nosu
/
security-c4po
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: As a user I want to disable / enable objectives

This commit is contained in:
Marcel Haag 2023-04-12 13:32:01 +02:00 committed by Cel
parent 07c6871294
commit e0e23f7383
55 changed files with 2885 additions and 1201 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
security-c4po-angular/src/app/objective-overview/objective-header/objective-header.component.spec.ts
View File

@ -51,6 +51,7 @@ const DESIRED_PROJECT_STATE_SESSION: ProjectStateModel = {
refNumber: 'OTF-001',
childEntries: [],
status: PentestStatus.NOT_STARTED,
enabled: true,
findingIds: [],
commentIds: ['56c47c56-3bcd-45f1-a05b-c197dbd33112']
},

3
security-c4po-angular/src/app/objective-overview/objective-header/objective-header.component.ts
View File

@ -28,7 +28,6 @@ import {TranslateService} from '@ngx-translate/core';
})
export class ObjectiveHeaderComponent implements OnInit {
readonly fa = FA;
selectedProject$: BehaviorSubject<Project> = new BehaviorSubject<Project>(null);
// Mobile menu properties
objectiveActionItems: NbMenuItem[] = [
@ -45,6 +44,8 @@ export class ObjectiveHeaderComponent implements OnInit {
}
},
];
// HTML only
readonly fa = FA;
readonly BARS_IMG = 'assets/images/icons/bars.svg';
readonly ELLIPSIS_IMG = 'assets/images/icons/ellipsis.svg';

45
security-c4po-angular/src/app/objective-overview/objective-table/objective-table.component.html
View File

@ -1,16 +1,17 @@
<div class="pentest-table">
<table [nbTreeGrid]="dataSource">
<!--ToDo: Add the click event to every td manually except the actions column actions-->
<tr nbTreeGridHeaderRow *nbTreeGridHeaderRowDef="columns"></tr>
<tr nbTreeGridRow *nbTreeGridRowDef="let pentest; columns: columns"
class="pentest-cell"
(click)="onClickRouteToObjectivePentest(pentest.data)">
[ngClass]="{'disabled-objective' : !pentest.data['enabled']}">
</tr>
<!-- Test ID -->
<ng-container [nbTreeGridColumnDef]="columns[0]">
<th nbTreeGridHeaderCell *nbTreeGridHeaderCellDef>
{{ 'pentest.testId' | translate }}
</th>
<td nbTreeGridCell *nbTreeGridCellDef="let pentest">
<td nbTreeGridCell *nbTreeGridCellDef="let pentest" (click)="onClickRouteToObjectivePentest(pentest.data)">
<!-- Opens sub categories if row needs to be extendend -->
<nb-tree-grid-row-toggle
[expanded]="pentest.expanded"
@ -25,7 +26,7 @@
<th nbTreeGridHeaderCell *nbTreeGridHeaderCellDef>
{{ 'pentest.title' | translate }}
</th>
<td nbTreeGridCell *nbTreeGridCellDef="let pentest">
<td nbTreeGridCell *nbTreeGridCellDef="let pentest" (click)="onClickRouteToObjectivePentest(pentest.data)">
{{ getTitle(pentest.data['refNumber']) | translate }}
</td>
</ng-container>
@ -34,7 +35,7 @@
<th nbTreeGridHeaderCell *nbTreeGridHeaderCellDef>
{{ 'pentest.status' | translate }}
</th>
<td nbTreeGridCell *nbTreeGridCellDef="let pentest">
<td nbTreeGridCell *nbTreeGridCellDef="let pentest" (click)="onClickRouteToObjectivePentest(pentest.data)">
<app-status-tag [currentStatus]="pentest.data['status']"></app-status-tag>
</td>
</ng-container>
@ -43,7 +44,7 @@
<th nbTreeGridHeaderCell *nbTreeGridHeaderCellDef>
{{ 'pentest.findings&comments' | translate }}
</th>
<td nbTreeGridCell *nbTreeGridCellDef="let pentest">
<td nbTreeGridCell *nbTreeGridCellDef="let pentest" (click)="onClickRouteToObjectivePentest(pentest.data)">
<div fxLayout="row" fxLayoutGap="0.5rem" fxLayoutAlign="start start">
<app-findig-widget [numberOfFindings]="pentest.data['findingIds'] ? pentest.data['findingIds'].length : 0"></app-findig-widget>
<span> / </span>
@ -51,6 +52,40 @@
</div>
</td>
</ng-container>
<!-- Actions -->
<ng-container [nbTreeGridColumnDef]="columns[4]">
<th nbTreeGridHeaderCell *nbTreeGridHeaderCellDef class="cell-actions">
{{'global.actions' | translate}}
</th>
<td nbTreeGridCell *nbTreeGridCellDef="let pentest" class="cell-actions">
<div fxLayoutAlign="center center">
<ng-container *ngIf="pentest.data['enabled'] === true; else renderDisablePentestButton">
<button
nbButton
status="danger"
size="small"
shape="round"
title="{{ 'global.action.disable' | translate }}"
[disabled]="!pentest.data['id']"
(click)="onClickDisableOrEnableObjective(pentest)">
<fa-icon [icon]="fa.faBan"></fa-icon>
</button>
</ng-container>
<ng-template #renderDisablePentestButton>
<button
nbButton
status="control"
size="small"
shape="round"
title="{{ 'global.action.enable' | translate }}"
[disabled]="!pentest.data['id']"
(click)="onClickDisableOrEnableObjective(pentest)">
<fa-icon [icon]="fa.faCheck"></fa-icon>
</button>
</ng-template>
</div>
</td>
</ng-container>
</table>
</div>

13
security-c4po-angular/src/app/objective-overview/objective-table/objective-table.component.scss
View File

@ -15,4 +15,17 @@
cursor: pointer;
background-color: nb-theme(color-basic-transparent-focus);
}
.disabled-objective {
background-color: nb-theme(color-control-transparent-disabled);
}
.disabled-objective:hover {
cursor: not-allowed;
}
.cell-actions {
width: max-content;
max-width: 180px;
}
}

8
security-c4po-angular/src/app/objective-overview/objective-table/objective-table.component.spec.ts
View File

@ -14,6 +14,10 @@ import {MockComponent} from 'ng-mocks';
import {NgxsModule} from '@ngxs/store';
import {ProjectState} from '@shared/stores/project-state/project-state';
import {HttpClientTestingModule} from '@angular/common/http/testing';
import {DialogService} from '@shared/services/dialog-service/dialog.service';
import {DialogServiceMock} from '@shared/services/dialog-service/dialog.service.mock';
import {NotificationService} from '@shared/services/toaster-service/notification.service';
import {NotificationServiceMock} from '@shared/services/toaster-service/notification.service.mock';
describe('ObjectiveTableComponent', () => {
let component: ObjectiveTableComponent;
@ -41,6 +45,10 @@ describe('ObjectiveTableComponent', () => {
}),
RouterTestingModule.withRoutes([]),
NgxsModule.forRoot([ProjectState])
],
providers: [
{provide: DialogService, useClass: DialogServiceMock},
{provide: NotificationService, useClass: NotificationServiceMock}
]
})
.compileComponents();

124
security-c4po-angular/src/app/objective-overview/objective-table/objective-table.component.ts
View File

@ -5,12 +5,16 @@ import {PentestService} from '@shared/services/api/pentest.service';
import {Store} from '@ngxs/store';
import {PROJECT_STATE_NAME, ProjectState} from '@shared/stores/project-state/project-state';
import {UntilDestroy, untilDestroyed} from '@ngneat/until-destroy';
import {catchError, switchMap, tap} from 'rxjs/operators';
import {catchError, filter, switchMap, tap} from 'rxjs/operators';
import {BehaviorSubject, Observable, of} from 'rxjs';
import {getTitleKeyForRefNumber} from '@shared/functions/categories/get-title-key-for-ref-number.function';
import {Router} from '@angular/router';
import {ChangePentest} from '@shared/stores/project-state/project-state.actions';
import {Route} from '@shared/models/route.enum';
import * as FA from '@fortawesome/free-solid-svg-icons';
import {DialogService} from '@shared/services/dialog-service/dialog.service';
import {NotificationService, PopupType} from '@shared/services/toaster-service/notification.service';
import {Project} from '@shared/models/project.model';
@UntilDestroy()
@Component({
@ -19,14 +23,24 @@ import {Route} from '@shared/models/route.enum';
styleUrls: ['./objective-table.component.scss']
})
export class ObjectiveTableComponent implements OnInit {
// HTML only
readonly fa = FA;
// use ban and check
loading$: BehaviorSubject<boolean> = new BehaviorSubject<boolean>(true);
// tslint:disable-next-line:max-line-length
columns: Array<ObjectiveColumns> = [ObjectiveColumns.TEST_ID, ObjectiveColumns.TITLE, ObjectiveColumns.STATUS, ObjectiveColumns.FINDINGS_AND_COMMENTS];
columns: Array<ObjectiveColumns> = [
ObjectiveColumns.TEST_ID,
ObjectiveColumns.TITLE,
ObjectiveColumns.STATUS,
ObjectiveColumns.FINDINGS_AND_COMMENTS,
ObjectiveColumns.ACTIONS
];
dataSource: NbTreeGridDataSource<ObjectiveEntry>;
private data: ObjectiveEntry[] = [];
private pentests$: BehaviorSubject<Pentest[]> = new BehaviorSubject<Pentest[]>([]);
// Needed for pentest enabling and disabling
selectedProjectId$: BehaviorSubject<string> = new BehaviorSubject<string>('');
getters: NbGetters<ObjectiveEntry, ObjectiveEntry> = {
dataGetter: (node: ObjectiveEntry) => node,
@ -37,6 +51,8 @@ export class ObjectiveTableComponent implements OnInit {
constructor(
private store: Store,
private pentestService: PentestService,
private dialogService: DialogService,
private notificationService: NotificationService,
private dataSourceBuilder: NbTreeGridDataSourceBuilder<ObjectiveEntry>,
private router: Router
) {
@ -44,6 +60,16 @@ export class ObjectiveTableComponent implements OnInit {
}
ngOnInit(): void {
this.store.selectOnce(ProjectState.project).pipe(
untilDestroyed(this)
).subscribe({
next: (selectedProject: Project) => {
this.selectedProjectId$.next(selectedProject.id);
},
error: err => {
console.error(err);
}
});
this.loadPentestData();
}
@ -68,30 +94,77 @@ export class ObjectiveTableComponent implements OnInit {
}
onClickRouteToObjectivePentest(selectedPentest: Pentest): void {
this.router.navigate([Route.PENTEST_OBJECTIVE])
.then(
() => this.store.reset({
...this.store.snapshot(),
})
).finally();
// Change Pentest State
const statePentest: Pentest = this.pentests$.getValue().find(pentest => pentest.refNumber === selectedPentest.refNumber);
if (statePentest) {
this.store.dispatch(new ChangePentest(statePentest));
} else {
let childEntryStatePentest;
// ToDo: Fix wrong selection
// tslint:disable-next-line:prefer-for-of
for (let i = 0; i < this.pentests$.getValue().length; i++) {
if (this.pentests$.getValue()[i].childEntries) {
const findingResult = this.pentests$.getValue()[i].childEntries.find(cE => cE.refNumber === selectedPentest.refNumber);
if (findingResult) {
childEntryStatePentest = findingResult;
break;
if (selectedPentest.enabled) {
this.router.navigate([Route.PENTEST_OBJECTIVE])
.then(
() => this.store.reset({
...this.store.snapshot(),
})
).finally();
// Change Pentest State
const statePentest: Pentest = this.pentests$.getValue().find(pentest => pentest.refNumber === selectedPentest.refNumber);
if (statePentest) {
this.store.dispatch(new ChangePentest(statePentest));
} else {
let childEntryStatePentest;
// ToDo: Fix wrong selection
// tslint:disable-next-line:prefer-for-of
for (let i = 0; i < this.pentests$.getValue().length; i++) {
if (this.pentests$.getValue()[i].childEntries) {
const findingResult = this.pentests$.getValue()[i].childEntries.find(cE => cE.refNumber === selectedPentest.refNumber);
if (findingResult) {
childEntryStatePentest = findingResult;
break;
}
}
}
this.store.dispatch(new ChangePentest(childEntryStatePentest));
}
this.store.dispatch(new ChangePentest(childEntryStatePentest));
}
}
onClickDisableOrEnableObjective(pentest): void {
if (pentest.data.enabled) {
const message = {
title: 'pentest.disable.title',
key: 'pentest.disable.key',
data: {name: pentest.data.refNumber},
};
this.dialogService.openConfirmDialog(
message
).onClose.pipe(
filter((confirm) => !!confirm),
untilDestroyed(this)
).subscribe({
next: () => {
this.pentestService.disableObjective(this.selectedProjectId$.getValue(), pentest.data.id).pipe(
untilDestroyed(this)
).subscribe({
next: () => {
this.loadPentestData();
this.notificationService.showPopup('pentest.popup.disable.success', PopupType.SUCCESS);
},
error: (err) => {
this.notificationService.showPopup('pentest.popup.disable.failed', PopupType.FAILURE);
console.error(err);
}
});
}
});
} else {
this.pentestService.enableObjective(this.selectedProjectId$.getValue(), pentest.data.id).pipe(
untilDestroyed(this)
).subscribe({
next: () => {
this.loadPentestData();
this.notificationService.showPopup('pentest.popup.enable.success', PopupType.SUCCESS);
},
error: (err) => {
this.notificationService.showPopup('pentest.popup.enable.failed', PopupType.FAILURE);
console.error(err);
}
});
}
}
@ -110,5 +183,6 @@ enum ObjectiveColumns {
TEST_ID = 'testId',
TITLE = 'title',
STATUS = 'status',
FINDINGS_AND_COMMENTS = 'findings&comments'
FINDINGS_AND_COMMENTS = 'findings&comments',
ACTIONS = 'actions'
}

