feat: As a developer I want to upload my docker images to DockerHub

2023-08-11 14:12:53 +02:00
26 changed files with 14934 additions and 609 deletions
--- a/.github/workflows/c4po-ci.yml
+++ b/.github/workflows/c4po-ci.yml
@ -1,8 +1,16 @@
 # This workflow uses actions that are not certified by GitHub.
 # They are provided by a third-party and are governed by
 # separate terms of service, privacy policy, and support
 # documentation.
 # GitHub recommends pinning actions to a commit SHA.
 # To get a newer version, you will need to update the SHA.
 # You can also reference a tag or branch, but the action may change without warning.
 name: "Security C4PO CI"
 on:
  push:
    branches: [ "main" ]
  pull_request:
    branches: [ "main" ]
--- a/.github/workflows/c4po-release.yml
+++ b/.github/workflows/c4po-release.yml
@ -0,0 +1,176 @@
 # This workflow uses actions that are not certified by GitHub.
 # They are provided by a third-party and are governed by
 # separate terms of service, privacy policy, and support
 # documentation.
 # GitHub recommends pinning actions to a commit SHA.
 # To get a newer version, you will need to update the SHA.
 # You can also reference a tag or branch, but the action may change without warning.
 name: "Publish C4PO Docker Hub"
 on:
  push:
    branches: [ "main" ]
 env:
  ANGULAR_PATH: security-c4po-angular
  API_PATH: security-c4po-api
  REPORTING_PATH: security-c4po-reporting
  CFG_PATH: security-c4po-cfg
 jobs:
  angular_job:
    name: "Angular Job"
    runs-on: ubuntu-latest
    steps:
      - name: "Check out code"
        uses: actions/checkout@v3
      - name: "Use Node.js 14.x"
        uses: actions/setup-node@v1
        with:
          node-version: '14.x'
          cache: 'npm'
      - name: "Install NPM dependencies"
        run: |
          cd $ANGULAR_PATH
          npm ci
      - name: "Build assets"
        run: |
          cd $ANGULAR_PATH
          npm run build --if-present
      - name: "Run tests"
        run: |
          cd $ANGULAR_PATH
          npm test
  api_job:
    name: "API Job"
    runs-on: ubuntu-latest
    steps:
      - name: "Check out code"
        uses: actions/checkout@v3
      - name: "Set up JDK 11"
        uses: actions/setup-java@v3
        with:
          java-version: '11'
          distribution: 'temurin'
      - name: "Setup Gradle"
        uses: gradle/gradle-build-action@v2
        with:
          gradle-version: 6.5
      - name: "Execute Gradle build"
        run: |
          cd $API_PATH
          ./gradlew clean bootJar -x dependencyCheckAnalyze
      - uses: actions/upload-artifact@v3
        with:
          name: API-jar
          path: security-c4po-api/build/libs/security-c4po-api-0.0.1-SNAPSHOT.jar # artifacts/api.jar
  reporting_job:
    name: "Reporting Job"
    runs-on: ubuntu-latest
    steps:
      - name: "Check out code"
        uses: actions/checkout@v3
      - name: "Set up JDK 11"
        uses: actions/setup-java@v3
        with:
          java-version: '11'
          distribution: 'temurin'
      - name: "Setup Gradle"
        uses: gradle/gradle-build-action@v2
        with:
          gradle-version: 6.5
      - name: "Execute Gradle build"
        run: |
          cd $REPORTING_PATH
          ./gradlew clean bootJar
      - uses: actions/upload-artifact@v3
        with:
          name: REPORTING-jar
          path: security-c4po-reporting/build/libs/security-c4po-reporting-0.0.1-SNAPSHOT.jar # artifacts/reporting.jar
  push_c4po_to_docker_hub:
    name: "Push images to Docker Hub"
    runs-on: ubuntu-latest
    needs: [angular_job, api_job, reporting_job]
    steps:
      - name: "Check out the repo"
        uses: actions/checkout@v3
      - name: Download jar api artifact
        uses: actions/download-artifact@v3
        with:
          name: API-jar
          path: security-c4po-api/build/libs/security-c4po-api-0.0.1-SNAPSHOT.jar
      - name: Download jar reporting artifact
        uses: actions/download-artifact@v3
        with:
          name: REPORTING-jar
          path: security-c4po-reporting/build/libs/security-c4po-reporting-0.0.1-SNAPSHOT.jar
      - name: "Set up Docker Compose"
        # https://github.com/marketplace/actions/docker-compose-action
        uses: isbang/compose-action@v1.4.1
        with:
          compose-file: ./security-c4po-cfg/docker-compose.yml
      - name: "Build Docker images"
        run: |
          cd $CFG_PATH
          docker-compose build \
          --build-arg TAG=c4po:${{ github.run_number }} \
          --build-arg VERSION=c4po:${{ github.run_number }} \
          --build-arg JAR_FILE_API=security-c4po-api/build/libs/security-c4po-api-0.0.1-SNAPSHOT.jar \
          --build-arg JAR_FILE_REPORT=security-c4po-reporting/build/libs/security-c4po-reporting-0.0.1-SNAPSHOT.jar
      - name: "Log in to Docker Hub"
        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_TOKEN }}
      - name: "Extract metadata (tags, labels) for Docker"
        id: meta
        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
        with:
          images: cellecram/security-c4po  # my-docker-hub-namespace/my-docker-hub-repository
      - name: "Push Docker images"
        run: |
          docker image ls
          docker image tag security-c4po-angular cellecram/security-c4po:angular
          docker image push cellecram/security-c4po:angular
          docker image tag security-c4po-api cellecram/security-c4po:api
          docker image push cellecram/security-c4po:api
          docker image tag security-c4po-reporting cellecram/security-c4po:reporting
          docker image push cellecram/security-c4po:reporting
          docker image tag quay.io/keycloak/keycloak:20.0.0 cellecram/security-c4po:keycloak
          docker image push cellecram/security-c4po:keycloak
          docker image tag mongo:5.0.0-focal cellecram/security-c4po:mongo
          docker image push cellecram/security-c4po:mongo
--- a/README.md
+++ b/README.md
@ -1,13 +1,48 @@
 ![workflow_badge](https://github.com/Marcel-Haag/security-c4po/actions/workflows/c4po-ci.yml/badge.svg?branch=main)
 ![workflow_badge](https://github.com/Marcel-Haag/security-c4po/actions/workflows/c4po-release.yml/badge.svg?branch=main)
 ![alt architecture](./wiki/repository-open-graph-c4po.png)
 Welcome to the frontend repository of Security C4PO, an open-source pentest reporting tool.
 Security C4PO is a powerful, user-friendly tool designed to simplify the process of generating professional pentest reports.
 It aims to streamline and automate the often time-consuming task of creating comprehensive reports by providing an intuitive web-based interface that facilitates the content of the [OWASP TESTING GUIDE](https://owasp.org/www-project-web-security-testing-guide/v42/).
 This repository contains the codebase of Security C4PO, built with an Angular Frontend and two Spring Boot Backend Microservices.
 [![YouTube](https://img.shields.io/badge/YouTube-%23FF0000.svg?style=for-the-badge&logo=YouTube&logoColor=white)](https://www.youtube.com/channel/UCDwRRDVepRUowI0NmBy_9lQ)
 ## Table of Contents
 * [Application Architecture](#application-architecture)
 * [Data Structure](#data-structure)
 * [C4PO Roadmap](#c4po-roadmap)
 * [Project](#project)
  * [Technical Requirements](#technical-requirements)
  * [Tools](#tools)
  * [Conventions](#conventions)
  * [Development server](#development-server)
  * [Testuser Credentials](#testuser-credentials)
 * [Contributing](#contributing)
 * [License](#license)
 ## Application Architecture
 ![alt architecture](./wiki/C4PO-Architecture.png)
 ## Data Structure
 ![alt datastructure](./wiki/C4PO-Datastructure.png)
 ## C4PO Roadmap
 ![alt roadmap](./wiki/C4PO-Roadmap.png)
 ## Project
 ![Angular](https://img.shields.io/badge/angular-%23DD0031.svg?style=for-the-badge&logo=angular&logoColor=white)
 ![RxJS](https://img.shields.io/badge/rxjs-%23B7178C.svg?style=for-the-badge&logo=reactivex&logoColor=white)
 ![Spring](https://img.shields.io/badge/spring-%236DB33F.svg?style=for-the-badge&logo=spring&logoColor=white)
 ![Gradle](https://img.shields.io/badge/Gradle-02303A.svg?style=for-the-badge&logo=Gradle&logoColor=white)
 ![Docker](https://img.shields.io/badge/docker-%230db7ed.svg?style=for-the-badge&logo=docker&logoColor=white)
 ![MongoDB](https://img.shields.io/badge/MongoDB-%234ea94b.svg?style=for-the-badge&logo=mongodb&logoColor=white)
 ### Technical Requirements
 * Docker / Docker-compose
 * OpenJDK 11
@ -17,6 +52,7 @@
 ### Tools
 * mongoDB Compass
 * Postman
 * Jaspersoft Studio
 ### Conventions
 * Branch: `<initial>_c4po_<issuenumber>`
@ -25,9 +61,14 @@
 ### Development server
 Execute 'c4po.sh' and all services will run on a dev server.
-### Testuser Credentials:
+### Testuser Credentials
-* Username: ttt
+* Username: c4po
 * Password: Test1234!
-## C4PO Roadmap
+## Contributing
-![alt roadmap](./wiki/C4PO-Roadmap.png)
+Contributions to Security C4PO are welcome! If you'd like to contribute to the project, please follow the guidelines outlined in the [CONTRIBUTING.md](https://github.com/marcel-haag/security-c4po/blob/main/CONTRIBUTING.md) file.
 ## License
 Security C4PO is licensed under the [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0) License. Please see the [LICENSE](https://github.com/marcel-haag/security-c4po/blob/main/LICENSE.md) file for more information.
 We hope you find Security C4PO useful for managing and generating pentest reports. If you encounter any issues or have suggestions for improvement, please feel free to create an issue on the [issue tracker](https://github.com/Marcel-Haag/security-c4po/issues).
--- a/c4po.sh
+++ b/c4po.sh
@ -24,10 +24,10 @@ echo -e "\n"
 echo "-----------------Start Build------------------"
 echo -e "\n"
 echo " - Report Engine: "
-docker-compose -f ${compose} build c4po-reporting
+docker-compose -f ${compose} build c4po-reporting #--build-arg JAR_FILE_REPORT=security-c4po-reporting/build/libs/security-c4po-reporting-0.0.1-SNAPSHOT.jar
 echo -e "\n"
 echo " - Backend: "
-docker-compose -f ${compose} build c4po-api
+docker-compose -f ${compose} build c4po-api #--build-arg JAR_FILE_API=security-c4po-api/build/libs/security-c4po-api-0.0.1-SNAPSHOT.jar
 echo -e "\n"
 echo " - Frontend: "
 docker-compose -f ${compose} build c4po-angular
--- a/security-c4po-angular/README.md
+++ b/security-c4po-angular/README.md
@ -1,6 +1,6 @@
-# SecurityC4poAngular
+# Security C4PO Angular
-This project was generated with [Angular CLI](https://github.com/angular/angular-cli) version 10.2.0.
+This Angular application serves as the frontend interface for Security C4PO, allowing users to efficiently manage and generate comprehensive reports for their penetration testing activities.
 ## Development server
@ -16,12 +16,19 @@ Run `ng build` to build the project. The build artifacts will be stored in the `
 ## Running unit tests
-Run `ng test` to execute the unit tests via [Karma](https://karma-runner.github.io).
+Run `ng test` to execute the unit tests via [Jest](https://jestjs.io/).
 ## Running end-to-end tests
-Run `ng e2e` to execute the end-to-end tests via [Protractor](http://www.protractortest.org/).
+Run `ng e2e` to execute the end-to-end tests via [Cypress](https://www.cypress.io/).
 ## Further help
 To get more help on the Angular CLI use `ng help` or go check out the [Angular CLI Overview and Command Reference](https://angular.io/cli) page.
