diff --git a/security-c4po-angular/src/app/objective-overview/objective-header/objective-header.component.spec.ts b/security-c4po-angular/src/app/objective-overview/objective-header/objective-header.component.spec.ts index 428e25a..7252992 100644 --- a/security-c4po-angular/src/app/objective-overview/objective-header/objective-header.component.spec.ts +++ b/security-c4po-angular/src/app/objective-overview/objective-header/objective-header.component.spec.ts @@ -51,6 +51,7 @@ const DESIRED_PROJECT_STATE_SESSION: ProjectStateModel = { refNumber: 'OTF-001', childEntries: [], status: PentestStatus.NOT_STARTED, + enabled: true, findingIds: [], commentIds: ['56c47c56-3bcd-45f1-a05b-c197dbd33112'] }, diff --git a/security-c4po-angular/src/app/objective-overview/objective-header/objective-header.component.ts b/security-c4po-angular/src/app/objective-overview/objective-header/objective-header.component.ts index 46fb507..a7f8bc5 100644 --- a/security-c4po-angular/src/app/objective-overview/objective-header/objective-header.component.ts +++ b/security-c4po-angular/src/app/objective-overview/objective-header/objective-header.component.ts @@ -28,7 +28,6 @@ import {TranslateService} from '@ngx-translate/core'; }) export class ObjectiveHeaderComponent implements OnInit { - readonly fa = FA; selectedProject$: BehaviorSubject = new BehaviorSubject(null); // Mobile menu properties objectiveActionItems: NbMenuItem[] = [ @@ -45,6 +44,8 @@ export class ObjectiveHeaderComponent implements OnInit { } }, ]; + // HTML only + readonly fa = FA; readonly BARS_IMG = 'assets/images/icons/bars.svg'; readonly ELLIPSIS_IMG = 'assets/images/icons/ellipsis.svg'; diff --git a/security-c4po-angular/src/app/objective-overview/objective-table/objective-table.component.html b/security-c4po-angular/src/app/objective-overview/objective-table/objective-table.component.html index 148af87..a2e2454 100644 --- a/security-c4po-angular/src/app/objective-overview/objective-table/objective-table.component.html +++ b/security-c4po-angular/src/app/objective-overview/objective-table/objective-table.component.html @@ -1,16 +1,17 @@
+ + [ngClass]="{'disabled-objective' : !pentest.data['enabled']}"> - @@ -34,7 +35,7 @@ - @@ -43,7 +44,7 @@ - + + + + +
{{ 'pentest.testId' | translate }} + {{ 'pentest.title' | translate }} - + {{ getTitle(pentest.data['refNumber']) | translate }} {{ 'pentest.status' | translate }} + {{ 'pentest.findings&comments' | translate }} +
/ @@ -51,6 +52,40 @@
+ {{'global.actions' | translate}} + +
+ + + + + + +
+
diff --git a/security-c4po-angular/src/app/objective-overview/objective-table/objective-table.component.scss b/security-c4po-angular/src/app/objective-overview/objective-table/objective-table.component.scss index dad7048..9d2745d 100644 --- a/security-c4po-angular/src/app/objective-overview/objective-table/objective-table.component.scss +++ b/security-c4po-angular/src/app/objective-overview/objective-table/objective-table.component.scss @@ -15,4 +15,17 @@ cursor: pointer; background-color: nb-theme(color-basic-transparent-focus); } + + .disabled-objective { + background-color: nb-theme(color-control-transparent-disabled); + } + + .disabled-objective:hover { + cursor: not-allowed; + } + + .cell-actions { + width: max-content; + max-width: 180px; + } } diff --git a/security-c4po-angular/src/app/objective-overview/objective-table/objective-table.component.spec.ts b/security-c4po-angular/src/app/objective-overview/objective-table/objective-table.component.spec.ts index 35840f1..e6cf960 100644 --- a/security-c4po-angular/src/app/objective-overview/objective-table/objective-table.component.spec.ts +++ b/security-c4po-angular/src/app/objective-overview/objective-table/objective-table.component.spec.ts @@ -14,6 +14,10 @@ import {MockComponent} from 'ng-mocks'; import {NgxsModule} from '@ngxs/store'; import {ProjectState} from '@shared/stores/project-state/project-state'; import {HttpClientTestingModule} from '@angular/common/http/testing'; +import {DialogService} from '@shared/services/dialog-service/dialog.service'; +import {DialogServiceMock} from '@shared/services/dialog-service/dialog.service.mock'; +import {NotificationService} from '@shared/services/toaster-service/notification.service'; +import {NotificationServiceMock} from '@shared/services/toaster-service/notification.service.mock'; describe('ObjectiveTableComponent', () => { let component: ObjectiveTableComponent; @@ -41,6 +45,10 @@ describe('ObjectiveTableComponent', () => { }), RouterTestingModule.withRoutes([]), NgxsModule.forRoot([ProjectState]) + ], + providers: [ + {provide: DialogService, useClass: DialogServiceMock}, + {provide: NotificationService, useClass: NotificationServiceMock} ] }) .compileComponents(); diff --git a/security-c4po-angular/src/app/objective-overview/objective-table/objective-table.component.ts b/security-c4po-angular/src/app/objective-overview/objective-table/objective-table.component.ts index 41aad3e..31b4beb 100644 --- a/security-c4po-angular/src/app/objective-overview/objective-table/objective-table.component.ts +++ b/security-c4po-angular/src/app/objective-overview/objective-table/objective-table.component.ts @@ -5,12 +5,16 @@ import {PentestService} from '@shared/services/api/pentest.service'; import {Store} from '@ngxs/store'; import {PROJECT_STATE_NAME, ProjectState} from '@shared/stores/project-state/project-state'; import {UntilDestroy, untilDestroyed} from '@ngneat/until-destroy'; -import {catchError, switchMap, tap} from 'rxjs/operators'; +import {catchError, filter, switchMap, tap} from 'rxjs/operators'; import {BehaviorSubject, Observable, of} from 'rxjs'; import {getTitleKeyForRefNumber} from '@shared/functions/categories/get-title-key-for-ref-number.function'; import {Router} from '@angular/router'; import {ChangePentest} from '@shared/stores/project-state/project-state.actions'; import {Route} from '@shared/models/route.enum'; +import * as FA from '@fortawesome/free-solid-svg-icons'; +import {DialogService} from '@shared/services/dialog-service/dialog.service'; +import {NotificationService, PopupType} from '@shared/services/toaster-service/notification.service'; +import {Project} from '@shared/models/project.model'; @UntilDestroy() @Component({ @@ -19,14 +23,24 @@ import {Route} from '@shared/models/route.enum'; styleUrls: ['./objective-table.component.scss'] }) export class ObjectiveTableComponent implements OnInit { + // HTML only + readonly fa = FA; + // use ban and check loading$: BehaviorSubject = new BehaviorSubject(true); - // tslint:disable-next-line:max-line-length - columns: Array = [ObjectiveColumns.TEST_ID, ObjectiveColumns.TITLE, ObjectiveColumns.STATUS, ObjectiveColumns.FINDINGS_AND_COMMENTS]; + columns: Array = [ + ObjectiveColumns.TEST_ID, + ObjectiveColumns.TITLE, + ObjectiveColumns.STATUS, + ObjectiveColumns.FINDINGS_AND_COMMENTS, + ObjectiveColumns.ACTIONS + ]; dataSource: NbTreeGridDataSource; private data: ObjectiveEntry[] = []; private pentests$: BehaviorSubject = new BehaviorSubject([]); + // Needed for pentest enabling and disabling + selectedProjectId$: BehaviorSubject = new BehaviorSubject(''); getters: NbGetters = { dataGetter: (node: ObjectiveEntry) => node, @@ -37,6 +51,8 @@ export class ObjectiveTableComponent implements OnInit { constructor( private store: Store, private pentestService: PentestService, + private dialogService: DialogService, + private notificationService: NotificationService, private dataSourceBuilder: NbTreeGridDataSourceBuilder, private router: Router ) { @@ -44,6 +60,16 @@ export class ObjectiveTableComponent implements OnInit { } ngOnInit(): void { + this.store.selectOnce(ProjectState.project).pipe( + untilDestroyed(this) + ).subscribe({ + next: (selectedProject: Project) => { + this.selectedProjectId$.next(selectedProject.id); + }, + error: err => { + console.error(err); + } + }); this.loadPentestData(); } @@ -68,30 +94,77 @@ export class ObjectiveTableComponent implements OnInit { } onClickRouteToObjectivePentest(selectedPentest: Pentest): void { - this.router.navigate([Route.PENTEST_OBJECTIVE]) - .then( - () => this.store.reset({ - ...this.store.snapshot(), - }) - ).finally(); - // Change Pentest State - const statePentest: Pentest = this.pentests$.getValue().find(pentest => pentest.refNumber === selectedPentest.refNumber); - if (statePentest) { - this.store.dispatch(new ChangePentest(statePentest)); - } else { - let childEntryStatePentest; - // ToDo: Fix wrong selection - // tslint:disable-next-line:prefer-for-of - for (let i = 0; i < this.pentests$.getValue().length; i++) { - if (this.pentests$.getValue()[i].childEntries) { - const findingResult = this.pentests$.getValue()[i].childEntries.find(cE => cE.refNumber === selectedPentest.refNumber); - if (findingResult) { - childEntryStatePentest = findingResult; - break; + if (selectedPentest.enabled) { + + this.router.navigate([Route.PENTEST_OBJECTIVE]) + .then( + () => this.store.reset({ + ...this.store.snapshot(), + }) + ).finally(); + // Change Pentest State + const statePentest: Pentest = this.pentests$.getValue().find(pentest => pentest.refNumber === selectedPentest.refNumber); + if (statePentest) { + this.store.dispatch(new ChangePentest(statePentest)); + } else { + let childEntryStatePentest; + // ToDo: Fix wrong selection + // tslint:disable-next-line:prefer-for-of + for (let i = 0; i < this.pentests$.getValue().length; i++) { + if (this.pentests$.getValue()[i].childEntries) { + const findingResult = this.pentests$.getValue()[i].childEntries.find(cE => cE.refNumber === selectedPentest.refNumber); + if (findingResult) { + childEntryStatePentest = findingResult; + break; + } } } + this.store.dispatch(new ChangePentest(childEntryStatePentest)); } - this.store.dispatch(new ChangePentest(childEntryStatePentest)); + } + } + + onClickDisableOrEnableObjective(pentest): void { + if (pentest.data.enabled) { + const message = { + title: 'pentest.disable.title', + key: 'pentest.disable.key', + data: {name: pentest.data.refNumber}, + }; + this.dialogService.openConfirmDialog( + message + ).onClose.pipe( + filter((confirm) => !!confirm), + untilDestroyed(this) + ).subscribe({ + next: () => { + this.pentestService.disableObjective(this.selectedProjectId$.getValue(), pentest.data.id).pipe( + untilDestroyed(this) + ).subscribe({ + next: () => { + this.loadPentestData(); + this.notificationService.showPopup('pentest.popup.disable.success', PopupType.SUCCESS); + }, + error: (err) => { + this.notificationService.showPopup('pentest.popup.disable.failed', PopupType.FAILURE); + console.error(err); + } + }); + } + }); + } else { + this.pentestService.enableObjective(this.selectedProjectId$.getValue(), pentest.data.id).pipe( + untilDestroyed(this) + ).subscribe({ + next: () => { + this.loadPentestData(); + this.notificationService.showPopup('pentest.popup.enable.success', PopupType.SUCCESS); + }, + error: (err) => { + this.notificationService.showPopup('pentest.popup.enable.failed', PopupType.FAILURE); + console.error(err); + } + }); } } @@ -110,5 +183,6 @@ enum ObjectiveColumns { TEST_ID = 'testId', TITLE = 'title', STATUS = 'status', - FINDINGS_AND_COMMENTS = 'findings&comments' + FINDINGS_AND_COMMENTS = 'findings&comments', + ACTIONS = 'actions' } diff --git a/security-c4po-angular/src/app/pentest/pentest-content/pentest-comments/pentest-comments.component.scss b/security-c4po-angular/src/app/pentest/pentest-content/pentest-comments/pentest-comments.component.scss index 1e7c7c9..3529cb2 100644 --- a/security-c4po-angular/src/app/pentest/pentest-content/pentest-comments/pentest-comments.component.scss +++ b/security-c4po-angular/src/app/pentest/pentest-content/pentest-comments/pentest-comments.component.scss @@ -1,8 +1,8 @@ @import '../../../../assets/@theme/styles/themes'; .comment-table { - // width: calc(78vw - 18%); - width: 90vw; + margin-right: 2rem; + padding-right: 2rem; .comment-cell { // Add style here diff --git a/security-c4po-angular/src/app/pentest/pentest-content/pentest-comments/pentest-comments.component.spec.ts b/security-c4po-angular/src/app/pentest/pentest-content/pentest-comments/pentest-comments.component.spec.ts index 86becfa..ceca110 100644 --- a/security-c4po-angular/src/app/pentest/pentest-content/pentest-comments/pentest-comments.component.spec.ts +++ b/security-c4po-angular/src/app/pentest/pentest-content/pentest-comments/pentest-comments.component.spec.ts @@ -49,6 +49,7 @@ const DESIRED_PROJECT_STATE_SESSION: ProjectStateModel = { refNumber: 'OTF-001', childEntries: [], status: PentestStatus.NOT_STARTED, + enabled: true, findingIds: [], commentIds: ['56c47c56-3bcd-45f1-a05b-c197dbd33112'] }, diff --git a/security-c4po-angular/src/app/pentest/pentest-content/pentest-content.component.spec.ts b/security-c4po-angular/src/app/pentest/pentest-content/pentest-content.component.spec.ts index a38bb50..1d725b4 100644 --- a/security-c4po-angular/src/app/pentest/pentest-content/pentest-content.component.spec.ts +++ b/security-c4po-angular/src/app/pentest/pentest-content/pentest-content.component.spec.ts @@ -40,6 +40,7 @@ const DESIRED_PROJECT_STATE_SESSION: ProjectStateModel = { refNumber: 'OTF-001', childEntries: [], status: PentestStatus.NOT_STARTED, + enabled: true, findingIds: [], commentIds: [] }, diff --git a/security-c4po-angular/src/app/pentest/pentest-content/pentest-findings/pentest-findings.component.scss b/security-c4po-angular/src/app/pentest/pentest-content/pentest-findings/pentest-findings.component.scss index 38ed17b..c6e06cc 100644 --- a/security-c4po-angular/src/app/pentest/pentest-content/pentest-findings/pentest-findings.component.scss +++ b/security-c4po-angular/src/app/pentest/pentest-content/pentest-findings/pentest-findings.component.scss @@ -1,8 +1,8 @@ @import '../../../../assets/@theme/styles/themes'; .finding-table { - // width: calc(78vw - 18%); - width: 90vw; + margin-right: 2rem; + padding-right: 2rem; .finding-cell { // Add style here diff --git a/security-c4po-angular/src/app/pentest/pentest-content/pentest-findings/pentest-findings.component.spec.ts b/security-c4po-angular/src/app/pentest/pentest-content/pentest-findings/pentest-findings.component.spec.ts index aacacab..961c99f 100644 --- a/security-c4po-angular/src/app/pentest/pentest-content/pentest-findings/pentest-findings.component.spec.ts +++ b/security-c4po-angular/src/app/pentest/pentest-content/pentest-findings/pentest-findings.component.spec.ts @@ -49,6 +49,7 @@ const DESIRED_PROJECT_STATE_SESSION: ProjectStateModel = { refNumber: 'OTF-001', childEntries: [], status: PentestStatus.NOT_STARTED, + enabled: true, findingIds: ['56c47c56-3bcd-45f1-a05b-c197dbd33112'], commentIds: [] }, diff --git a/security-c4po-angular/src/app/pentest/pentest-content/pentest-info/pentest-info.component.spec.ts b/security-c4po-angular/src/app/pentest/pentest-content/pentest-info/pentest-info.component.spec.ts index 6908617..624b57f 100644 --- a/security-c4po-angular/src/app/pentest/pentest-content/pentest-info/pentest-info.component.spec.ts +++ b/security-c4po-angular/src/app/pentest/pentest-content/pentest-info/pentest-info.component.spec.ts @@ -40,6 +40,7 @@ const DESIRED_PROJECT_STATE_SESSION: ProjectStateModel = { refNumber: 'OTF-001', childEntries: [], status: PentestStatus.NOT_STARTED, + enabled: true, findingIds: ['56c47c56-3bcd-45f1-a05b-c197dbd33112'], commentIds: [] }, @@ -88,6 +89,7 @@ describe('PentestInfoComponent', () => { refNumber: 'OTF-001', childEntries: [], status: PentestStatus.NOT_STARTED, + enabled: true, findingIds: [], commentIds: [] }); diff --git a/security-c4po-angular/src/app/pentest/pentest-header/pentest-header.component.spec.ts b/security-c4po-angular/src/app/pentest/pentest-header/pentest-header.component.spec.ts index c3a99e4..4854954 100644 --- a/security-c4po-angular/src/app/pentest/pentest-header/pentest-header.component.spec.ts +++ b/security-c4po-angular/src/app/pentest/pentest-header/pentest-header.component.spec.ts @@ -40,6 +40,7 @@ const DESIRED_PROJECT_STATE_SESSION: ProjectStateModel = { refNumber: 'OTF-001', childEntries: [], status: PentestStatus.NOT_STARTED, + enabled: true, findingIds: [], commentIds: [] }, diff --git a/security-c4po-angular/src/app/project-overview/project-overview.component.ts b/security-c4po-angular/src/app/project-overview/project-overview.component.ts index d93ff10..4f9cc52 100644 --- a/security-c4po-angular/src/app/project-overview/project-overview.component.ts +++ b/security-c4po-angular/src/app/project-overview/project-overview.component.ts @@ -53,7 +53,7 @@ export class ProjectOverviewComponent implements OnInit { untilDestroyed(this) ).subscribe({ next: (projects: Project[]) => { - if (projects.length === 0) { + if (projects && projects.length === 0) { this.loadProjects(); } else { } diff --git a/security-c4po-angular/src/app/project-overview/project/project.component.spec.ts b/security-c4po-angular/src/app/project-overview/project/project.component.spec.ts index 9de276a..efc2894 100644 --- a/security-c4po-angular/src/app/project-overview/project/project.component.spec.ts +++ b/security-c4po-angular/src/app/project-overview/project/project.component.spec.ts @@ -53,6 +53,7 @@ const DESIRED_PROJECT_STATE_SESSION: ProjectStateModel = { refNumber: 'OTF-001', childEntries: [], status: PentestStatus.NOT_STARTED, + enabled: true, findingIds: [], commentIds: ['56c47c56-3bcd-45f1-a05b-c197dbd33112'] }, diff --git a/security-c4po-angular/src/assets/i18n/de-DE.json b/security-c4po-angular/src/assets/i18n/de-DE.json index badab48..f0d60fe 100644 --- a/security-c4po-angular/src/assets/i18n/de-DE.json +++ b/security-c4po-angular/src/assets/i18n/de-DE.json @@ -1,5 +1,6 @@ { "global": { + "actions": "Aktionen", "action.login": "Einloggen", "action.logout": "Ausloggen", "action.retry": "Erneut Versuchen", @@ -16,6 +17,8 @@ "action.report": "Bericht", "action.reset": "Zurücksetzen", "action.complete": "Fertig", + "action.disable": "Deaktivieren", + "action.enable": "Aktivieren", "action.yes": "Ja", "action.no": "Nein", "username": "Nutzername", @@ -209,7 +212,7 @@ "no.comments": "Keine Kommentare verfügbar", "no.relatedFindings": "Nicht verbunden mit einem Fund", "relatedFindingsPlaceholder": "Fund auswählen", - "noFindingsInObjectivePlaceholder": "Objective hat keine Befunde, auf die es sich beziehen könnte.", + "noFindingsInObjectivePlaceholder": "Ziel hat keine Befunde, auf die es sich beziehen könnte.", "create": { "header": "Neuen Kommentar erstellen" }, @@ -254,6 +257,14 @@ "in_progress": "In Bearbeitung", "completed": "Fertig" }, + "disable": { + "title": "Ziel deaktivieren", + "key": "Möchten Sie den Pentest \"{{name}}\" deaktivieren?" + }, + "enable": { + "title": "Ziel aktivieren", + "key": "Möchten Sie den Pentest \"{{name}}\" aktivieren?" + }, "popup": { "not.found": "Keine pentests gefunden", "initial.save.success": "Initialer Pentest erfolgreich aufgesetzt", @@ -265,7 +276,11 @@ "update.success": "Pentest erfolgreich aktualisiert", "update.failed": "Pentest konnte nicht aktualisiert werden", "delete.success": "Pentest erfolgreich gelöscht", - "delete.failed": "Pentest konnte nicht gelöscht werden" + "delete.failed": "Pentest konnte nicht gelöscht werden", + "disable.success": "Ziel erfolgreich deaktiviert", + "disable.failed": "Ziel konnte nicht deaktiviert werden", + "enable.success": "Ziel erfolgreich aktiviert", + "enable.failed": "Ziel konnte nicht aktiviert werden" }, "info": { "001": "Nutze Suchmaschinenerkennung und -aufklärung für Informationslecks", diff --git a/security-c4po-angular/src/assets/i18n/en-US.json b/security-c4po-angular/src/assets/i18n/en-US.json index 37ecbd1..97cdff3 100644 --- a/security-c4po-angular/src/assets/i18n/en-US.json +++ b/security-c4po-angular/src/assets/i18n/en-US.json @@ -1,5 +1,6 @@ { "global": { + "actions": "Actions", "action.login": "Login", "action.logout": "Logout", "action.retry": "Try again", @@ -16,6 +17,8 @@ "action.report": "Report", "action.reset": "Reset", "action.complete": "Complete", + "action.disable": "Deactivate", + "action.enable": "Activate", "action.yes": "Yes", "action.no": "No", "username": "Username", @@ -254,6 +257,14 @@ "in_progress": "In progress", "completed": "Completed" }, + "disable": { + "title": "Disable Objective", + "key": "Do you want to disable the objective \"{{name}}\"?" + }, + "enable": { + "title": "Enable Objective", + "key": "Do you want to enable the objective \"{{name}}\"?" + }, "popup": { "not.found": "No