4
security-c4po-angular/src/app/pentest/pentest-content/pentest-comments/pentest-comments.component.scss
View File

@ -1,8 +1,8 @@
@import '../../../../assets/@theme/styles/themes';
.comment-table {
// width: calc(78vw - 18%);
width: 90vw;
margin-right: 2rem;
padding-right: 2rem;
.comment-cell {
// Add style here

1
security-c4po-angular/src/app/pentest/pentest-content/pentest-comments/pentest-comments.component.spec.ts
View File

@ -49,6 +49,7 @@ const DESIRED_PROJECT_STATE_SESSION: ProjectStateModel = {
refNumber: 'OTF-001',
childEntries: [],
status: PentestStatus.NOT_STARTED,
enabled: true,
findingIds: [],
commentIds: ['56c47c56-3bcd-45f1-a05b-c197dbd33112']
},

1
security-c4po-angular/src/app/pentest/pentest-content/pentest-content.component.spec.ts
View File

@ -40,6 +40,7 @@ const DESIRED_PROJECT_STATE_SESSION: ProjectStateModel = {
refNumber: 'OTF-001',
childEntries: [],
status: PentestStatus.NOT_STARTED,
enabled: true,
findingIds: [],
commentIds: []
},

4
security-c4po-angular/src/app/pentest/pentest-content/pentest-findings/pentest-findings.component.scss
View File

@ -1,8 +1,8 @@
@import '../../../../assets/@theme/styles/themes';
.finding-table {
// width: calc(78vw - 18%);
width: 90vw;
margin-right: 2rem;
padding-right: 2rem;
.finding-cell {
// Add style here

1
security-c4po-angular/src/app/pentest/pentest-content/pentest-findings/pentest-findings.component.spec.ts
View File

@ -49,6 +49,7 @@ const DESIRED_PROJECT_STATE_SESSION: ProjectStateModel = {
refNumber: 'OTF-001',
childEntries: [],
status: PentestStatus.NOT_STARTED,
enabled: true,
findingIds: ['56c47c56-3bcd-45f1-a05b-c197dbd33112'],
commentIds: []
},

2
security-c4po-angular/src/app/pentest/pentest-content/pentest-info/pentest-info.component.spec.ts
View File

@ -40,6 +40,7 @@ const DESIRED_PROJECT_STATE_SESSION: ProjectStateModel = {
refNumber: 'OTF-001',
childEntries: [],
status: PentestStatus.NOT_STARTED,
enabled: true,
findingIds: ['56c47c56-3bcd-45f1-a05b-c197dbd33112'],
commentIds: []
},
@ -88,6 +89,7 @@ describe('PentestInfoComponent', () => {
refNumber: 'OTF-001',
childEntries: [],
status: PentestStatus.NOT_STARTED,
enabled: true,
findingIds: [],
commentIds: []
});

1
security-c4po-angular/src/app/pentest/pentest-header/pentest-header.component.spec.ts
View File

@ -40,6 +40,7 @@ const DESIRED_PROJECT_STATE_SESSION: ProjectStateModel = {
refNumber: 'OTF-001',
childEntries: [],
status: PentestStatus.NOT_STARTED,
enabled: true,
findingIds: [],
commentIds: []
},

2
security-c4po-angular/src/app/project-overview/project-overview.component.ts
View File

@ -53,7 +53,7 @@ export class ProjectOverviewComponent implements OnInit {
untilDestroyed(this)
).subscribe({
next: (projects: Project[]) => {
if (projects.length === 0) {
if (projects && projects.length === 0) {
this.loadProjects();
} else {
}

1
security-c4po-angular/src/app/project-overview/project/project.component.spec.ts
View File

@ -53,6 +53,7 @@ const DESIRED_PROJECT_STATE_SESSION: ProjectStateModel = {
refNumber: 'OTF-001',
childEntries: [],
status: PentestStatus.NOT_STARTED,
enabled: true,
findingIds: [],
commentIds: ['56c47c56-3bcd-45f1-a05b-c197dbd33112']
},

19
security-c4po-angular/src/assets/i18n/de-DE.json
View File

@ -1,5 +1,6 @@
{
"global": {
"actions": "Aktionen",
"action.login": "Einloggen",
"action.logout": "Ausloggen",
"action.retry": "Erneut Versuchen",
@ -16,6 +17,8 @@
"action.report": "Bericht",
"action.reset": "Zurücksetzen",
"action.complete": "Fertig",
"action.disable": "Deaktivieren",
"action.enable": "Aktivieren",
"action.yes": "Ja",
"action.no": "Nein",
"username": "Nutzername",
@ -209,7 +212,7 @@
"no.comments": "Keine Kommentare verfügbar",
"no.relatedFindings": "Nicht verbunden mit einem Fund",
"relatedFindingsPlaceholder": "Fund auswählen",
"noFindingsInObjectivePlaceholder": "Objective hat keine Befunde, auf die es sich beziehen könnte.",
"noFindingsInObjectivePlaceholder": "Ziel hat keine Befunde, auf die es sich beziehen könnte.",
"create": {
"header": "Neuen Kommentar erstellen"
},
@ -254,6 +257,14 @@
"in_progress": "In Bearbeitung",
"completed": "Fertig"
},
"disable": {
"title": "Ziel deaktivieren",
"key": "Möchten Sie den Pentest \"{{name}}\" deaktivieren?"
},
"enable": {
"title": "Ziel aktivieren",
"key": "Möchten Sie den Pentest \"{{name}}\" aktivieren?"
},
"popup": {
"not.found": "Keine pentests gefunden",
"initial.save.success": "Initialer Pentest erfolgreich aufgesetzt",
@ -265,7 +276,11 @@
"update.success": "Pentest erfolgreich aktualisiert",
"update.failed": "Pentest konnte nicht aktualisiert werden",
"delete.success": "Pentest erfolgreich gelöscht",
"delete.failed": "Pentest konnte nicht gelöscht werden"
"delete.failed": "Pentest konnte nicht gelöscht werden",
"disable.success": "Ziel erfolgreich deaktiviert",
"disable.failed": "Ziel konnte nicht deaktiviert werden",
"enable.success": "Ziel erfolgreich aktiviert",
"enable.failed": "Ziel konnte nicht aktiviert werden"
},
"info": {
"001": "Nutze Suchmaschinenerkennung und -aufklärung für Informationslecks",

17
security-c4po-angular/src/assets/i18n/en-US.json
View File

@ -1,5 +1,6 @@
{
"global": {
"actions": "Actions",
"action.login": "Login",
"action.logout": "Logout",
"action.retry": "Try again",
@ -16,6 +17,8 @@
"action.report": "Report",
"action.reset": "Reset",
"action.complete": "Complete",
"action.disable": "Deactivate",
"action.enable": "Activate",
"action.yes": "Yes",
"action.no": "No",
"username": "Username",
@ -254,6 +257,14 @@
"in_progress": "In progress",
"completed": "Completed"
},
"disable": {
"title": "Disable Objective",
"key": "Do you want to disable the objective \"{{name}}\"?"
},
"enable": {
"title": "Enable Objective",
"key": "Do you want to enable the objective \"{{name}}\"?"
},
"popup": {
"not.found": "No pentest found",
"initial.save.success": "Initial Pentest successfully setup",
@ -265,7 +276,11 @@
"update.success": "Pentest updated successfully",
"update.failed": "Pentest could not be updated",
"delete.success": "Pentest deleted successfully",
"delete.failed": "Pentest could not be deleted"
"delete.failed": "Pentest could not be deleted",
"disable.success": "Objective disabled successfully",
"disable.failed": "Objective could not be disabled",
"enable.success": "Objective enabled successfully",
"enable.failed": "Objective could not be enabled"
},
"info": {
"001": "Conduct Search Engine Discovery and Reconnaissance for Information Leakage",

30
security-c4po-angular/src/shared/functions/categories/AUTHN/pentests.function.ts
View File

@ -7,52 +7,62 @@ export function getAUTHN_Pentests(): Pentest[] {
{
category: Category.AUTHENTICATION_TESTING,
refNumber: 'OTG-AUTHN-001',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.AUTHENTICATION_TESTING,
refNumber: 'OTG-AUTHN-002',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.AUTHENTICATION_TESTING,
refNumber: 'OTG-AUTHN-003',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.AUTHENTICATION_TESTING,
refNumber: 'OTG-AUTHN-004',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.AUTHENTICATION_TESTING,
refNumber: 'OTG-AUTHN-005',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.AUTHENTICATION_TESTING,
refNumber: 'OTG-AUTHN-006',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.AUTHENTICATION_TESTING,
refNumber: 'OTG-AUTHN-007',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.AUTHENTICATION_TESTING,
refNumber: 'OTG-AUTHN-008',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.AUTHENTICATION_TESTING,
refNumber: 'OTG-AUTHN-009',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.AUTHENTICATION_TESTING,
refNumber: 'OTG-AUTHN-010',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
}
];
}

12
security-c4po-angular/src/shared/functions/categories/AUTHZ/pentests.function.ts
View File

@ -7,22 +7,26 @@ export function getAUTHZ_Pentests(): Pentest[] {
{
category: Category.AUTHORIZATION_TESTING,
refNumber: 'OTG-AUTHZ-001',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.AUTHORIZATION_TESTING,
refNumber: 'OTG-AUTHZ-002',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.AUTHORIZATION_TESTING,
refNumber: 'OTG-AUTHZ-003',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.AUTHORIZATION_TESTING,
refNumber: 'OTG-AUTHZ-004',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
}
];
}

27
security-c4po-angular/src/shared/functions/categories/BUSLOGIC/pentests.function.ts
View File

@ -7,47 +7,56 @@ export function getBUSLOGIC_Pentests(): Pentest[] {
{
category: Category.BUSINESS_LOGIC_TESTING,
refNumber: 'OTG-BUSLOGIC-001',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.BUSINESS_LOGIC_TESTING,
refNumber: 'OTG-BUSLOGIC-002',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.BUSINESS_LOGIC_TESTING,
refNumber: 'OTG-BUSLOGIC-003',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.BUSINESS_LOGIC_TESTING,
refNumber: 'OTG-BUSLOGIC-004',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.BUSINESS_LOGIC_TESTING,
refNumber: 'OTG-BUSLOGIC-005',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.BUSINESS_LOGIC_TESTING,
refNumber: 'OTG-BUSLOGIC-006',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.BUSINESS_LOGIC_TESTING,
refNumber: 'OTG-BUSLOGIC-007',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.BUSINESS_LOGIC_TESTING,
refNumber: 'OTG-BUSLOGIC-008',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.BUSINESS_LOGIC_TESTING,
refNumber: 'OTG-BUSLOGIC-009',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
}
];
}

36
security-c4po-angular/src/shared/functions/categories/CLIENT/pentests.function.ts
View File

@ -7,62 +7,74 @@ export function getCLIENT_Pentests(): Pentest[] {
{
category: Category.CLIENT_SIDE_TESTING,
refNumber: 'OTG-CLIENT-001',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.CLIENT_SIDE_TESTING,
refNumber: 'OTG-CLIENT-002',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.CLIENT_SIDE_TESTING,
refNumber: 'OTG-CLIENT-003',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.CLIENT_SIDE_TESTING,
refNumber: 'OTG-CLIENT-004',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.CLIENT_SIDE_TESTING,
refNumber: 'OTG-CLIENT-005',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.CLIENT_SIDE_TESTING,
refNumber: 'OTG-CLIENT-006',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.CLIENT_SIDE_TESTING,
refNumber: 'OTG-CLIENT-007',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.CLIENT_SIDE_TESTING,
refNumber: 'OTG-CLIENT-008',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.CLIENT_SIDE_TESTING,
refNumber: 'OTG-CLIENT-009',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.CLIENT_SIDE_TESTING,
refNumber: 'OTG-CLIENT-010',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.CLIENT_SIDE_TESTING,
refNumber: 'OTG-CLIENT-011',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.CLIENT_SIDE_TESTING,
refNumber: 'OTG-CLIENT-012',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
}
];
}

24
security-c4po-angular/src/shared/functions/categories/CONFIG/pentests.function.ts
View File