 ## Contributing
 Pull requests are welcome. For major changes, please open an issue first
 to discuss what you would like to change.
 Please make sure to read our [contributing guideline](https://github.com/marcel-haag/security-c4po/blob/main/CONTRIBUTING.md).
--- a/security-c4po-angular/package-lock.json
+++ b/security-c4po-angular/package-lock.json
@ -276,6 +276,17 @@
            "debug": "4"
          }
        },
        "loader-utils": {
          "version": "2.0.0",
          "resolved": "https://registry.npmjs.org/loader-utils/-/loader-utils-2.0.0.tgz",
          "integrity": "sha512-rP4F0h2RaWSvPEkD7BLDFQnvSf+nK+wr3ESUjNTyAGobqrijmW92zc+SO6d4p4B1wh7+B/Jg1mkQe5NYUEHtHQ==",
          "dev": true,
          "requires": {
            "big.js": "^5.2.2",
            "emojis-list": "^3.0.0",
            "json5": "^2.1.2"
          }
        },
        "minimatch": {
          "version": "3.0.4",
          "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz",
@ -2206,15 +2217,6 @@
      "integrity": "sha512-Fxt+AfXgjMoin2maPIYzFZnQjAXjAL0PHscM5pRTtatFqB+vZxAM9tLp2Optnuw3QOQC40jTNeGYFOMvyf7v9g==",
      "dev": true
    },
    "@dsherret/to-absolute-glob": {
      "version": "2.0.2",
      "resolved": "https://registry.npmjs.org/@dsherret/to-absolute-glob/-/to-absolute-glob-2.0.2.tgz",
      "integrity": "sha512-InCaQ/KEOcFtAFztn47wadritBLP2nT6m/ucbBnIgI5YwxuMzKKCHtqazR2+D1yR6y1ZTnPea9aLFEUrTttUSQ==",
      "requires": {
        "is-absolute": "^1.0.0",
        "is-negated-glob": "^1.0.0"
      }
    },
    "@esbuild/android-arm": {
      "version": "0.17.17",
      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.17.17.tgz",
@ -3145,14 +3147,11 @@
      }
    },
    "@ngneat/until-destroy": {
-      "version": "8.0.4",
+      "version": "9.2.3",
-      "resolved": "https://registry.npmjs.org/@ngneat/until-destroy/-/until-destroy-8.0.4.tgz",
+      "resolved": "https://registry.npmjs.org/@ngneat/until-destroy/-/until-destroy-9.2.3.tgz",
-      "integrity": "sha512-FBh40y22VLFBOReBNOEhSn9dWix0AVYdEAF08N54jUYOGTbwjSORe/hjCrpuxcEdlw3lgTO5r2EgEl3n+kvfyA==",
+      "integrity": "sha512-ryX0vqDOdmYo53f7v5Ivbj1jcqOEX+vM1iiV9NYepWDha4VJp9lWrDFK9tRt2evAMzF/9u67JLzs4Xjcoh+Taw==",
      "requires": {
-        "glob": "^7.1.6",
+        "tslib": "^2.3.0"
        "minimist": "1.2.5",
        "ts-morph": "^7.1.2",
        "tslib": "^2.0.0"
      }
    },
    "@ngtools/webpack": {
@ -3197,6 +3196,7 @@
      "version": "2.1.5",
      "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz",
      "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==",
      "dev": true,
      "requires": {
        "@nodelib/fs.stat": "2.0.5",
        "run-parallel": "^1.1.9"
@ -3205,12 +3205,14 @@
    "@nodelib/fs.stat": {
      "version": "2.0.5",
      "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz",
-      "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A=="
+      "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==",
      "dev": true
    },
    "@nodelib/fs.walk": {
      "version": "1.2.8",
      "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz",
      "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==",
      "dev": true,
      "requires": {
        "@nodelib/fs.scandir": "2.1.5",
        "fastq": "^1.6.0"
@ -3665,26 +3667,6 @@
      "integrity": "sha512-L7z9BgrNEcYyUYtF+HaEfiS5ebkh9jXqbszz7pC0hRBPaatV0XjSD3+eHrpqFemQfgwiFF0QPIarnIihIDn7OA==",
      "dev": true
    },
    "@ts-morph/common": {
      "version": "0.5.2",
      "resolved": "https://registry.npmjs.org/@ts-morph/common/-/common-0.5.2.tgz",
      "integrity": "sha512-eLmfYV6u6gUgHrB9QV9lpuWg3cD60mhXdv0jvM5exWR/Cor8HG+GziFIj2hPEWHJknqzuU4meZd8DTqIzZfDRQ==",
      "requires": {
        "@dsherret/to-absolute-glob": "^2.0.2",
        "fast-glob": "^3.2.2",
        "fs-extra": "^9.0.0",
        "is-negated-glob": "^1.0.0",
        "multimatch": "^4.0.0",
        "typescript": "~3.9.7"
      },
      "dependencies": {
        "typescript": {
          "version": "3.9.10",
          "resolved": "https://registry.npmjs.org/typescript/-/typescript-3.9.10.tgz",
          "integrity": "sha512-w6fIxVE/H1PkLKcCPsFqKE7Kv7QUwhU8qQY2MueZXWx5cPZdwFupLgKK3vntcK98BtNHZtAF4LA/yl2a7k8R6Q=="
        }
      }
    },
    "@types/babel__core": {
      "version": "7.20.0",
      "resolved": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.0.tgz",
@ -3850,7 +3832,8 @@
    "@types/minimatch": {
      "version": "3.0.5",
      "resolved": "https://registry.npmjs.org/@types/minimatch/-/minimatch-3.0.5.tgz",
-      "integrity": "sha512-Klz949h02Gz2uZCMGwDUSDS1YBlTdDDgbWHi+81l29tQALUtvz4rAYi5uoVhE5Lagoq6DeqAUlbrHvW/mXDgdQ=="
+      "integrity": "sha512-Klz949h02Gz2uZCMGwDUSDS1YBlTdDDgbWHi+81l29tQALUtvz4rAYi5uoVhE5Lagoq6DeqAUlbrHvW/mXDgdQ==",
      "dev": true
    },
    "@types/node": {
      "version": "12.20.55",
@ -4366,11 +4349,6 @@
      "integrity": "sha512-sKpyeERZ02v1FeCZT8lrfJq5u6goHCtpTAzPwJYe7c8SPFOboNjNg1vz2L4VTn9T4PQxEx13TbXLmYUcS6Ug7Q==",
      "dev": true
    },
    "array-differ": {
      "version": "3.0.0",
      "resolved": "https://registry.npmjs.org/array-differ/-/array-differ-3.0.0.tgz",
      "integrity": "sha512-THtfYS6KtME/yIAhKjZ2ul7XI96lQGHRputJQHO80LAWQnuGP4iCIN8vdMRboGbIEYBwU33q8Tch1os2+X0kMg=="
    },
    "array-flatten": {
      "version": "2.1.2",
      "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-2.1.2.tgz",
@ -4380,7 +4358,8 @@
    "array-union": {
      "version": "2.1.0",
      "resolved": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz",
-      "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw=="
+      "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==",
      "dev": true
    },
    "array-uniq": {
      "version": "1.0.3",
@ -4394,11 +4373,6 @@
      "integrity": "sha512-SleRWjh9JUud2wH1hPs9rZBZ33H6T9HOiL0uwGnGx9FpE6wKGyfWugmbkEOIs6qWrZhg0LWeLziLrEwQJhs5mQ==",
      "dev": true
    },
    "arrify": {
      "version": "2.0.1",
      "resolved": "https://registry.npmjs.org/arrify/-/arrify-2.0.1.tgz",
      "integrity": "sha512-3duEwti880xqi4eAMN8AyR4a0ByT90zoYdLlevfrvU43vb0YZwZVfxOgxWrLXXXpyugL0hNZc9G6BiB5B3nUug=="
    },
    "asn1": {
      "version": "0.2.6",
      "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.6.tgz",
@ -4453,11 +4427,6 @@
      "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==",
      "dev": true
    },
    "at-least-node": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/at-least-node/-/at-least-node-1.0.0.tgz",
      "integrity": "sha512-+q/t7Ekv1EDY2l6Gda6LLiX14rU9TV20Wa3ofeQmwPFZbOMo9DXrLbOjFaaclkXKWidIaopwAObQDqwWtGUjqg=="
    },
    "atob": {
      "version": "2.1.2",
      "resolved": "https://registry.npmjs.org/atob/-/atob-2.1.2.tgz",
@ -4978,6 +4947,7 @@
      "version": "3.0.2",
      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
      "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
      "dev": true,
      "requires": {
        "fill-range": "^7.0.1"
      }
@ -5350,11 +5320,6 @@
      "integrity": "sha512-QVb0dM5HvG+uaxitm8wONl7jltx8dqhfU33DcqtOZcLSVIKSDDLDi7+0LbAKiyI8hD9u42m2YxXSkMGWThaecQ==",
      "dev": true
    },
    "code-block-writer": {
      "version": "10.1.1",
      "resolved": "https://registry.npmjs.org/code-block-writer/-/code-block-writer-10.1.1.tgz",
      "integrity": "sha512-67ueh2IRGst/51p0n6FvPrnRjAGHY5F8xdjkgrYE7DDzpJe6qA07RYQ9VcoUeo5ATOjSOiWpSL3SWBRRbempMw=="
    },
    "codelyzer": {
      "version": "6.0.2",
      "resolved": "https://registry.npmjs.org/codelyzer/-/codelyzer-6.0.2.tgz",
@ -7294,6 +7259,7 @@
      "version": "3.2.12",
      "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.2.12.tgz",
      "integrity": "sha512-DVj4CQIYYow0BlaelwK1pHl5n5cRSJfM60UA0zK891sVInoPri2Ekj7+e1CT3/3qxXenpI+nBBmQAcJPJgaj4w==",
      "dev": true,
      "requires": {
        "@nodelib/fs.stat": "^2.0.2",
        "@nodelib/fs.walk": "^1.2.3",
@ -7324,6 +7290,7 @@
      "version": "1.15.0",
      "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.15.0.tgz",
      "integrity": "sha512-wBrocU2LCXXa+lWBt8RoIRD89Fi8OdABODa/kEnyeyjS5aZO5/GNvI5sEINADqP/h8M29UHTHUb53sUu5Ihqdw==",
      "dev": true,
      "requires": {
        "reusify": "^1.0.4"
      }
@ -7366,6 +7333,7 @@
      "version": "7.0.1",
      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
      "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
      "dev": true,
      "requires": {
        "to-regex-range": "^5.0.1"
      }
@ -7484,17 +7452,6 @@
      "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==",
      "dev": true
    },
    "fs-extra": {
      "version": "9.1.0",
      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz",
      "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==",
      "requires": {
        "at-least-node": "^1.0.0",
        "graceful-fs": "^4.2.0",
        "jsonfile": "^6.0.1",
        "universalify": "^2.0.0"
      }
    },
    "fs-minipass": {
      "version": "2.1.0",
      "resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-2.1.0.tgz",
@ -7623,6 +7580,7 @@
      "version": "5.1.2",
      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
      "dev": true,
      "requires": {
        "is-glob": "^4.0.1"
      }
@ -7655,7 +7613,8 @@
    "graceful-fs": {
      "version": "4.2.11",
      "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz",
-      "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ=="
+      "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==",
      "dev": true
    },
    "handle-thing": {
      "version": "2.0.1",
@ -8632,15 +8591,6 @@
      "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==",
      "dev": true
    },
    "is-absolute": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/is-absolute/-/is-absolute-1.0.0.tgz",
      "integrity": "sha512-dOWoqflvcydARa360Gvv18DZ/gRuHKi2NU/wU5X1ZFzdYfH29nkiNZsF3mp4OJ3H4yo9Mx8A/uAGNzpzPN3yBA==",
      "requires": {
        "is-relative": "^1.0.0",
        "is-windows": "^1.0.1"
      }
    },
    "is-absolute-url": {
      "version": "3.0.3",
      "resolved": "https://registry.npmjs.org/is-absolute-url/-/is-absolute-url-3.0.3.tgz",
@ -8769,7 +8719,8 @@
    "is-extglob": {
      "version": "2.1.1",
      "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
-      "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ=="
+      "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==",
      "dev": true
    },
    "is-fullwidth-code-point": {
      "version": "3.0.0",
@ -8786,6 +8737,7 @@
      "version": "4.0.3",
      "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz",
      "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==",
      "dev": true,
      "requires": {
        "is-extglob": "^2.1.1"
      }
@ -8802,15 +8754,11 @@
      "integrity": "sha512-z7CMFGNrENq5iFB9Bqo64Xk6Y9sg+epq1myIcdHaGnbMTYOxvzsEtdYqQUylB7LxfkvgrrjP32T6Ywciio9UIQ==",
      "dev": true
    },
    "is-negated-glob": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/is-negated-glob/-/is-negated-glob-1.0.0.tgz",
      "integrity": "sha512-czXVVn/QEmgvej1f50BZ648vUI+em0xqMq2Sn+QncCLN4zj1UAxlT+kw/6ggQTOaZPd1HqKQGEqbpQVtJucWug=="
    },
    "is-number": {
      "version": "7.0.0",
      "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
-      "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng=="
+      "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