pentest found", "initial.save.success": "Initial Pentest successfully setup", @@ -265,7 +276,11 @@ "update.success": "Pentest updated successfully", "update.failed": "Pentest could not be updated", "delete.success": "Pentest deleted successfully", - "delete.failed": "Pentest could not be deleted" + "delete.failed": "Pentest could not be deleted", + "disable.success": "Objective disabled successfully", + "disable.failed": "Objective could not be disabled", + "enable.success": "Objective enabled successfully", + "enable.failed": "Objective could not be enabled" }, "info": { "001": "Conduct Search Engine Discovery and Reconnaissance for Information Leakage", diff --git a/security-c4po-angular/src/shared/functions/categories/AUTHN/pentests.function.ts b/security-c4po-angular/src/shared/functions/categories/AUTHN/pentests.function.ts index 3dc823a..b3da551 100644 --- a/security-c4po-angular/src/shared/functions/categories/AUTHN/pentests.function.ts +++ b/security-c4po-angular/src/shared/functions/categories/AUTHN/pentests.function.ts @@ -7,52 +7,62 @@ export function getAUTHN_Pentests(): Pentest[] { { category: Category.AUTHENTICATION_TESTING, refNumber: 'OTG-AUTHN-001', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.AUTHENTICATION_TESTING, refNumber: 'OTG-AUTHN-002', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.AUTHENTICATION_TESTING, refNumber: 'OTG-AUTHN-003', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.AUTHENTICATION_TESTING, refNumber: 'OTG-AUTHN-004', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.AUTHENTICATION_TESTING, refNumber: 'OTG-AUTHN-005', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.AUTHENTICATION_TESTING, refNumber: 'OTG-AUTHN-006', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.AUTHENTICATION_TESTING, refNumber: 'OTG-AUTHN-007', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.AUTHENTICATION_TESTING, refNumber: 'OTG-AUTHN-008', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.AUTHENTICATION_TESTING, refNumber: 'OTG-AUTHN-009', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.AUTHENTICATION_TESTING, refNumber: 'OTG-AUTHN-010', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true } ]; } diff --git a/security-c4po-angular/src/shared/functions/categories/AUTHZ/pentests.function.ts b/security-c4po-angular/src/shared/functions/categories/AUTHZ/pentests.function.ts index 57b1877..acbd6b5 100644 --- a/security-c4po-angular/src/shared/functions/categories/AUTHZ/pentests.function.ts +++ b/security-c4po-angular/src/shared/functions/categories/AUTHZ/pentests.function.ts @@ -7,22 +7,26 @@ export function getAUTHZ_Pentests(): Pentest[] { { category: Category.AUTHORIZATION_TESTING, refNumber: 'OTG-AUTHZ-001', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.AUTHORIZATION_TESTING, refNumber: 'OTG-AUTHZ-002', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.AUTHORIZATION_TESTING, refNumber: 'OTG-AUTHZ-003', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.AUTHORIZATION_TESTING, refNumber: 'OTG-AUTHZ-004', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true } ]; } diff --git a/security-c4po-angular/src/shared/functions/categories/BUSLOGIC/pentests.function.ts b/security-c4po-angular/src/shared/functions/categories/BUSLOGIC/pentests.function.ts index 496be20..dddb0bb 100644 --- a/security-c4po-angular/src/shared/functions/categories/BUSLOGIC/pentests.function.ts +++ b/security-c4po-angular/src/shared/functions/categories/BUSLOGIC/pentests.function.ts @@ -7,47 +7,56 @@ export function getBUSLOGIC_Pentests(): Pentest[] { { category: Category.BUSINESS_LOGIC_TESTING, refNumber: 'OTG-BUSLOGIC-001', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.BUSINESS_LOGIC_TESTING, refNumber: 'OTG-BUSLOGIC-002', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.BUSINESS_LOGIC_TESTING, refNumber: 'OTG-BUSLOGIC-003', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.BUSINESS_LOGIC_TESTING, refNumber: 'OTG-BUSLOGIC-004', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.BUSINESS_LOGIC_TESTING, refNumber: 'OTG-BUSLOGIC-005', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.BUSINESS_LOGIC_TESTING, refNumber: 'OTG-BUSLOGIC-006', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.BUSINESS_LOGIC_TESTING, refNumber: 'OTG-BUSLOGIC-007', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.BUSINESS_LOGIC_TESTING, refNumber: 'OTG-BUSLOGIC-008', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.BUSINESS_LOGIC_TESTING, refNumber: 'OTG-BUSLOGIC-009', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true } ]; } diff --git a/security-c4po-angular/src/shared/functions/categories/CLIENT/pentests.function.ts b/security-c4po-angular/src/shared/functions/categories/CLIENT/pentests.function.ts index 28e61fa..5a32a3e 100644 --- a/security-c4po-angular/src/shared/functions/categories/CLIENT/pentests.function.ts +++ b/security-c4po-angular/src/shared/functions/categories/CLIENT/pentests.function.ts @@ -7,62 +7,74 @@ export function getCLIENT_Pentests(): Pentest[] { { category: Category.CLIENT_SIDE_TESTING, refNumber: 'OTG-CLIENT-001', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.CLIENT_SIDE_TESTING, refNumber: 'OTG-CLIENT-002', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.CLIENT_SIDE_TESTING, refNumber: 'OTG-CLIENT-003', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.CLIENT_SIDE_TESTING, refNumber: 'OTG-CLIENT-004', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.CLIENT_SIDE_TESTING, refNumber: 'OTG-CLIENT-005', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.CLIENT_SIDE_TESTING, refNumber: 'OTG-CLIENT-006', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.CLIENT_SIDE_TESTING, refNumber: 'OTG-CLIENT-007', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.CLIENT_SIDE_TESTING, refNumber: 'OTG-CLIENT-008', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.CLIENT_SIDE_TESTING, refNumber: 'OTG-CLIENT-009', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.CLIENT_SIDE_TESTING, refNumber: 'OTG-CLIENT-010', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.CLIENT_SIDE_TESTING, refNumber: 'OTG-CLIENT-011', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.CLIENT_SIDE_TESTING, refNumber: 'OTG-CLIENT-012', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true } ]; } diff --git a/security-c4po-angular/src/shared/functions/categories/CONFIG/pentests.function.ts b/security-c4po-angular/src/shared/functions/categories/CONFIG/pentests.function.ts index 36a3dba..976054d 100644 --- a/security-c4po-angular/src/shared/functions/categories/CONFIG/pentests.function.ts +++ b/security-c4po-angular/src/shared/functions/categories/CONFIG/pentests.function.ts @@ -7,42 +7,50 @@ export function getCONFIG_Pentests(): Pentest[] { { category: Category.CONFIGURATION_AND_DEPLOY_MANAGEMENT_TESTING, refNumber: 'OTG-CONFIG-001', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.CONFIGURATION_AND_DEPLOY_MANAGEMENT_TESTING, refNumber: 'OTG-CONFIG-002', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.CONFIGURATION_AND_DEPLOY_MANAGEMENT_TESTING, refNumber: 'OTG-CONFIG-003', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.CONFIGURATION_AND_DEPLOY_MANAGEMENT_TESTING, refNumber: 'OTG-CONFIG-004', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.CONFIGURATION_AND_DEPLOY_MANAGEMENT_TESTING, refNumber: 'OTG-CONFIG-005', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.CONFIGURATION_AND_DEPLOY_MANAGEMENT_TESTING, refNumber: 'OTG-CONFIG-006', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.CONFIGURATION_AND_DEPLOY_MANAGEMENT_TESTING, refNumber: 'OTG-CONFIG-007', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.CONFIGURATION_AND_DEPLOY_MANAGEMENT_TESTING, refNumber: 'OTG-CONFIG-008', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true } ]; } diff --git a/security-c4po-angular/src/shared/functions/categories/CRYPST/pentests.function.ts b/security-c4po-angular/src/shared/functions/categories/CRYPST/pentests.function.ts index 226590d..741aba3 100644 --- a/security-c4po-angular/src/shared/functions/categories/CRYPST/pentests.function.ts +++ b/security-c4po-angular/src/shared/functions/categories/CRYPST/pentests.function.ts @@ -7,17 +7,20 @@ export function getCRYPST_Pentests(): Pentest[] { { category: Category.CRYPTOGRAPHY, refNumber: 'OTG-CRYPST-001', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.CRYPTOGRAPHY, refNumber: 'OTG-CRYPST-002', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.CRYPTOGRAPHY, refNumber: 'OTG-CRYPST-003', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true } ]; } diff --git a/security-c4po-angular/src/shared/functions/categories/ERR/pentests.function.ts b/security-c4po-angular/src/shared/functions/categories/ERR/pentests.function.ts index f05783c..ec07692 100644 --- a/security-c4po-angular/src/shared/functions/categories/ERR/pentests.function.ts +++ b/security-c4po-angular/src/shared/functions/categories/ERR/pentests.function.ts @@ -7,12 +7,14 @@ export function getERR_Pentests(): Pentest[] { { category: Category.ERROR_HANDLING, refNumber: 'OTG-ERR-001', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.ERROR_HANDLING, refNumber: 'OTG-ERR-002', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true } ]; } diff --git a/security-c4po-angular/src/shared/functions/categories/IDENT/pentests.function.ts b/security-c4po-angular/src/shared/functions/categories/IDENT/pentests.function.ts index 5523abe..497c5c4 100644 --- a/security-c4po-angular/src/shared/functions/categories/IDENT/pentests.function.ts +++ b/security-c4po-angular/src/shared/functions/categories/IDENT/pentests.function.ts @@ -7,37 +7,44 @@ export function getIDENT_Pentests(): Pentest[] { { category: Category.IDENTITY_MANAGEMENT_TESTING, refNumber: 'OTG-IDENT-001', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.IDENTITY_MANAGEMENT_TESTING, refNumber: 'OTG-IDENT-002', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.IDENTITY_MANAGEMENT_TESTING, refNumber: 'OTG-IDENT-003', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.IDENTITY_MANAGEMENT_TESTING, refNumber: 'OTG-IDENT-004', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.IDENTITY_MANAGEMENT_TESTING, refNumber: 