@ -7,42 +7,50 @@ export function getCONFIG_Pentests(): Pentest[] {
{
category: Category.CONFIGURATION_AND_DEPLOY_MANAGEMENT_TESTING,
refNumber: 'OTG-CONFIG-001',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.CONFIGURATION_AND_DEPLOY_MANAGEMENT_TESTING,
refNumber: 'OTG-CONFIG-002',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.CONFIGURATION_AND_DEPLOY_MANAGEMENT_TESTING,
refNumber: 'OTG-CONFIG-003',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.CONFIGURATION_AND_DEPLOY_MANAGEMENT_TESTING,
refNumber: 'OTG-CONFIG-004',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.CONFIGURATION_AND_DEPLOY_MANAGEMENT_TESTING,
refNumber: 'OTG-CONFIG-005',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.CONFIGURATION_AND_DEPLOY_MANAGEMENT_TESTING,
refNumber: 'OTG-CONFIG-006',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.CONFIGURATION_AND_DEPLOY_MANAGEMENT_TESTING,
refNumber: 'OTG-CONFIG-007',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.CONFIGURATION_AND_DEPLOY_MANAGEMENT_TESTING,
refNumber: 'OTG-CONFIG-008',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
}
];
}

9
security-c4po-angular/src/shared/functions/categories/CRYPST/pentests.function.ts
View File

@ -7,17 +7,20 @@ export function getCRYPST_Pentests(): Pentest[] {
{
category: Category.CRYPTOGRAPHY,
refNumber: 'OTG-CRYPST-001',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.CRYPTOGRAPHY,
refNumber: 'OTG-CRYPST-002',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.CRYPTOGRAPHY,
refNumber: 'OTG-CRYPST-003',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
}
];
}

6
security-c4po-angular/src/shared/functions/categories/ERR/pentests.function.ts
View File

@ -7,12 +7,14 @@ export function getERR_Pentests(): Pentest[] {
{
category: Category.ERROR_HANDLING,
refNumber: 'OTG-ERR-001',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.ERROR_HANDLING,
refNumber: 'OTG-ERR-002',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
}
];
}

21
security-c4po-angular/src/shared/functions/categories/IDENT/pentests.function.ts
View File

@ -7,37 +7,44 @@ export function getIDENT_Pentests(): Pentest[] {
{
category: Category.IDENTITY_MANAGEMENT_TESTING,
refNumber: 'OTG-IDENT-001',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.IDENTITY_MANAGEMENT_TESTING,
refNumber: 'OTG-IDENT-002',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.IDENTITY_MANAGEMENT_TESTING,
refNumber: 'OTG-IDENT-003',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.IDENTITY_MANAGEMENT_TESTING,
refNumber: 'OTG-IDENT-004',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.IDENTITY_MANAGEMENT_TESTING,
refNumber: 'OTG-IDENT-005',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.IDENTITY_MANAGEMENT_TESTING,
refNumber: 'OTG-IDENT-006',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.IDENTITY_MANAGEMENT_TESTING,
refNumber: 'OTG-IDENT-007',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
}
];
}

16
security-c4po-angular/src/shared/functions/categories/INFO/pentests.function.ts
View File

@ -7,52 +7,62 @@ export function getINFO_Pentests(): Pentest[] {
{
category: Category.INFORMATION_GATHERING,
refNumber: 'OTG-INFO-001',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INFORMATION_GATHERING,
refNumber: 'OTG-INFO-002',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INFORMATION_GATHERING,
refNumber: 'OTG-INFO-003',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INFORMATION_GATHERING,
refNumber: 'OTG-INFO-004',
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INFORMATION_GATHERING,
refNumber: 'OTG-INFO-005',
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INFORMATION_GATHERING,
refNumber: 'OTG-INFO-006',
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INFORMATION_GATHERING,
refNumber: 'OTG-INFO-007',
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INFORMATION_GATHERING,
refNumber: 'OTG-INFO-008',
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INFORMATION_GATHERING,
refNumber: 'OTG-INFO-009',
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INFORMATION_GATHERING,
refNumber: 'OTG-INFO-010',
status: PentestStatus.NOT_STARTED,
enabled: true
}
];
}

75
security-c4po-angular/src/shared/functions/categories/INPVAL/pentests.function.ts
View File

@ -7,143 +7,170 @@ export function getINPVAL_Pentests(): Pentest[] {
{
category: Category.INPUT_VALIDATION_TESTING,
refNumber: 'OTG-INPVAL-001',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INPUT_VALIDATION_TESTING,
refNumber: 'OTG-INPVAL-002',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INPUT_VALIDATION_TESTING,
refNumber: 'OTG-INPVAL-003',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INPUT_VALIDATION_TESTING,
refNumber: 'OTG-INPVAL-004',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INPUT_VALIDATION_TESTING,
refNumber: 'OTG-INPVAL-005',
status: PentestStatus.NOT_STARTED,
enabled: true,
childEntries: [
{
category: Category.INPUT_VALIDATION_TESTING,
refNumber: 'OTG-INPVAL-005_1',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INPUT_VALIDATION_TESTING,
refNumber: 'OTG-INPVAL-005_2',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INPUT_VALIDATION_TESTING,
refNumber: 'OTG-INPVAL-005_3',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INPUT_VALIDATION_TESTING,
refNumber: 'OTG-INPVAL-005_4',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INPUT_VALIDATION_TESTING,
refNumber: 'OTG-INPVAL-005_5',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INPUT_VALIDATION_TESTING,
refNumber: 'OTG-INPVAL-005_6',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
]
},
{
category: Category.INPUT_VALIDATION_TESTING,
refNumber: 'OTG-INPVAL-006',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INPUT_VALIDATION_TESTING,
refNumber: 'OTG-INPVAL-007',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INPUT_VALIDATION_TESTING,
refNumber: 'OTG-INPVAL-008',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INPUT_VALIDATION_TESTING,
refNumber: 'OTG-INPVAL-009',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INPUT_VALIDATION_TESTING,
refNumber: 'OTG-INPVAL-010',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INPUT_VALIDATION_TESTING,
refNumber: 'OTG-INPVAL-011',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INPUT_VALIDATION_TESTING,
refNumber: 'OTG-INPVAL-012',
status: PentestStatus.NOT_STARTED,
enabled: true,
childEntries: [
{
category: Category.INPUT_VALIDATION_TESTING,
refNumber: 'OTG-INPVAL-012_1',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INPUT_VALIDATION_TESTING,
refNumber: 'OTG-INPVAL-012_2',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
}
]
},
{
category: Category.INPUT_VALIDATION_TESTING,
refNumber: 'OTG-INPVAL-013',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INPUT_VALIDATION_TESTING,
refNumber: 'OTG-INPVAL-014',
status: PentestStatus.NOT_STARTED,
enabled: true,
childEntries: [
{
category: Category.INPUT_VALIDATION_TESTING,
refNumber: 'OTG-INPVAL-014_1',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INPUT_VALIDATION_TESTING,
refNumber: 'OTG-INPVAL-014_2',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INPUT_VALIDATION_TESTING,
refNumber: 'OTG-INPVAL-014_3',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
}
]
},
{
category: Category.INPUT_VALIDATION_TESTING,
refNumber: 'OTG-INPVAL-015',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.INPUT_VALIDATION_TESTING,
refNumber: 'OTG-INPVAL-016',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
];
}

24
security-c4po-angular/src/shared/functions/categories/SESS/pentests.function.ts
View File

@ -7,42 +7,50 @@ export function getSESS_Pentests(): Pentest[] {
{
category: Category.SESSION_MANAGEMENT_TESTING,
refNumber: 'OTG-SESS-001',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.SESSION_MANAGEMENT_TESTING,
refNumber: 'OTG-SESS-002',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.SESSION_MANAGEMENT_TESTING,
refNumber: 'OTG-SESS-003',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.SESSION_MANAGEMENT_TESTING,
refNumber: 'OTG-SESS-004',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.SESSION_MANAGEMENT_TESTING,
refNumber: 'OTG-SESS-005',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.SESSION_MANAGEMENT_TESTING,
refNumber: 'OTG-SESS-006',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.SESSION_MANAGEMENT_TESTING,
refNumber: 'OTG-SESS-007',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
},
{
category: Category.SESSION_MANAGEMENT_TESTING,
refNumber: 'OTG-SESS-008',
status: PentestStatus.NOT_STARTED
status: PentestStatus.NOT_STARTED,
enabled: true
}
];
}

7
security-c4po-angular/src/shared/models/pentest.model.ts
View File

@ -9,6 +9,7 @@ export class Pentest {
refNumber: string;
childEntries?: Pentest[];
status: PentestStatus;
enabled: boolean;
findingIds?: Array<string>;
commentIds?: Array<string>;
timeSpent?: number;
@ -16,6 +17,7 @@ export class Pentest {
constructor(category: Category,
refNumber: string,
status: PentestStatus,
enabled: boolean,
id?: string,
projectId?: string,
findingsIds?: Array<string>,
@ -26,6 +28,7 @@ export class Pentest {
this.category = category;
this.refNumber = refNumber;
this.status = status;
this.enabled = enabled;
this.findingIds = findingsIds ? findingsIds : [];
this.commentIds = commentsIds ? commentsIds : [];
this.timeSpent = timeSpent ? timeSpent : 0;
@ -35,6 +38,7 @@ export class Pentest {
export interface ObjectiveEntry {
refNumber: string;
status: string;
enabled: boolean;
findings?: number;
kind?: string;
childEntries?: ObjectiveEntry[];
@ -56,6 +60,7 @@ export function transformPentestToRequestBody(pentest: Pentest): Pentest {
category: typeof pentest.category === 'number' ? Category[pentest.category] : pentest.category,
refNumber: pentest.refNumber,
status: pentest.status,
enabled: pentest.enabled,
findingIds: pentest.findingIds ? pentest.findingIds : [],
commentIds: pentest.commentIds ? pentest.commentIds : [],
/* Remove Table Entry Object Properties */
@ -71,8 +76,10 @@ export function transformPentestsToObjectiveEntries(pentests: Pentest[]): Object
const objectiveEntries: ObjectiveEntry[] = [];
pentests.forEach((value: Pentest) => {
objectiveEntries.push({
id: value.id,
refNumber: value.refNumber,
status: value.status,
enabled: value.enabled,
findingIds: value.findingIds,
commentIds: value.commentIds,
kind: value.childEntries ? 'dir' : 'cell',

2
security-c4po-angular/src/shared/modules/comment-dialog/comment-dialog.component.scss
View File

@ -3,7 +3,7 @@
.comment-dialog {
width: 45.25rem !important;
height: 45rem;
height: 48rem;
.comment-dialog-header {
height: 8vh;

1
security-c4po-angular/src/shared/modules/comment-dialog/comment-dialog.component.spec.ts
View File

@ -59,6 +59,7 @@ const DESIRED_PROJECT_STATE_SESSION: ProjectStateModel = {
refNumber: 'OTF-001',
childEntries: [],
status: PentestStatus.NOT_STARTED,
enabled: true,
findingIds: [],
commentIds: ['56c47c56-3bcd-45f1-a05b-c197dbd33112']
},

2
security-c4po-angular/src/shared/modules/export-report-dialog/export-report-dialog.component.scss
View File

@ -4,7 +4,7 @@
.export-report-dialog {
width: 45.25rem !important;
height: 54.25rem;
height: 56.25rem;
.export-report-header {
height: 8vh;

1
security-c4po-angular/src/shared/modules/finding-dialog/finding-dialog.component.spec.ts
View File

@ -57,6 +57,7 @@ const DESIRED_PROJECT_STATE_SESSION: ProjectStateModel = {
refNumber: 'OTF-001',
childEntries: [],
status: PentestStatus.NOT_STARTED,
enabled: true,
findingIds: ['56c47c56-3bcd-45f1-a05b-c197dbd33112'],
commentIds: []
},

2
security-c4po-angular/src/shared/modules/project-dialog/project-dialog.component.scss
View File

@ -3,7 +3,7 @@
.project-dialog {
width: 36rem !important;
height: 43.5rem;
height: 44.5rem;
.project-dialog-header {
height: 10vh;

4
security-c4po-angular/src/shared/modules/timer/timer.component.ts
View File

@ -65,13 +65,13 @@ export class TimerComponent implements OnInit, OnDestroy {
}
private createIntialPentestInBackend(): void {
// Save initial Pentest a new
// Save initial pentest a new
this.pentestInfo$.next({...this.pentestInfo$.getValue(), timeSpent: this.timer});
this.pentestService.savePentest(this.selectedProjectId$.getValue(), transformPentestToRequestBody(this.pentestInfo$.getValue()))
.subscribe({
next: (pentest: Pentest) => {
this.store.dispatch(new ChangePentest(pentest));
this.notificationService.showPopup('pentest.popup.initial.save.success', PopupType.SUCCESS);
this.notificationService.showPopup('pentest.popup.initial.save.success', PopupType.INFO);
},
error: err => {
console.log(err);

16
security-c4po-angular/src/shared/services/api/pentest.service.ts
View File

@ -107,4 +107,20 @@ export class PentestService {
public updatePentest(pentest: Pentest): Observable<Pentest> {
return this.http.patch<Pentest>(`${this.apiBaseURL}/${pentest.id}`, pentest);
}
/**
* Disable Objective
* @param pentestId the id of the Pentest
*/
public disableObjective(projectId: string, pentestId: string): Observable<Pentest> {
return this.http.post<Pentest>(`${this.apiBaseURL}/${projectId}/${pentestId}/disable`, null);
}
/**
* Enable Objective
* @param pentestId the id of the Pentest
*/
public enableObjective(projectId: string, pentestId: string): Observable<Pentest> {
return this.http.post<Pentest>(`${this.apiBaseURL}/${projectId}/${pentestId}/enable`, null);
}
}