      "dev": true
    },
    "is-path-cwd": {
      "version": "2.2.0",
@ -8861,14 +8809,6 @@
        "has-tostringtag": "^1.0.0"
      }
    },
    "is-relative": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/is-relative/-/is-relative-1.0.0.tgz",
      "integrity": "sha512-Kw/ReK0iqwKeu0MITLFuj0jbPAmEiOsIwyIXvvbfa6QfmN9pkD1M+8pdk7Rl/dTKbH34/XBFMbgD4iMJhLQbGA==",
      "requires": {
        "is-unc-path": "^1.0.0"
      }
    },
    "is-stream": {
      "version": "1.1.0",
      "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz",
@ -8881,14 +8821,6 @@
      "integrity": "sha512-cyA56iCMHAh5CdzjJIa4aohJyeO1YbwLi3Jc35MmRU6poroFjIGZzUzupGiRPOjgHg9TLu43xbpwXk523fMxKA==",
      "dev": true
    },
    "is-unc-path": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/is-unc-path/-/is-unc-path-1.0.0.tgz",
      "integrity": "sha512-mrGpVd0fs7WWLfVsStvgF6iEJnbjDFZh9/emhRDcGWTduTfNHd9CHeUwH3gYIjdbwo4On6hunkztwOaAw0yllQ==",
      "requires": {
        "unc-path-regex": "^0.1.2"
      }
    },
    "is-unicode-supported": {
      "version": "0.1.0",
      "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz",
@ -8904,7 +8836,8 @@
    "is-windows": {
      "version": "1.0.2",
      "resolved": "https://registry.npmjs.org/is-windows/-/is-windows-1.0.2.tgz",
-      "integrity": "sha512-eXK1UInq2bPmjyX6e3VHIzMLobc4J94i4AWn+Hpq3OU5KkrRC96OAcR3PRJ/pGu6m8TRnBHP9dkXQVsT/COVIA=="
+      "integrity": "sha512-eXK1UInq2bPmjyX6e3VHIzMLobc4J94i4AWn+Hpq3OU5KkrRC96OAcR3PRJ/pGu6m8TRnBHP9dkXQVsT/COVIA==",
      "dev": true
    },
    "is-wsl": {
      "version": "2.2.0",
@ -10887,15 +10820,6 @@
      "integrity": "sha512-DRf0QjnNeCUds3xTjKlQQ3DpJD51GvDjJfnxUVWg6PZTo2otSm+slzNAxU/35hF8/oJIKoG9slq30JYOsF2azg==",
      "dev": true
    },
    "jsonfile": {
      "version": "6.1.0",
      "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz",
      "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==",
      "requires": {
        "graceful-fs": "^4.1.6",
        "universalify": "^2.0.0"
      }
    },
    "jsonparse": {
      "version": "1.3.1",
      "resolved": "https://registry.npmjs.org/jsonparse/-/jsonparse-1.3.1.tgz",
@ -11120,9 +11044,9 @@
      "dev": true
    },
    "loader-utils": {
-      "version": "2.0.0",
+      "version": "2.0.4",
-      "resolved": "https://registry.npmjs.org/loader-utils/-/loader-utils-2.0.0.tgz",
+      "resolved": "https://registry.npmjs.org/loader-utils/-/loader-utils-2.0.4.tgz",
-      "integrity": "sha512-rP4F0h2RaWSvPEkD7BLDFQnvSf+nK+wr3ESUjNTyAGobqrijmW92zc+SO6d4p4B1wh7+B/Jg1mkQe5NYUEHtHQ==",
+      "integrity": "sha512-xXqpXoINfFhgua9xiqD8fPFHgkoq1mmmpE92WlDbm9rNRd/EbRb+Gqf908T2DMfuHjjJlksiK2RbHVOdD/MqSw==",
      "dev": true,
      "requires": {
        "big.js": "^5.2.2",
@ -11459,7 +11383,8 @@
    "merge2": {
      "version": "1.4.1",
      "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz",
-      "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg=="
+      "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==",
      "dev": true
    },
    "methods": {
      "version": "1.1.2",
@ -11471,6 +11396,7 @@
      "version": "4.0.5",
      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
      "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
      "dev": true,
      "requires": {
        "braces": "^3.0.2",
        "picomatch": "^2.3.1"
@ -11558,9 +11484,10 @@
      }
    },
    "minimist": {
-      "version": "1.2.5",
+      "version": "1.2.8",
-      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz",
+      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz",
-      "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw=="
+      "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==",
      "dev": true
    },
    "minipass": {
      "version": "3.3.6",
@ -11700,18 +11627,6 @@
      "integrity": "sha512-cnAsSVxIDsYt0v7HmC0hWZFwwXSh+E6PgCrREDuN/EsjgLwA5XRmlMHhSiDPrt6HxY1gTivEa/Zh7GtODoLevQ==",
      "dev": true
    },
    "multimatch": {
      "version": "4.0.0",
      "resolved": "https://registry.npmjs.org/multimatch/-/multimatch-4.0.0.tgz",
      "integrity": "sha512-lDmx79y1z6i7RNx0ZGCPq1bzJ6ZoDDKbvh7jxr9SJcWLkShMzXrHbYVpTdnhNM5MXpDUxCQ4DgqVttVXlBgiBQ==",
      "requires": {
        "@types/minimatch": "^3.0.3",
        "array-differ": "^3.0.0",
        "array-union": "^2.1.0",
        "arrify": "^2.0.1",
        "minimatch": "^3.0.4"
      }
    },
    "mute-stream": {
      "version": "0.0.8",
      "resolved": "https://registry.npmjs.org/mute-stream/-/mute-stream-0.0.8.tgz",
@ -12590,7 +12505,8 @@
    "picomatch": {
      "version": "2.3.1",
      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
-      "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA=="
+      "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
      "dev": true
    },
    "pify": {
      "version": "4.0.1",
@ -14569,7 +14485,8 @@
    "queue-microtask": {
      "version": "1.2.3",
      "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz",
-      "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A=="
+      "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==",
      "dev": true
    },
    "randombytes": {
      "version": "2.1.0",
@ -14973,7 +14890,8 @@
    "reusify": {
      "version": "1.0.4",
      "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz",
-      "integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw=="
+      "integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==",
      "dev": true
    },
    "rimraf": {
      "version": "3.0.2",
@ -14999,6 +14917,7 @@
      "version": "1.2.0",
      "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz",
      "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==",
      "dev": true,
      "requires": {
        "queue-microtask": "^1.2.2"
      }
@ -16256,6 +16175,7 @@
      "version": "5.0.1",
      "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
      "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
      "dev": true,
      "requires": {
        "is-number": "^7.0.0"
      }
@ -16328,16 +16248,6 @@
        }
      }
    },
    "ts-morph": {
      "version": "7.3.0",
      "resolved": "https://registry.npmjs.org/ts-morph/-/ts-morph-7.3.0.tgz",
      "integrity": "sha512-BUKSoz7AFSKPcYTZODbICW2mOthAN4vc5juD6FL1lD/dLwZ0WvrC3zqBM3/X6f5gHxq3yaz+HmanHGaWm0ddbQ==",
      "requires": {
        "@dsherret/to-absolute-glob": "^2.0.2",
        "@ts-morph/common": "~0.5.2",
        "code-block-writer": "^10.1.0"
      }
    },
    "ts-node": {
      "version": "8.3.0",
      "resolved": "https://registry.npmjs.org/ts-node/-/ts-node-8.3.0.tgz",
@ -16475,11 +16385,6 @@
      "integrity": "sha512-DqQgihaQ9cUrskJo9kIyW/+g0Vxsk8cDtZ52a3NGh0YNTfpUSArXSohyUGnvbPazEPLu398C0UxmKSOrPumUzA==",
      "dev": true
    },
    "unc-path-regex": {
      "version": "0.1.2",
      "resolved": "https://registry.npmjs.org/unc-path-regex/-/unc-path-regex-0.1.2.tgz",
      "integrity": "sha512-eXL4nmJT7oCpkZsHZUOJo8hcX3GbsiDOa0Qu9F646fi8dT3XuSVopVqAcEiVzSKKH7UoDti23wNX3qGFxcW5Qg=="
    },
    "unicode-canonical-property-names-ecmascript": {
      "version": "2.0.0",
      "resolved": "https://registry.npmjs.org/unicode-canonical-property-names-ecmascript/-/unicode-canonical-property-names-ecmascript-2.0.0.tgz",
@ -16544,11 +16449,6 @@
        "imurmurhash": "^0.1.4"
      }
    },
    "universalify": {
      "version": "2.0.0",
      "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz",
      "integrity": "sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ=="
    },
    "unpipe": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
--- a/security-c4po-angular/package.json
+++ b/security-c4po-angular/package.json
@ -30,7 +30,7 @@
    "@glidejs/glide": "^3.6.0",
    "@nebular/eva-icons": "^8.0.0",
    "@nebular/theme": "^8.0.0",
-    "@ngneat/until-destroy": "~8.0.4",
+    "@ngneat/until-destroy": "^9.2.3",
    "@ngx-translate/core": "^13.0.0",
    "@ngx-translate/http-loader": "^6.0.0",
    "@ngxs/storage-plugin": "^3.7.3",
--- a/security-c4po-angular/src/app/project-overview/project-overview.component.html
+++ b/security-c4po-angular/src/app/project-overview/project-overview.component.html
@ -9,7 +9,7 @@
          <form class="project-filter-input">
            <nb-form-field>
              <fa-icon nbPrefix class="search-prefix-icon" [icon]="fa.faSearch"></fa-icon>
-              <input type="text"
+              <input type="search"
                     fullWidth nbInput
                     class="search-field"
                     [formControl]="projectSearch"
--- a/security-c4po-angular/src/assets/images/tutorial/views/5_Userprofile.png
+++ b/security-c4po-angular/src/assets/images/tutorial/views/5_Userprofile.png
--- a/security-c4po-angular/src/shared/modules/finding-dialog/finding-dialog.component.html
+++ b/security-c4po-angular/src/shared/modules/finding-dialog/finding-dialog.component.html
@ -95,7 +95,7 @@
          {{formArray[4].labelKey | translate}}
        </label>
        <input formControlName="{{formArray[4].fieldName}}"
-               type="text"
+               type="url"
               id="{{formArray[4].fieldName}}"
               nbTagInput fullWidth
               shape="rectangle"
--- a/security-c4po-angular/src/shared/modules/finding-dialog/service/finding-dialog.service.ts
+++ b/security-c4po-angular/src/shared/modules/finding-dialog/service/finding-dialog.service.ts
@ -98,7 +98,7 @@ export class FindingDialogService {
        },
        findingAffectedUrls: {
          fieldName: 'findingAffectedUrls',
-          type: 'text',
+          type: 'url',
          labelKey: 'finding.affectedUrls.label',
          placeholder: 'finding.affectedUrls.placeholder',
          controlsConfig: [
--- a/security-c4po-angular/src/shared/modules/profile-settings/profile-settings.component.scss
+++ b/security-c4po-angular/src/shared/modules/profile-settings/profile-settings.component.scss
@ -3,7 +3,9 @@
 .profile-setting-dialog {
  width: 45.25rem !important;
-  height: 36rem;
+  height: 36.5rem;
  overflow: hidden; /* Hide scrollbars */
  .dialog-header {
    height: 8vh;
--- a/security-c4po-api/Dockerfile
+++ b/security-c4po-api/Dockerfile
@ -1,5 +1,12 @@
 FROM openjdk:11-jre
-ENV TZ=Europe/Berlin
+ENV TZ=UTC
 #ARG JAR_FILE_API
 #RUN if [[ -z "$JAR_FILE_API" ]] ; then COPY ./build/libs/security-c4po-api-0.0.1-SNAPSHOT.jar app.jar / ; else COPY ${JAR_FILE_API} app.jar ; fi
 #COPY ${JAR_FILE_API} app.jar
 RUN groupadd -g 9999 security-c4po-api && \
    useradd -r -u 9999 -g security-c4po-api security-c4po-api
 RUN mkdir /data
@ -15,3 +22,4 @@ EXPOSE 8443
 COPY ./wait-for-keycloak.sh /
 # CMD [ "java", "-jar", "security-c4po-api-0.0.1-SNAPSHOT.jar" ]
 ENTRYPOINT [ "./wait-for-keycloak.sh", "http://c4po-keycloak:8080/auth/realms/c4po_realm_local", "java", "-Dspring.profiles.active=${SPRING_PROFILES_ACTIVE}", "-jar", "security-c4po-api-0.0.1-SNAPSHOT.jar" ]
 #ENTRYPOINT [ "./wait-for-keycloak.sh", "http://c4po-keycloak:8080/auth/realms/c4po_realm_local", "java", "-Dspring.profiles.active=${SPRING_PROFILES_ACTIVE}", "-jar", "app.jar" ]
--- a/security-c4po-api/README.md
+++ b/security-c4po-api/README.md
@ -0,0 +1,10 @@
 # Security C4PO API
 This Spring Boot application serves as the backend for Security C4PO, allowing users to efficiently send requests for their penetration testing activities.
