindingEntity.kt
+++ b/security-c4po-api/src/main/kotlin/com/securityc4po/api/finding/FindingEntity.kt
@@ -1,4 +1,4 @@
-package finding
+package com.securityc4po.api.finding
import com.securityc4po.api.BaseEntity
import org.springframework.data.mongodb.core.mapping.Document
@@ -9,7 +9,7 @@ open class FindingEntity(
) : BaseEntity(data)
fun FindingEntity.toFinding(): Finding {
- return finding.Finding(
+ return Finding(
this.data.id,
this.data.severity,
this.data.title,
diff --git a/security-c4po-api/src/main/kotlin/com/securityc4po/api/finding/FindingRepository.kt b/security-c4po-api/src/main/kotlin/com/securityc4po/api/finding/FindingRepository.kt
new file mode 100644
index 0000000..d5dddf4
--- /dev/null
+++ b/security-c4po-api/src/main/kotlin/com/securityc4po/api/finding/FindingRepository.kt
@@ -0,0 +1,13 @@
+package com.securityc4po.api.finding
+
+import org.springframework.data.mongodb.repository.Query
+import org.springframework.data.mongodb.repository.ReactiveMongoRepository
+import org.springframework.stereotype.Repository
+import reactor.core.publisher.Mono
+
+@Repository
+interface FindingRepository : ReactiveMongoRepository {
+
+ @Query("{'data._id' : ?0}")
+ fun findFindingById(id: String): Mono
+}
diff --git a/security-c4po-api/src/main/kotlin/com/securityc4po/api/finding/FindingService.kt b/security-c4po-api/src/main/kotlin/com/securityc4po/api/finding/FindingService.kt
new file mode 100644
index 0000000..c496b7d
--- /dev/null
+++ b/security-c4po-api/src/main/kotlin/com/securityc4po/api/finding/FindingService.kt
@@ -0,0 +1,58 @@
+package com.securityc4po.api.finding
+
+import com.securityc4po.api.configuration.BC_BAD_CAST_TO_ABSTRACT_COLLECTION
+import com.securityc4po.api.configuration.MESSAGE_BAD_CAST_TO_ABSTRACT_COLLECTION
+import com.securityc4po.api.configuration.error.handler.*
+import com.securityc4po.api.configuration.error.handler.InvalidModelException
+import com.securityc4po.api.configuration.error.handler.TransactionInterruptedException
+import com.securityc4po.api.extensions.getLoggerFor
+import com.securityc4po.api.pentest.PentestService
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings
+import org.springframework.stereotype.Service
+import reactor.core.publisher.Mono
+
+@Service
+@SuppressFBWarnings(BC_BAD_CAST_TO_ABSTRACT_COLLECTION, MESSAGE_BAD_CAST_TO_ABSTRACT_COLLECTION)
+class FindingService(private val findingRepository: FindingRepository, private val pentestService: PentestService) {
+
+ var logger = getLoggerFor()
+
+ /**
+ * Save [Finding]
+ *
+ * @throws [InvalidModelException] if the [Finding] is invalid
+ * @throws [TransactionInterruptedException] if the [Finding] could not be stored
+ * @return saved [Finding]
+ */
+ fun saveFinding(pentestId: String, body: FindingRequestBody): Mono {
+ validate(
+ require = body.isValid(),
+ logging = { logger.warn("Finding not valid.") },
+ mappedException = InvalidModelException(
+ "Finding not valid.", Errorcode.FindingInvalid
+ )
+ )
+ val finding = body.toFinding()
+ val findingEntity = FindingEntity(finding)
+ return findingRepository.insert(findingEntity).flatMap { newFindingEntity: FindingEntity ->
+ val finding = newFindingEntity.toFinding()
+ // After successfully saving finding add id to pentest
+ pentestService.updatePentestFinding(pentestId, finding.id).onErrorMap {
+ TransactionInterruptedException(
+ "Pentest could not be updated in Database.",
+ Errorcode.PentestInsertionFailed
+ )
+ }.map {
+ finding
+ }
+ }.doOnError {
+ throw wrappedException(
+ logging = { logger.warn("Finding could not be stored in Database. Thrown exception: ", it) },
+ mappedException = TransactionInterruptedException(
+ "Finding could not be stored.",
+ Errorcode.FindingInsertionFailed
+ )
+ )
+ }
+ }
+}
\ No newline at end of file
diff --git a/security-c4po-api/src/main/kotlin/finding/Severity.kt b/security-c4po-api/src/main/kotlin/com/securityc4po/api/finding/Severity.kt
similarity index 65%
rename from security-c4po-api/src/main/kotlin/finding/Severity.kt
rename to security-c4po-api/src/main/kotlin/com/securityc4po/api/finding/Severity.kt
index 56c5cdb..bd93d30 100644
--- a/security-c4po-api/src/main/kotlin/finding/Severity.kt