30
security-c4po-angular/src/shared/services/toaster-service/notification.service.ts
View File

@ -17,13 +17,41 @@ export class NotificationService {
.subscribe((translationContainer) => {
this.toastrService.show(
'',
translationContainer[translationKey] + ' ' + translationContainer[popupType], {
translationContainer[translationKey] /*+ ' ' + translationContainer[popupType]*/, {
position: NbGlobalPhysicalPosition.BOTTOM_RIGHT,
duration: 5000,
status: getStatusForPopUpType(popupType),
toastClass: createCssClassName(popupType)
});
});
function getStatusForPopUpType(popupType): string {
let toasterStatus;
switch (popupType) {
case PopupType.SUCCESS: {
toasterStatus = 'success';
break;
}
case PopupType.INFO: {
toasterStatus = 'control';
break;
}
case PopupType.FAILURE: {
toasterStatus = 'danger';
break;
}
case PopupType.WARNING: {
toasterStatus = 'warning';
break;
}
default: {
toasterStatus = 'basic';
break;
}
}
return toasterStatus;
}
function createCssClassName(type: PopupType): string {
const currentType = type ? type : PopupType.INFO;
return currentType.toString().replace('.', '-');

84
security-c4po-api/security-c4po-api.postman_collection.json
View File

@ -73,7 +73,7 @@
"method": "GET",
"header": [],
"url": {
"raw": "http://localhost:8443/projects/5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
"raw": "http://localhost:8443/projects/575dd9d4-cb3c-4df3-981e-8a18bf8dc1d2",
"protocol": "http",
"host": [
"localhost"
@ -81,7 +81,7 @@
"port": "8443",
"path": [
"projects",
"5a4f126c-9471-43b8-80b9-6eb02b7c35d0"
"575dd9d4-cb3c-4df3-981e-8a18bf8dc1d2"
]
}
},
@ -107,7 +107,7 @@
"method": "GET",
"header": [],
"url": {
"raw": "http://localhost:8443/projects/evaluation/5a4f126c-9471-43b8-80b9-6eb02b7c35d0",
"raw": "http://localhost:8443/projects/evaluation/575dd9d4-cb3c-4df3-981e-8a18bf8dc1d2",
"protocol": "http",
"host": [
"localhost"
@ -116,7 +116,7 @@
"path": [
"projects",
"evaluation",
"5a4f126c-9471-43b8-80b9-6eb02b7c35d0"
"575dd9d4-cb3c-4df3-981e-8a18bf8dc1d2"
]
}
},
@ -860,7 +860,7 @@
}
},
"url": {
"raw": "http://localhost:8443/pentests/pentestId",
"raw": "http://localhost:8443/pentests/{pentestId}",
"protocol": "http",
"host": [
"localhost"
@ -868,7 +868,79 @@
"port": "8443",
"path": [
"pentests",
"pentestId"
"{pentestId}"
]
}
},
"response": []
},
{
"name": "disablePentest",
"request": {
"auth": {
"type": "bearer",
"bearer": [
{
"key": "token",
"value": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICItdG1lbEV0ZHhGTnRSMW9aNXlRdE5jaFFpX0RVN2VNeV9YcU44aXY0S3hzIn0.eyJleHAiOjE2ODEyODY4MDQsImlhdCI6MTY4MTI4NjUwNCwianRpIjoiMzM2MDM4NDAtZWI3Yy00ZWNkLWI0MmYtYzU5NGU1ZjdhYjg4IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2F1dGgvcmVhbG1zL2M0cG9fcmVhbG1fbG9jYWwiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiMTBlMDZkN2EtOGRkMC00ZWNkLTg5NjMtMDU2YjQ1MDc5YzRmIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYzRwb19sb2NhbCIsInNlc3Npb25fc3RhdGUiOiIyZDljNDdhZC1jZTBhLTQxMDQtODAxYy0zMTU1OWQxYjc0Y2MiLCJhbGxvd2VkLW9yaWdpbnMiOlsiKiJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiYzRwb191c2VyIiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImM0cG9fbG9jYWwiOnsicm9sZXMiOlsidXNlciJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJwcm9maWxlIGVtYWlsIiwic2lkIjoiMmQ5YzQ3YWQtY2UwYS00MTA0LTgwMWMtMzE1NTlkMWI3NGNjIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJuYW1lIjoidGVzdCB1c2VyIiwicHJlZmVycmVkX3VzZXJuYW1lIjoidHR0IiwiZ2l2ZW5fbmFtZSI6InRlc3QiLCJmYW1pbHlfbmFtZSI6InVzZXIifQ.koJ8prpiRfL8twkSKMkOZW38jsfrj2Gf6XJtWXeJOhrsgJ-Ncehh1u_Dp_m8eokOZ_Xfl90SJhePh0KTUOY18-bz1KTBtWeqaX4-91Pz9pQ0wkztsZv9K2Axk6gfbFf5yObFj8EW4uhO_DDRfbBXzSrH6MhFk3PBz4smJQ4eVTtEg7D5XKbCZ0B4ja5RfQMTlfgp4dgnPdw6SZgraBJZaqzXkfcWa2jYSyLILsaaaY2mXEBDmBy3rBoV63ucYUB7BA6MmoMz-k8CVFCCZ57XIfT-IPIfWtbIldM0Bb3SMWC_bt89eGhOKqpzl354h5vFEAapiSLtNicvbX_Wk_1MWw",
"type": "string"
},
{
"key": "undefined",
"type": "any"
}
]
},
"method": "POST",
"header": [],
"url": {
"raw": "http://localhost:8443/pentests/{projectId}/{pentestId}/disable",
"protocol": "http",
"host": [
"localhost"
],
"port": "8443",
"path": [
"pentests",
"{projectId}",
"{pentestId}",
"disable"
]
}
},
"response": []
},
{
"name": "enablePentest",
"request": {
"auth": {
"type": "bearer",
"bearer": [
{
"key": "token",
"value": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICItdG1lbEV0ZHhGTnRSMW9aNXlRdE5jaFFpX0RVN2VNeV9YcU44aXY0S3hzIn0.eyJleHAiOjE2ODEyODY4MDQsImlhdCI6MTY4MTI4NjUwNCwianRpIjoiMzM2MDM4NDAtZWI3Yy00ZWNkLWI0MmYtYzU5NGU1ZjdhYjg4IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2F1dGgvcmVhbG1zL2M0cG9fcmVhbG1fbG9jYWwiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiMTBlMDZkN2EtOGRkMC00ZWNkLTg5NjMtMDU2YjQ1MDc5YzRmIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYzRwb19sb2NhbCIsInNlc3Npb25fc3RhdGUiOiIyZDljNDdhZC1jZTBhLTQxMDQtODAxYy0zMTU1OWQxYjc0Y2MiLCJhbGxvd2VkLW9yaWdpbnMiOlsiKiJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiYzRwb191c2VyIiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImM0cG9fbG9jYWwiOnsicm9sZXMiOlsidXNlciJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJwcm9maWxlIGVtYWlsIiwic2lkIjoiMmQ5YzQ3YWQtY2UwYS00MTA0LTgwMWMtMzE1NTlkMWI3NGNjIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJuYW1lIjoidGVzdCB1c2VyIiwicHJlZmVycmVkX3VzZXJuYW1lIjoidHR0IiwiZ2l2ZW5fbmFtZSI6InRlc3QiLCJmYW1pbHlfbmFtZSI6InVzZXIifQ.koJ8prpiRfL8twkSKMkOZW38jsfrj2Gf6XJtWXeJOhrsgJ-Ncehh1u_Dp_m8eokOZ_Xfl90SJhePh0KTUOY18-bz1KTBtWeqaX4-91Pz9pQ0wkztsZv9K2Axk6gfbFf5yObFj8EW4uhO_DDRfbBXzSrH6MhFk3PBz4smJQ4eVTtEg7D5XKbCZ0B4ja5RfQMTlfgp4dgnPdw6SZgraBJZaqzXkfcWa2jYSyLILsaaaY2mXEBDmBy3rBoV63ucYUB7BA6MmoMz-k8CVFCCZ57XIfT-IPIfWtbIldM0Bb3SMWC_bt89eGhOKqpzl354h5vFEAapiSLtNicvbX_Wk_1MWw",
"type": "string"
},
{
"key": "undefined",
"type": "any"
}
]
},
"method": "POST",
"header": [],
"url": {
"raw": "http://localhost:8443/pentests/{projectId}/{pentestId}/enable",
"protocol": "http",
"host": [
"localhost"
],
"port": "8443",
"path": [
"pentests",
"{projectId}",
"{pentestId}",
"enable"
]
}
},

7
security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/Pentest.kt
View File

@ -12,7 +12,8 @@ data class Pentest(
val projectId: String,
val category: PentestCategory,
val refNumber: String,
val status: PentestStatus,
var status: PentestStatus,
var enabled: Boolean,
var findingIds: List<String> = emptyList(),
var commentIds: List<String> = emptyList(),
var timeSpent: Int
@ -25,6 +26,7 @@ fun buildPentest(body: PentestRequestBody, pentestEntity: PentestEntity): Pentes
category = PentestCategory.valueOf(body.category),
refNumber = body.refNumber,
status = PentestStatus.valueOf(body.status),
enabled = pentestEntity.data.enabled,
findingIds = body.findingIds,
commentIds = body.commentIds,
timeSpent = body.timeSpent
@ -50,6 +52,7 @@ fun Pentest.toPentestResponseBody(): ResponseBody {
"category" to category,
"refNumber" to refNumber,
"status" to status,
"enabled" to enabled,
"findingIds" to findingIds,
"commentIds" to commentIds,
"timeSpent" to timeSpent
@ -83,6 +86,7 @@ data class PentestRequestBody(
val refNumber: String,
val category: String,
val status: String,
val enabled: Boolean,
val findingIds: List<String>,
val commentIds: List<String>,
val timeSpent: Int
@ -110,6 +114,7 @@ fun PentestRequestBody.toPentest(): Pentest {
category = PentestCategory.valueOf(this.category),
refNumber = this.refNumber,
status = PentestStatus.valueOf(this.status),
enabled = this.enabled,
findingIds = this.findingIds,
commentIds = this.commentIds,
timeSpent = this.timeSpent

39
security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/PentestController.kt
View File

@ -4,8 +4,6 @@ import com.securityc4po.api.configuration.BC_BAD_CAST_TO_ABSTRACT_COLLECTION
import com.securityc4po.api.extensions.getLoggerFor
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings
import com.securityc4po.api.ResponseBody
import com.securityc4po.api.pentest.comment.CommentService
import com.securityc4po.api.pentest.finding.FindingService
import org.springframework.http.ResponseEntity
import org.springframework.http.ResponseEntity.noContent
import org.springframework.web.bind.annotation.*
@ -20,7 +18,10 @@ import reactor.core.publisher.Mono
methods = [RequestMethod.GET, RequestMethod.DELETE, RequestMethod.POST, RequestMethod.PATCH]
)
@SuppressFBWarnings(BC_BAD_CAST_TO_ABSTRACT_COLLECTION)
class PentestController(private val pentestService: PentestService, private val pentestReportService: PentestReportService) {
class PentestController(
private val pentestService: PentestService,
private val pentestReportService: PentestReportService
) {
var logger = getLoggerFor<PentestController>()
@ -67,4 +68,36 @@ class PentestController(private val pentestService: PentestService, private val
ResponseEntity.accepted().body(it.toPentestResponseBody())
}
}
/**
* Disables the [Pentest]
*
* @param pentestId: Id of the pentest
* @return The disabled [Pentest]
*/
@PostMapping("/{projectId}/{pentestId}/disable")
fun disablePentestObjective(
@PathVariable(value = "projectId") projectId: String,
@PathVariable(value = "pentestId") pentestId: String
): Mono<ResponseEntity<ResponseBody>> {
return this.pentestService.enableOrDisableObjectiveByPentestId(projectId, pentestId, false).map {
ResponseEntity.accepted().body(it.toPentestResponseBody())
}
}
/**
* Enables the [Pentest]
*
* @param pentestId: Id of the pentest
* @return The enabled [Pentest]
*/
@PostMapping("/{projectId}/{pentestId}/enable")
fun enablePentestObjective(
@PathVariable(value = "projectId") projectId: String,
@PathVariable(value = "pentestId") pentestId: String
): Mono<ResponseEntity<ResponseBody>> {
return this.pentestService.enableOrDisableObjectiveByPentestId(projectId, pentestId, true).map {
ResponseEntity.accepted().body(it.toPentestResponseBody())
}
}
}

1
security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/PentestEntity.kt
View File

@ -20,6 +20,7 @@ fun PentestEntity.toPentest(): Pentest {
this.data.category,
this.data.refNumber,
this.data.status,
this.data.enabled,
this.data.findingIds,
this.data.commentIds,
this.data.timeSpent

51
security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/PentestService.kt
View File