 ## Contributing
 Pull requests are welcome. For major changes, please open an issue first
 to discuss what you would like to change.
 Please make sure to read our [contributing guideline](https://github.com/marcel-haag/security-c4po/blob/main/CONTRIBUTING.md).
--- a/security-c4po-api/src/test/resources/collections/comments.json
+++ b/security-c4po-api/src/test/resources/collections/comments.json
@ -12,7 +12,8 @@
    "attachments": []
  },
  "_class": "com.securityc4po.api.pentest.comment.CommentEntity"
-},{
+},
 {
  "_id": {
    "$oid": "64369e4428fc40394ae5b679"
  },
@ -26,7 +27,8 @@
    "attachments": []
  },
  "_class": "com.securityc4po.api.pentest.comment.CommentEntity"
-},{
+},
 {
  "_id": {
    "$oid": "64369f2628fc40394ae5b68e"
  },
@ -40,7 +42,8 @@
    "attachments": []
  },
  "_class": "com.securityc4po.api.pentest.comment.CommentEntity"
-},{
+},
 {
  "_id": {
    "$oid": "64369f3b28fc40394ae5b68f"
  },
@ -54,7 +57,8 @@
    "attachments": []
  },
  "_class": "com.securityc4po.api.pentest.comment.CommentEntity"
-},{
+},
 {
  "_id": {
    "$oid": "6440085a1f4ed15ba9666309"
  },
@ -68,7 +72,8 @@
    "attachments": []
  },
  "_class": "com.securityc4po.api.pentest.comment.CommentEntity"
-},{
+},
 {
  "_id": {
    "$oid": "644008e81f4ed15ba966630a"
  },
@ -82,7 +87,8 @@
    "attachments": []
  },
  "_class": "com.securityc4po.api.pentest.comment.CommentEntity"
-},{
+},
 {
  "_id": {
    "$oid": "645a23e989feac5618c3a83e"
  },
--- a/security-c4po-api/src/test/resources/collections/findings.json
+++ b/security-c4po-api/src/test/resources/collections/findings.json
@ -3,28 +3,29 @@
    "$oid": "643699cd28fc40394ae5b625"
  },
  "lastModified": {
-    "$date": "2023-04-12T11:45:23.385Z"
+    "$date": "2023-07-19T12:12:32.900Z"
  },
  "data": {
    "_id": "354c62b1-8f7f-4a65-9f1b-c4f6388f5506",
    "severity": "HIGH",
    "title": "Broken Access Control",
    "description": "Security flaws are caused by fragilely implemented access rights (or non-well-thought access constructs).\nAccess control is based on:\n- Confidentiality of the requested element\n- Role or permissions of the requesting user\nFlaws in access control can lead to:\n- Unauthorized users can obtain, manipulate or delete important and sensitive data\nChanging the bid inside the session storage in the frontend or intercepting the GET request for the basket and changing the id parameter results in getting the basket of another user (as long as the new id is valid).\n",
-    "impact": "This does not just affects the frontend but also destroys the integrity of the data from the backend since you can see the basket of other users.",
+    "impact": "This does not just affect the frontend but also destroys the integrity of the data from the backend since you can see the basket of other users.",
    "affectedUrls": [
      "https://juice-shop.herokuapp.com/#/basket, https://juice-shop.herokuapp.com/rest/basket/{id}"
    ],
-    "reproduction": "Step 1:\nLogin as any user.\n\nStep 2:\nGo to the basket page.\n\nStep 3:\nChange the bid value or intecept and manipulate the GET request for the basket.\n",
+    "reproduction": "Step 1:\nLogin as any user.\n\nStep 2:\nGo to the basket page.\n\nStep 3:\nOpen the browser console and change the bid value or intecept and manipulate the GET request for the basket.\n",
-    "mitigation": "Decide for a matching access control model: - Discretionary access control (DAC)\n- Role-based access control (RBAC)\n- Mandatory access control (MAC)\n- Attribute-based access control (ABAC)",
+    "mitigation": "Decide for a matching access control model: \n- Discretionary access control (DAC)\n- Role-based access control (RBAC)\n- Mandatory access control (MAC)\n- Attribute-based access control (ABAC)\n- Rule-based access control (RuBAC)",
    "attachments": []
  },
  "_class": "com.securityc4po.api.pentest.finding.FindingEntity"
-},{
+},
 {
  "_id": {
    "$oid": "64369a1428fc40394ae5b627"
  },
  "lastModified": {
-    "$date": "2023-04-12T11:46:28.934Z"
+    "$date": "2023-07-19T12:17:44.610Z"
  },
  "data": {
    "_id": "b215d04c-fec9-4f75-8d83-89ba0c6d3e74",
@ -35,33 +36,35 @@
    "affectedUrls": [
      "https://juice-shop.herokuapp.com/#/complain"
    ],
-    "reproduction": "Step 1:\nLogin to the application with any user.\n\nStep 2:\nGo to complaint screen.\n\nStep 3:\nWrite a small message in text field and upload any xml file before clicking on \"Submit\".\n\nYou will now get the error mentioned in the description.",
+    "reproduction": "Step 1:\nLogin to the application with any user.\n\nStep 2:\nGo to complaint screen.\n\nStep 3:\nWrite a small message in text field and upload any xml file before clicking on \"Submit\".\nYou will now get the error mentioned in the description.",
-    "mitigation": "Adjust the allowed MIME Type in the frontend.\nOther generic prevention methods include: \n- Use Configuration Management:\n- Hardening, Remove old configurations\n- Proper Error Codes",
+    "mitigation": "Adjust the allowed MIME Type in the frontend.\n\nOther generic prevention methods include: \n- Check your HTTP response headers\n- Check your TLS configuration\n\nNever configure wildcards in:\n- CORS allowed origin header\n- Redirect URI for OAuth/OIDC\n\nUse Configuration Management:\n- Hardening, Remove old configurations\n- Proper Error Codes\n",
    "attachments": []
  },
  "_class": "com.securityc4po.api.pentest.finding.FindingEntity"
-},{
+},
 {
  "_id": {
    "$oid": "64369a5528fc40394ae5b629"
  },
  "lastModified": {
-    "$date": "2023-04-12T11:49:24.611Z"
+    "$date": "2023-07-19T12:13:41.213Z"
  },
  "data": {
    "_id": "19521078-aef5-4505-8b1f-958e75bd3fd1",
    "severity": "HIGH",
-    "title": "Searchbar XSS",
+    "title": "Searchbar DOM XSS",
    "description": "DOM-based vulnerabilities arise when a client-side script reads data from a controllable part of the DOM (for example, the URL) and processes this data in an unsafe way.\nAdding <iframe src=\"javascript:alert(`xss`)\"> in the search bar of the header results here in the XSS Vulnerability.\n",
-    "impact": "Generally there are three kinds of XXS: 1. DOM-Based Cross-Site Scripting\n2. Reflected Cross-Site Scripting\n3. Persistent Cross-Site Scripting\n\nThe found XSS only impacts the Webapplication itself.",
+    "impact": "Generally there are three kinds of XXS: \n1. DOM-Based Cross-Site Scripting\n2. Reflected Cross-Site Scripting\n3. Persistent Cross-Site Scripting\n\nThe found XSS only impacts the Webapplication itself.",
    "affectedUrls": [
      "https://juice- shop.herokuapp.com/#/search?q=%3Ciframe%20src%3D%22javascript:alert('xss')%22%3E"
    ],
    "reproduction": "Step 1:\nClick on the search field of the header.\n\nStep 2:\nEnter <iframe src=\"javascript:alert(`xss`)\">\n\nStep 3:\nPress ENTER to exucute the query.\n\nYou will now get a PopUp because the javascript code was executed in the browser.\n",
-    "mitigation": "- Do NOT put untrusted data into templates & SSR\n- Use strict input validation & strong typing (server-side) - Contextual Output Encoding\n- Sanitizing Input Fields\n- Content Security Policies\n- Trusted Types",
+    "mitigation": "- Do NOT put untrusted data into templates & SSR\n- Use strict input validation & strong typing (server-side) \n- Contextual Output Encoding\n- Sanitizing Input Fields\n- Content Security Policies\n- Trusted Types\n- Protect Session Cookie (HTTPOnly)",
    "attachments": []
  },
  "_class": "com.securityc4po.api.pentest.finding.FindingEntity"
-},{
+},
 {
  "_id": {
    "$oid": "64369aaf28fc40394ae5b62b"
  },
@ -80,7 +83,8 @@
    "attachments": []
  },
  "_class": "com.securityc4po.api.pentest.finding.FindingEntity"
-},{
+},
 {
  "_id": {
    "$oid": "64369ae828fc40394ae5b62d"
  },
@ -101,7 +105,8 @@
    "attachments": []
  },
  "_class": "com.securityc4po.api.pentest.finding.FindingEntity"
-},{
+},
 {
  "_id": {
    "$oid": "64369ef828fc40394ae5b68a"
  },
@ -120,7 +125,8 @@
    "attachments": []
  },
  "_class": "com.securityc4po.api.pentest.finding.FindingEntity"
-},{
+},
 {
  "_id": {
    "$oid": "64369f0328fc40394ae5b68b"
  },
@ -139,7 +145,8 @@
    "attachments": []
  },
  "_class": "com.securityc4po.api.pentest.finding.FindingEntity"
-},{
+},
 {
  "_id": {
    "$oid": "64369f0c28fc40394ae5b68c"
  },
@ -158,7 +165,8 @@
    "attachments": []
  },
  "_class": "com.securityc4po.api.pentest.finding.FindingEntity"
-},{
+},
 {
  "_id": {
    "$oid": "64369f1828fc40394ae5b68d"
  },
@ -177,7 +185,8 @@
    "attachments": []
  },
  "_class": "com.securityc4po.api.pentest.finding.FindingEntity"
-},{
+},
 {
  "_id": {
    "$oid": "6440041a1f4ed15ba9666307"
  },
@ -198,7 +207,8 @@
    "attachments": []
  },
  "_class": "com.securityc4po.api.pentest.finding.FindingEntity"
-},{
+},
 {
  "_id": {
    "$oid": "64400afd1f4ed15ba966630c"
  },
@ -219,4 +229,203 @@
    "attachments": []
  },
  "_class": "com.securityc4po.api.pentest.finding.FindingEntity"
 },
 {
  "_id": {
    "$oid": "649c0b5e27c8aa2135b9dc64"
  },
  "lastModified": {
    "$date": "2023-06-28T12:25:27.488Z"
  },
  "data": {
    "_id": "810138c0-dee4-42b3-8580-1fd0a0d92fa6",
    "severity": "CRITICAL",
    "title": "Exfiltrated the entire DB schema definition via SQL Injection",
    "description": "An attacker would try to exploit SQL Injection to find out as much as possible about your database schema. \nThis subsequently allows much more targeted, stealthy and devastating SQL Injections.",
    "impact": "Database Server",
