Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor of top level tests #484

Merged
merged 17 commits into from
Sep 30, 2024
Merged

Refactor of top level tests #484

merged 17 commits into from
Sep 30, 2024

Conversation

whytheplatypus
Copy link
Collaborator

@whytheplatypus whytheplatypus commented Sep 12, 2024
edited
Loading

Example of running a local cross cloud test:

podman-compose -f docker-compose.yml -f docker-compose.azurite.yml -f docker-compose.minio.yml -f docker-compose.testing.yml up -d

Note

A directory called test-bucket must be in the _data directory for the local volume for minio, where this is will differ between systems.

whytheplatypus
whytheplatypus commented Sep 13, 2024
View reviewed changes
upload-server/cmd/main_test.go Outdated
os.Setenv("AWS_SECRET_ACCESS_KEY", "minioadmin")

os.Setenv("EDAV_STORAGE_ACCOUNT", "devstoreaccount1")
os.Setenv("EDAV_STORAGE_KEY", "Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==")
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is the example key from azurite, public here

@fortify-pr-scan fortify-pr-scan
Copy link

Fortify Scan Results

🔴 Status: ❌ Failed (Critical Issues)

Summary

  • 🚨 Critical Issues: 3
  • 🛑 High Issues: 1
  • ⚠️ Medium Issues: 0
  • 🔍 Low Issues: 1

🛠 Action Required

Please address the identified vulnerabilities before merging this pull request.

Expand the "Detailed Results" section below for more information.

Detailed Results

📂 Scanned Path(s)

upload-server

📊 Detailed Scan Results


sourceanalyzer is installed.
FPRUtility is installed.
fortifyclient is installed.
Using Fortify Source Analyzer to scan the code from upload-server. Results will be upload-server.fpr.
Printing the results using Fortify FPRUtility, FPRUtility summarizes and translate results.
Summary of all issues:

Issue counts by category:

 "Cross-Site Request Forgery" => 1 Issues
     internal/ui/index.html:17 (content)
 "Dockerfile Misconfiguration: Default User Privilege" => 1 Issues
     Dockerfile:1 (configuration)
 "Insecure Transport" => 2 Issues
     cmd/main.go:111 (semantic)
     internal/ui/ui.go:261 (semantic)
 "Open Redirect" => 1 Issues
     internal/ui/ui.go:179 (dataflow)

Total for all categories => 5 Issues

****************************************************
Number of critical issues:
3 issues of 3 matched search query.

Issue counts by category:

 "Insecure Transport" => 2 Issues
     cmd/main.go:111 (Semantic)
     internal/ui/ui.go:261 (Semantic)
 "Open Redirect" => 1 Issues
     internal/ui/ui.go:179 (Data Flow)

Total for all categories => 3 Issues

****************************************************
Number of high issues:
1 issues of 1 matched search query.

Issue counts by category:

 "Dockerfile Misconfiguration: Default User Privilege" => 1 Issues
     Dockerfile:1 (Configuration)

Total for all categories => 1 Issues

****************************************************
Number of medium issues:
No issues matched search query.
****************************************************
Number of low issues:
1 issues of 1 matched search query.

Issue counts by category:

 "Cross-Site Request Forgery" => 1 Issues
     internal/ui/index.html:17 (Content)

Total for all categories => 1 Issues

@whytheplatypus
Test cases for cross cloud delivery
544c2ff 
- azure -> s3
- s3 -> azure
- file -> s3
@fortify-pr-scan fortify-pr-scan
Copy link

Fortify Scan Results

🔴 Status: ❌ Failed (Critical Issues)

Summary

  • 🚨 Critical Issues: 2
  • 🛑 High Issues: 1
  • ⚠️ Medium Issues: 0
  • 🔍 Low Issues: 1

🛠 Action Required

Please address the identified vulnerabilities before merging this pull request.

Expand the "Detailed Results" section below for more information.

Detailed Results

📂 Scanned Path(s)

upload-server

📊 Detailed Scan Results


sourceanalyzer is installed.
FPRUtility is installed.
fortifyclient is installed.
Using Fortify Source Analyzer to scan the code from upload-server. Results will be upload-server.fpr.
Printing the results using Fortify FPRUtility, FPRUtility summarizes and translate results.
Summary of all issues:

Issue counts by category:

 "Credential Management: Hardcoded API Credentials" => 1 Issues
     cmd/main_test.go:104 (configuration)
 "Cross-Site Request Forgery" => 1 Issues
     internal/ui/index.html:17 (content)
 "Dockerfile Misconfiguration: Default User Privilege" => 1 Issues
     Dockerfile:1 (configuration)
 "Open Redirect" => 1 Issues
     internal/ui/ui.go:179 (dataflow)