@ -279,4 +279,55 @@ class PentestService(
}
}
}
/**
* Enable or disable [Pentest]
*
* @throws [InvalidModelException] if the [Pentest] is invalid
* @throws [TransactionInterruptedException] if the [Pentest] could not be enabled or disabled
* @return enabled or disabled [Pentest]
*/
fun enableOrDisableObjectiveByPentestId(projectId: String, pentestId: String, enable: Boolean): Mono<Pentest> {
return pentestRepository.findPentestById(pentestId).switchIfEmpty {
logger.warn("Pentest with id $pentestId not found. Enabling not possible.")
val msg = "Pentest with id $pentestId not found."
val ex = EntityNotFoundException(msg, Errorcode.PentestNotFound)
throw ex
}.flatMap { currentPentestEntity: PentestEntity ->
if (enable) {
// Enable Pentest
currentPentestEntity.data.enabled = true
if (currentPentestEntity.data.findingIds.isEmpty() && currentPentestEntity.data.commentIds.isEmpty()) {
currentPentestEntity.data.status = PentestStatus.NOT_STARTED
} else {
currentPentestEntity.data.status = PentestStatus.PAUSED
}
} else {
// Disable Pentest
currentPentestEntity.data.enabled = false
currentPentestEntity.data.status = PentestStatus.DISABLED
}
currentPentestEntity.lastModified = Instant.now()
this.pentestRepository.save(currentPentestEntity).flatMap {updatedPentestEntity ->
// After successfully enabling or disabling of pentest update id and status to project
val projectPentest = ProjectPentest(pentestId = pentestId, status = currentPentestEntity.data.status)
projectService.updateProjectTestingProgress(projectId, projectPentest).onErrorMap {
TransactionInterruptedException(
"Project Pentest could not be updated in Database.",
Errorcode.ProjectPentestInsertionFailed
)
}.map {
return@map updatedPentestEntity.toPentest()
}
}.doOnError {
throw wrappedException(
logging = { logger.warn("Pentest could not be enabled or disabled in Database. Thrown exception: ", it) },
mappedException = TransactionInterruptedException(
"Pentest could not be enabled or disabled.",
Errorcode.PentestInsertionFailed
)
)
}
}
}
}

4
security-c4po-api/src/main/kotlin/com/securityc4po/api/pentest/comment/CommentService.kt
View File

@ -69,7 +69,7 @@ class CommentService(private val commentRepository: CommentRepository, private v
val comment = body.toComment()
val commentEntity = CommentEntity(comment)
return commentRepository.insert(commentEntity).flatMap { newCommentEntity: CommentEntity ->
val comment = newCommentEntity.toComment()
val newComment = newCommentEntity.toComment()
// After successfully saving comment add id to pentest
pentestService.updatePentestComment(pentestId, comment.id).onErrorMap {
TransactionInterruptedException(
@ -77,7 +77,7 @@ class CommentService(private val commentRepository: CommentRepository, private v
Errorcode.PentestInsertionFailed
)
}.map {
comment
newComment
}
}.doOnError {
throw wrappedException(

5
security-c4po-api/src/main/kotlin/com/securityc4po/api/project/Project.kt
View File

@ -100,16 +100,17 @@ fun Project.calculateProgress(): BigDecimal {
// https://owasp.org/www-project-web-security-testing-guide/assets/archive/OWASP_Testing_Guide_v4.pdf
// @Value("\${owasp.web.objectives}")
// lateinit var TOTALPENTESTS: Int
val TOTAL_OWASP_OBJECTIVES = 95.0
var TOTAL_OWASP_OBJECTIVES = 95.0
return if (projectPentests.isEmpty())
BigDecimal.ZERO
else {
var completedPentests = 0.0
projectPentests.forEach { projectPentest ->
println(projectPentest.toString())
if (projectPentest.status == PentestStatus.COMPLETED) {
completedPentests += 1.0
} else if (projectPentest.status == PentestStatus.DISABLED) {
TOTAL_OWASP_OBJECTIVES -= 1
} else if (projectPentest.status != PentestStatus.NOT_STARTED) {
completedPentests += 0.5
}

2
security-c4po-api/src/main/kotlin/com/securityc4po/api/project/ProjectController.kt
View File

@ -74,7 +74,7 @@ class ProjectController(private val projectService: ProjectService, private val
// If the project has pentest they will be deleted as well as all associated findings & comments
if (project.projectPentests.isNotEmpty()) {
this.pentestDeletionService.deletePentestsAndAllAssociatedFindingsAndComments(project).collectList()
.flatMap { prunedProject: Any ->
.flatMap {
Mono.just(ResponseEntity.ok().body(project.toProjectDeleteResponseBody()))
}
} else {

13
security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/PentestControllerDocumentationTest.kt
View File

@ -87,6 +87,8 @@ class PentestControllerDocumentationTest : BaseDocumentationIntTest() {
.description("The reference number of the requested pentest according to the current OWASP Testing Guide"),
PayloadDocumentation.fieldWithPath("[].status").type(JsonFieldType.STRING)
.description("The status of the requested pentest"),
PayloadDocumentation.fieldWithPath("[].enabled").type(JsonFieldType.BOOLEAN)
.description("Shows you if the objective of the pentest is enabled or not"),
PayloadDocumentation.fieldWithPath("[].findingIds").type(JsonFieldType.ARRAY)
.description("List of ids of the findings in the requested pentest"),
PayloadDocumentation.fieldWithPath("[].commentIds").type(JsonFieldType.ARRAY)
@ -104,6 +106,7 @@ class PentestControllerDocumentationTest : BaseDocumentationIntTest() {
category = PentestCategory.INFORMATION_GATHERING,
refNumber = "OTG-INFO-001",
status = PentestStatus.NOT_STARTED,
enabled = true,
findingIds = emptyList(),
commentIds = emptyList(),
timeSpent = 0
@ -114,6 +117,7 @@ class PentestControllerDocumentationTest : BaseDocumentationIntTest() {
category = PentestCategory.INFORMATION_GATHERING,
refNumber = "OTG-INFO-002",
status = PentestStatus.IN_PROGRESS,
enabled = true,
findingIds = emptyList(),
commentIds = emptyList(),
timeSpent = 0
@ -164,6 +168,8 @@ class PentestControllerDocumentationTest : BaseDocumentationIntTest() {
.description("The reference number of the created pentest according to the current OWASP Testing Guide"),
PayloadDocumentation.fieldWithPath("status").type(JsonFieldType.STRING)
.description("The status of the created pentest"),
PayloadDocumentation.fieldWithPath("enabled").type(JsonFieldType.BOOLEAN)
.description("Shows you if the objective of the pentest is enabled or not"),
PayloadDocumentation.fieldWithPath("findingIds").type(JsonFieldType.ARRAY)
.description("List of ids of the findings in the created pentest"),
PayloadDocumentation.fieldWithPath("commentIds").type(JsonFieldType.ARRAY)
@ -180,6 +186,7 @@ class PentestControllerDocumentationTest : BaseDocumentationIntTest() {
category = "CLIENT_SIDE_TESTING",
refNumber = "OTG-CLIENT-001",
status = "IN_PROGRESS",
enabled = true,
findingIds = emptyList<String>(),
commentIds = emptyList<String>(),
timeSpent = 0
@ -225,6 +232,8 @@ class PentestControllerDocumentationTest : BaseDocumentationIntTest() {
.description("The reference number of the updated pentest according to the current OWASP Testing Guide"),
PayloadDocumentation.fieldWithPath("status").type(JsonFieldType.STRING)
.description("The status of the updated pentest"),
PayloadDocumentation.fieldWithPath("enabled").type(JsonFieldType.BOOLEAN)
.description("Shows you if the objective of the pentest is enabled or not"),
PayloadDocumentation.fieldWithPath("findingIds").type(JsonFieldType.ARRAY)
.description("List of ids of the findings in the updated pentest"),
PayloadDocumentation.fieldWithPath("commentIds").type(JsonFieldType.ARRAY)
@ -241,6 +250,7 @@ class PentestControllerDocumentationTest : BaseDocumentationIntTest() {
category = "INFORMATION_GATHERING",
refNumber = "OTG-INFO-001",
status = "PAUSED",
enabled = true,
findingIds = emptyList<String>(),
commentIds = emptyList<String>(),
timeSpent = 0
@ -268,6 +278,7 @@ class PentestControllerDocumentationTest : BaseDocumentationIntTest() {
category = PentestCategory.INFORMATION_GATHERING,
refNumber = "OTG-INFO-001",
status = PentestStatus.NOT_STARTED,
enabled = true,
findingIds = emptyList(),
commentIds = emptyList(),
timeSpent = 0
@ -278,6 +289,7 @@ class PentestControllerDocumentationTest : BaseDocumentationIntTest() {
category = PentestCategory.INFORMATION_GATHERING,
refNumber = "OTG-INFO-002",
status = PentestStatus.IN_PROGRESS,
enabled = true,
findingIds = emptyList(),
commentIds = emptyList(),
timeSpent = 0
@ -288,6 +300,7 @@ class PentestControllerDocumentationTest : BaseDocumentationIntTest() {
category = PentestCategory.AUTHENTICATION_TESTING,
refNumber = "OTG-AUTHN-001",
status = PentestStatus.COMPLETED,
enabled = true,
findingIds = emptyList(),
commentIds = emptyList(),
timeSpent = 0

7
security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/PentestControllerIntTest.kt
View File

@ -77,6 +77,7 @@ class PentestControllerIntTest : BaseIntTest() {
category = PentestCategory.INFORMATION_GATHERING,
refNumber = "OTG-INFO-001",
status = PentestStatus.NOT_STARTED,
enabled = true,
findingIds = emptyList(),
commentIds = emptyList(),
timeSpent = 0
@ -87,6 +88,7 @@ class PentestControllerIntTest : BaseIntTest() {
category = PentestCategory.INFORMATION_GATHERING,
refNumber = "OTG-INFO-002",
status = PentestStatus.IN_PROGRESS,
enabled = true,
findingIds = emptyList(),
commentIds = emptyList(),
timeSpent = 0
@ -124,6 +126,7 @@ class PentestControllerIntTest : BaseIntTest() {
category = "CLIENT_SIDE_TESTING",
refNumber = "OTG-CLIENT-001",
status = "IN_PROGRESS",
enabled = true,
findingIds = emptyList<String>(),
commentIds = emptyList<String>(),
timeSpent = 0
@ -157,6 +160,7 @@ class PentestControllerIntTest : BaseIntTest() {
category = "INFORMATION_GATHERING",
refNumber = "OTG-INFO-001",
status = "PAUSED",
enabled = true,
findingIds = emptyList<String>(),
commentIds = emptyList<String>(),
timeSpent = 24
@ -183,6 +187,7 @@ class PentestControllerIntTest : BaseIntTest() {
category = PentestCategory.INFORMATION_GATHERING,
refNumber = "OTG-INFO-001",
status = PentestStatus.NOT_STARTED,
enabled = true,
findingIds = emptyList(),
commentIds = emptyList(),
timeSpent = 0
@ -193,6 +198,7 @@ class PentestControllerIntTest : BaseIntTest() {
category = PentestCategory.INFORMATION_GATHERING,
refNumber = "OTG-INFO-002",
status = PentestStatus.IN_PROGRESS,
enabled = true,
findingIds = emptyList(),
commentIds = emptyList(),
timeSpent = 0
@ -203,6 +209,7 @@ class PentestControllerIntTest : BaseIntTest() {
category = PentestCategory.AUTHENTICATION_TESTING,
refNumber = "OTG-AUTHN-001",
status = PentestStatus.COMPLETED,
enabled = true,
findingIds = emptyList(),
commentIds = emptyList(),
timeSpent = 0

3
security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/comment/CommentControllerDocumentationTest.kt
View File

@ -294,6 +294,7 @@ class CommentControllerDocumentationTest : BaseDocumentationIntTest() {
category = PentestCategory.INFORMATION_GATHERING,
refNumber = "OTG-INFO-001",
status = PentestStatus.NOT_STARTED,
enabled = true,
findingIds = emptyList(),
commentIds = emptyList(),
timeSpent = 0
@ -304,6 +305,7 @@ class CommentControllerDocumentationTest : BaseDocumentationIntTest() {
category = PentestCategory.INFORMATION_GATHERING,
refNumber = "OTG-INFO-002",
status = PentestStatus.IN_PROGRESS,
enabled = true,
findingIds = emptyList(),
commentIds = listOf("ab62d365-1b1d-4da1-89bc-5496616e220f"),
timeSpent = 56
@ -314,6 +316,7 @@ class CommentControllerDocumentationTest : BaseDocumentationIntTest() {
category = PentestCategory.AUTHENTICATION_TESTING,
refNumber = "OTG-AUTHN-001",
status = PentestStatus.COMPLETED,
enabled = true,
findingIds = emptyList(),
commentIds = emptyList(),
timeSpent = 124

3
security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/comment/CommentControllerIntTest.kt
View File

@ -191,6 +191,7 @@ class CommentControllerIntTest : BaseIntTest() {
category = PentestCategory.INFORMATION_GATHERING,
refNumber = "OTG-INFO-001",
status = PentestStatus.NOT_STARTED,
enabled = true,
findingIds = emptyList(),
commentIds = emptyList(),
timeSpent = 0
@ -201,6 +202,7 @@ class CommentControllerIntTest : BaseIntTest() {
category = PentestCategory.INFORMATION_GATHERING,
refNumber = "OTG-INFO-002",
status = PentestStatus.IN_PROGRESS,
enabled = true,
findingIds = emptyList(),
commentIds = listOf("ab62d365-1b1d-4da1-89bc-5496616e220f"),
timeSpent = 56
@ -211,6 +213,7 @@ class CommentControllerIntTest : BaseIntTest() {
category = PentestCategory.AUTHENTICATION_TESTING,
refNumber = "OTG-AUTHN-001",
status = PentestStatus.COMPLETED,
enabled = true,
findingIds = emptyList(),
commentIds = emptyList(),
timeSpent = 124