'OTG-IDENT-005', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.IDENTITY_MANAGEMENT_TESTING, refNumber: 'OTG-IDENT-006', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.IDENTITY_MANAGEMENT_TESTING, refNumber: 'OTG-IDENT-007', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true } ]; } diff --git a/security-c4po-angular/src/shared/functions/categories/INFO/pentests.function.ts b/security-c4po-angular/src/shared/functions/categories/INFO/pentests.function.ts index 0904d66..833ec53 100644 --- a/security-c4po-angular/src/shared/functions/categories/INFO/pentests.function.ts +++ b/security-c4po-angular/src/shared/functions/categories/INFO/pentests.function.ts @@ -7,52 +7,62 @@ export function getINFO_Pentests(): Pentest[] { { category: Category.INFORMATION_GATHERING, refNumber: 'OTG-INFO-001', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INFORMATION_GATHERING, refNumber: 'OTG-INFO-002', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INFORMATION_GATHERING, refNumber: 'OTG-INFO-003', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INFORMATION_GATHERING, refNumber: 'OTG-INFO-004', status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INFORMATION_GATHERING, refNumber: 'OTG-INFO-005', status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INFORMATION_GATHERING, refNumber: 'OTG-INFO-006', status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INFORMATION_GATHERING, refNumber: 'OTG-INFO-007', status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INFORMATION_GATHERING, refNumber: 'OTG-INFO-008', status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INFORMATION_GATHERING, refNumber: 'OTG-INFO-009', status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INFORMATION_GATHERING, refNumber: 'OTG-INFO-010', status: PentestStatus.NOT_STARTED, + enabled: true } ]; } diff --git a/security-c4po-angular/src/shared/functions/categories/INPVAL/pentests.function.ts b/security-c4po-angular/src/shared/functions/categories/INPVAL/pentests.function.ts index 8ac68bd..683d26e 100644 --- a/security-c4po-angular/src/shared/functions/categories/INPVAL/pentests.function.ts +++ b/security-c4po-angular/src/shared/functions/categories/INPVAL/pentests.function.ts @@ -7,143 +7,170 @@ export function getINPVAL_Pentests(): Pentest[] { { category: Category.INPUT_VALIDATION_TESTING, refNumber: 'OTG-INPVAL-001', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INPUT_VALIDATION_TESTING, refNumber: 'OTG-INPVAL-002', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INPUT_VALIDATION_TESTING, refNumber: 'OTG-INPVAL-003', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INPUT_VALIDATION_TESTING, refNumber: 'OTG-INPVAL-004', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INPUT_VALIDATION_TESTING, refNumber: 'OTG-INPVAL-005', status: PentestStatus.NOT_STARTED, + enabled: true, childEntries: [ { category: Category.INPUT_VALIDATION_TESTING, refNumber: 'OTG-INPVAL-005_1', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INPUT_VALIDATION_TESTING, refNumber: 'OTG-INPVAL-005_2', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INPUT_VALIDATION_TESTING, refNumber: 'OTG-INPVAL-005_3', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INPUT_VALIDATION_TESTING, refNumber: 'OTG-INPVAL-005_4', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INPUT_VALIDATION_TESTING, refNumber: 'OTG-INPVAL-005_5', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INPUT_VALIDATION_TESTING, refNumber: 'OTG-INPVAL-005_6', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, ] }, { category: Category.INPUT_VALIDATION_TESTING, refNumber: 'OTG-INPVAL-006', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INPUT_VALIDATION_TESTING, refNumber: 'OTG-INPVAL-007', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INPUT_VALIDATION_TESTING, refNumber: 'OTG-INPVAL-008', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INPUT_VALIDATION_TESTING, refNumber: 'OTG-INPVAL-009', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INPUT_VALIDATION_TESTING, refNumber: 'OTG-INPVAL-010', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INPUT_VALIDATION_TESTING, refNumber: 'OTG-INPVAL-011', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INPUT_VALIDATION_TESTING, refNumber: 'OTG-INPVAL-012', status: PentestStatus.NOT_STARTED, + enabled: true, childEntries: [ { category: Category.INPUT_VALIDATION_TESTING, refNumber: 'OTG-INPVAL-012_1', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INPUT_VALIDATION_TESTING, refNumber: 'OTG-INPVAL-012_2', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true } ] }, { category: Category.INPUT_VALIDATION_TESTING, refNumber: 'OTG-INPVAL-013', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INPUT_VALIDATION_TESTING, refNumber: 'OTG-INPVAL-014', status: PentestStatus.NOT_STARTED, + enabled: true, childEntries: [ { category: Category.INPUT_VALIDATION_TESTING, refNumber: 'OTG-INPVAL-014_1', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INPUT_VALIDATION_TESTING, refNumber: 'OTG-INPVAL-014_2', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INPUT_VALIDATION_TESTING, refNumber: 'OTG-INPVAL-014_3', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true } ] }, { category: Category.INPUT_VALIDATION_TESTING, refNumber: 'OTG-INPVAL-015', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.INPUT_VALIDATION_TESTING, refNumber: 'OTG-INPVAL-016', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, ]; } diff --git a/security-c4po-angular/src/shared/functions/categories/SESS/pentests.function.ts b/security-c4po-angular/src/shared/functions/categories/SESS/pentests.function.ts index 2af165c..d0d17dc 100644 --- a/security-c4po-angular/src/shared/functions/categories/SESS/pentests.function.ts +++ b/security-c4po-angular/src/shared/functions/categories/SESS/pentests.function.ts @@ -7,42 +7,50 @@ export function getSESS_Pentests(): Pentest[] { { category: Category.SESSION_MANAGEMENT_TESTING, refNumber: 'OTG-SESS-001', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.SESSION_MANAGEMENT_TESTING, refNumber: 'OTG-SESS-002', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.SESSION_MANAGEMENT_TESTING, refNumber: 'OTG-SESS-003', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.SESSION_MANAGEMENT_TESTING, refNumber: 'OTG-SESS-004', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.SESSION_MANAGEMENT_TESTING, refNumber: 'OTG-SESS-005', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.SESSION_MANAGEMENT_TESTING, refNumber: 'OTG-SESS-006', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.SESSION_MANAGEMENT_TESTING, refNumber: 'OTG-SESS-007', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true }, { category: Category.SESSION_MANAGEMENT_TESTING, refNumber: 'OTG-SESS-008', - status: PentestStatus.NOT_STARTED + status: PentestStatus.NOT_STARTED, + enabled: true } ]; } diff --git a/security-c4po-angular/src/shared/models/pentest.model.ts b/security-c4po-angular/src/shared/models/pentest.model.ts index c01d205..5863f3d 100644 --- a/security-c4po-angular/src/shared/models/pentest.model.ts +++ b/security-c4po-angular/src/shared/models/pentest.model.ts @@ -9,6 +9,7 @@ export class Pentest { refNumber: string; childEntries?: Pentest[]; status: PentestStatus; + enabled: boolean; findingIds?: Array; commentIds?: Array; timeSpent?: number; @@ -16,6 +17,7 @@ export class Pentest { constructor(category: Category, refNumber: string, status: PentestStatus, + enabled: boolean, id?: string, projectId?: string, findingsIds?: Array, @@ -26,6 +28,7 @@ export class Pentest { this.category = category; this.refNumber = refNumber; this.status = status; + this.enabled = enabled; this.findingIds = findingsIds ? findingsIds : []; this.commentIds = commentsIds ? commentsIds : []; this.timeSpent = timeSpent ? timeSpent : 0; @@ -35,6 +38,7 @@ export class Pentest { export interface ObjectiveEntry { refNumber: string; status: string; + enabled: boolean; findings?: number; kind?: string; childEntries?: ObjectiveEntry[]; @@ -56,6 +60,7 @@ export function transformPentestToRequestBody(pentest: Pentest): Pentest { category: typeof pentest.category === 'number' ? Category[pentest.category] : pentest.category, refNumber: pentest.refNumber, status: pentest.status, + enabled: pentest.enabled, findingIds: pentest.findingIds ? pentest.findingIds : [], commentIds: pentest.commentIds ? pentest.commentIds : [], /* Remove Table Entry Object Properties */ @@ -71,8 +76,10 @@ export function transformPentestsToObjectiveEntries(pentests: Pentest[]): Object const objectiveEntries: ObjectiveEntry[] = []; pentests.forEach((value: Pentest) => { objectiveEntries.push({ + id: value.id, refNumber: value.refNumber, status: value.status, + enabled: value.enabled, findingIds: value.findingIds, commentIds: value.commentIds, kind: value.childEntries ? 