+++ b/security-c4po-api/src/main/kotlin/com/securityc4po/api/finding/Severity.kt
@@ -1,4 +1,4 @@
-package finding
+package com.securityc4po.api.finding
enum class Severity {
LOW,
diff --git a/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/Pentest.kt b/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/Pentest.kt
index 2f66019..e5f009a 100644
--- a/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/Pentest.kt
+++ b/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/Pentest.kt
@@ -11,7 +11,7 @@ data class Pentest(
val category: PentestCategory,
val refNumber: String,
val status: PentestStatus,
- val findingIds: List = emptyList(),
+ var findingIds: List = emptyList(),
val commentIds: List = emptyList()
)
@@ -27,6 +27,18 @@ fun buildPentest(body: PentestRequestBody, pentestEntity: PentestEntity): Pentes
)
}
+/*fun addFindingtoPentest(findingId: String, pentestEntity: PentestEntity): Pentest {
+ return Pentest(
+ id = pentestEntity.data.id,
+ projectId = pentestEntity.data.projectId,
+ category = pentestEntity.data.category,
+ refNumber = pentestEntity.data.refNumber,
+ status = pentestEntity.data.status,
+ findingIds = pentestEntity.data.findingIds,
+ commentIds = pentestEntity.data.commentIds
+ )
+}*/
+
fun Pentest.toPentestResponseBody(): ResponseBody {
return mapOf(
"id" to id,
diff --git a/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/PentestController.kt b/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/PentestController.kt
index a06f2e7..50a2123 100644
--- a/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/PentestController.kt
+++ b/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/PentestController.kt
@@ -4,6 +4,9 @@ import com.securityc4po.api.configuration.BC_BAD_CAST_TO_ABSTRACT_COLLECTION
import com.securityc4po.api.extensions.getLoggerFor
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings
import com.securityc4po.api.ResponseBody
+import com.securityc4po.api.finding.FindingRequestBody
+import com.securityc4po.api.finding.FindingService
+import com.securityc4po.api.finding.toFindingResponseBody
import org.springframework.http.ResponseEntity
import org.springframework.http.ResponseEntity.noContent
import org.springframework.web.bind.annotation.*
@@ -17,9 +20,8 @@ import reactor.core.publisher.Mono
allowedHeaders = ["*"],
methods = [RequestMethod.GET, RequestMethod.DELETE, RequestMethod.POST, RequestMethod.PATCH]
)
-
@SuppressFBWarnings(BC_BAD_CAST_TO_ABSTRACT_COLLECTION)
-class PentestController(private val pentestService: PentestService) {
+class PentestController(private val pentestService: PentestService, private val findingService: FindingService) {
var logger = getLoggerFor()
@@ -69,4 +71,15 @@ class PentestController(private val pentestService: PentestService) {
ResponseEntity.accepted().body(it.toPentestResponseBody())
}
}
+
+ // ToDo: Add Documentation & Tests
+ @PostMapping("/{pentestId}/finding")
+ fun saveFinidng(
+ @PathVariable(value = "pentestId") pentestId: String,
+ @RequestBody body: FindingRequestBody
+ ): Mono> {
+ return this.findingService.saveFinding(pentestId, body).map {
+ ResponseEntity.accepted().body(it.toFindingResponseBody())
+ }
+ }
}
diff --git a/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/PentestService.kt b/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/PentestService.kt
index 203d2d1..693f2a5 100644
--- a/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/PentestService.kt
+++ b/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/PentestService.kt
@@ -115,6 +115,37 @@ class PentestService(private val pentestRepository: PentestRepository, private v
)
}
}
+ }
+ /**
+ * Update [Pentest] for Finding
+ *
+ * @throws [InvalidModelException] if the [Pentest] is invalid
+ * @throws [TransactionInterruptedException] if the [Pentest] could not be updated
+ * @return updated [Pentest]
+ */
+ fun updatePentestFinding(pentestId: String, findingId: String): Mono {
+ return pentestRepository.findPentestById(pentestId).switchIfEmpty {
+ logger.warn("Pentest with id $pentestId not found. Updating not possible.")
+ val msg = "Pentest with id $pentestId not found."