3
security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/finding/FindingControllerDocumentationTest.kt
View File

@ -352,6 +352,7 @@ class FindingControllerDocumentationTest: BaseDocumentationIntTest() {
category = PentestCategory.INFORMATION_GATHERING,
refNumber = "OTG-INFO-001",
status = PentestStatus.NOT_STARTED,
enabled = true,
findingIds = emptyList(),
commentIds = emptyList(),
timeSpent = 0
@ -362,6 +363,7 @@ class FindingControllerDocumentationTest: BaseDocumentationIntTest() {
category = PentestCategory.INFORMATION_GATHERING,
refNumber = "OTG-INFO-002",
status = PentestStatus.IN_PROGRESS,
enabled = true,
findingIds = listOf("ab62d365-1b1d-4da1-89bc-5496616e220f"),
commentIds = emptyList(),
timeSpent = 56
@ -372,6 +374,7 @@ class FindingControllerDocumentationTest: BaseDocumentationIntTest() {
category = PentestCategory.AUTHENTICATION_TESTING,
refNumber = "OTG-AUTHN-001",
status = PentestStatus.COMPLETED,
enabled = true,
findingIds = emptyList(),
commentIds = emptyList(),
timeSpent = 124

3
security-c4po-api/src/test/kotlin/com/securityc4po/api/pentest/finding/FindingControllerIntTest.kt
View File

@ -219,6 +219,7 @@ class FindingControllerIntTest: BaseIntTest() {
category = PentestCategory.INFORMATION_GATHERING,
refNumber = "OTG-INFO-001",
status = PentestStatus.NOT_STARTED,
enabled = true,
findingIds = emptyList(),
commentIds = emptyList(),
timeSpent = 0
@ -229,6 +230,7 @@ class FindingControllerIntTest: BaseIntTest() {
category = PentestCategory.INFORMATION_GATHERING,
refNumber = "OTG-INFO-002",
status = PentestStatus.IN_PROGRESS,
enabled = true,
findingIds = listOf("ab62d365-1b1d-4da1-89bc-5496616e220f"),
commentIds = emptyList(),
timeSpent = 56
@ -239,6 +241,7 @@ class FindingControllerIntTest: BaseIntTest() {
category = PentestCategory.AUTHENTICATION_TESTING,
refNumber = "OTG-AUTHN-001",
status = PentestStatus.COMPLETED,
enabled = true,
findingIds = emptyList(),
commentIds = emptyList(),
timeSpent = 124

48
security-c4po-api/src/test/resources/collections/comments.json
View File

@ -1,28 +1,56 @@
[{
"_id": {
"$oid": "6405dbf113ae975803a09901"
"$oid": "6436992c28fc40394ae5b623"
},
"lastModified": {
"$date": "2023-03-06T12:26:25.081Z"
"$date": "2023-04-12T11:42:36.694Z"
},
"data": {
"_id": "85935303-e5b7-48ca-a504-910c1a94fb1f",
"title": "Uninteresting comment",
"description": "Nothing",
"_id": "5514f0d3-7c80-4138-bf3e-56b515560f00",
"title": "OWASP Juice Shop Architecture",
"description": "In the frontend the popular Angular framework is used to create a so-called Single Page Application.\nJavaScript is also used in the backend as the exclusive programming language: An Express application hosted in a Node.js server delivers the client-side code to the browser. It also provides the necessary backend functionality to the client via a RESTful API.\nAs an underlying database a light-weight SQLite was chosen, because of its file-based nature. Sequelize and finale-rest are used as an abstraction layer from the database.\nAs an additional data store, a MarsDB is part of the OWASP Juice Shop.\nThe application also offers user registration via OAuth 2.0 so users can sign in with their Google accounts.",
"attachments": []
},
"_class": "com.securityc4po.api.pentest.comment.CommentEntity"
},{
"_id": {
"$oid": "6405dc0513ae975803a09902"
"$oid": "64369e4428fc40394ae5b679"
},
"lastModified": {
"$date": "2023-03-06T12:26:45.811Z"
"$date": "2023-04-12T12:04:20.039Z"
},
"data": {
"_id": "a785aaf0-1feb-429e-beb1-31bfcf70c404",
"title": "Interesting comment",
"description": "I know where your house lives",
"_id": "4a3be0f9-fc2a-4607-9996-c2a92ae5ccbc",
"title": "Test Scroll Feature here",
"description": "Try to make the info description scrollable without destroying the header.",
"attachments": []
},
"_class": "com.securityc4po.api.pentest.comment.CommentEntity"
},{
"_id": {
"$oid": "64369f2628fc40394ae5b68e"
},
"lastModified": {
"$date": "2023-04-12T12:08:06.156Z"
},
"data": {
"_id": "02491d86-5f8d-4574-9bac-4d21ae4a2040",
"title": "Wow",
"description": "What a test comment..",
"attachments": []
},
"_class": "com.securityc4po.api.pentest.comment.CommentEntity"
},{
"_id": {
"$oid": "64369f3b28fc40394ae5b68f"
},
"lastModified": {
"$date": "2023-04-12T12:08:27.939Z"
},
"data": {
"_id": "bd1b9a09-c8d4-4050-8930-b79e4e81d50d",
"title": "Amazing",
"description": "Wow!",
"attachments": []
},
"_class": "com.securityc4po.api.pentest.comment.CommentEntity"

191
security-c4po-api/src/test/resources/collections/findings.json
View File

@ -1,75 +1,178 @@
[{
"_id": {
"$oid": "6405db8a13ae975803a098fe"
"$oid": "643699cd28fc40394ae5b625"
},
"lastModified": {
"$date": "2023-03-06T12:24:42.494Z"
"$date": "2023-04-12T11:45:23.385Z"
},
"data": {
"_id": "5bf1b2e1-69b7-463b-a1ca-4ac6ac66b10f",
"severity": "MEDIUM",
"title": "Medium Prio Finding",
"description": "Medium Description",
"impact": "Medium Impact",
"affectedUrls": [],
"reproduction": "1. Open App",
"mitigation": "",
"attachments": []
},
"_class": "com.securityc4po.api.pentest.finding.FindingEntity"
},{
"_id": {
"$oid": "6405dba513ae975803a098ff"
},
"lastModified": {
"$date": "2023-03-06T12:25:09.645Z"
},
"data": {
"_id": "f6e6c632-ab34-479e-9584-565f61c5862a",
"_id": "354c62b1-8f7f-4a65-9f1b-c4f6388f5506",
"severity": "HIGH",
"title": "High Prio Finding",
"description": "High Prio Description",
"impact": "High Impact",
"affectedUrls": [],
"reproduction": "1. Open App\n2. Hack",
"mitigation": "",
"title": "Broken Access Control",
"description": "Security flaws are caused by fragilely implemented access rights (or non-well-thought access constructs).\nAccess control is based on:\n- Confidentiality of the requested element\n- Role or permissions of the requesting user\nFlaws in access control can lead to:\n- Unauthorized users can obtain, manipulate or delete important and sensitive data\nChanging the bid inside the session storage in the frontend or intercepting the GET request for the basket and changing the id parameter results in getting the basket of another user (as long as the new id is valid).\n",
"impact": "This does not just affects the frontend but also destroys the integrity of the data from the backend since you can see the basket of other users.",
"affectedUrls": [
"https://juice-shop.herokuapp.com/#/basket, https://juice-shop.herokuapp.com/rest/basket/{id}"
],
"reproduction": "Step 1:\nLogin as any user.\n\nStep 2:\nGo to the basket page.\n\nStep 3:\nChange the bid value or intecept and manipulate the GET request for the basket.\n",
"mitigation": "Decide for a matching access control model: - Discretionary access control (DAC)\n- Role-based access control (RBAC)\n- Mandatory access control (MAC)\n- Attribute-based access control (ABAC)",
"attachments": []
},
"_class": "com.securityc4po.api.pentest.finding.FindingEntity"
},{
"_id": {
"$oid": "6405dbcc13ae975803a09900"
"$oid": "64369a1428fc40394ae5b627"
},
"lastModified": {
"$date": "2023-03-06T12:25:48.815Z"
"$date": "2023-04-12T11:46:28.934Z"
},
"data": {
"_id": "176f5d93-0fe3-40b1-8a25-f11a6f760148",
"severity": "CRITICAL",
"title": "Critical Prio Finding",
"description": "Critical Description",
"impact": "Critical Impact",
"affectedUrls": [],
"reproduction": "1. Open App\n2. Hack\n3. Break everything",
"mitigation": "",
"_id": "b215d04c-fec9-4f75-8d83-89ba0c6d3e74",
"severity": "HIGH",
"title": "Deprectated B2B Interface File Upload Error",
"description": "Inside the complaint screen the user is able to upload a file that should only be ment to be a pdf.\nUpon expection of the allowed MIME Types included in the main.js file we can see the following MIME Types being accepted by the application:\n[\"application/pdf\", \"application/xml\", \"text/xml\", \"application/zip\", \"application/x-zip-compressed\", \"multipart/x-zip\"]\nUploading a XML File results in the following error message that doesn't get handled gracefully by the frontend:\n\"Error: B2B customer complaints via file upload have been deprecated for security reasons (filename.xml)\"",
"impact": "This deprecated interface affects the frontend, backend and potentially the database depending on how the uploaded file is being handeled in the backend.",
"affectedUrls": [
"https://juice-shop.herokuapp.com/#/complain"
],
"reproduction": "Step 1:\nLogin to the application with any user.\n\nStep 2:\nGo to complaint screen.\n\nStep 3:\nWrite a small message in text field and upload any xml file before clicking on \"Submit\".\n\nYou will now get the error mentioned in the description.",
"mitigation": "Adjust the allowed MIME Type in the frontend.\nOther generic prevention methods include: \n- Use Configuration Management:\n- Hardening, Remove old configurations\n- Proper Error Codes",
"attachments": []
},
"_class": "com.securityc4po.api.pentest.finding.FindingEntity"
},{
"_id": {
"$oid": "641d94fb28aed92b289a61c7"
"$oid": "64369a5528fc40394ae5b629"
},
"lastModified": {
"$date": "2023-03-24T12:18:03.350Z"
"$date": "2023-04-12T11:49:24.611Z"
},
"data": {
"_id": "82076448-7ec0-4d64-a75d-b9bf6f4920be",
"_id": "19521078-aef5-4505-8b1f-958e75bd3fd1",
"severity": "HIGH",
"title": "Searchbar XSS",
"description": "DOM-based vulnerabilities arise when a client-side script reads data from a controllable part of the DOM (for example, the URL) and processes this data in an unsafe way.\nAdding <iframe src=\"javascript:alert(`xss`)\"> in the search bar of the header results here in the XSS Vulnerability.\n",
"impact": "Generally there are three kinds of XXS: 1. DOM-Based Cross-Site Scripting\n2. Reflected Cross-Site Scripting\n3. Persistent Cross-Site Scripting\n\nThe found XSS only impacts the Webapplication itself.",
"affectedUrls": [
"https://juice- shop.herokuapp.com/#/search?q=%3Ciframe%20src%3D%22javascript:alert('xss')%22%3E"
],
"reproduction": "Step 1:\nClick on the search field of the header.\n\nStep 2:\nEnter <iframe src=\"javascript:alert(`xss`)\">\n\nStep 3:\nPress ENTER to exucute the query.\n\nYou will now get a PopUp because the javascript code was executed in the browser.\n",
"mitigation": "- Do NOT put untrusted data into templates & SSR\n- Use strict input validation & strong typing (server-side) - Contextual Output Encoding\n- Sanitizing Input Fields\n- Content Security Policies\n- Trusted Types",
"attachments": []
},
"_class": "com.securityc4po.api.pentest.finding.FindingEntity"
},{
"_id": {
"$oid": "64369aaf28fc40394ae5b62b"
},
"lastModified": {
"$date": "2023-04-12T11:49:03.092Z"
},
"data": {
"_id": "5924c1c6-348b-403c-af41-d5e0fab05c1b",
"severity": "MEDIUM",
"title": "SQLITE Error",
"description": "Provoked an error that is neither gracefully nor consistently handled.",
"impact": "Webapplication and Node.js Server.",
"affectedUrls": [],
"reproduction": "Step 1:\nGo to Login.\n\nStep 2:\nInsert ' in username field and any string in password field.\n\nStep 3:\nSend the request and observe the error message [object object displayed].\nInside the Network traffic the response body for the login POST request with the \"incomplete\" SQL Injection returns to much information.\n\nWe can see that the errorcode is from SQLITE and get the sql query returned that got executed: SELECT * FROM Users WHERE email =\" ' \" AND password = \"randomString\"\n",
"mitigation": "Sanitize and validate Input Fields.\nUse proper error handeling in Backend. Rule of thumb: Escape all user input...\n",
"attachments": []
},
"_class": "com.securityc4po.api.pentest.finding.FindingEntity"
},{
"_id": {
"$oid": "64369ae828fc40394ae5b62d"
},
"lastModified": {
"$date": "2023-04-12T11:50:00.889Z"
},
"data": {
"_id": "271a2e85-5804-4b78-a12a-b722049321b3",
"severity": "HIGH",
"title": "Admin Account SQL Injection for Login",
"description": "SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner.\nInside Login Form using the ' or TRUE-- Syntax will enable the user to login as the Admin.\n",
"impact": "The active User-Session with Admin priviledges can affect the whole application.",
"affectedUrls": [
"https://juice-shop.herokuapp.com/#/login"
],
"reproduction": "Step 1:\nGo to login page.\n\nStep 2:\nEnter ' or TRUE-- in the username field and enter a random password.\n\nStep 3:\nClick “Login”.\n\nYou will now be authenticated as the Juice Shop Admin.",
"mitigation": "Preventing SQL Injections can be easily accomplished by adding: - Prepared statements\n- Stored procedures\n- Whitelist Input Validation\n- Escaping all input, that could be user-supplied - Webapp Firewall",
"attachments": []
},
"_class": "com.securityc4po.api.pentest.finding.FindingEntity"
},{
"_id": {
"$oid": "64369ef828fc40394ae5b68a"
},
"lastModified": {
"$date": "2023-04-12T12:07:20.402Z"
},
"data": {
"_id": "b76728bd-afab-4478-bc87-49f444e11c10",
"severity": "LOW",
"title": "Low Prio Finding",
"description": "Low Prio Description",
"impact": "Low Prio Impact",
"description": "Low Prio Finding",
"impact": "Low Prio Finding",
"affectedUrls": [],
"reproduction": "Step 1: Do Nothing",
"reproduction": "Low Prio Finding",
"mitigation": "",
"attachments": []
},
"_class": "com.securityc4po.api.pentest.finding.FindingEntity"
},{
"_id": {
"$oid": "64369f0328fc40394ae5b68b"
},
"lastModified": {
"$date": "2023-04-12T12:07:31.726Z"
},
"data": {
"_id": "80990bff-fb03-47af-980b-adf2bca89c4e",
"severity": "HIGH",
"title": "High Prio Finding",
"description": "High Prio Finding",
"impact": "High Prio Finding",
"affectedUrls": [],
"reproduction": "High Prio Finding",
"mitigation": "",
"attachments": []
},
"_class": "com.securityc4po.api.pentest.finding.FindingEntity"
},{
"_id": {
"$oid": "64369f0c28fc40394ae5b68c"
},
"lastModified": {
"$date": "2023-04-12T12:07:40.452Z"
},
"data": {
"_id": "279e698e-9511-43a4-b249-d84e84238fed",
"severity": "MEDIUM",
"title": "Medium Prio Finding",
"description": "Medium Prio Finding",
"impact": "Medium Prio Finding",
"affectedUrls": [],
"reproduction": "Medium Prio Finding",
"mitigation": "",
"attachments": []
},
"_class": "com.securityc4po.api.pentest.finding.FindingEntity"
},{
"_id": {
"$oid": "64369f1828fc40394ae5b68d"
},
"lastModified": {
"$date": "2023-04-12T12:07:52.793Z"
},
"data": {
"_id": "7a8b975a-eff3-4f99-b379-3f3ed08cf832",
"severity": "CRITICAL",
"title": "Critical Finding",
"description": "Critical Finding",
"impact": "Critical Finding",
"affectedUrls": [],
"reproduction": "Critical Finding",
"mitigation": "",
"attachments": []
},