    "affectedUrls": [
      "https://juice-shop.herokuapp.com/#/search?q=",
      "https://juice-shop.herokuapp.com/rest/products/search?q="
    ],
    "reproduction": "Step 1:\nSearch for any product in the Juice Shop.\n\nStep 2:\nLook at the network traffic and copy the search request (https://juice-shop.herokuapp.com/rest/products/search?q=)\n\nStep 3:\nRun the request through sqlmap liek:\nsqlmap -u http://0.0.0.0:3000/rest/products/search\\?q\\= --dbs --level=3 --risk=3\n\nStep 4:\nRun the request through sqlmap with schema flag like:\nsqlmap -u http://0.0.0.0:3000/rest/products/search\\?q\\= --schema\n\nStep 5:\nEnterering the following string in the search field results in getting the the emails and password hashes of all users:\ntest ' )) UNION ALL SELECT NULL,email,password,NULL,NULL,NULL,NULL,NULL,NULL from users--",
    "mitigation": "Preventing SQL Injections can be easily accomplished by adding: - Prepared statements\n- Stored procedures\n- Whitelist Input Validation\n- Escaping all input, that could be user-supplied - Webapp Firewall",
    "attachments": []
  },
  "_class": "com.securityc4po.api.pentest.finding.FindingEntity"
 },
 {
  "_id": {
    "$oid": "649c2a6827c8aa2135b9dc65"
  },
  "lastModified": {
    "$date": "2023-06-28T12:41:12.670Z"
  },
  "data": {
    "_id": "14e52a97-b147-4cd4-a0d5-d349bd9ca201",
    "severity": "MEDIUM",
    "title": "Ephemeral Accountant",
    "description": "We logged into the application with an (non-existing) accountant acc0unt4nt@juice-sh.op  with accountant-level permissions without ever registering that user and we created the needed user “out of the air”.\n",
    "impact": "Webapplication and Database Server.",
    "affectedUrls": [
      "https://juice-shop.herokuapp.com/#/login"
    ],
    "reproduction": "\nStep X:\nEnter the following sql syntax in the login field email and enter any sting in the password field:\n' UNION SELECT * FROM (SELECT 15 as 'id', '' as 'username', \n'acc0unt4nt@juice-sh.op' as 'email', '12345' as 'password', \n'accounting' as 'role', '123' as 'deluxeToken', \n'1.2.3.4' as 'lastLoginIp' , \n'/assets/public/images/uploads/default.svg' as 'profileImage',\n'' as 'totpSecret', 1 as 'isActive',\n'1999-08-16 14:14:41.644 +00:00' as 'createdAt',\n'1999-08-16 14:33:41.930 +00:00' as 'updatedAt',\nnull as 'deletedAt')--",
    "mitigation": "",
    "attachments": []
  },
  "_class": "com.securityc4po.api.pentest.finding.FindingEntity"
 },
 {
  "_id": {
    "$oid": "649e935012d8f17aaf9add75"
  },
  "lastModified": {
    "$date": "2023-06-30T08:33:20.615Z"
  },
  "data": {
    "_id": "fa34ae0c-b230-4448-818b-e55e14d2ce38",
    "severity": "CRITICAL",
    "title": "NoSQL DoS Injection",
    "description": "A denial-of-service (DoS) attack occurs when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor. Services affected may include email, websites, online accounts (e.g., banking), or other services that rely on the affected computer or network. A denial-of-service condition is accomplished by flooding the targeted host or network with traffic until the target cannot respond or simply crashes, preventing access for legitimate users. DoS attacks can cost an organization both time and money while their resources and services are inaccessible.\n\nNoSQL databases provide looser consistency restrictions than traditional SQL databases.\nSo basically we will try to invoke sleep(milliseconds) MongoDB method.",
    "impact": "Database Server",
    "affectedUrls": [
      "https://juice-shop.herokuapp.com/rest/products/sleep(1000)/reviews"
    ],
    "reproduction": "Step 1:\nOpen any product on the Juice Shop Homepage.\n\nStep 2: \nTake the GET request and change the product id parameter with sleep(1000).\n\nStep 3:\nSee the Serverresponse be delayed by the sleep command because the server is \"napping\".",
    "mitigation": "NoSQL databases provide looser consistency restrictions than traditional SQL databases. By requiring fewer relational constraints and consistency checks, NoSQL databases often offer performance and scaling benefits. Yet these databases are still potentially vulnerable to injection attacks, even if they aren’t using the traditional SQL syntax. ",
    "attachments": []
  },
  "_class": "com.securityc4po.api.pentest.finding.FindingEntity"
 },
 {
  "_id": {
    "$oid": "649e992c12d8f17aaf9add76"
  },
  "lastModified": {
    "$date": "2023-06-30T09:56:21.791Z"
  },
  "data": {
    "_id": "4e28eb62-2a59-471d-b1f8-2b3de54f541b",
    "severity": "LOW",
    "title": "NoSQL Manipulation (Injection)",
    "description": "NoSQL Injection is different than classic SQL Injection, so I decided to broader my knowledge, reading A NoSQL Injection Primer (with Mongo) – Null Sweep article.\n\nThere is trick described, when author is bypassing logging page with simple $ne (not-equals) verb like:",
    "impact": "Mongo Database Server",
    "affectedUrls": [
      "https://juice-shop.herokuapp.com/rest/products/1/reviews"
    ],
    "reproduction": "Step 1:\nOpen any product in the Juice Shop homepage after loggin in and writ ea review.\n\nStep 2:\nLook at the PUT request and change the request body from:\n{\"message\":\"test\",\"author\":\"admin@juice-sh.op\"}\nto this:\n{\"id\": { \"$ne\": -1 }, \"message\":\"test\"}\n\nStep 3:\nSend the request with the $ne (not-equals) verb.",
    "mitigation": "",
    "attachments": []
  },
  "_class": "com.securityc4po.api.pentest.finding.FindingEntity"
 },
 {
  "_id": {
    "$oid": "64b7a1e9fa93474368137f97"
  },
  "lastModified": {
    "$date": "2023-07-19T08:47:09.390Z"
  },
  "data": {
    "_id": "6edcdc7b-196e-4c72-bc74-7a8ae2ab3818",
    "severity": "HIGH",
    "title": "Sensitive Data Exposure",
    "description": "Proper configuration of the single elements that make up an application architecture is important in order to prevent mistakes that might compromise the security of the whole architecture.\n\nThe web server or application server configuration takes an important role in protecting the contents of the site and it must be carefully reviewed in order to spot common configuration mistakes. \n\nAccessing the Logfiles of the server is a problem that was encounterd.",
    "impact": "Webserver",
    "affectedUrls": [
      "https://juice-shop.herokuapp.com/support/logs",
      "https://juice-shop.herokuapp.com/ftp/"
    ],
    "reproduction": "Step 1: \nSearch for different sub directories on the webserver with tools like DirBuster.\n\nStep 2: \nGo to the sub directory /support/logs\n\nStep 3: \nDownload the access.log.2023-07-19 file.",
    "mitigation": "Block access for users who are not authenticated and / or authorized to see the logs or other sub directories like the ftp content.",
    "attachments": []
  },
  "_class": "com.securityc4po.api.pentest.finding.FindingEntity"
 },
 {
  "_id": {
    "$oid": "64b7ac19fa93474368137f99"
  },
  "lastModified": {
    "$date": "2023-07-19T12:18:43.923Z"
  },
  "data": {
    "_id": "b2d779c5-150e-4dee-a40e-0f45b6027ea3",
    "severity": "CRITICAL",
    "title": "Weird Crypto",
    "description": "Initially confined to the realms of academia and the military, cryptography has become ubiquitous thanks to the Internet. Common every day uses of cryptography include mobile phones, passwords, SSL, smart cards, and DVDs.\n\nThe proper and accurate implementation of cryptography is extremely critical to its efficacy. A small mistake in configuration or coding will result in removing a large degree of the protection it affords and rending the crypto implementation useless against serious attacks.",
    "impact": "Tokens / Cookies",
    "affectedUrls": [],
    "reproduction": "Step 1:\nLogin to the application with any valid user.\n\nStep 2:\nLook at the network traffic and copy the token that is part of the cookie header.\n\nStep 3:\nDecode the Base64 Token on an application like Cyberchef and copy the included passsword hash.\n\nStep 4: \nAnalyse the hash to find aout the type through:\nhttps://www.tunnelsup.com/hash-analyzer/\n\nStep 5: \nUnsalted MD4 and MD5 hashes are barely speedbumps to cracking passwords at this point in time, and should never be used. \n\nStep 6:\nWith tools like Hashcat or John the Ripper we can now easily crack the password and get it in cleartext.",
    "mitigation": "Use more secure algorithms to encrypt sensible data.\nFor information like passwords it is recommended to use salting and strong and slow hashing algorithms like:\n- Argon2\n- Bcrypt",
    "attachments": []
  },
  "_class": "com.securityc4po.api.pentest.finding.FindingEntity"
 },
 {
  "_id": {
    "$oid": "64b7b2cafa93474368137f9b"
  },
  "lastModified": {
    "$date": "2023-07-19T10:02:24.352Z"
  },
  "data": {
    "_id": "3d0b7483-44e6-4f54-9481-a5295cc36e2d",
    "severity": "MEDIUM",
    "title": "Deprecated Interface",
    "description": "Vulnerabilities related to the upload of unexpected file types is\nunique in that the upload should quickly reject a file if it does not\nhave a specific extension. \n\nUsing a deprecated B2B interface on the complaint page that was not properly shut down.\n\nSecurity Misconfiguration is based on:\n- Missing configuration management \n- Processes behind installation and maintenance of the systems\n- Ignored code standards\n\nFlaws in security misconfiguration can lead to:\n- Unauthorized access to sensitive data or functions\n- Up to a complete system takeover\n",
    "impact": "Webserver, Backend",
    "affectedUrls": [