Total for all categories => 4 Issues

****************************************************
Number of critical issues:
2 issues of 2 matched search query.

Issue counts by category:

 "Credential Management: Hardcoded API Credentials" => 1 Issues
     cmd/main_test.go:104 (Configuration)
 "Open Redirect" => 1 Issues
     internal/ui/ui.go:179 (Data Flow)

Total for all categories => 2 Issues

****************************************************
Number of high issues:
1 issues of 1 matched search query.

Issue counts by category:

 "Dockerfile Misconfiguration: Default User Privilege" => 1 Issues
     Dockerfile:1 (Configuration)

Total for all categories => 1 Issues

****************************************************
Number of medium issues:
No issues matched search query.
****************************************************
Number of low issues:
1 issues of 1 matched search query.

Issue counts by category:

 "Cross-Site Request Forgery" => 1 Issues
     internal/ui/index.html:17 (Content)

Total for all categories => 1 Issues

@whytheplatypus whytheplatypus marked this pull request as ready for review September 25, 2024 15:44
@fortify-pr-scan fortify-pr-scan
Copy link

Fortify Scan Results

🔴 Status: ❌ Failed (Critical Issues)

Summary

  • 🚨 Critical Issues: 1
  • 🛑 High Issues: 0
  • ⚠️ Medium Issues: 0
  • 🔍 Low Issues: 1

🛠 Action Required

Please address the identified vulnerabilities before merging this pull request.

Expand the "Detailed Results" section below for more information.

Detailed Results

📂 Scanned Path(s)

upload-server

📊 Detailed Scan Results


sourceanalyzer is installed.
FPRUtility is installed.
fortifyclient is installed.
Using Fortify Source Analyzer to scan the code from upload-server. Results will be upload-server.fpr.
Printing the results using Fortify FPRUtility, FPRUtility summarizes and translate results.
Summary of all issues:

Issue counts by category:

 "Credential Management: Hardcoded API Credentials" => 1 Issues
     cmd/main_test.go:105 (configuration)
 "Cross-Site Request Forgery" => 1 Issues
     internal/ui/index.html:17 (content)

Total for all categories => 2 Issues

****************************************************
Number of critical issues:
1 issues of 1 matched search query.

Issue counts by category:

 "Credential Management: Hardcoded API Credentials" => 1 Issues
     cmd/main_test.go:105 (Configuration)

Total for all categories => 1 Issues

****************************************************
Number of high issues:
No issues matched search query.
****************************************************
Number of medium issues:
No issues matched search query.
****************************************************
Number of low issues:
1 issues of 1 matched search query.

Issue counts by category:

 "Cross-Site Request Forgery" => 1 Issues
     internal/ui/index.html:17 (Content)

Total for all categories => 1 Issues

1 similar comment
@fortify-pr-scan fortify-pr-scan
Copy link

Fortify Scan Results

🔴 Status: ❌ Failed (Critical Issues)

Summary

  • 🚨 Critical Issues: 1
  • 🛑 High Issues: 0
  • ⚠️ Medium Issues: 0
  • 🔍 Low Issues: 1

🛠 Action Required

Please address the identified vulnerabilities before merging this pull request.

Expand the "Detailed Results" section below for more information.

Detailed Results

📂 Scanned Path(s)

upload-server

📊 Detailed Scan Results


sourceanalyzer is installed.
FPRUtility is installed.
fortifyclient is installed.
Using Fortify Source Analyzer to scan the code from upload-server. Results will be upload-server.fpr.
Printing the results using Fortify FPRUtility, FPRUtility summarizes and translate results.
Summary of all issues:

Issue counts by category:

 "Credential Management: Hardcoded API Credentials" => 1 Issues
     cmd/main_test.go:105 (configuration)
 "Cross-Site Request Forgery" => 1 Issues
     internal/ui/index.html:17 (content)

Total for all categories => 2 Issues

****************************************************
Number of critical issues:
1 issues of 1 matched search query.

Issue counts by category:

 "Credential Management: Hardcoded API Credentials" => 1 Issues
     cmd/main_test.go:105 (Configuration)

Total for all categories => 1 Issues

****************************************************
Number of high issues:
No issues matched search query.
****************************************************
Number of medium issues:
No issues matched search query.
****************************************************
Number of low issues:
1 issues of 1 matched search query.