2386
security-c4po-api/src/test/resources/collections/pentests.json
View File

File diff suppressed because it is too large Load Diff

644
security-c4po-api/src/test/resources/collections/projects.json
View File

@ -1,272 +1,458 @@
[{
"_id": {
"$oid": "6405d84a13ae975803a098fa"
"$oid": "64368903e15faf56402f785b"
},
"lastModified": {
"$date": "2023-04-04T13:39:00.146Z"
"$date": "2023-04-12T12:23:14.572Z"
},
"data": {
"_id": "575dd9d4-cb3c-4df3-981e-8a18bf8dc1d2",
"client": "Dio Stonemask Inc.",
"title": "log4jj bizarre adventure",
"createdAt": "2023-03-06T12:10:50.835664Z",
"tester": "Jojo",
"summary": "This report includes an Executeive Summary, the rules in regards to the scope of the pentest and the choosen approach of the pentester.\nDio Stonemask Inc. contracted Jojo to perform a Penetration Test to identify security weaknesses,\ndetermine the impact to Dio Stonemask Inc., document all findings in a clear and repeatable manner,\nand provide remediation recommendations",
"state": "TRIAGED",
"_id": "cb4dc4c2-180f-4b82-88bd-9e19629dfb7b",
"client": "OWASP",
"title": "Juice Shop",
"createdAt": "2023-04-12T10:33:39.322374Z",
"tester": "Cel",
"summary": "OWASP contracted Cel to perform a Penetration Test to identify security weaknesses, determine the impact to OWASP, document all findings in a clear and repeatable manner, and provide remediation recommendations.",
"state": "PRE_SUBMISSION",
"version": "1.0",
"projectPentests": [
{
"pentestId": "54f3ce12-784a-4e44-b9b3-0a986119ec50",
"pentestId": "81c113d1-f2a0-4ce1-a93d-f636ef9b4717",
"status": "NOT_STARTED"
},
{
"pentestId": "90a14259-2bf7-418a-babc-10015be84369",
"status": "NOT_STARTED"
},
{
"pentestId": "e9b80890-7a44-40da-8c32-f1b4611e25c6",
"status": "COMPLETED"
},
{
"pentestId": "d724df75-e85a-4124-a5be-bccadc78beaf",
"status": "PAUSED"
"pentestId": "de0ed5e1-9918-461b-b04d-702c25b6aca1",
"status": "COMPLETED"
},
{
"pentestId": "c9c1c2f4-14dd-43f4-bc0d-bac03755f798",
"status": "PAUSED"
"pentestId": "bacc6663-45fb-45b7-85f2-856b81d65e04",
"status": "COMPLETED"
},
{
"pentestId": "288599c2-c295-4825-b1ff-db20e99f45ba",
"status": "PAUSED"
"pentestId": "187475f9-fc06-4f1c-9472-8546425cfb89",
"status": "COMPLETED"
},
{
"pentestId": "7c1c1d64-000d-461b-b60f-50bfc70868e6",
"status": "PAUSED"
"pentestId": "8238b914-6a97-4755-97b4-97827d78facd",
"status": "COMPLETED"
},
{
"pentestId": "415528d1-a92c-4e14-adf1-2846b2ce0f70",
"status": "PAUSED"
"pentestId": "3a690339-199f-499e-b460-432b5a277fd4",
"status": "COMPLETED"
},
{
"pentestId": "8d91e25f-eaeb-42f6-800c-4e7113656321",
"status": "PAUSED"
"pentestId": "e191aefc-ce05-449b-884e-a8b6fd0fc51d",
"status": "NOT_STARTED"
},
{
"pentestId": "ed9595bb-cc80-4daa-873e-e7470fc0b7d1",
"status": "PAUSED"
},
{
"pentestId": "35481ca5-5672-4a11-a2b8-38ece069ca70",
"status": "PAUSED"
},
{
"pentestId": "538f8e15-8d0e-43ac-b7a6-d6b5959581eb",
"status": "PAUSED"
},
{
"pentestId": "3bff597e-d680-4b87-8352-be32f40db074",
"status": "PAUSED"
},
{
"pentestId": "27ca5852-aa9f-44ed-b2fe-c46c31b415f4",
"status": "PAUSED"
},
{
"pentestId": "60cf0cf9-f62a-4669-87a7-f519e7be0613",
"status": "PAUSED"
},
{
"pentestId": "05251dfd-a382-47af-85d5-798dd1a6171a",
"status": "PAUSED"
},
{
"pentestId": "be6780a2-b66e-42a6-a725-805633589921",
"status": "PAUSED"
},
{
"pentestId": "192b9fed-596b-4345-b33d-ca3882ba9bdd",
"status": "PAUSED"
},
{
"pentestId": "6d3f0b58-b311-465e-9f01-e3e45d165902",
"status": "PAUSED"
},
{
"pentestId": "058dd5c7-63a5-40cb-a4ed-46e5cdcb87ff",
"status": "PAUSED"
},
{
"pentestId": "36e1c198-d425-4a38-ad0b-2f9d6759931e",
"status": "PAUSED"
},
{
"pentestId": "b3063d09-237f-493e-b0db-603a11829d88",
"status": "PAUSED"
},
{
"pentestId": "6ae89321-678f-4191-b008-8abfc42401c3",
"status": "PAUSED"
},
{
"pentestId": "3334d254-87bf-4115-8d88-e2fed022ad06",
"status": "PAUSED"
},
{
"pentestId": "8e97f1e0-b02c-4be2-b30e-372d09614038",
"status": "PAUSED"
},
{
"pentestId": "e9c9eecb-116b-4a8c-ac8c-4a279f77e1f4",
"status": "PAUSED"
},
{
"pentestId": "f0531d71-18d3-41a7-a37a-2c15f6b26dcb",
"status": "PAUSED"
},
{
"pentestId": "d73543ef-a66f-4878-9ecb-ab5207ed734f",
"status": "PAUSED"
},
{
"pentestId": "22130f1e-53c2-404b-8f77-750e82d12768",
"status": "PAUSED"
},
{
"pentestId": "54db12f1-1fdc-48f9-9b1d-b6b1fb39bc07",
"status": "PAUSED"
},
{
"pentestId": "7853a95c-7ee3-4b31-af18-401c104efc7e",
"status": "PAUSED"
},
{
"pentestId": "7ca78e39-7d4c-46c5-a9c3-ba58c7fba844",
"status": "PAUSED"
},
{
"pentestId": "dca5b8b3-e994-4d5c-8740-b21ee806a4e5",
"status": "PAUSED"
},
{
"pentestId": "5e7b999c-e878-4d48-9ce8-9b65ef578dae",
"status": "PAUSED"
},
{
"pentestId": "8bc131f4-b9c8-4dd5-927b-0675dff6344e",
"status": "PAUSED"
},
{
"pentestId": "ed134842-6578-4d22-af57-282161c5306b",
"status": "PAUSED"
},
{
"pentestId": "f35f30fb-f246-4a1f-ae26-ce864647a341",
"status": "PAUSED"
},
{
"pentestId": "47021e69-95ab-4d93-ac13-aac0379ca809",
"status": "PAUSED"
},
{
"pentestId": "f19a5176-64bc-452b-aa63-8861aab75059",
"status": "PAUSED"
},
{
"pentestId": "c60ac6e5-39e8-4fae-8d65-d71ea69a2404",
"status": "PAUSED"
},
{
"pentestId": "2764e64b-0a7e-456c-9999-cdd05c5ef50b",
"status": "PAUSED"
},
{
"pentestId": "1247dd20-2986-4887-9c17-74806ce56eef",
"status": "PAUSED"
},
{
"pentestId": "e01d1a34-15fa-4f29-8054-8209a422e505",
"status": "PAUSED"
},
{
"pentestId": "c55343b0-c99c-4bfd-8f30-b8464b442dad",
"status": "PAUSED"
},
{
"pentestId": "47ff61bb-2e4f-45e3-9630-136f9d704882",
"status": "PAUSED"
},
{
"pentestId": "0b353e67-3092-4586-9558-172354beaf8b",
"status": "PAUSED"
},
{
"pentestId": "5804e2ce-8c5b-4f3d-8674-433042e61a7f",
"status": "PAUSED"
},
{
"pentestId": "4fc1260b-8b5b-47a7-bdee-61261e23919d",
"status": "PAUSED"
},
{
"pentestId": "39dfbf25-e97d-4bd8-9943-a9eec183bfcf",
"status": "PAUSED"
},
{
"pentestId": "53668fb6-471d-4363-9e47-8f73e4f1a7d4",
"status": "PAUSED"
},
{
"pentestId": "86637ffd-8e6e-4e00-9179-42f52780427a",
"status": "PAUSED"
},
{
"pentestId": "04f9532e-3c05-4eff-9e9f-b2d733a14a77",
"status": "PAUSED"
},
{
"pentestId": "1e58f29e-81fb-48d2-94bf-7b89e227f590",
"status": "PAUSED"
},
{
"pentestId": "2c78589b-558e-4b99-a182-df4df3c1439b",
"status": "PAUSED"
},
{
"pentestId": "9383b9c1-6c2e-422b-b16f-31a9640d1647",
"status": "PAUSED"
},
{
"pentestId": "2f87faf9-611f-40ae-9c0e-412d0bfd0481",
"status": "PAUSED"
},
{
"pentestId": "0f47fcbc-f567-4009-ae56-a894cf17cc46",
"status": "PAUSED"
},
{
"pentestId": "ba0fa19c-5533-4be8-8169-9ffa7d449ab0",
"status": "PAUSED"
},
{
"pentestId": "0f47ac3b-d19a-4115-9ddf-dc9b2f11abae",
"status": "PAUSED"
"pentestId": "fe3a2361-a23c-4a5d-8702-7b4178be3b8e",
"status": "NOT_STARTED"
}
],
"createdBy": "ce650edd-aebc-4478-9e17-40545ff66280"
"createdBy": "2b4615ec-2f58-4d6a-8543-0c764d64455a"
},
"_class": "com.securityc4po.api.project.ProjectEntity"
},{
"_id": {
"$oid": "6405e92813ae975803a09905"
"$oid": "64369b3f28fc40394ae5b62e"
},
"lastModified": {
"$date": "2023-03-29T19:04:32.771Z"
"$date": "2023-04-12T11:51:27.634Z"
},
"data": {
"_id": "d6e83738-4251-44ac-ad40-21b360780c98",
"_id": "c772cc08-24ef-4a60-9ba2-0090ccff2c17",
"client": "Allsafe",
"title": "CashMyData (iOS)",
"createdAt": "2023-03-06T13:22:48.564351Z",
"tester": "Elliot",
"createdAt": "2023-04-12T11:51:27.634073Z",
"tester": "Mr.Robot",
"state": "NEW",
"version": "1.0",
"projectPentests": [],
"createdBy": "5e741fe5-591f-48d1-afef-4e59ff5d8f78"
},
"_class": "com.securityc4po.api.project.ProjectEntity"
},{
"_id": {
"$oid": "64369b7a28fc40394ae5b62f"
},
"lastModified": {
"$date": "2023-04-12T12:12:21.434Z"
},
"data": {
"_id": "953b91b8-6cc8-4cbb-97eb-dfdadf69d217",