+ val ex = EntityNotFoundException(msg, Errorcode.PentestNotFound)
+ throw ex
+ }.flatMap { currentPentestEntity: PentestEntity ->
+ if (currentPentestEntity.data.findingIds.find { pentestData -> pentestData == findingId } == null) {
+ currentPentestEntity.data.findingIds += findingId
+ }
+ currentPentestEntity.lastModified = Instant.now()
+ this.pentestRepository.save(currentPentestEntity).map {
+ it.toPentest()
+ }.doOnError {
+ throw wrappedException(
+ logging = { logger.warn("Pentest could not be updated in Database. Thrown exception: ", it) },
+ mappedException = TransactionInterruptedException(
+ "Pentest could not be updated.",
+ Errorcode.PentestInsertionFailed
+ )
+ )
+ }
+ }
}
}
\ No newline at end of file
diff --git a/security-c4po-api/src/main/kotlin/com/securityc4po/api/project/ProjectController.kt b/security-c4po-api/src/main/kotlin/com/securityc4po/api/project/ProjectController.kt
index c2a86f5..b0193f2 100644
--- a/security-c4po-api/src/main/kotlin/com/securityc4po/api/project/ProjectController.kt
+++ b/security-c4po-api/src/main/kotlin/com/securityc4po/api/project/ProjectController.kt
@@ -17,7 +17,6 @@ import reactor.kotlin.core.publisher.switchIfEmpty
allowedHeaders = ["*"],
methods = [RequestMethod.GET, RequestMethod.DELETE, RequestMethod.POST, RequestMethod.PATCH]
)
-
@SuppressFBWarnings(BC_BAD_CAST_TO_ABSTRACT_COLLECTION)
class ProjectController(private val projectService: ProjectService) {
diff --git a/security-c4po-api/src/main/kotlin/com/securityc4po/api/project/ProjectService.kt b/security-c4po-api/src/main/kotlin/com/securityc4po/api/project/ProjectService.kt
index 838cf57..c812bdd 100644
--- a/security-c4po-api/src/main/kotlin/com/securityc4po/api/project/ProjectService.kt
+++ b/security-c4po-api/src/main/kotlin/com/securityc4po/api/project/ProjectService.kt
@@ -141,7 +141,7 @@ class ProjectService(private val projectRepository: ProjectRepository) {
throw ex
}.flatMap {projectEntity: ProjectEntity ->
val currentProjectPentestStatus = projectEntity.data.projectPentests.find { projectPentestData -> projectPentestData.pentestId == projectPentest.pentestId }
- if (currentProjectPentestStatus !== null) {
+ if (currentProjectPentestStatus != null) {
projectEntity.data.projectPentests.find { data -> data.pentestId == projectPentest.pentestId }!!.status = projectPentest.status
} else {
projectEntity.data.projectPentests += projectPentest
diff --git a/security-c4po-api/src/main/kotlin/finding/Finding.kt b/security-c4po-api/src/main/kotlin/finding/Finding.kt
deleted file mode 100644
index 480676d..0000000
--- a/security-c4po-api/src/main/kotlin/finding/Finding.kt
+++ /dev/null
@@ -1,16 +0,0 @@
-package finding
-
-import org.springframework.data.mongodb.core.index.Indexed
-import java.util.*
-
-data class Finding (
- @Indexed(background = true, unique = true)
- val id: String = UUID.randomUUID().toString(),
- val severity: Severity,
- val title: String,
- val description: String,
- val impact: String,
- val affectedUrls: List? = emptyList(),
- val reproduction: String,
- val mitigation: String
-)
diff --git a/security-c4po-api/src/test/resources/collections/findings.json b/security-c4po-api/src/test/resources/collections/findings.json
new file mode 100644
index 0000000..3ea22c1
--- /dev/null
+++ b/security-c4po-api/src/test/resources/collections/findings.json
@@ -0,0 +1,23 @@
+[{
+ "_id": {
+ "$oid": "6372223efea5724fd22bae8a"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668424254533"
+ }
+ },
+ "data": {
+ "_id": "ef31449d-71ec-4736-952f-8b20e53117d5",
+ "severity": "LOW",
+ "title": "Test Title",
+ "description": "Test Description",
+ "impact": "Test Impact",
+ "affectedUrls": [
+ "https://akveo.github.io/nebular/docs/components/progress-bar/examples#nbprogressbarcomponent"
+ ],
+ "reproduction": "Step 1: Test",
+ "mitigation": "Test Mitigatin"
+ },
+ "_class": "com.securityc4po.api.finding.FindingEntity"
+}]
\ No newline at end of file
diff --git a/security-c4po-api/src/test/resources/collections/pentests.json b/security-c4po-api/src/test/resources/collections/pentests.json
index a23ba31..f28ee18 100644
--- a/security-c4po-api/src/test/resources/collections/pentests.json
+++ b/security-c4po-api/src/test/resources/collections/pentests.json
@@ -4,7 +4,7 @@
},
"lastModified": {
"$date": {
- "$numberLong": "1668176064712"
+ "$numberLong": "1668425376074"
}
},
"data": {
@@ -13,6 +13,1376 @@
"category": "INFORMATION_GATHERING",
"refNumber": "OTG-INFO-001",
"status": "IN_PROGRESS",
+ "findingIds": [
+ "ef31449d-71ec-4736-952f-8b20e53117d5"
+ ],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e639bbdb9b37f0d3af555"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668178843243"
+ }
+ },
+ "data": {
+ "_id": "9a073a08-e4fc-4450-8202-c902455b66ec",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "INFORMATION_GATHERING",
+ "refNumber": "OTG-INFO-002",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e63a2bdb9b37f0d3af556"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668178941306"
+ }
+ },
+ "data": {
+ "_id": "981c5e24-7276-47f8-a821-ff5976292ad4",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "INFORMATION_GATHERING",
+ "refNumber": "OTG-INFO-003",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e63a7bdb9b37f0d3af557"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668178946594"
+ }
+ },
+ "data": {
+ "_id": "2d46a183-8f11-4fbc-bbf1-e439f7282bb9",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "INFORMATION_GATHERING",
+ "refNumber": "OTG-INFO-004",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e63adbdb9b37f0d3af558"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668178861651"
+ }
+ },
+ "data": {
+ "_id": "eb4f80f3-caac-4fef-a5dd-53616701f171",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "INFORMATION_GATHERING",