'dir' : 'cell', diff --git a/security-c4po-angular/src/shared/modules/comment-dialog/comment-dialog.component.scss b/security-c4po-angular/src/shared/modules/comment-dialog/comment-dialog.component.scss index 09db77f..ed0e1d3 100644 --- a/security-c4po-angular/src/shared/modules/comment-dialog/comment-dialog.component.scss +++ b/security-c4po-angular/src/shared/modules/comment-dialog/comment-dialog.component.scss @@ -3,7 +3,7 @@ .comment-dialog { width: 45.25rem !important; - height: 45rem; + height: 48rem; .comment-dialog-header { height: 8vh; diff --git a/security-c4po-angular/src/shared/modules/comment-dialog/comment-dialog.component.spec.ts b/security-c4po-angular/src/shared/modules/comment-dialog/comment-dialog.component.spec.ts index f996b20..5488e36 100644 --- a/security-c4po-angular/src/shared/modules/comment-dialog/comment-dialog.component.spec.ts +++ b/security-c4po-angular/src/shared/modules/comment-dialog/comment-dialog.component.spec.ts @@ -59,6 +59,7 @@ const DESIRED_PROJECT_STATE_SESSION: ProjectStateModel = { refNumber: 'OTF-001', childEntries: [], status: PentestStatus.NOT_STARTED, + enabled: true, findingIds: [], commentIds: ['56c47c56-3bcd-45f1-a05b-c197dbd33112'] }, diff --git a/security-c4po-angular/src/shared/modules/export-report-dialog/export-report-dialog.component.scss b/security-c4po-angular/src/shared/modules/export-report-dialog/export-report-dialog.component.scss index 690ce64..f09627d 100644 --- a/security-c4po-angular/src/shared/modules/export-report-dialog/export-report-dialog.component.scss +++ b/security-c4po-angular/src/shared/modules/export-report-dialog/export-report-dialog.component.scss @@ -4,7 +4,7 @@ .export-report-dialog { width: 45.25rem !important; - height: 54.25rem; + height: 56.25rem; .export-report-header { height: 8vh; diff --git a/security-c4po-angular/src/shared/modules/finding-dialog/finding-dialog.component.spec.ts b/security-c4po-angular/src/shared/modules/finding-dialog/finding-dialog.component.spec.ts index 9f99ff2..c942cc6 100644 --- a/security-c4po-angular/src/shared/modules/finding-dialog/finding-dialog.component.spec.ts +++ b/security-c4po-angular/src/shared/modules/finding-dialog/finding-dialog.component.spec.ts @@ -57,6 +57,7 @@ const DESIRED_PROJECT_STATE_SESSION: ProjectStateModel = { refNumber: 'OTF-001', childEntries: [], status: PentestStatus.NOT_STARTED, + enabled: true, findingIds: ['56c47c56-3bcd-45f1-a05b-c197dbd33112'], commentIds: [] }, diff --git a/security-c4po-angular/src/shared/modules/project-dialog/project-dialog.component.scss b/security-c4po-angular/src/shared/modules/project-dialog/project-dialog.component.scss index 71821cb..67e1b9a 100644 --- a/security-c4po-angular/src/shared/modules/project-dialog/project-dialog.component.scss +++ b/security-c4po-angular/src/shared/modules/project-dialog/project-dialog.component.scss @@ -3,7 +3,7 @@ .project-dialog { width: 36rem !important; - height: 43.5rem; + height: 44.5rem; .project-dialog-header { height: 10vh; diff --git a/security-c4po-angular/src/shared/modules/timer/timer.component.ts b/security-c4po-angular/src/shared/modules/timer/timer.component.ts index bbfee25..4a2ef0a 100644 --- a/security-c4po-angular/src/shared/modules/timer/timer.component.ts +++ b/security-c4po-angular/src/shared/modules/timer/timer.component.ts @@ -65,13 +65,13 @@ export class TimerComponent implements OnInit, OnDestroy { } private createIntialPentestInBackend(): void { - // Save initial Pentest a new + // Save initial pentest a new this.pentestInfo$.next({...this.pentestInfo$.getValue(), timeSpent: this.timer}); this.pentestService.savePentest(this.selectedProjectId$.getValue(), transformPentestToRequestBody(this.pentestInfo$.getValue())) .subscribe({ next: (pentest: Pentest) => { this.store.dispatch(new ChangePentest(pentest)); - this.notificationService.showPopup('pentest.popup.initial.save.success', PopupType.SUCCESS); + this.notificationService.showPopup('pentest.popup.initial.save.success', PopupType.INFO); }, error: err => { console.log(err); diff --git a/security-c4po-angular/src/shared/services/api/pentest.service.ts b/security-c4po-angular/src/shared/services/api/pentest.service.ts index 02cdc99..0bcadc3 100644 --- a/security-c4po-angular/src/shared/services/api/pentest.service.ts +++ b/security-c4po-angular/src/shared/services/api/pentest.service.ts @@ -107,4 +107,20 @@ export class PentestService { public updatePentest(pentest: Pentest): Observable { return this.http.patch(`${this.apiBaseURL}/${pentest.id}`, pentest); } + + /** + * Disable Objective + * @param pentestId the id of the Pentest + */ + public disableObjective(projectId: string, pentestId: string): Observable { + return this.http.post(`${this.apiBaseURL}/${projectId}/${pentestId}/disable`, null); + } + + /** + * Enable Objective + * @param pentestId the id of the Pentest + */ + public enableObjective(projectId: string, pentestId: string): Observable { + return this.http.post(`${this.apiBaseURL}/${projectId}/${pentestId}/enable`, null); + } } diff --git a/security-c4po-angular/src/shared/services/toaster-service/notification.service.ts b/security-c4po-angular/src/shared/services/toaster-service/notification.service.ts index 6311208..163f195 100644 --- a/security-c4po-angular/src/shared/services/toaster-service/notification.service.ts +++ b/security-c4po-angular/src/shared/services/toaster-service/notification.service.ts @@ -17,13 +17,41 @@ export class NotificationService { .subscribe((translationContainer) => { this.toastrService.show( '', - translationContainer[translationKey] + ' ' + translationContainer[popupType], { + translationContainer[translationKey] /*+ ' ' + translationContainer[popupType]*/, { position: NbGlobalPhysicalPosition.BOTTOM_RIGHT, duration: 5000, + status: getStatusForPopUpType(popupType), toastClass: createCssClassName(popupType) }); }); + function getStatusForPopUpType(popupType): string { + let toasterStatus; + switch (popupType) { + case PopupType.SUCCESS: { + toasterStatus = 'success'; + break; + } + case PopupType.INFO: { + toasterStatus = 'control'; + break; + } + case PopupType.FAILURE: { + toasterStatus = 'danger'; + break; + } + case PopupType.WARNING: { + toasterStatus = 'warning'; + break; + } + default: { + toasterStatus = 'basic'; + break; + } + } + return toasterStatus; + } + function createCssClassName(type: PopupType): string { const currentType = type ? type : PopupType.INFO; return currentType.toString().replace('.', '-'); diff --git a/security-c4po-api/security-c4po-api.postman_collection.json b/security-c4po-api/security-c4po-api.postman_collection.json index aab012a..a9e29c6 100644 --- a/security-c4po-api/security-c4po-api.postman_collection.json +++ b/security-c4po-api/security-c4po-api.postman_collection.json @@ -73,7 +73,7 @@ "method": "GET", "header": [], "url": { - "raw": "http://localhost:8443/projects/5a4f126c-9471-43b8-80b9-6eb02b7c35d0", + "raw": "http://localhost:8443/projects/575dd9d4-cb3c-4df3-981e-8a18bf8dc1d2", "protocol": "http", "host": [ "localhost" @@ -81,7 +81,7 @@ "port": "8443", "path": [ "projects", - "5a4f126c-9471-43b8-80b9-6eb02b7c35d0" + "575dd9d4-cb3c-4df3-981e-8a18bf8dc1d2" ] } }, @@ -107,7 +107,7 @@ "method": "GET", "header": [], "url": { - "raw": "http://localhost:8443/projects/evaluation/5a4f126c-9471-43b8-80b9-6eb02b7c35d0", + "raw": "http://localhost:8443/projects/evaluation/575dd9d4-cb3c-4df3-981e-8a18bf8dc1d2", "protocol": "http", "host": [ "localhost" @@ -116,7 +116,7 @@ "path": [ "projects", "evaluation", - "5a4f126c-9471-43b8-80b9-6eb02b7c35d0" + "575dd9d4-cb3c-4df3-981e-8a18bf8dc1d2" ] } }, @@ -860,7 +860,7 @@ } }, "url": { - "raw": "http://localhost:8443/pentests/pentestId", + "raw": "http://localhost:8443/pentests/{pentestId}", "protocol": "http", "host": [ "localhost" @@ -868,7 +868,79 @@ "port": "8443", "path": [ "pentests", - "pentestId" + "{pentestId}" + ] + } + }, + "response": [] + }, + { + "name": "disablePentest", + "request": { + "auth": { + "type": "bearer", + "bearer": [ + { + "key": "token", + "value": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICItdG1lbEV0ZHhGTnRSMW9aNXlRdE5jaFFpX0RVN2VNeV9YcU44aXY0S3hzIn0.eyJleHAiOjE2ODEyODY4MDQsImlhdCI6MTY4MTI4NjUwNCwianRpIjoiMzM2MDM4NDAtZWI3Yy00ZWNkLWI0MmYtYzU5NGU1ZjdhYjg4IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2F1dGgvcmVhbG1zL2M0cG9fcmVhbG1fbG9jYWwiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiMTBlMDZkN2EtOGRkMC00ZWNkLTg5NjMtMDU2YjQ1MDc5YzRmIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYzRwb19sb2NhbCIsInNlc3Npb25fc3RhdGUiOiIyZDljNDdhZC1jZTBhLTQxMDQtODAxYy0zMTU1OWQxYjc0Y2MiLCJhbGxvd2VkLW9yaWdpbnMiOlsiKiJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiYzRwb191c2VyIiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImM0cG9fbG9jYWwiOnsicm9sZXMiOlsidXNlciJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJwcm9maWxlIGVtYWlsIiwic2lkIjoiMmQ5YzQ3YWQtY2UwYS00MTA0LTgwMWMtMzE1NTlkMWI3NGNjIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJuYW1lIjoidGVzdCB1c2VyIiwicHJlZmVycmVkX3VzZXJuYW1lIjoidHR0IiwiZ2l2ZW5fbmFtZSI6InRlc3QiLCJmYW1pbHlfbmFtZSI6InVzZXIifQ.koJ8prpiRfL8twkSKMkOZW38jsfrj2Gf6XJtWXeJOhrsgJ-Ncehh1u_Dp_m8eokOZ_Xfl90SJhePh0KTUOY18-bz1KTBtWeqaX4-91Pz9pQ0wkztsZv9K2Axk6gfbFf5yObFj8EW4uhO_DDRfbBXzSrH6MhFk3PBz4smJQ4eVTtEg7D5XKbCZ0B4ja5RfQMTlfgp4dgnPdw6SZgraBJZaqzXkfcWa2jYSyLILsaaaY2mXEBDmBy3rBoV63ucYUB7BA6MmoMz-k8CVFCCZ57XIfT-IPIfWtbIldM0Bb3SMWC_bt89eGhOKqpzl354h5vFEAapiSLtNicvbX_Wk_1MWw", + "type": "string" + }, + { + "key": "undefined", + "type": "any" + } + ] + }, + "method": "POST", + "header": [], + "url": { + "raw": "http://localhost:8443/pentests/{projectId}/{pentestId}/disable", + "protocol": "http", + "host": [ + "localhost" + ], + "port": "8443", + "path": [ + "pentests", + "{projectId}", + "{pentestId}", + "disable" + ] + } + }, + "response": [] + }, + { + "name": "enablePentest", + "request": { + "auth": { + "type": "bearer", + "bearer": [ + { + "key": "token", + "value": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICItdG1lbEV0ZHhGTnRSMW9aNXlRdE5jaFFpX0RVN2VNeV9YcU44aXY0S3hzIn0.eyJleHAiOjE2ODEyODY4MDQsImlhdCI6MTY4MTI4NjUwNCwianRpIjoiMzM2MDM4NDAtZWI3Yy00ZWNkLWI0MmYtYzU5NGU1ZjdhYjg4IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2F1dGgvcmVhbG1zL2M0cG9fcmVhbG1fbG9jYWwiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiMTBlMDZkN2EtOGRkMC00ZWNkLTg5NjMtMDU2YjQ1MDc5YzRmIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYzRwb19sb2NhbCIsInNlc3Npb25fc3RhdGUiOiIyZDljNDdhZC1jZTBhLTQxMDQtODAxYy0zMTU1OWQxYjc0Y2MiLCJhbGxvd2VkLW9yaWdpbnMiOlsiKiJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiYzRwb191c2VyIiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImM0cG9fbG9jYWwiOnsicm9sZXMiOlsidXNlciJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJwcm9maWxlIGVtYWlsIiwic2lkIjoiMmQ5YzQ3YWQtY2UwYS00MTA0LTgwMWMtMzE1NTlkMWI3NGNjIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJuYW1lIjoidGVzdCB1c2VyIiwicHJlZmVycmVkX3VzZXJuYW1lIjoidHR0IiwiZ2l2ZW5fbmFtZSI6InRlc3QiLCJmYW1pbHlfbmFtZSI6InVzZXIifQ.koJ8prpiRfL8twkSKMkOZW38jsfrj2Gf6XJtWXeJOhrsgJ-Ncehh1u_Dp_m8eokOZ_Xfl90SJhePh0KTUOY18-bz1KTBtWeqaX4-91Pz9pQ0wkztsZv9K2Axk6gfbFf5yObFj8EW4uhO_DDRfbBXzSrH6MhFk3PBz4smJQ4eVTtEg7D5XKbCZ0B4ja5RfQMTlfgp4dgnPdw6SZgraBJZaqzXkfcWa2jYSyLILsaaaY2mXEBDmBy3rBoV63ucYUB7BA6MmoMz-k8CVFCCZ57XIfT-IPIfWtbIldM0Bb3SMWC_bt89eGhOKqpzl354h5vFEAapiSLtNicvbX_Wk_1MWw", + "type": "string" + }, + { + "key": "undefined", + "type": "any" + } + ] + }, + "method": "POST", + "header": [], + "url": { + "raw": "http://localhost:8443/pentests/{projectId}/{pentestId}/enable", + "protocol": "http", + "host": [ + "localhost" + ], + "port": "8443", + "path": [ + "pentests", + "{projectId}", + "{pentestId}", + "enable" ] } }, diff --git a/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/Pentest.kt b/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/Pentest.kt index 8d7d888..28a0404 100644 --- a/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/Pentest.kt +++ b/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/Pentest.kt @@ -12,7 +12,8 @@ data class Pentest( val projectId: String, val category: PentestCategory, val refNumber: String, - val status: PentestStatus, + var status: PentestStatus, + var enabled: Boolean, var findingIds: List = emptyList(), var commentIds: List = emptyList(), var timeSpent: Int @@ -25,6 +26,7 @@ fun buildPentest(body: PentestRequestBody, pentestEntity: PentestEntity): Pentes category = PentestCategory.valueOf(body.category), refNumber = body.refNumber, status = PentestStatus.valueOf(body.status), + enabled = pentestEntity.data.enabled, findingIds = body.findingIds, commentIds = body.commentIds, timeSpent = body.timeSpent @@ -50,6 +52,7 @@ fun Pentest.toPentestResponseBody(): ResponseBody { "category" to category, "refNumber" to refNumber, "status" to status, + "enabled" to enabled, "findingIds" to findingIds, "commentIds" to commentIds, "timeSpent" to timeSpent @@ -83,6 +86,7 @@ data class PentestRequestBody( val refNumber: String, val category: String, val status: String, + val enabled: Boolean, val findingIds: List, val commentIds: List, val timeSpent: Int @@ -110,6 +114,7 @@ fun PentestRequestBody.toPentest(): Pentest { category = PentestCategory.valueOf(this.category), refNumber = this.refNumber, status = PentestStatus.valueOf(this.status), + enabled = this.enabled, findingIds = this.findingIds, commentIds = this.commentIds, timeSpent = this.timeSpent diff --git a/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/PentestController.kt b/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/PentestController.kt index 0605b54..f66e320 100644 --- a/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/PentestController.kt +++ b/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/PentestController.kt @@ -4,8 +4,6 @@ import com.securityc4po.api.configuration.BC_BAD_CAST_TO_ABSTRACT_COLLECTION import com.securityc4po.api.extensions.getLoggerFor import edu.umd.cs.findbugs.annotations.SuppressFBWarnings import com.securityc4po.api.ResponseBody -import com.securityc4po.api.pentest.comment.CommentService -import com.securityc4po.api.pentest.finding.FindingService import org.springframework.http.ResponseEntity import org.springframework.http.ResponseEntity.noContent import org.springframework.web.bind.annotation.* @@ -20,7 +18,10 @@ import reactor.core.publisher.Mono methods = [RequestMethod.GET, RequestMethod.DELETE, RequestMethod.POST, RequestMethod.PATCH] ) @SuppressFBWarnings(BC_BAD_CAST_TO_ABSTRACT_COLLECTION) -class PentestController(private val pentestService: PentestService, private val pentestReportService: PentestReportService) { +class PentestController( + private val pentestService: PentestService, + private val pentestReportService: PentestReportService +) { var logger = getLoggerFor() @@ -67,4 +68,36 @@ class PentestController(private val pentestService: PentestService, private val ResponseEntity.accepted().body(it.toPentestResponseBody()) } } + + /** + * Disables the [Pentest] + * + * @param pentestId: Id of the pentest + * @return The disabled [Pentest] + */ + @PostMapping("/{projectId}/{pentestId}/disable") + fun disablePentestObjective( + @PathVariable(value = "projectId") projectId: String, + @PathVariable(value = "pentestId") pentestId: String + ): Mono> { + return this.pentestService.enableOrDisableObjectiveByPentestId(projectId, pentestId, false).map { + ResponseEntity.accepted().body(it.toPentestResponseBody()) + } + } + + /** + * Enables the [Pentest] + * + * @param pentestId: Id of the pentest + * @return The enabled [Pentest] + */ + @PostMapping("/{projectId}/{pentestId}/enable") + fun enablePentestObjective( + @PathVariable(value = "projectId") projectId: String, + @PathVariable(value = "pentestId") pentestId: String + ): Mono> { + return this.pentestService.enableOrDisableObjectiveByPentestId(projectId, pentestId, true).map { + ResponseEntity.accepted().body(it.toPentestResponseBody()) + } + } } \ No newline at end of file diff --git a/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/PentestEntity.kt b/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/PentestEntity.kt index c06c8fc..eb9b31f 100644 --- a/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/PentestEntity.kt +++ b/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/PentestEntity.kt @@ -20,6 +20,7 @@ fun PentestEntity.toPentest(): Pentest { this.data.category, this.data.refNumber, this.data.status, + this.data.enabled, this.data.findingIds, this.data.commentIds, this.data.timeSpent diff --git a/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/PentestService.kt b/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/PentestService.kt index 490beec..181e507 100644 --- a/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/PentestService.kt +++ b/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/PentestService.kt @@ -279,4 +279,55 @@ class PentestService( } } } + + /** + * Enable or disable [Pentest] + * + * @throws [InvalidModelException] if the [Pentest] is invalid + * @throws [TransactionInterruptedException] if the [Pentest] could not be enabled or disabled + * @return enabled or disabled [Pentest] + */ + fun enableOrDisableObjectiveByPentestId(projectId: String, pentestId: String, enable: Boolean): Mono { + return pentestRepository.findPentestById(pentestId).switchIfEmpty { + logger.warn("Pentest with id $pentestId not found. Enabling not possible.") + val msg = "Pentest with id $pentestId not found." + val ex = EntityNotFoundException(msg, Errorcode.PentestNotFound) + throw ex + }.flatMap { currentPentestEntity: PentestEntity -> + if (enable) { + // Enable Pentest + currentPentestEntity.data.enabled = true + if (currentPentestEntity.data.findingIds.isEmpty() && currentPentestEntity.data.commentIds.isEmpty()) { + currentPentestEntity.data.status = PentestStatus.NOT_STARTED + } else { + currentPentestEntity.data.status = PentestStatus.PAUSED + } + } else { + // Disable Pentest + currentPentestEntity.data.enabled = false + currentPentestEntity.data.status = PentestStatus.DISABLED + } + currentPentestEntity.lastModified = Instant.now() + this.pentestRepository.save(currentPentestEntity).flatMap {updatedPentestEntity -> + // After successfully enabling or disabling of pentest update id and status to project + val projectPentest = ProjectPentest(pentestId = pentestId, status = currentPentestEntity.data.status) + projectService.updateProjectTestingProgress(projectId, projectPentest).onErrorMap { + TransactionInterruptedException( + "Project Pentest could not be updated in Database.", + Errorcode.ProjectPentestInsertionFailed + ) + }.map { + return@map updatedPentestEntity.toPentest() + } + }.doOnError { + throw wrappedException( + logging = { logger.warn("Pentest could not be enabled or disabled in Database. Thrown exception: ", it) }, + mappedException = TransactionInterruptedException( + "Pentest could not be enabled or disabled.", + Errorcode.PentestInsertionFailed + ) + ) + } + } + } } \ No newline at end of file diff --git a/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/comment/CommentService.kt b/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/comment/CommentService.kt index f267628..946e522 100644 --- a/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/comment/CommentService.kt +++ b/security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/comment/CommentService.kt @@ -69,7 +69,7 @@ class CommentService(private val commentRepository: CommentRepository, private v val comment = body.toComment() val commentEntity = CommentEntity(comment) return commentRepository.insert(commentEntity).flatMap { newCommentEntity: CommentEntity -> - val comment = newCommentEntity.toComment() + val newComment = newCommentEntity.toComment() // After successfully saving comment add id to pentest pentestService.updatePentestComment(pentestId, comment.id).onErrorMap { TransactionInterruptedException( @@ -77,7 +77,7 @@ class CommentService(private val commentRepository: CommentRepository, private v Errorcode.PentestInsertionFailed ) }.map { - comment + newComment } }.doOnError { throw wrappedException( diff --git a/security-c4po-api/src/main/kotlin/com/securityc4po/api/project/Project.kt b/security-c4po-api/src/main/kotlin/com/securityc4po/api/project/Project.kt index 5675365..54df272 100644 --- a/security-c4po-api/src/main/kotlin/com/securityc4po/api/project/Project.kt +++ b/security-c4po-api/src/main/kotlin/com/securityc4po/api/project/Project.kt @@ -100,16 +100,17 @@ fun Project.calculateProgress(): BigDecimal { // https://owasp.org/www-project-web-security-testing-guide/assets/archive/OWASP_Testing_Guide_v4.pdf // @Value("\${owasp.web.objectives}") // lateinit var TOTALPENTESTS: Int - val TOTAL_OWASP_OBJECTIVES = 95.0 + var TOTAL_OWASP_OBJECTIVES = 95.0 return if (projectPentests.isEmpty()) BigDecimal.ZERO else { var completedPentests = 0.0 projectPentests.forEach { projectPentest -> - println(projectPentest.toString()) if (projectPentest.status == PentestStatus.COMPLETED) { completedPentests += 1.0 + } else if (projectPentest.status == PentestStatus.DISABLED) { + TOTAL_OWASP_OBJECTIVES -= 1 } else if (projectPentest.status != PentestStatus.NOT_STARTED) { completedPentests += 0.5 } diff --git a/security-c4po-api/src/main/kotlin/com/securityc4po/api/project/ProjectController.kt b/security-c4po-api/src/main/kotlin/com/securityc4po/api/project/ProjectController.kt index 12e9665..a84177f 100644 --- a/security-c4po-api/src/main/kotlin/com/securityc4po/api/project/ProjectController.kt +++ b/security-c4po-api/src/main/kotlin/com/securityc4po/api/project/ProjectController.kt @@ -74,7 +74,7 @@ class ProjectController(private val projectService: ProjectService, private val // If the project has pentest they will be deleted as well as all associated findings & comments if (project.projectPentests.isNotEmpty()) { this.pentestDeletionService.deletePentestsAndAllAssociatedFindingsAndComments(project).collectList() - .flatMap { prunedProject: Any -> + .flatMap { Mono.just(ResponseEntity.ok().body(project.toProjectDeleteResponseBody())) } } else { diff --git a/security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/PentestControllerDocumentationTest.kt b/security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/PentestControllerDocumentationTest.kt index 7df58f6..5af8e89 100644 --- a/security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/PentestControllerDocumentationTest.kt +++ b/security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/PentestControllerDocumentationTest.kt @@ -87,6 +87,8 @@ class PentestControllerDocumentationTest : BaseDocumentationIntTest() { .description("The reference number of the requested pentest according to the current OWASP Testing Guide"), PayloadDocumentation.fieldWithPath("[].status").type(JsonFieldType.STRING) .description("The status of the requested pentest"), + PayloadDocumentation.fieldWithPath("[].enabled").type(JsonFieldType.BOOLEAN) + .description("Shows you if the objective of the pentest is enabled or not"), PayloadDocumentation.fieldWithPath("[].findingIds").type(JsonFieldType.ARRAY) .description("List of ids of the findings in the requested pentest"), PayloadDocumentation.fieldWithPath("[].commentIds").type(JsonFieldType.ARRAY) @@ -104,6 +106,7 @@ class PentestControllerDocumentationTest : BaseDocumentationIntTest() { category = PentestCategory.INFORMATION_GATHERING, refNumber = "OTG-INFO-001", status = PentestStatus.NOT_STARTED, + enabled = true, findingIds = emptyList(), commentIds = emptyList(), timeSpent = 0 @@ -114,6 +117,7 @@ class PentestControllerDocumentationTest : BaseDocumentationIntTest() { category = PentestCategory.INFORMATION_GATHERING, refNumber = "OTG-INFO-002", status = PentestStatus.IN_PROGRESS, + enabled = true, findingIds = emptyList(), commentIds = emptyList(), timeSpent = 0 @@ -164,6 +168,8 @@ class PentestControllerDocumentationTest : BaseDocumentationIntTest() { .description("The reference number of the created pentest according to the current OWASP Testing Guide"), PayloadDocumentation.fieldWithPath("status").type(JsonFieldType.STRING) .description("The status of the created pentest"), + PayloadDocumentation.fieldWithPath("enabled").type(JsonFieldType.BOOLEAN) + .description("Shows you if the objective of the pentest is enabled or not"), PayloadDocumentation.fieldWithPath("findingIds").type(JsonFieldType.ARRAY) .description("List of ids of the findings in the created pentest"), PayloadDocumentation.fieldWithPath("commentIds").type(JsonFieldType.ARRAY) @@ -180,6 +186,7 @@ class PentestControllerDocumentationTest : BaseDocumentationIntTest() { category = "CLIENT_SIDE_TESTING", refNumber = "OTG-CLIENT-001", status = "IN_PROGRESS", + enabled = true, findingIds = emptyList(), commentIds = emptyList(), timeSpent = 0 @@ -225,6 +232,8 @@ class PentestControllerDocumentationTest : BaseDocumentationIntTest() { .description("The reference number of the updated pentest according to the current OWASP Testing Guide"), PayloadDocumentation.fieldWithPath("status").type(JsonFieldType.STRING) .description("The status of the updated pentest"), + PayloadDocumentation.fieldWithPath("enabled").type(JsonFieldType.BOOLEAN) + .description("Shows you if the objective of the pentest is enabled or not"), PayloadDocumentation.fieldWithPath("findingIds").type(JsonFieldType.ARRAY) .description("List of ids of the findings in the updated pentest"), PayloadDocumentation.fieldWithPath("commentIds").type(JsonFieldType.ARRAY) @@ -241,6 +250,7 @@ class PentestControllerDocumentationTest : BaseDocumentationIntTest() { category = "INFORMATION_GATHERING", refNumber = "OTG-INFO-001", status = "PAUSED", + enabled = true, findingIds = emptyList(), commentIds = emptyList(), timeSpent = 0 @@ -268,6 +278,7 @@ class PentestControllerDocumentationTest : BaseDocumentationIntTest() { category = PentestCategory.INFORMATION_GATHERING, refNumber = "OTG-INFO-001", status = PentestStatus.NOT_STARTED, + enabled = true, findingIds = emptyList(), commentIds = emptyList(), timeSpent = 0 @@ -278,6 +289,7 @@ class PentestControllerDocumentationTest : BaseDocumentationIntTest() { category = PentestCategory.INFORMATION_GATHERING, refNumber = "OTG-INFO-002", status = PentestStatus.IN_PROGRESS, + enabled = true, findingIds = emptyList(), commentIds = emptyList(), timeSpent = 0 @@ -288,6 +300,7 @@ class PentestControllerDocumentationTest : BaseDocumentationIntTest() { category = PentestCategory.AUTHENTICATION_TESTING, refNumber = "OTG-AUTHN-001", status = PentestStatus.COMPLETED, + enabled = true, findingIds = emptyList(), commentIds = emptyList(), timeSpent = 0 diff --git a/security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/PentestControllerIntTest.kt b/security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/PentestControllerIntTest.kt index e9bd7ec..3577927 100644 --- a/security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/PentestControllerIntTest.kt +++ b/security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/PentestControllerIntTest.kt @@ -77,6 +77,7 @@ class PentestControllerIntTest : BaseIntTest() { category = PentestCategory.INFORMATION_GATHERING, refNumber = "OTG-INFO-001", status = PentestStatus.NOT_STARTED, + enabled = true, findingIds = emptyList(), commentIds = emptyList(), timeSpent = 0 @@ -87,6 +88,7 @@ class PentestControllerIntTest : BaseIntTest() { category = PentestCategory.INFORMATION_GATHERING, refNumber = "OTG-INFO-002", status = PentestStatus.IN_PROGRESS, + enabled = true, findingIds = emptyList(), commentIds = emptyList(), timeSpent = 0 @@ -124,6 +126,7 @@ class PentestControllerIntTest : BaseIntTest() { category = "CLIENT_SIDE_TESTING", refNumber = "OTG-CLIENT-001", status = "IN_PROGRESS", + enabled = true, findingIds = emptyList(), commentIds = emptyList(), timeSpent = 0 @@ -157,6 +160,7 @@ class PentestControllerIntTest : BaseIntTest() { category = "INFORMATION_GATHERING", refNumber = "OTG-INFO-001", status = "PAUSED", + enabled = true, findingIds = emptyList(), commentIds = emptyList(), timeSpent = 24 @@ -183,6 +187,7 @@ class PentestControllerIntTest : BaseIntTest() { category = PentestCategory.INFORMATION_GATHERING, refNumber = "OTG-INFO-001", status = PentestStatus.NOT_STARTED, + enabled = true, findingIds = emptyList(), commentIds = emptyList(), timeSpent = 0 @@ -193,6 +198,7 @@ class PentestControllerIntTest : BaseIntTest() { category = PentestCategory.INFORMATION_GATHERING, refNumber = "OTG-INFO-002", status = PentestStatus.IN_PROGRESS, + enabled = true, findingIds = emptyList(), commentIds = emptyList(), timeSpent = 0 @@ -203,6 +209,7 @@ class PentestControllerIntTest : BaseIntTest() { category = PentestCategory.AUTHENTICATION_TESTING, refNumber = "OTG-AUTHN-001", status = PentestStatus.COMPLETED, + enabled = true, findingIds = emptyList(), commentIds = emptyList(), timeSpent = 0 diff --git a/security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/comment/CommentControllerDocumentationTest.kt b/security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/comment/CommentControllerDocumentationTest.kt index 1bb1176..dad611c 100644 --- a/security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/comment/CommentControllerDocumentationTest.kt +++ b/security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/comment/CommentControllerDocumentationTest.kt @@ -294,6 +294,7 @@ class CommentControllerDocumentationTest : BaseDocumentationIntTest() { category = PentestCategory.INFORMATION_GATHERING, refNumber = "OTG-INFO-001", status = PentestStatus.NOT_STARTED, + enabled = true, findingIds = emptyList(), commentIds = emptyList(), timeSpent = 0 @@ -304,6 +305,7 @@ class CommentControllerDocumentationTest : BaseDocumentationIntTest() { category = PentestCategory.INFORMATION_GATHERING, refNumber = "OTG-INFO-002", status = PentestStatus.IN_PROGRESS, + enabled = true, findingIds = emptyList(), commentIds = listOf("ab62d365-1b1d-4da1-89bc-5496616e220f"), timeSpent = 56 @@ -314,6 +316,7 @@ class CommentControllerDocumentationTest : BaseDocumentationIntTest() { category = PentestCategory.AUTHENTICATION_TESTING, refNumber = "OTG-AUTHN-001", status = PentestStatus.COMPLETED, + enabled = true, findingIds = emptyList(), commentIds = emptyList(), timeSpent = 124 diff --git a/security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/comment/CommentControllerIntTest.kt b/security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/comment/CommentControllerIntTest.kt index c492d63..ffe7329 100644 --- a/security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/comment/CommentControllerIntTest.kt +++ b/security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/comment/CommentControllerIntTest.kt @@ -191,6 +191,7 @@ class CommentControllerIntTest : BaseIntTest() { category = PentestCategory.INFORMATION_GATHERING, refNumber = "OTG-INFO-001", status = PentestStatus.NOT_STARTED, + enabled = true, findingIds = emptyList(), commentIds = emptyList(), timeSpent = 0 @@ -201,6 +202,7 @@ class CommentControllerIntTest : BaseIntTest() { category = PentestCategory.INFORMATION_GATHERING, refNumber = "OTG-INFO-002", status = PentestStatus.IN_PROGRESS, + enabled = true, findingIds = emptyList(), commentIds = listOf("ab62d365-1b1d-4da1-89bc-5496616e220f"), timeSpent = 56 @@ -211,6 +213,7 @@ class CommentControllerIntTest : BaseIntTest() { category = PentestCategory.AUTHENTICATION_TESTING, refNumber = "OTG-AUTHN-001", status = PentestStatus.COMPLETED, + enabled = true, findingIds = emptyList(), commentIds = emptyList(), timeSpent = 124 diff --git a/security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/finding/FindingControllerDocumentationTest.kt b/security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/finding/FindingControllerDocumentationTest.kt index 9691a1a..fb766e4 100644 --- a/security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/finding/FindingControllerDocumentationTest.kt +++ b/security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/finding/FindingControllerDocumentationTest.kt @@ -352,6 +352,7 @@ class