"client": "Dio Stonemask Inc.",
"title": "loq4il bizarre adventure",
"createdAt": "2023-04-12T11:52:26.624663Z",
"tester": "Jojo",
"summary": "Dio Stonemask Inc. contracted Jojo to perform a Penetration Test to identify security weaknesses,\ndetermine the impact to Dio Stonemask Inc., document all findings in a clear and repeatable manner,\nand provide remediation recommendations.",
"state": "INFORMATIVE",
"version": "1.0",
"projectPentests": [
{
"pentestId": "a666322d-688c-45b2-bf34-dd7020ee71ac",
"pentestId": "c69f1d8b-473a-482d-ad4e-5fe72a373f3c",
"status": "PAUSED"
},
{
"pentestId": "876ba2da-5665-4f7d-9255-3a673d83ba98",
"status": "PAUSED"
},
{
"pentestId": "30dd5f5b-ccd2-4a21-9986-46f4fabc61f1",
"status": "PAUSED"
},
{
"pentestId": "47309b16-d460-47ab-a50c-e8d64b24d245",
"status": "PAUSED"
},
{
"pentestId": "75310ed4-ea64-4662-87af-c76fd4a32d2d",
"status": "PAUSED"
},
{
"pentestId": "bc46c1f2-c254-460d-ae45-7cbf13919b45",
"status": "PAUSED"
},
{
"pentestId": "176844f3-3fe5-489d-b451-216cfae257ae",
"status": "PAUSED"
},
{
"pentestId": "e52040d8-511d-4c43-bde4-6a3af576ead5",
"status": "PAUSED"
},
{
"pentestId": "a310c8f3-4844-43c4-bc6e-e1e71ad2c82d",
"status": "PAUSED"
},
{
"pentestId": "caa3af85-7c5b-4b67-9d2d-9eea008fae4c",
"status": "PAUSED"
},
{
"pentestId": "1ff60f96-52a7-4100-a4a0-9b79d916dbe6",
"status": "COMPLETED"
},
{
"pentestId": "c1e7fa0a-db26-4530-b7af-8d1203f38f71",
"status": "PAUSED"
},
{
"pentestId": "a3ec1bd1-a797-454e-84c7-344c4200fd03",
"status": "PAUSED"
},
{
"pentestId": "7e239919-be0f-42c0-bd57-09a3e180f26a",
"status": "PAUSED"
},
{
"pentestId": "3b568b5f-f80b-487b-95d3-59777a6fe852",
"status": "PAUSED"
},
{
"pentestId": "c3874047-d780-4e07-a8cf-14f8719c6bde",
"status": "PAUSED"
},
{
"pentestId": "1bbfac77-8261-405b-afce-5ba072f5e7ec",
"status": "PAUSED"
},
{
"pentestId": "8dc516fb-fdf5-420e-b128-8ba513d1b860",
"status": "PAUSED"
},
{
"pentestId": "461e87a3-83d4-4bdc-b5c6-175e543a4feb",
"status": "PAUSED"
},
{
"pentestId": "5f65315d-9f4a-4592-9045-62c4ea652db8",
"status": "PAUSED"
},
{
"pentestId": "0d9806c0-fef7-40a1-8a0f-aa29e42f7044",
"status": "PAUSED"
},
{
"pentestId": "9e741f16-2e1d-4495-841b-659b3b203998",
"status": "PAUSED"
},
{
"pentestId": "7ad8bfee-a3ec-40d5-8698-53d72bc7f1bd",
"status": "PAUSED"
},
{
"pentestId": "3823fe30-85ca-436d-8dbf-afce7fd5ab20",
"status": "PAUSED"
},
{
"pentestId": "bf828295-e2cc-4661-a35a-2fadb4ab789f",
"status": "PAUSED"
},
{
"pentestId": "334685cf-496f-4d1c-95ef-3d6dea8273d8",
"status": "PAUSED"
},
{
"pentestId": "6f4f1f71-5ea0-43cb-bf6d-a679dc79e99c",
"status": "PAUSED"
},
{
"pentestId": "316726a9-cd7b-46b1-89a2-5a86b3b7507a",
"status": "PAUSED"
},
{
"pentestId": "f1192507-31df-4eee-b338-1711aba30dc6",
"status": "PAUSED"
},
{
"pentestId": "de8a34af-71ff-40b4-b8ba-c3dfff60f7e4",
"status": "PAUSED"
},
{
"pentestId": "455a85ac-6104-400e-98e7-f728559ab321",
"status": "PAUSED"
},
{
"pentestId": "f5bfc04d-d795-4059-a8cd-a53906b32d73",
"status": "PAUSED"
},
{
"pentestId": "49b1dd69-9795-451d-a784-4ef8ded783f1",
"status": "PAUSED"
},
{
"pentestId": "88f0b8f5-3e83-439f-b961-97e6fa36c0df",
"status": "PAUSED"
},
{
"pentestId": "faab24f8-e6d1-4955-a67b-7baf4f65fcd4",
"status": "PAUSED"
},
{
"pentestId": "d38b5927-ac29-4c42-b0a2-d922e84881da",
"status": "PAUSED"
},
{
"pentestId": "d60b247f-855c-4045-acb1-db203bf799f4",
"status": "PAUSED"
},
{
"pentestId": "18ddfc08-2af2-4cb0-b2ac-4a09ceca3eb4",
"status": "PAUSED"
},
{
"pentestId": "f6513a43-9d51-465b-a436-89c98461d695",
"status": "PAUSED"
},
{
"pentestId": "17e76044-8475-48bc-860f-49e0433f9f36",
"status": "PAUSED"
},
{
"pentestId": "99b7f7bb-2345-48df-a2b2-e035399a49a7",
"status": "PAUSED"
},
{
"pentestId": "0d2c56c9-8dc9-4055-b6f7-855c1d66b889",
"status": "PAUSED"
},
{
"pentestId": "0c42bf18-ad55-4ea6-8071-90e181d5d2e6",
"status": "PAUSED"
},
{
"pentestId": "4e20cc75-41d7-421d-b3f1-d54d467c0949",
"status": "PAUSED"
},
{
"pentestId": "82874713-d8fb-401b-b625-cc42234d78b4",
"status": "PAUSED"
},
{
"pentestId": "5efa5129-05e0-4002-85b5-e5eaa5394184",
"status": "PAUSED"
},
{
"pentestId": "29cb5094-760a-42fd-87eb-66adadffd63c",
"status": "PAUSED"
},
{
"pentestId": "74a50e26-45ed-4963-bdb4-b1bd02cd861c",
"status": "PAUSED"
},
{
"pentestId": "7c83efe3-daca-4bff-8527-ff1e0062c266",
"status": "PAUSED"
},
{
"pentestId": "d19e4624-9ab0-400b-ad65-8cd84193db3f",
"status": "PAUSED"
},
{
"pentestId": "605c488b-f165-4682-b198-d04a66ca1056",
"status": "PAUSED"
},
{
"pentestId": "2547f486-d8ff-4384-9858-72b2a7d386f5",
"status": "PAUSED"
},
{
"pentestId": "24cefbd9-1900-4fe9-b3d4-e890a08c25c8",
"status": "PAUSED"
},
{
"pentestId": "b98216a5-d664-4c18-a40f-cbb379867727",
"status": "PAUSED"
},
{
"pentestId": "bd56dba8-a0c8-4dd1-a547-731af7a84b55",
"status": "PAUSED"
},
{
"pentestId": "28abc2cf-c6fe-434e-a33a-c145cbaacd36",
"status": "PAUSED"
},
{
"pentestId": "6ea3a13e-bf15-4cf2-b50b-e8534bbc383a",
"status": "PAUSED"
},
{
"pentestId": "c761329a-fde6-4a75-a496-ed999a33d067",
"status": "PAUSED"
},
{
"pentestId": "57410cd4-a6c4-4b16-9be1-f44d9b38bac4",
"status": "PAUSED"
},
{
"pentestId": "3c8a3c13-7542-4adc-a837-ef8bad67c73a",
"status": "PAUSED"
},
{
"pentestId": "313cc446-d642-41be-9d89-26d8ce096611",
"status": "PAUSED"
},
{
"pentestId": "e667823f-2d5f-4b39-b7c9-d1852a268258",
"status": "PAUSED"
},
{
"pentestId": "93071269-f91d-416d-8b3b-2c7f796e39d7",
"status": "PAUSED"
},
{
"pentestId": "759bdaae-45b9-449b-8315-22abe3fb426b",
"status": "PAUSED"
},
{
"pentestId": "5b4346ed-bec8-4b41-9a3e-4af419666f42",
"status": "PAUSED"
},
{
"pentestId": "04f4256c-3a83-4494-a8c6-9adaadfad4e7",
"status": "PAUSED"
},
{
"pentestId": "98092b84-d7a1-4c00-9133-c0206b77ddad",
"status": "PAUSED"
},
{
"pentestId": "555dc4d5-151e-4951-86db-5e91f00d1632",
"status": "PAUSED"
},
{
"pentestId": "6627b6e0-5954-482e-ab25-1af70c83f4c6",
"status": "COMPLETED"
},
{
"pentestId": "2ea4f6a5-01cd-453c-a178-4c940ead267f",
"status": "PAUSED"
},
{
"pentestId": "6441e2d3-c448-4538-8fbf-401181a7c467",
"status": "PAUSED"
},
{
"pentestId": "8f308aff-e54e-4426-a819-7bc6d6259da7",
"status": "PAUSED"
},
{
"pentestId": "b948f6ed-7010-4671-bfa6-070e38077fe8",
"status": "PAUSED"
},
{
"pentestId": "e8ad23fa-56db-4115-ba35-625a24c95ebd",
"status": "PAUSED"
},
{
"pentestId": "d5f44be4-d13a-43e7-9240-5309dc1f450b",
"status": "PAUSED"
},
{
"pentestId": "49f69ebf-0458-45f5-997e-780f6cbcca4e",
"status": "PAUSED"
},
{
"pentestId": "0cda684e-5a08-4409-b8ba-837a82f63512",
"status": "PAUSED"
},
{
"pentestId": "34cb82e0-8da7-4330-bbcd-b2de1271c56a",
"status": "PAUSED"
},
{
"pentestId": "8544d749-96ce-401b-9247-3905bc750f57",
"status": "PAUSED"
},
{
"pentestId": "af635f5e-82e1-43d4-8250-3b110aec5ed5",
"status": "PAUSED"
},
{
"pentestId": "5b769bdc-8609-4525-a10d-6d146ae75407",
"status": "PAUSED"
},
{
"pentestId": "cb61e169-47a6-49b6-b027-00e907bd72ed",
"status": "PAUSED"
},
{
"pentestId": "181299e6-dfb1-4ece-9ae9-ecfdf0023a81",
"status": "PAUSED"
},
{
"pentestId": "658aa9c7-ec5f-4831-bc7c-70f0e4076311",
"status": "PAUSED"
},
{
"pentestId": "9fd5bf73-d1be-41fe-93a9-0cdfb1293769",
"status": "PAUSED"
},
{
"pentestId": "391e3b07-8bc6-4502-bcff-4fd43be8708f",
"status": "PAUSED"
},
{
"pentestId": "a1d03fa3-912b-43ed-961c-0ee2a7eb156e",
"status": "PAUSED"
},
{
"pentestId": "b2c16114-81d5-410a-b790-e30ac1d7a338",
"status": "PAUSED"
},
{
"pentestId": "17e62f3a-d82a-4b4e-be8e-f6a24c7a934e",
"status": "PAUSED"
}
],
"createdBy": "5f104d76-bd8d-4258-852a-d000c7f0666d",
"state": "NEW"
"createdBy": "20c3059c-0b3c-4d74-9449-472bd87f3544"
},
"_class": "com.securityc4po.api.project.ProjectEntity"
}]