+ "refNumber": "OTG-INFO-005",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e63b7bdb9b37f0d3af559"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668178871977"
+ }
+ },
+ "data": {
+ "_id": "0ab8de31-9d5e-4b6b-a43c-12207c160863",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "INFORMATION_GATHERING",
+ "refNumber": "OTG-INFO-006",
+ "status": "IN_PROGRESS",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e63bdbdb9b37f0d3af55a"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668178877665"
+ }
+ },
+ "data": {
+ "_id": "3ed9e894-58e8-46b9-9859-cde675fec17c",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "INFORMATION_GATHERING",
+ "refNumber": "OTG-INFO-007",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e63c3bdb9b37f0d3af55b"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668178883336"
+ }
+ },
+ "data": {
+ "_id": "53fdab75-ea52-4cea-85ed-df8b67f41b72",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "INFORMATION_GATHERING",
+ "refNumber": "OTG-INFO-008",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e63c9bdb9b37f0d3af55c"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668178889776"
+ }
+ },
+ "data": {
+ "_id": "6270d4bc-5f39-4358-ad0a-fd5791191f28",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "INFORMATION_GATHERING",
+ "refNumber": "OTG-INFO-009",
+ "status": "IN_PROGRESS",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e63d4bdb9b37f0d3af55d"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668178900151"
+ }
+ },
+ "data": {
+ "_id": "1a90f468-470a-4b1e-9783-cc761b1770ee",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "INFORMATION_GATHERING",
+ "refNumber": "OTG-INFO-010",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e640ebdb9b37f0d3af55e"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668178958199"
+ }
+ },
+ "data": {
+ "_id": "6eb37869-baef-4a5b-9ac0-bf202a49874f",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "CONFIGURATION_AND_DEPLOY_MANAGEMENT_TESTING",
+ "refNumber": "OTG-CONFIG-001",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6415bdb9b37f0d3af55f"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668178965575"
+ }
+ },
+ "data": {
+ "_id": "da89c933-1413-4186-ad2c-f1967cb8dbb4",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "CONFIGURATION_AND_DEPLOY_MANAGEMENT_TESTING",
+ "refNumber": "OTG-CONFIG-002",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6426bdb9b37f0d3af560"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668178982255"
+ }
+ },
+ "data": {
+ "_id": "b3682591-f6c3-4969-bf15-69f4d495ef18",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "CONFIGURATION_AND_DEPLOY_MANAGEMENT_TESTING",
+ "refNumber": "OTG-CONFIG-003",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e642ebdb9b37f0d3af561"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668178990109"
+ }
+ },
+ "data": {
+ "_id": "9e8e2736-afc9-4f63-b29f-567f9f316c83",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "CONFIGURATION_AND_DEPLOY_MANAGEMENT_TESTING",
+ "refNumber": "OTG-CONFIG-004",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6442bdb9b37f0d3af562"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179010411"
+ }
+ },
+ "data": {
+ "_id": "3405bdd6-1ae2-4876-9c18-443a791cec9c",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "CONFIGURATION_AND_DEPLOY_MANAGEMENT_TESTING",
+ "refNumber": "OTG-CONFIG-005",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6449bdb9b37f0d3af563"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179017917"
+ }
+ },
+ "data": {
+ "_id": "2fd387b3-b7a5-4297-9790-5d7845214c05",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "CONFIGURATION_AND_DEPLOY_MANAGEMENT_TESTING",
+ "refNumber": "OTG-CONFIG-006",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6450bdb9b37f0d3af564"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179024805"
+ }
+ },
+ "data": {
+ "_id": "a61116c5-1859-4df3-8252-7788c31472d8",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "CONFIGURATION_AND_DEPLOY_MANAGEMENT_TESTING",
+ "refNumber": "OTG-CONFIG-007",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6457bdb9b37f0d3af565"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179031579"
+ }
+ },
+ "data": {
+ "_id": "47d8b39d-9fa7-4772-8605-84aa0531f49e",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "CONFIGURATION_AND_DEPLOY_MANAGEMENT_TESTING",
+ "refNumber": "OTG-CONFIG-008",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6460bdb9b37f0d3af566"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179040002"
+ }
+ },
+ "data": {
+ "_id": "bd2b8899-0cd9-41fd-a975-257aac48b81f",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "IDENTITY_MANAGEMENT_TESTING",
+ "refNumber": "OTG-IDENT-001",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6466bdb9b37f0d3af567"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179046875"
+ }
+ },
+ "data": {
+ "_id": "b9bde632-c275-4566-b693-c57a3dad47f3",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "IDENTITY_MANAGEMENT_TESTING",
+ "refNumber": "OTG-IDENT-002",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e646cbdb9b37f0d3af568"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179052429"
+ }
+ },
+ "data": {
+ "_id": "32cc5c4e-7234-42b7-8031-c2e231bc0404",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "IDENTITY_MANAGEMENT_TESTING",
+ "refNumber": "OTG-IDENT-003",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6473bdb9b37f0d3af569"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179059886"
+ }
+ },
+ "data": {
+ "_id": "07e34e95-7dda-499a-8be8-0e8378f0e0d0",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "IDENTITY_MANAGEMENT_TESTING",
+ "refNumber": "OTG-IDENT-004",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e647cbdb9b37f0d3af56a"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179068377"
+ }
+ },
+ "data": {