      "https://juice-shop.herokuapp.com/#/complain"
    ],
    "reproduction": "Step 1:\nLogin with any user.\n\nStep 2: \nGo to the complaints screen and write any message.\n\nStep 3:\nClick on file upload button to add an \"Invoice\".\nWhat is expected here is an pdf but when looking at the allowedMimeTypes whe can see that xml and zip files are supported as well.\n\nStep 4:\nPick any xml file that should to be uploaded.",
    "mitigation": "Configuration Management: \n- Hardening, \n- Remove old configurations\n \nNever configure wildcards in:\n- CORS allowed origin header\n- Redirect URI for OAuth/OIDC\n\nCheck your HTTP response headers using the  Security Headers Project",
    "attachments": []
  },
  "_class": "com.securityc4po.api.pentest.finding.FindingEntity"
 },
 {
  "_id": {
    "$oid": "64b7b72bfa93474368137f9d"
  },
  "lastModified": {
    "$date": "2023-07-19T10:12:59.252Z"
  },
  "data": {
    "_id": "97daef3d-46be-43de-9950-7451da2e99c9",
    "severity": "MEDIUM",
    "title": "Permitting default, weak, or well-known passwords",
    "description": "There may be authentication weaknesses because of:\n- Automated attacks such as credential stuffing, where the attacker has a list of valid usernames and passwords.\n- Brute force or other automated attacks.\n- Permitting default, weak, or well-known passwords, such as ”123456\".\n- Weak or ineffective credential recovery and forgot-password processes.\n- Using plain text, encrypted, or weakly hashed passwords data stores.\n- Missing or ineffective multi-factor authentication.\n- Exposing session identifier in the URL.\n- Reusing session identifier after successful login.\n",
    "impact": "Userdata",
    "affectedUrls": [
      "https://juice-shop.herokuapp.com/#/register"
    ],
    "reproduction": "Step 1: \nGo to the login page and then try to register a new user.\n\nStep 2:\nFill out the form and type in a basic password like \"lorem\".\n\nStep 3:\nClick on \"Register\"",
    "mitigation": "Change the Switch for \"Show password advice\" to enforce these policies on creation and just give them the users as an suggestions.\n\nMore generally you should:\n- Implement password validation and secure password guidelines\n- Implement countermeasures against brute-force attacks\n- Use best practices for session management\n- Check secure password policies from \"Hive Systems\"",
    "attachments": []
  },
  "_class": "com.securityc4po.api.pentest.finding.FindingEntity"
 },
 {
  "_id": {
    "$oid": "64b7d031fa93474368137f9f"
  },
  "lastModified": {
    "$date": "2023-07-19T12:05:11.318Z"
  },
  "data": {
    "_id": "16bf3a81-982a-445d-8a84-d0b151bd1f71",
    "severity": "HIGH",
    "title": "Resetting Jim's Password",
    "description": "The password change and reset function of an application is a\nself-service password change or reset mechanism for users. This\nself-service mechanism allows users to quickly change or reset\ntheir password without an administrator intervening. \nWhen passwords are changed they are typically changed within the application. \nWhen passwords are reset they are either rendered within the application or emailed to the user. This may indicate that the passwords are stored in plain text or in a decryptable format.\n\nWhen looking at the security question when creating an account we can see the options a user has. \nThis information can be used to attack the web application, for example, through a brute force when resetting a password.",
    "impact": "Useraccount: jim@juice-sh.op",
    "affectedUrls": [
      "https://juice-shop.herokuapp.com/#/forgot-password",
      "https://juice-shop.herokuapp.com/rest/user/reset-password"
    ],
    "reproduction": "Step 1:\nWe can get to the email for jim when looking at the reviews for the \"Green Smoothie\" in the Juice Shop homepage.\n\nStep 2:\nGo to the login page and click on \"Forgot your password?\"\n\nStep 3:\nEnter jims email (jim@juice-sh.op) and click inside the \"Security Question\" Field.\nWe can now see that he question jim choose was \"Your eldest siblings middle name?\"\n\nStep 4:\nSince names are a simple property to find out if the user answered the question honestly.\nWe can use a list of the most popular names for males and females and brute-force the forgot password process with tools like BurpSuite or OWASP ZAP.",
    "mitigation": "To stop an attacker from brute-forcing anything you should\n- Limit Specific Request Attempts\n- Monitor IP addresses\n- Use Two-Factor Authentication (2FA)\n- Use CAPTCHAs\n- Use Web Application Firewalls (WAFs)",
    "attachments": []
  },
  "_class": "com.securityc4po.api.pentest.finding.FindingEntity"
 }]
--- a/security-c4po-api/src/test/resources/collections/pentests.json
+++ b/security-c4po-api/src/test/resources/collections/pentests.json
--- a/security-c4po-api/src/test/resources/collections/projects.json
+++ b/security-c4po-api/src/test/resources/collections/projects.json
@ -3,7 +3,7 @@
    "$oid": "64368903e15faf56402f785b"
  },
  "lastModified": {
-    "$date": "2023-05-09T10:43:56.770Z"
+    "$date": "2023-07-19T12:08:27.320Z"
  },
  "data": {
    "_id": "cb4dc4c2-180f-4b82-88bd-9e19629dfb7b",
@ -53,7 +53,7 @@
      },
      {
        "pentestId": "fe3a2361-a23c-4a5d-8702-7b4178be3b8e",
-        "status": "PAUSED"
+        "status": "COMPLETED"
      },
      {
        "pentestId": "64b6f349-579a-4a05-b813-b049c7dc9094",
@ -61,7 +61,7 @@
      },
      {
        "pentestId": "917a5808-25b3-46fd-8c6b-68f1190479bd",
-        "status": "PAUSED"
+        "status": "COMPLETED"
      },
      {
        "pentestId": "1c8e6b39-4916-4d28-8db5-78d6d044ad2f",
@ -70,12 +70,37 @@
      {
        "pentestId": "67a70db2-1537-4a44-98a6-4ae031015962",
        "status": "PAUSED"
      },
      {
        "pentestId": "f281f5ad-77bb-4405-bc3e-8080a0efc47f",
        "status": "COMPLETED"
      },
      {
        "pentestId": "1e8389c5-fe91-4e89-9b6a-27a9ab961781",
        "status": "NOT_STARTED"
      },
      {
        "pentestId": "36f8db13-ad88-41c4-8fb9-be98eeb4a178",
        "status": "COMPLETED"
      },
      {
        "pentestId": "afa62754-0ea9-4e36-8eb9-becc59f6b12d",
        "status": "DISABLED"
      },
      {
        "pentestId": "227eccfd-ab74-458a-9c5d-7cb743dea413",
        "status": "COMPLETED"
      },
      {
        "pentestId": "7159b8d4-1f47-43c1-be48-4684690fa341",
        "status": "COMPLETED"
      }
    ],
    "createdBy": "16a52c3d-998b-4f2d-badb-1f369d95a690"
  },
  "_class": "com.securityc4po.api.project.ProjectEntity"
-},{
+},
 {
  "_id": {
    "$oid": "64369b3f28fc40394ae5b62e"
  },
@ -94,7 +119,8 @@
    "createdBy": "16a52c3d-998b-4f2d-badb-1f369d95a690"
  },
  "_class": "com.securityc4po.api.project.ProjectEntity"
-},{
+},
 {
  "_id": {
    "$oid": "64369b7a28fc40394ae5b62f"
  },
--- a/security-c4po-cfg/docker-compose.yml
+++ b/security-c4po-cfg/docker-compose.yml
@ -8,6 +8,8 @@ services:
  c4po-db:
    image: mongo:5.0.0-focal
    container_name: c4po-db
    labels:
      name: "c4po-db"
    environment:
      - MONGO_INITDB_ROOT_USERNAME=admin
      - MONGO_INITDB_ROOT_PASSWORD=Test1234!
@ -25,6 +27,8 @@ services:
  # Authentication Provider
  c4po-keycloak:
    container_name: c4po-keycloak
    labels:
      name: "c4po-keycloak"
    image: quay.io/keycloak/keycloak:20.0.0
    environment:
      - KEYCLOAK_ADMIN=admin
@ -41,6 +45,8 @@ services:
    build: '../security-c4po-angular'
    image: security-c4po-angular:latest
    container_name: c4po-angular
    labels:
      name: "c4po-angular"
    depends_on:
      - c4po-keycloak
    deploy:
@ -55,6 +61,8 @@ services:
    build: '../security-c4po-api'
    image: security-c4po-api:latest
    container_name: c4po-api
    labels:
      name: "c4po-api"
    environment:
      - SPRING_PROFILES_ACTIVE=COMPOSE
    depends_on:
@ -72,6 +80,8 @@ services:
    build: '../security-c4po-reporting'
    image: security-c4po-reporting:latest
    container_name: c4po-reporting
    labels:
      name: "c4po-reporting"
    environment:
      - SPRING_PROFILES_ACTIVE=COMPOSE
    depends_on:
--- a/security-c4po-reporting/Dockerfile
+++ b/security-c4po-reporting/Dockerfile
@ -1,5 +1,10 @@
 FROM openjdk:11-jre
-ENV TZ=Europe/Berlin
+ENV TZ=UTC
 #ARG JAR_FILE_REPORTING
 #COPY ${JAR_FILE_REPORTING} app.jar
 RUN groupadd -g 9999 security-c4po-reporting && \
    useradd -r -u 9999 -g security-c4po-reporting security-c4po-reporting
 RUN mkdir /data
@ -19,3 +24,4 @@ EXPOSE 8444
 COPY ./wait-for-keycloak.sh /
 # CMD [ "java", "-jar", "security-c4po-reporting-0.0.1-SNAPSHOT.jar" ]
 ENTRYPOINT [ "./wait-for-keycloak.sh", "http://c4po-keycloak:8080/auth/realms/c4po_realm_local", "java", "-Dspring.profiles.active=${SPRING_PROFILES_ACTIVE}", "-jar", "security-c4po-reporting-0.0.1-SNAPSHOT.jar" ]
 #ENTRYPOINT [ "./wait-for-keycloak.sh", "http://c4po-keycloak:8080/auth/realms/c4po_realm_local", "java", "-Dspring.profiles.active=${SPRING_PROFILES_ACTIVE}", "-jar", "app.jar" ]
--- a/security-c4po-reporting/README.md
+++ b/security-c4po-reporting/README.md
@ -0,0 +1,10 @@
 # Security C4PO Reporting
 This Spring Boot application serves as the backend for Security C4PO, allowing users to efficiently generate reports for their penetration testing activities.
 ## Contributing
 Pull requests are welcome. For major changes, please open an issue first
 to discuss what you would like to change.
 Please make sure to read our [contributing guideline](https://github.com/marcel-haag/security-c4po/blob/main/CONTRIBUTING.md).