FindingControllerDocumentationTest: BaseDocumentationIntTest() { category = PentestCategory.INFORMATION_GATHERING, refNumber = "OTG-INFO-001", status = PentestStatus.NOT_STARTED, + enabled = true, findingIds = emptyList(), commentIds = emptyList(), timeSpent = 0 @@ -362,6 +363,7 @@ class FindingControllerDocumentationTest: BaseDocumentationIntTest() { category = PentestCategory.INFORMATION_GATHERING, refNumber = "OTG-INFO-002", status = PentestStatus.IN_PROGRESS, + enabled = true, findingIds = listOf("ab62d365-1b1d-4da1-89bc-5496616e220f"), commentIds = emptyList(), timeSpent = 56 @@ -372,6 +374,7 @@ class FindingControllerDocumentationTest: BaseDocumentationIntTest() { category = PentestCategory.AUTHENTICATION_TESTING, refNumber = "OTG-AUTHN-001", status = PentestStatus.COMPLETED, + enabled = true, findingIds = emptyList(), commentIds = emptyList(), timeSpent = 124 diff --git a/security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/finding/FindingControllerIntTest.kt b/security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/finding/FindingControllerIntTest.kt index 02a86ee..8f93dda 100644 --- a/security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/finding/FindingControllerIntTest.kt +++ b/security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/finding/FindingControllerIntTest.kt @@ -219,6 +219,7 @@ class FindingControllerIntTest: BaseIntTest() { category = PentestCategory.INFORMATION_GATHERING, refNumber = "OTG-INFO-001", status = PentestStatus.NOT_STARTED, + enabled = true, findingIds = emptyList(), commentIds = emptyList(), timeSpent = 0 @@ -229,6 +230,7 @@ class FindingControllerIntTest: BaseIntTest() { category = PentestCategory.INFORMATION_GATHERING, refNumber = "OTG-INFO-002", status = PentestStatus.IN_PROGRESS, + enabled = true, findingIds = listOf("ab62d365-1b1d-4da1-89bc-5496616e220f"), commentIds = emptyList(), timeSpent = 56 @@ -239,6 +241,7 @@ class FindingControllerIntTest: BaseIntTest() { category = PentestCategory.AUTHENTICATION_TESTING, refNumber = "OTG-AUTHN-001", status = PentestStatus.COMPLETED, + enabled = true, findingIds = emptyList(), commentIds = emptyList(), timeSpent = 124 diff --git a/security-c4po-api/src/test/resources/collections/comments.json b/security-c4po-api/src/test/resources/collections/comments.json index 74fd1e3..a7307d4 100644 --- a/security-c4po-api/src/test/resources/collections/comments.json +++ b/security-c4po-api/src/test/resources/collections/comments.json @@ -1,28 +1,56 @@ [{ "_id": { - "$oid": "6405dbf113ae975803a09901" + "$oid": "6436992c28fc40394ae5b623" }, "lastModified": { - "$date": "2023-03-06T12:26:25.081Z" + "$date": "2023-04-12T11:42:36.694Z" }, "data": { - "_id": "85935303-e5b7-48ca-a504-910c1a94fb1f", - "title": "Uninteresting comment", - "description": "Nothing", + "_id": "5514f0d3-7c80-4138-bf3e-56b515560f00", + "title": "OWASP Juice Shop Architecture", + "description": "In the frontend the popular Angular framework is used to create a so-called Single Page Application.\nJavaScript is also used in the backend as the exclusive programming language: An Express application hosted in a Node.js server delivers the client-side code to the browser. It also provides the necessary backend functionality to the client via a RESTful API.\nAs an underlying database a light-weight SQLite was chosen, because of its file-based nature. Sequelize and finale-rest are used as an abstraction layer from the database.\nAs an additional data store, a MarsDB is part of the OWASP Juice Shop.\nThe application also offers user registration via OAuth 2.0 so users can sign in with their Google accounts.", "attachments": [] }, "_class": "com.securityc4po.api.pentest.comment.CommentEntity" },{ "_id": { - "$oid": "6405dc0513ae975803a09902" + "$oid": "64369e4428fc40394ae5b679" }, "lastModified": { - "$date": "2023-03-06T12:26:45.811Z" + "$date": "2023-04-12T12:04:20.039Z" }, "data": { - "_id": "a785aaf0-1feb-429e-beb1-31bfcf70c404", - "title": "Interesting comment", - "description": "I know where your house lives", + "_id": "4a3be0f9-fc2a-4607-9996-c2a92ae5ccbc", + "title": "Test Scroll Feature here", + "description": "Try to make the info description scrollable without destroying the header.", + "attachments": [] + }, + "_class": "com.securityc4po.api.pentest.comment.CommentEntity" +},{ + "_id": { + "$oid": "64369f2628fc40394ae5b68e" + }, + "lastModified": { + "$date": "2023-04-12T12:08:06.156Z" + }, + "data": { + "_id": "02491d86-5f8d-4574-9bac-4d21ae4a2040", + "title": "Wow", + "description": "What a test comment..", + "attachments": [] + }, + "_class": "com.securityc4po.api.pentest.comment.CommentEntity" +},{ + "_id": { + "$oid": "64369f3b28fc40394ae5b68f" + }, + "lastModified": { + "$date": "2023-04-12T12:08:27.939Z" + }, + "data": { + "_id": "bd1b9a09-c8d4-4050-8930-b79e4e81d50d", + "title": "Amazing", + "description": "Wow!", "attachments": [] }, "_class": "com.securityc4po.api.pentest.comment.CommentEntity" diff --git a/security-c4po-api/src/test/resources/collections/findings.json b/security-c4po-api/src/test/resources/collections/findings.json index b316dbb..524e76a 100644 --- a/security-c4po-api/src/test/resources/collections/findings.json +++ b/security-c4po-api/src/test/resources/collections/findings.json @@ -1,75 +1,178 @@ [{ "_id": { - "$oid": "6405db8a13ae975803a098fe" + "$oid": "643699cd28fc40394ae5b625" }, "lastModified": { - "$date": "2023-03-06T12:24:42.494Z" + "$date": "2023-04-12T11:45:23.385Z" }, "data": { - "_id": "5bf1b2e1-69b7-463b-a1ca-4ac6ac66b10f", - "severity": "MEDIUM", - "title": "Medium Prio Finding", - "description": "Medium Description", - "impact": "Medium Impact", - "affectedUrls": [], - "reproduction": "1. Open App", - "mitigation": "", - "attachments": [] - }, - "_class": "com.securityc4po.api.pentest.finding.FindingEntity" -},{ - "_id": { - "$oid": "6405dba513ae975803a098ff" - }, - "lastModified": { - "$date": "2023-03-06T12:25:09.645Z" - }, - "data": { - "_id": "f6e6c632-ab34-479e-9584-565f61c5862a", + "_id": "354c62b1-8f7f-4a65-9f1b-c4f6388f5506", "severity": "HIGH", - "title": "High Prio Finding", - "description": "High Prio Description", - "impact": "High Impact", - "affectedUrls": [], - "reproduction": "1. Open App\n2. Hack", - "mitigation": "", + "title": "Broken Access Control", + "description": "Security flaws are caused by fragilely implemented access rights (or non-well-thought access constructs).\nAccess control is based on:\n- Confidentiality of the requested element\n- Role or permissions of the requesting user\nFlaws in access control can lead to:\n- Unauthorized users can obtain, manipulate or delete important and sensitive data\nChanging the bid inside the session storage in the frontend or intercepting the GET request for the basket and changing the id parameter results in getting the basket of another user (as long as the new id is valid).\n", + "impact": "This does not just affects the frontend but also destroys the integrity of the data from the backend since you can see the basket of other users.", + "affectedUrls": [ + "https://juice-shop.herokuapp.com/#/basket, https://juice-shop.herokuapp.com/rest/basket/{id}" + ], + "reproduction": "Step 1:\nLogin as any user.\n\nStep 2:\nGo to the basket page.\n\nStep 3:\nChange the bid value or intecept and manipulate the GET request for the basket.\n", + "mitigation": "Decide for a matching access control model: - Discretionary access control (DAC)\n- Role-based access control (RBAC)\n- Mandatory access control (MAC)\n- Attribute-based access control (ABAC)", "attachments": [] }, "_class": "com.securityc4po.api.pentest.finding.FindingEntity" },{ "_id": { - "$oid": "6405dbcc13ae975803a09900" + "$oid": "64369a1428fc40394ae5b627" }, "lastModified": { - "$date": "2023-03-06T12:25:48.815Z" + "$date": "2023-04-12T11:46:28.934Z" }, "data": { - "_id": "176f5d93-0fe3-40b1-8a25-f11a6f760148", - "severity": "CRITICAL", - "title": "Critical Prio Finding", - "description": "Critical Description", - "impact": "Critical Impact", - "affectedUrls": [], - "reproduction": "1. Open App\n2. Hack\n3. Break everything", - "mitigation": "", + "_id": "b215d04c-fec9-4f75-8d83-89ba0c6d3e74", + "severity": "HIGH", + "title": "Deprectated B2B Interface File Upload Error", + "description": "Inside the complaint screen the user is able to upload a file that should only be ment to be a pdf.\nUpon expection of the allowed MIME Types included in the main.js file we can see the following MIME Types being accepted by the application:\n[\"application/pdf\", \"application/xml\", \"text/xml\", \"application/zip\", \"application/x-zip-compressed\", \"multipart/x-zip\"]\nUploading a XML File results in the following error message that doesn't get handled gracefully by the frontend:\n\"Error: B2B customer complaints via file upload have been deprecated for security reasons (filename.xml)\"", + "impact": "This deprecated interface affects the frontend, backend and potentially the database depending on how the uploaded file is being handeled in the backend.", + "affectedUrls": [ + "https://juice-shop.herokuapp.com/#/complain" + ], + "reproduction": "Step 1:\nLogin to the application with any user.\n\nStep 2:\nGo to complaint screen.\n\nStep 3:\nWrite a small message in text field and upload any xml file before clicking on \"Submit\".\n\nYou will now get the error mentioned in the description.", + "mitigation": "Adjust the allowed MIME Type in the frontend.\nOther generic prevention methods include: \n- Use Configuration Management:\n- Hardening, Remove old configurations\n- Proper Error Codes", "attachments": [] }, "_class": "com.securityc4po.api.pentest.finding.FindingEntity" },{ "_id": { - "$oid": "641d94fb28aed92b289a61c7" + "$oid": "64369a5528fc40394ae5b629" }, "lastModified": { - "$date": "2023-03-24T12:18:03.350Z" + "$date": "2023-04-12T11:49:24.611Z" }, "data": { - "_id": "82076448-7ec0-4d64-a75d-b9bf6f4920be", + "_id": "19521078-aef5-4505-8b1f-958e75bd3fd1", + "severity": "HIGH", + "title": "Searchbar XSS", + "description": "DOM-based vulnerabilities arise when a client-side script reads data from a controllable part of the DOM (for example, the URL) and processes this data in an unsafe way.\nAdding