+ "_id": "b70f6720-ee17-49d6-8838-bd776cd18d0a",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "IDENTITY_MANAGEMENT_TESTING",
+ "refNumber": "OTG-IDENT-005",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6483bdb9b37f0d3af56b"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179075515"
+ }
+ },
+ "data": {
+ "_id": "9fb260ea-333f-44c6-884b-e46352564e2a",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "IDENTITY_MANAGEMENT_TESTING",
+ "refNumber": "OTG-IDENT-006",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6488bdb9b37f0d3af56c"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179080954"
+ }
+ },
+ "data": {
+ "_id": "87f492f7-991b-4e04-9531-5dba0bc34b1b",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "IDENTITY_MANAGEMENT_TESTING",
+ "refNumber": "OTG-IDENT-007",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6498bdb9b37f0d3af56d"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179096383"
+ }
+ },
+ "data": {
+ "_id": "6d846445-d470-447a-96b3-8f4b57df3221",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "AUTHENTICATION_TESTING",
+ "refNumber": "OTG-AUTHN-001",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e649fbdb9b37f0d3af56e"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179103105"
+ }
+ },
+ "data": {
+ "_id": "123c43ae-6870-4883-a1c5-2f99946e2c2d",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "AUTHENTICATION_TESTING",
+ "refNumber": "OTG-AUTHN-002",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e64a6bdb9b37f0d3af56f"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179110330"
+ }
+ },
+ "data": {
+ "_id": "8be5b377-3eb0-4b54-81d2-8cfd5ea1f0f1",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "AUTHENTICATION_TESTING",
+ "refNumber": "OTG-AUTHN-003",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e64adbdb9b37f0d3af570"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179117771"
+ }
+ },
+ "data": {
+ "_id": "6b1d2b71-9e31-4e78-a82e-5325c699658c",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "AUTHENTICATION_TESTING",
+ "refNumber": "OTG-AUTHN-004",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e64b4bdb9b37f0d3af571"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179124589"
+ }
+ },
+ "data": {
+ "_id": "77e765ef-40fb-4b6e-9d80-1e06cae7d4a3",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "AUTHENTICATION_TESTING",
+ "refNumber": "OTG-AUTHN-005",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e64bbbdb9b37f0d3af572"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179131112"
+ }
+ },
+ "data": {
+ "_id": "5821cd2c-aa17-4339-b697-1b4089d3bf93",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "AUTHENTICATION_TESTING",
+ "refNumber": "OTG-AUTHN-006",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e64c1bdb9b37f0d3af573"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179137968"
+ }
+ },
+ "data": {
+ "_id": "bb57b94f-c8bc-4dd9-b4bf-e14d0a97cc31",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "AUTHENTICATION_TESTING",
+ "refNumber": "OTG-AUTHN-007",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e64ffbdb9b37f0d3af574"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179199803"
+ }
+ },
+ "data": {
+ "_id": "a5e3aaba-268e-4a40-92f9-05c0dae4cc0f",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "AUTHENTICATION_TESTING",
+ "refNumber": "OTG-AUTHN-008",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6506bdb9b37f0d3af575"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179206308"
+ }
+ },
+ "data": {
+ "_id": "18ed1ddb-524a-4333-af90-7716bd51dc7b",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "AUTHENTICATION_TESTING",
+ "refNumber": "OTG-AUTHN-009",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e650dbdb9b37f0d3af576"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179213729"
+ }
+ },
+ "data": {
+ "_id": "c2d19d1e-39e5-4862-82c9-d88c5d91f630",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "AUTHENTICATION_TESTING",
+ "refNumber": "OTG-AUTHN-010",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6516bdb9b37f0d3af577"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179222180"
+ }
+ },
+ "data": {
+ "_id": "728e294f-e27d-4bef-903b-d9eeb54cf086",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "AUTHORIZATION_TESTING",
+ "refNumber": "OTG-AUTHZ-001",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e651dbdb9b37f0d3af578"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179229426"
+ }
+ },
+ "data": {
+ "_id": "91cd7aee-acda-4c95-ba35-16932448f29f",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "AUTHORIZATION_TESTING",
+ "refNumber": "OTG-AUTHZ-002",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6523bdb9b37f0d3af579"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179235938"
+ }
+ },
+ "data": {
+ "_id": "e496d9ba-7775-479e-8904-864c04fec3f9",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "AUTHORIZATION_TESTING",
+ "refNumber": "OTG-AUTHZ-003",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e652dbdb9b37f0d3af57a"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179245161"
+ }
+ },
+ "data": {
+ "_id": "ee87e923-63d7-40bc-b41e-049fe087e1dd",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "AUTHORIZATION_TESTING",
+ "refNumber": "OTG-AUTHZ-004",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6535bdb9b37f0d3af57b"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179253834"
+ }
+ },
+ "data": {
+ "_id": "cbe94eaf-c734-4d6f-96ec-7d84a4a5b5cc",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "ERROR_HANDLING",
+ "refNumber": "OTG-ERR-001",
+ "status": "IN_PROGRESS",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e653cbdb9b37f0d3af57c"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179260191"
+ }
+ },
+ "data": {
+ "_id": "c9ecfc9f-23f1-4744-a578-54b0c96a9e87",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "ERROR_HANDLING",
+ "refNumber": "OTG-ERR-002",