--- a/security-c4po-reporting/src/main/kotlin/com/securityc4po/reporting/remote/APIService.kt
+++ b/security-c4po-reporting/src/main/kotlin/com/securityc4po/reporting/remote/APIService.kt
@ -12,6 +12,20 @@ class APIService(private val apiClient: APIClient) {
    var logger = getLoggerFor<APIService>()
    val sortPentestCategoryOrder = listOf(
        "INFORMATION_GATHERING",
        "CONFIGURATION_AND_DEPLOY_MANAGEMENT_TESTING",
        "IDENTITY_MANAGEMENT_TESTING",
        "AUTHENTICATION_TESTING",
        "AUTHORIZATION_TESTING",
        "SESSION_MANAGEMENT_TESTING",
        "INPUT_VALIDATION_TESTING",
        "ERROR_HANDLING",
        "CRYPTOGRAPHY",
        "BUSINESS_LOGIC_TESTING",
        "CLIENT_SIDE_TESTING"
    )
    /**
     *  Requests the complete project report data by project id
     *
@ -33,6 +47,10 @@ class APIService(private val apiClient: APIClient) {
                }.sequential().collectList()
            }?.map {
                completedProjectReport.projectPentestReport.addAll(it)
                completedProjectReport.projectPentestReport = completedProjectReport.projectPentestReport
                    .sortedWith(compareBy { it.refNumber })
                    .sortedBy { sortPentestCategoryOrder.indexOf(it.category) }
                    .toMutableList()
                completedProjectReport
            } ?: Mono.just(completedProjectReport)
        }
--- a/security-c4po-reporting/src/main/kotlin/com/securityc4po/reporting/remote/model/api/PentestCategory.kt
+++ b/security-c4po-reporting/src/main/kotlin/com/securityc4po/reporting/remote/model/api/PentestCategory.kt
@ -0,0 +1,15 @@
 package com.securityc4po.reporting.remote.model.api
 enum class PentestCategory {
    INFORMATION_GATHERING,
    CONFIGURATION_AND_DEPLOY_MANAGEMENT_TESTING,
    IDENTITY_MANAGEMENT_TESTING,
    AUTHENTICATION_TESTING,
    AUTHORIZATION_TESTING,
    SESSION_MANAGEMENT_TESTING,
    INPUT_VALIDATION_TESTING,
    ERROR_HANDLING,
    CRYPTOGRAPHY,
    BUSINESS_LOGIC_TESTING,
    CLIENT_SIDE_TESTING
 }
--- a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_content.jrxml
+++ b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_content.jrxml
@ -79,9 +79,9 @@
        </band>
    </title>
    <detail>
-        <band height="464" splitType="Stretch">
+        <band height="330" splitType="Stretch">
            <componentElement>
-                <reportElement x="0" y="0" width="560" height="464" forecolor="#FFFFFF" uuid="925ff93f-70df-4093-a209-f9faaecb205c">
+                <reportElement x="0" y="180" width="560" height="30" forecolor="#FFFFFF" uuid="925ff93f-70df-4093-a209-f9faaecb205c">
                    <property name="com.jaspersoft.studio.layout" value="com.jaspersoft.studio.editor.layout.VerticalRowLayout"/>
                    <property name="com.jaspersoft.studio.table.style.table_header" value="Table_TH"/>
                    <property name="com.jaspersoft.studio.table.style.column_header" value="Table_CH"/>
@ -94,100 +94,6 @@
                    </datasetRun>
                    <jr:column width="400" uuid="e1ddda3b-a51b-4ebc-ab41-72ba37cb90fc">
                        <property name="com.jaspersoft.studio.components.table.model.column.name" value="Column1"/>
                        <jr:tableHeader style="Table_TH" height="30" rowSpan="1">
                            <textField>
                                <reportElement x="0" y="0" width="400" height="30" uuid="61fc1eab-0534-4abc-a3d8-4fe3a65f082e"/>
                                <textElement verticalAlignment="Middle">
                                    <font size="12" isBold="true"/>
                                </textElement>
                                <textFieldExpression><![CDATA[$R{title.confidentiality}]]></textFieldExpression>
                            </textField>
                        </jr:tableHeader>
                        <jr:tableFooter style="Table_TH" height="100" rowSpan="1">
                            <textField>
                                <reportElement x="0" y="0" width="400" height="25" uuid="8286e514-717b-453c-a3fd-407085cfc06b"/>
                                <textElement verticalAlignment="Middle">
                                    <font size="12" isBold="true"/>
                                </textElement>
                                <textFieldExpression><![CDATA[$R{title.appendencies}]]></textFieldExpression>
                            </textField>
                            <textField>
                                <reportElement x="0" y="25" width="400" height="25" forecolor="#232B44" uuid="ff1277d5-4d92-45d4-8bb0-33e276535ccb">
                                    <property name="com.jaspersoft.studio.unit.leftIndent" value="px"/>
                                </reportElement>
                                <textElement verticalAlignment="Middle">
                                    <font size="12" isBold="true"/>
                                    <paragraph leftIndent="10"/>
                                </textElement>
                                <textFieldExpression><![CDATA[$R{title.findings_severities}]]></textFieldExpression>
                            </textField>
                            <textField>
                                <reportElement x="0" y="50" width="400" height="25" forecolor="#232B44" uuid="f7916dac-ce4d-4465-a966-725da9aec246">
                                    <property name="com.jaspersoft.studio.unit.leftIndent" value="px"/>
                                </reportElement>
                                <textElement verticalAlignment="Middle">
                                    <font size="12" isBold="true"/>
                                    <paragraph leftIndent="10"/>
                                </textElement>
                                <textFieldExpression><![CDATA[$R{title.risk_matrix}]]></textFieldExpression>
                            </textField>
                            <textField>
                                <reportElement x="0" y="75" width="400" height="25" forecolor="#232B44" uuid="3ecdc1c6-144c-4216-8073-0cd10c433b05">
                                    <property name="com.jaspersoft.studio.unit.leftIndent" value="px"/>
                                </reportElement>
                                <textElement verticalAlignment="Middle">
                                    <font size="12" isBold="true"/>
                                    <paragraph leftIndent="10"/>
                                </textElement>
                                <textFieldExpression><![CDATA[$R{title.severity_definitions}]]></textFieldExpression>
                            </textField>
                        </jr:tableFooter>
                        <jr:columnHeader style="Table_CH" height="170" rowSpan="1">
                            <textField>
                                <reportElement x="0" y="0" width="400" height="34" uuid="0dcf4738-ac1b-4a51-939c-8b8048166783"/>
                                <textElement verticalAlignment="Middle">
                                    <font size="12" isBold="true"/>
                                </textElement>
                                <textFieldExpression><![CDATA[$R{title.summary}]]></textFieldExpression>
                            </textField>
                            <textField>
                                <reportElement x="0" y="34" width="400" height="34" forecolor="#232B44" uuid="5445fcf0-817f-4008-bc39-fa61b6171fe7">
                                    <property name="com.jaspersoft.studio.unit.leftIndent" value="px"/>
                                </reportElement>
                                <textElement verticalAlignment="Middle">
                                    <font size="12" isBold="true"/>
                                    <paragraph leftIndent="10"/>
                                </textElement>
                                <textFieldExpression><![CDATA[$R{title.assessment_overview_and_recommendations}]]></textFieldExpression>
                            </textField>
                            <textField>
                                <reportElement x="0" y="68" width="400" height="34" forecolor="#232B44" uuid="bdb51757-ecb6-41cc-9ee9-58072b3e5307">
                                    <property name="com.jaspersoft.studio.unit.leftIndent" value="px"/>
                                </reportElement>
                                <textElement verticalAlignment="Middle">
                                    <font size="12" isBold="true"/>
                                    <paragraph leftIndent="10"/>
                                </textElement>
                                <textFieldExpression><![CDATA[$R{title.number_of_findings_per_category}]]></textFieldExpression>
                            </textField>
                            <textField>
                                <reportElement x="0" y="102" width="400" height="34" forecolor="#232B44" uuid="68058a42-5ac0-4a11-b9a3-9159d2fae966">
                                    <property name="com.jaspersoft.studio.unit.leftIndent" value="px"/>
                                </reportElement>
                                <textElement verticalAlignment="Middle">
                                    <font size="12" isBold="true"/>
                                    <paragraph leftIndent="10"/>
                                </textElement>
                                <textFieldExpression><![CDATA[$R{title.severity_overview_of_findings}]]></textFieldExpression>
                            </textField>
                            <textField>
                                <reportElement x="0" y="136" width="400" height="34" uuid="6bc57000-98b4-4c44-90a7-23be43cc5bf0"/>
                                <textElement verticalAlignment="Middle">
                                    <font size="12" isBold="true"/>
                                </textElement>
                                <textFieldExpression><![CDATA[$R{title.reports}]]></textFieldExpression>
                            </textField>
                        </jr:columnHeader>
                        <jr:detailCell style="Table_TD" height="30">
                            <textField>
                                <reportElement x="0" y="0" width="400" height="30" forecolor="#232B44" uuid="1930eea5-6835-498a-bcdd-d4fe0423a18a">
@ -203,9 +109,6 @@
                    </jr:column>
                    <jr:column width="160" uuid="76741c88-65a6-4032-8d17-c6ba755c1a64">
                        <property name="com.jaspersoft.studio.components.table.model.column.name" value="Column2"/>
                        <jr:tableHeader style="Table_TH" height="30" rowSpan="1"/>
                        <jr:tableFooter style="Table_TH" height="100" rowSpan="1"/>
                        <jr:columnHeader style="Table_CH" height="170" rowSpan="1"/>
                        <jr:detailCell style="Table_TD" height="30">
                            <textField>
                                <reportElement x="0" y="0" width="160" height="30" forecolor="#232B44" uuid="4c14b6ea-020c-4527-b853-543ac119003b"/>
@ -218,11 +121,96 @@
                    </jr:column>
                </jr:table>
            </componentElement>
            <textField>
                <reportElement x="0" y="0" width="560" height="30" uuid="ed60a487-2f72-42b5-a50f-65b5e5fa896b"/>
                <textElement verticalAlignment="Middle">
                    <font size="12" isBold="true"/>
                </textElement>
                <textFieldExpression><![CDATA[$R{title.confidentiality}]]></textFieldExpression>
            </textField>
            <textField>
                <reportElement x="0" y="30" width="560" height="30" uuid="fe095b7d-a37e-4586-b5ed-f4e1b10f8e26"/>
                <textElement verticalAlignment="Middle">
                    <font size="12" isBold="true"/>
                </textElement>
                <textFieldExpression><![CDATA[$R{title.summary}]]></textFieldExpression>
            </textField>
            <textField>
                <reportElement x="0" y="60" width="560" height="30" forecolor="#232B44" uuid="9468325b-2a95-41a7-b8f7-8d77177d537b">
                    <property name="com.jaspersoft.studio.unit.leftIndent" value="px"/>
                </reportElement>
                <textElement verticalAlignment="Middle">
                    <font size="12" isBold="true"/>
                    <paragraph leftIndent="10"/>
                </textElement>
                <textFieldExpression><![CDATA[$R{title.assessment_overview_and_recommendations}]]></textFieldExpression>
            </textField>
            <textField>
                <reportElement x="0" y="90" width="560" height="30" forecolor="#232B44" uuid="7237cbd3-e5bb-47bc-8e1b-6f7d2dec31aa">
                    <property name="com.jaspersoft.studio.unit.leftIndent" value="px"/>
                </reportElement>
                <textElement verticalAlignment="Middle">
                    <font size="12" isBold="true"/>
                    <paragraph leftIndent="10"/>
                </textElement>
                <textFieldExpression><![CDATA[$R{title.number_of_findings_per_category}]]></textFieldExpression>
            </textField>
            <textField>
                <reportElement x="0" y="120" width="560" height="30" forecolor="#232B44" uuid="0bc2efa0-4c47-47f2-9f90-f88ed5e0a153">
                    <property name="com.jaspersoft.studio.unit.leftIndent" value="px"/>
                </reportElement>
                <textElement verticalAlignment="Middle">
                    <font size="12" isBold="true"/>
                    <paragraph leftIndent="10"/>
                </textElement>
                <textFieldExpression><![CDATA[$R{title.severity_overview_of_findings}]]></textFieldExpression>
            </textField>