+ "status": "IN_PROGRESS",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e654abdb9b37f0d3af57d"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179274702"
+ }
+ },
+ "data": {
+ "_id": "ca0c10a1-8fcc-4b0b-98c0-2403709d7e50",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "CRYPTOGRAPHY",
+ "refNumber": "OTG-CRYPST-001",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6553bdb9b37f0d3af57e"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179283792"
+ }
+ },
+ "data": {
+ "_id": "bce6f266-2c70-4e45-a1db-d767e4bcc1f8",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "CRYPTOGRAPHY",
+ "refNumber": "OTG-CRYPST-002",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e655cbdb9b37f0d3af57f"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179292285"
+ }
+ },
+ "data": {
+ "_id": "be0b07a3-64e4-4122-a362-dd657b8b6b0a",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "CRYPTOGRAPHY",
+ "refNumber": "OTG-CRYPST-003",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e65a4bdb9b37f0d3af580"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179364144"
+ }
+ },
+ "data": {
+ "_id": "8f2230fb-bd5c-4047-9db6-74bc49be9cc1",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "SESSION_MANAGEMENT_TESTING",
+ "refNumber": "OTG-SESS-001",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e65aebdb9b37f0d3af581"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179374819"
+ }
+ },
+ "data": {
+ "_id": "a1b00a90-cb14-475f-ba3a-5807a21df704",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "SESSION_MANAGEMENT_TESTING",
+ "refNumber": "OTG-SESS-002",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e65b6bdb9b37f0d3af582"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179382943"
+ }
+ },
+ "data": {
+ "_id": "af2e7766-ecd1-4015-b4e1-c0b978643a0f",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "SESSION_MANAGEMENT_TESTING",
+ "refNumber": "OTG-SESS-003",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e65bdbdb9b37f0d3af583"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179389780"
+ }
+ },
+ "data": {
+ "_id": "27b64044-b3ff-48bf-9220-837b420f3904",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "SESSION_MANAGEMENT_TESTING",
+ "refNumber": "OTG-SESS-004",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e65c6bdb9b37f0d3af584"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179398654"
+ }
+ },
+ "data": {
+ "_id": "b5eb1683-700a-4522-8b53-45809e665643",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "SESSION_MANAGEMENT_TESTING",
+ "refNumber": "OTG-SESS-005",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e65cebdb9b37f0d3af585"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179406544"
+ }
+ },
+ "data": {
+ "_id": "86b4d382-e433-4bac-ab6e-530a0dce299d",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "SESSION_MANAGEMENT_TESTING",
+ "refNumber": "OTG-SESS-006",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e65d5bdb9b37f0d3af586"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179413084"
+ }
+ },
+ "data": {
+ "_id": "7a118a29-f983-4219-834c-f01554231910",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "SESSION_MANAGEMENT_TESTING",
+ "refNumber": "OTG-SESS-008",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e65dcbdb9b37f0d3af587"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179420257"
+ }
+ },
+ "data": {
+ "_id": "ac9bc697-a53f-4278-98b9-05d8ba19a50d",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "SESSION_MANAGEMENT_TESTING",
+ "refNumber": "OTG-SESS-007",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e65f8bdb9b37f0d3af588"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179448366"
+ }
+ },
+ "data": {
+ "_id": "13cecebb-321a-4ef8-8116-f6814652f7d7",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "BUSINESS_LOGIC_TESTING",
+ "refNumber": "OTG-BUSLOGIC-001",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e65ffbdb9b37f0d3af589"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179455503"
+ }
+ },
+ "data": {
+ "_id": "048287bc-c41b-49a1-aeb5-2cc98a5bad06",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "BUSINESS_LOGIC_TESTING",
+ "refNumber": "OTG-BUSLOGIC-002",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6607bdb9b37f0d3af58a"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179463076"
+ }
+ },
+ "data": {
+ "_id": "4d1b424e-05ea-468c-9902-3626a79ccfe6",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "BUSINESS_LOGIC_TESTING",
+ "refNumber": "OTG-BUSLOGIC-003",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e660dbdb9b37f0d3af58b"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179469430"
+ }
+ },
+ "data": {
+ "_id": "377d73b8-f8da-461e-909b-524a38a37ed6",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "BUSINESS_LOGIC_TESTING",
+ "refNumber": "OTG-BUSLOGIC-004",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6614bdb9b37f0d3af58c"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179476171"
+ }
+ },
+ "data": {
+ "_id": "16e10ad9-f49d-4a74-9de7-10a49e2401e2",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "BUSINESS_LOGIC_TESTING",
+ "refNumber": "OTG-BUSLOGIC-005",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e661abdb9b37f0d3af58d"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179482341"
+ }
+ },
+ "data": {
+ "_id": "4c68c22e-6073-4ec8-aebb-45ad2a3cc848",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "BUSINESS_LOGIC_TESTING",
+ "refNumber": "OTG-BUSLOGIC-006",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6620bdb9b37f0d3af58e"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179488076"
+ }
+ },
+ "data": {
+ "_id": "276e5823-b517-445c-b182-e6eda6478d44",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "BUSINESS_LOGIC_TESTING",
+ "refNumber": "OTG-BUSLOGIC-007",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6627bdb9b37f0d3af58f"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179495688"
+ }
+ },
+ "data": {
+ "_id": "84c661c0-2775-440a-97c5-ff35f345cabb",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "BUSINESS_LOGIC_TESTING",
+ "refNumber": "OTG-BUSLOGIC-008",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e662fbdb9b37f0d3af590"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179503929"
+ }
+ },
+ "data": {
+ "_id": "fb6d909c-8d16-48e3-b0e5-aba9bf3e8eae",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "BUSINESS_LOGIC_TESTING",
+ "refNumber": "OTG-BUSLOGIC-009",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e663bbdb9b37f0d3af591"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179515506"
+ }
+ },
+ "data": {
+ "_id": "0b211e22-dd63-46cc-a12f-be7ac73d7a64",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "CLIENT_SIDE_TESTING",
+ "refNumber": "OTG-CLIENT-001",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6642bdb9b37f0d3af592"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179522792"
+ }
+ },
+ "data": {
+ "_id": "63310549-e2a8-4dd0-a91a-9cfa06e2dc41",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "CLIENT_SIDE_TESTING",
+ "refNumber": "OTG-CLIENT-002",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6648bdb9b37f0d3af593"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179528747"
+ }
+ },
+ "data": {
+ "_id": "ac8d52d0-f0c8-47ec-ab13-24f40dc4f9e6",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "CLIENT_SIDE_TESTING",
+ "refNumber": "OTG-CLIENT-003",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6650bdb9b37f0d3af594"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179536604"
+ }
+ },
+ "data": {
+ "_id": "3ddc4950-f662-4ec1-9a04-b9c3591d8b06",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "CLIENT_SIDE_TESTING",
+ "refNumber": "OTG-CLIENT-004",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6659bdb9b37f0d3af595"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179545861"
+ }
+ },
+ "data": {
+ "_id": "4c11d176-2ec5-4ed9-9c8a-c1edd33b262c",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "CLIENT_SIDE_TESTING",
+ "refNumber": "OTG-CLIENT-005",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6661bdb9b37f0d3af596"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179553554"
+ }
+ },
+ "data": {
+ "_id": "b9a6f4ba-62e6-442b-a274-b3ffe209d248",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "CLIENT_SIDE_TESTING",
+ "refNumber": "OTG-CLIENT-006",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6669bdb9b37f0d3af597"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179561643"
+ }
+ },
+ "data": {
+ "_id": "705e28a2-b0a4-4b8c-9922-10c5c67faf65",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "CLIENT_SIDE_TESTING",
+ "refNumber": "OTG-CLIENT-007",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6673bdb9b37f0d3af598"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179571067"
+ }
+ },
+ "data": {
+ "_id": "4c59259d-4a24-43ef-8738-fe214e0b0673",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "CLIENT_SIDE_TESTING",
+ "refNumber": "OTG-CLIENT-008",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e667fbdb9b37f0d3af599"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179583895"
+ }
+ },
+ "data": {
+ "_id": "a7ab3344-db7d-495a-8e55-dd572ea7c5e0",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "CLIENT_SIDE_TESTING",
+ "refNumber": "OTG-CLIENT-009",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6688bdb9b37f0d3af59a"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179592485"
+ }
+ },
+ "data": {
+ "_id": "195e7f58-a7b2-4571-9c66-1e91a0dfca28",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "CLIENT_SIDE_TESTING",
+ "refNumber": "OTG-CLIENT-010",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6690bdb9b37f0d3af59b"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179600108"
+ }
+ },
+ "data": {
+ "_id": "543a9768-4e5c-4c70-9aae-977afa542afa",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "CLIENT_SIDE_TESTING",
+ "refNumber": "OTG-CLIENT-011",
+ "status": "OPEN",
+ "findingIds": [],
+ "commentIds": []
+ },
+ "_class": "com.securityc4po.api.pentest.PentestEntity"
+},{
+ "_id": {
+ "$oid": "636e6697bdb9b37f0d3af59c"
+ },
+ "lastModified": {
+ "$date": {
+ "$numberLong": "1668179607381"
+ }
+ },
+ "data": {
+ "_id": "a17516de-e92a-43b9-a415-203dce48fb0e",
+ "projectId": "5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
+ "category": "CLIENT_SIDE_TESTING",
+ "refNumber": "OTG-CLIENT-012",
+ "status": "OPEN",
"findingIds": [],
"commentIds": []
},
diff --git a/security-c4po-api/src/test/resources/collections/projects.json b/security-c4po-api/src/test/resources/collections/projects.json
index f82c12a..0b01a1e 100644
--- a/security-c4po-api/src/test/resources/collections/projects.json
+++ b/security-c4po-api/src/test/resources/collections/projects.json
@@ -4,7 +4,7 @@
},
"lastModified": {
"$date": {
- "$numberLong": "1668176064717"
+ "$numberLong": "1668425376081"
}
},
"data": {
@@ -17,6 +17,294 @@
{
"pentestId": "11601f51-bc17-47fd-847d-0c53df5405b5",
"status": "IN_PROGRESS"
+ },
+ {
+ "pentestId": "9a073a08-e4fc-4450-8202-c902455b66ec",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "981c5e24-7276-47f8-a821-ff5976292ad4",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "2d46a183-8f11-4fbc-bbf1-e439f7282bb9",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "eb4f80f3-caac-4fef-a5dd-53616701f171",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "0ab8de31-9d5e-4b6b-a43c-12207c160863",
+ "status": "IN_PROGRESS"
+ },
+ {
+ "pentestId": "3ed9e894-58e8-46b9-9859-cde675fec17c",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "53fdab75-ea52-4cea-85ed-df8b67f41b72",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "6270d4bc-5f39-4358-ad0a-fd5791191f28",
+ "status": "IN_PROGRESS"
+ },
+ {