            <textField>
                <reportElement positionType="Float" x="0" y="210" width="560" height="30" uuid="77ac4a8d-e2c9-4e45-81dd-7cc6d45a59d5"/>
                <textElement verticalAlignment="Middle">
                    <font size="12" isBold="true"/>
                </textElement>
                <textFieldExpression><![CDATA[$R{title.appendencies}]]></textFieldExpression>
            </textField>
            <textField>
                <reportElement positionType="Float" x="0" y="240" width="560" height="30" forecolor="#232B44" uuid="b7002156-506e-4540-8f0b-73fa5f990e9b">
                    <property name="com.jaspersoft.studio.unit.leftIndent" value="px"/>
                </reportElement>
                <textElement verticalAlignment="Middle">
                    <font size="12" isBold="true"/>
                    <paragraph leftIndent="10"/>
                </textElement>
                <textFieldExpression><![CDATA[$R{title.findings_severities}]]></textFieldExpression>
            </textField>
            <textField>
                <reportElement positionType="Float" x="0" y="270" width="560" height="30" forecolor="#232B44" uuid="e4a8b338-704c-4fa1-9a5b-898ce69fcdc4">
                    <property name="com.jaspersoft.studio.unit.leftIndent" value="px"/>
                </reportElement>
                <textElement verticalAlignment="Middle">
                    <font size="12" isBold="true"/>
                    <paragraph leftIndent="10"/>
                </textElement>
                <textFieldExpression><![CDATA[$R{title.risk_matrix}]]></textFieldExpression>
            </textField>
            <textField>
                <reportElement positionType="Float" x="0" y="300" width="560" height="30" forecolor="#232B44" uuid="2d8e914d-8729-4c05-8b37-7540e158d3df">
                    <property name="com.jaspersoft.studio.unit.leftIndent" value="px"/>
                </reportElement>
                <textElement verticalAlignment="Middle">
                    <font size="12" isBold="true"/>
                    <paragraph leftIndent="10"/>
                </textElement>
                <textFieldExpression><![CDATA[$R{title.severity_definitions}]]></textFieldExpression>
            </textField>
            <textField>
                <reportElement positionType="Float" x="0" y="150" width="560" height="30" uuid="e48de3ca-7b91-4ead-888f-40bbb0628d6b"/>
                <textElement verticalAlignment="Middle">
                    <font size="12" isBold="true"/>
                </textElement>
                <textFieldExpression><![CDATA[$R{title.reports}]]></textFieldExpression>
            </textField>
        </band>
    </detail>
    <columnFooter>
        <band height="50" splitType="Stretch"/>
    </columnFooter>
    <pageFooter>
        <band height="54" splitType="Stretch"/>
    </pageFooter>
--- a/security-c4po-reporting/src/main/resources/jasper/reports/test.jrxml
+++ b/security-c4po-reporting/src/main/resources/jasper/reports/test.jrxml
@ -1,188 +0,0 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- Created with Jaspersoft Studio version 6.20.0.final using JasperReports Library version 6.20.0-2bc7ab61c56f459e8176eb05c7705e145cd400ad  -->
 <jasperReport xmlns="http://jasperreports.sourceforge.net/jasperreports" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://jasperreports.sourceforge.net/jasperreports http://jasperreports.sourceforge.net/xsd/jasperreport.xsd" name="C4PO_Coverpage" pageWidth="595" pageHeight="842" columnWidth="555" leftMargin="20" rightMargin="20" topMargin="20" bottomMargin="20" uuid="1e81cc75-35cb-406c-934f-0bc56dfd965d">
    <property name="com.jaspersoft.studio.data.defaultdataadapter" value="ProjectReportJasperData Template JSON Adapter"/>
    <!-- Ignores Issue about not finding a specific font -->
    <property name="net.sf.jasperreports.awt.ignore.missing.font" value="true"/>
    <parameter name="CDATA_WATERMARK" class="java.lang.String"/>
    <parameter name="CDATA_C4POCoverBackground" class="java.lang.String"/>
    <queryString language="JSON">
        <![CDATA[projectReportData]]>
    </queryString>
    <field name="id" class="java.lang.String">
        <property name="net.sf.jasperreports.json.field.expression" value="id"/>
        <fieldDescription><![CDATA[id]]></fieldDescription>
    </field>
    <field name="client" class="java.lang.String">
        <property name="net.sf.jasperreports.json.field.expression" value="client"/>
        <fieldDescription><![CDATA[client]]></fieldDescription>
    </field>
    <field name="title" class="java.lang.String">
        <property name="net.sf.jasperreports.json.field.expression" value="title"/>
        <fieldDescription><![CDATA[title]]></fieldDescription>
    </field>
    <field name="createdAt" class="java.util.Date">
        <property name="net.sf.jasperreports.json.field.expression" value="createdAt"/>
        <fieldDescription><![CDATA[createdAt]]></fieldDescription>
    </field>
    <field name="tester" class="java.lang.String">
        <property name="net.sf.jasperreports.json.field.expression" value="tester"/>
        <fieldDescription><![CDATA[tester]]></fieldDescription>
    </field>
    <field name="summary" class="java.lang.String">
        <property name="net.sf.jasperreports.json.field.expression" value="summary"/>
        <fieldDescription><![CDATA[summary]]></fieldDescription>
    </field>
    <field name="projectPentestReport" class="java.lang.String">
        <property name="net.sf.jasperreports.json.field.expression" value="projectPentestReport"/>
        <fieldDescription><![CDATA[projectPentestReport]]></fieldDescription>
    </field>
    <field name="createdBy" class="java.lang.String">
        <property name="net.sf.jasperreports.json.field.expression" value="createdBy"/>
        <fieldDescription><![CDATA[createdBy]]></fieldDescription>
    </field>
    <field name="version" class="java.lang.String"/>
    <background>
        <band splitType="Stretch"/>
    </background>
    <title>
        <band height="390" splitType="Stretch">
            <image>
                <reportElement x="-20" y="-20" width="595" height="409" uuid="7b8866c7-8b72-43a8-9428-2404a75e803e"/>
                <imageExpression><![CDATA[$P{CDATA_C4POCoverBackground}]]></imageExpression>
            </image>
            <rectangle>
                <reportElement x="-20" y="-20" width="595" height="280" forecolor="#151B2E" backcolor="rgba(35, 43, 68, 0.5882353)" uuid="7412dfc2-c785-4584-b8e9-120df2ef41f2"/>
                <graphicElement>
                    <pen lineWidth="0.0"/>
                </graphicElement>
            </rectangle>
            <rectangle>
                <reportElement x="-20" y="241" width="595" height="120" forecolor="#232B44" backcolor="#232B44" uuid="c3646ed4-24af-4969-990a-322ff29697a9"/>
            </rectangle>
            <textField textAdjust="StretchHeight">
                <reportElement x="6" y="280" width="543" height="51" forecolor="#FFFFFF" uuid="563ae593-7ae8-47fc-8728-01da0a717aad"/>
                <textElement textAlignment="Center" verticalAlignment="Middle">
                    <font fontName="SansSerif" size="26" isBold="true"/>
                </textElement>
                <textFieldExpression><![CDATA[$F{client}]]></textFieldExpression>
            </textField>
            <textField>
                <reportElement mode="Transparent" x="5" y="0" width="544" height="219" forecolor="#FEFEFF" backcolor="#232B44" uuid="173fc927-62f1-4242-9c7e-638a21a9672f">
                    <property name="net.sf.jasperreports.export.accessibility.tag" value="h1"/>
                    <property name="net.sf.jasperreports.export.pdf.tag.table" value="full"/>
                </reportElement>
                <textElement textAlignment="Center" verticalAlignment="Middle" markup="none">
                    <font fontName="SansSerif" size="36" isBold="true"/>
                </textElement>
                <textFieldExpression><![CDATA[$F{title}]]></textFieldExpression>
            </textField>
            <rectangle>
                <reportElement x="-2" y="220" width="577" height="40" forecolor="#232B44" backcolor="#151B2E" uuid="2d5d891c-1d0f-4d81-beab-6d6937f08b5b"/>
                <graphicElement>
                    <pen lineWidth="0.0"/>
                </graphicElement>
            </rectangle>
            <ellipse>
                <reportElement x="-20" y="220" width="38" height="40" backcolor="#151B2E" uuid="fefe65c4-59db-4810-9539-1865db235814"/>
                <graphicElement>
                    <pen lineWidth="0.0"/>
                </graphicElement>
            </ellipse>
            <image>
                <reportElement x="-14" y="224" width="31" height="37" uuid="ae84d484-ee44-436a-a0cd-e94a265ed665"/>
                <imageExpression><![CDATA[$P{CDATA_WATERMARK}]]></imageExpression>
            </image>
            <staticText>
                <reportElement mode="Transparent" x="22" y="226" width="82" height="20" forecolor="#FEFEFF" backcolor="#151B2E" uuid="b40755db-f42b-47cf-9e73-57cd092f7bde"/>
                <textElement>
                    <font fontName="SansSerif&#xA;&#xA;" size="12" isBold="true" isItalic="false"/>
                </textElement>
                <text><![CDATA[C4PO]]></text>
            </staticText>
            <staticText>
                <reportElement mode="Transparent" x="23" y="242" width="82" height="20" forecolor="#FEFEFF" backcolor="#151B2E" uuid="1e37e3b3-b3d2-4621-9928-08497bd4f667"/>
                <textElement>
                    <font fontName="SansSerif&#xA;&#xA;" size="10" isItalic="true"/>
                </textElement>
                <text><![CDATA[v.0.0.1]]></text>
            </staticText>
            <rectangle>
                <reportElement x="-20" y="350" width="595" height="30" uuid="e6a81d95-840a-42a8-860d-cb1957d1775c"/>
                <graphicElement>
                    <pen lineWidth="0.0"/>
                </graphicElement>
            </rectangle>
        </band>
    </title>
    <columnHeader>
        <band height="190" splitType="Stretch">
            <textField>
                <reportElement x="107" y="20" width="340" height="40" forecolor="#232B44" uuid="0c2fdc55-5038-49f5-a972-3575837bb8a6"/>
                <textElement textAlignment="Center" verticalAlignment="Middle">
                    <font size="26" isBold="true"/>
                </textElement>
                <textFieldExpression><![CDATA[$R{title.cover_one}]]></textFieldExpression>
            </textField>
            <textField>
                <reportElement x="107" y="61" width="340" height="40" forecolor="#232B44" uuid="edce29e2-8963-43bd-8361-69e579e4a1e1"/>
                <textElement textAlignment="Center" verticalAlignment="Middle">
                    <font size="26" isBold="true"/>
                </textElement>
                <textFieldExpression><![CDATA[$R{title.cover_two}]]></textFieldExpression>
            </textField>
        </band>
    </columnHeader>
    <detail>
        <band height="91" splitType="Stretch">
            <textField>
                <reportElement x="0" y="10" width="551" height="30" uuid="54c4a617-82ea-4ec4-aa3c-d52e8fd22406"/>
                <textElement textAlignment="Right">
                    <font fontName="SansSerif" size="20" isBold="true"/>
                </textElement>
                <textFieldExpression><![CDATA[$F{tester}]]></textFieldExpression>
            </textField>
            <textField>
                <reportElement x="80" y="50" width="471" height="30" uuid="f13c2ce6-8960-4ac8-ba3a-f79823f07025"/>
                <textElement textAlignment="Right">
                    <font fontName="SansSerif" size="12" isBold="true" isItalic="true"/>
                </textElement>
                <textFieldExpression><![CDATA[(new SimpleDateFormat("dd/MM/yyyy").format($F{createdAt}))]]></textFieldExpression>
            </textField>
        </band>
    </detail>
    <columnFooter>
        <band height="76" splitType="Stretch">
            <rectangle>
                <reportElement x="-20" y="30" width="595" height="30" forecolor="#232B44" backcolor="#232B44" uuid="1ed47e2d-9d46-44b9-bad7-8eeb1143c83c"/>
                <graphicElement>
                    <pen lineWidth="1.0"/>
                </graphicElement>
            </rectangle>
            <rectangle>
                <reportElement x="-20" y="20" width="595" height="10" forecolor="#151B2E" backcolor="#151B2E" uuid="b9a5cd43-3460-4177-97f5-a46eac874e7d"/>
            </rectangle>
            <textField>
                <reportElement x="380" y="35" width="174" height="20" forecolor="#FFFFFF" uuid="0aa9c401-c73c-4a7e-b5a2-b650d333093f"/>
                <textElement textAlignment="Right" verticalAlignment="Middle">
                    <font size="12" isItalic="true"/>
                </textElement>
                <textFieldExpression><![CDATA["Version " + $F{version}]]></textFieldExpression>
            </textField>
        </band>
    </columnFooter>
    <pageFooter>
        <band height="10" splitType="Stretch">
            <rectangle>
                <reportElement x="-20" y="-10" width="595" height="20" forecolor="#151B2E" backcolor="#151B2E" uuid="724a02c5-82c8-4a72-bf81-b77baa72c723"/>
            </rectangle>
            <textField>
                <reportElement x="-14" y="-7" width="584" height="15" forecolor="#FFFFFF" uuid="32716a0d-4cec-4dc4-b766-f545dea11169"/>
                <textElement textAlignment="Center" verticalAlignment="Middle">
                    <font size="8" isBold="true"/>
                </textElement>
                <textFieldExpression><![CDATA[$R{hint}]]></textFieldExpression>
            </textField>
        </band>
    </pageFooter>
 </jasperReport>
--- a/wiki/juice-shop-penetration-testing-report-c4po.pdf
+++ b/wiki/juice-shop-penetration-testing-report-c4po.pdf