+ "pentestId": "1a90f468-470a-4b1e-9783-cc761b1770ee",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "6eb37869-baef-4a5b-9ac0-bf202a49874f",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "da89c933-1413-4186-ad2c-f1967cb8dbb4",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "b3682591-f6c3-4969-bf15-69f4d495ef18",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "9e8e2736-afc9-4f63-b29f-567f9f316c83",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "3405bdd6-1ae2-4876-9c18-443a791cec9c",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "2fd387b3-b7a5-4297-9790-5d7845214c05",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "a61116c5-1859-4df3-8252-7788c31472d8",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "47d8b39d-9fa7-4772-8605-84aa0531f49e",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "bd2b8899-0cd9-41fd-a975-257aac48b81f",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "b9bde632-c275-4566-b693-c57a3dad47f3",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "32cc5c4e-7234-42b7-8031-c2e231bc0404",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "07e34e95-7dda-499a-8be8-0e8378f0e0d0",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "b70f6720-ee17-49d6-8838-bd776cd18d0a",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "9fb260ea-333f-44c6-884b-e46352564e2a",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "87f492f7-991b-4e04-9531-5dba0bc34b1b",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "6d846445-d470-447a-96b3-8f4b57df3221",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "123c43ae-6870-4883-a1c5-2f99946e2c2d",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "8be5b377-3eb0-4b54-81d2-8cfd5ea1f0f1",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "6b1d2b71-9e31-4e78-a82e-5325c699658c",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "77e765ef-40fb-4b6e-9d80-1e06cae7d4a3",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "5821cd2c-aa17-4339-b697-1b4089d3bf93",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "bb57b94f-c8bc-4dd9-b4bf-e14d0a97cc31",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "a5e3aaba-268e-4a40-92f9-05c0dae4cc0f",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "18ed1ddb-524a-4333-af90-7716bd51dc7b",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "c2d19d1e-39e5-4862-82c9-d88c5d91f630",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "728e294f-e27d-4bef-903b-d9eeb54cf086",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "91cd7aee-acda-4c95-ba35-16932448f29f",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "e496d9ba-7775-479e-8904-864c04fec3f9",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "ee87e923-63d7-40bc-b41e-049fe087e1dd",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "cbe94eaf-c734-4d6f-96ec-7d84a4a5b5cc",
+ "status": "IN_PROGRESS"
+ },
+ {
+ "pentestId": "c9ecfc9f-23f1-4744-a578-54b0c96a9e87",
+ "status": "IN_PROGRESS"
+ },
+ {
+ "pentestId": "ca0c10a1-8fcc-4b0b-98c0-2403709d7e50",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "bce6f266-2c70-4e45-a1db-d767e4bcc1f8",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "be0b07a3-64e4-4122-a362-dd657b8b6b0a",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "8f2230fb-bd5c-4047-9db6-74bc49be9cc1",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "a1b00a90-cb14-475f-ba3a-5807a21df704",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "af2e7766-ecd1-4015-b4e1-c0b978643a0f",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "27b64044-b3ff-48bf-9220-837b420f3904",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "b5eb1683-700a-4522-8b53-45809e665643",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "86b4d382-e433-4bac-ab6e-530a0dce299d",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "7a118a29-f983-4219-834c-f01554231910",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "ac9bc697-a53f-4278-98b9-05d8ba19a50d",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "13cecebb-321a-4ef8-8116-f6814652f7d7",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "048287bc-c41b-49a1-aeb5-2cc98a5bad06",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "4d1b424e-05ea-468c-9902-3626a79ccfe6",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "377d73b8-f8da-461e-909b-524a38a37ed6",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "16e10ad9-f49d-4a74-9de7-10a49e2401e2",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "4c68c22e-6073-4ec8-aebb-45ad2a3cc848",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "276e5823-b517-445c-b182-e6eda6478d44",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "84c661c0-2775-440a-97c5-ff35f345cabb",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "fb6d909c-8d16-48e3-b0e5-aba9bf3e8eae",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "0b211e22-dd63-46cc-a12f-be7ac73d7a64",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "63310549-e2a8-4dd0-a91a-9cfa06e2dc41",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "ac8d52d0-f0c8-47ec-ab13-24f40dc4f9e6",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "3ddc4950-f662-4ec1-9a04-b9c3591d8b06",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "4c11d176-2ec5-4ed9-9c8a-c1edd33b262c",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "b9a6f4ba-62e6-442b-a274-b3ffe209d248",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "705e28a2-b0a4-4b8c-9922-10c5c67faf65",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "4c59259d-4a24-43ef-8738-fe214e0b0673",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "a7ab3344-db7d-495a-8e55-dd572ea7c5e0",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "195e7f58-a7b2-4571-9c66-1e91a0dfca28",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "543a9768-4e5c-4c70-9aae-977afa542afa",
+ "status": "OPEN"
+ },
+ {
+ "pentestId": "a17516de-e92a-43b9-a415-203dce48fb0e",
+ "status": "OPEN"
}
],
"createdBy": "3c4ae87f-0d56-4634-a824-b4883c403c8a"