Issue counts by category:

 "Cross-Site Request Forgery" => 1 Issues
     internal/ui/index.html:17 (Content)

Total for all categories => 1 Issues

@fortify-pr-scan fortify-pr-scan
Copy link

Fortify Scan Results

🔴 Status: ❌ Failed (Critical Issues)

Summary

  • 🚨 Critical Issues: 1
  • 🛑 High Issues: 0
  • ⚠️ Medium Issues: 0
  • 🔍 Low Issues: 1

🛠 Action Required

Please address the identified vulnerabilities before merging this pull request.

Expand the "Detailed Results" section below for more information.

Detailed Results

📂 Scanned Path(s)

upload-server

📊 Detailed Scan Results


sourceanalyzer is installed.
FPRUtility is installed.
fortifyclient is installed.
Using Fortify Source Analyzer to scan the code from upload-server. Results will be upload-server.fpr.
Printing the results using Fortify FPRUtility, FPRUtility summarizes and translate results.
Summary of all issues:

Issue counts by category:

 "Credential Management: Hardcoded API Credentials" => 1 Issues
     cmd/main_test.go:105 (configuration)
 "Cross-Site Request Forgery" => 1 Issues
     internal/ui/index.html:17 (content)

Total for all categories => 2 Issues

****************************************************
Number of critical issues:
1 issues of 1 matched search query.

Issue counts by category:

 "Credential Management: Hardcoded API Credentials" => 1 Issues
     cmd/main_test.go:105 (Configuration)

Total for all categories => 1 Issues

****************************************************
Number of high issues:
No issues matched search query.
****************************************************
Number of medium issues:
No issues matched search query.
****************************************************
Number of low issues:
1 issues of 1 matched search query.

Issue counts by category:

 "Cross-Site Request Forgery" => 1 Issues
     internal/ui/index.html:17 (Content)

Total for all categories => 1 Issues

thetif
thetif approved these changes Sep 26, 2024
View reviewed changes
Copy link
Contributor

@thetif thetif left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good

@fortify-pr-scan fortify-pr-scan
Copy link

Fortify Scan Results

🟢 Status: 🔍 (Low Issues)

Summary

  • 🚨 Critical Issues: 0
  • 🛑 High Issues: 0
  • ⚠️ Medium Issues: 0
  • 🔍 Low Issues: 1

🛠 Action Required

Please address the identified vulnerabilities before merging this pull request.

Expand the "Detailed Results" section below for more information.

Detailed Results

📂 Scanned Path(s)

upload-server

📊 Detailed Scan Results


sourceanalyzer is installed.
FPRUtility is installed.
fortifyclient is installed.
Using Fortify Source Analyzer to scan the code from upload-server. Results will be upload-server.fpr.
Printing the results using Fortify FPRUtility, FPRUtility summarizes and translate results.
Summary of all issues:

Issue counts by category:

 "Cross-Site Request Forgery" => 1 Issues
     internal/ui/index.html:17 (content)

Total for all categories => 1 Issues

****************************************************
Number of critical issues:
No issues matched search query.
****************************************************
Number of high issues:
No issues matched search query.
****************************************************
Number of medium issues:
No issues matched search query.
****************************************************
Number of low issues:
1 issues of 1 matched search query.

Issue counts by category:

 "Cross-Site Request Forgery" => 1 Issues
     internal/ui/index.html:17 (Content)

Total for all categories => 1 Issues

cfarmer-fearless
cfarmer-fearless requested changes Sep 26, 2024
View reviewed changes
Copy link
Contributor

@cfarmer-fearless cfarmer-fearless left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor cleanup but looks great overall

upload-server/internal/metadata/metadata.go Outdated
@@ -86,7 +86,7 @@ func InitConfigCache(ctx context.Context, appConfig appconfig.AppConfig) error {
}
}

if appConfig.S3Connection != nil {
if appConfig.S3Connection != nil && appConfig.S3ManifestConfigBucket != "" {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cleanup: favor S3ManifestConfigFolder over S3ManifestConfigBucket and remove S3ManifestConfigBucket

@cfarmer-fearless
Copy link
Contributor

Getting this when running locally
{"time":"2024-09-26T17:32:09.308398739Z","level":"ERROR","source":{"function":"github.com/cdcgov/data-exchange-upload/upload-server/cmd.main","file":"/code/cmd/main.go","line":92},"msg":"error starting app, error initialize dex handler","app_info":{"System":" DEX","Product":"UPLOAD API","App":"UPLOAD SERVER","Env":"DEV"},"error":"failed to connect to edav deliverer target not enough information given to connect to container edav"}

@fortify-pr-scan fortify-pr-scan
Copy link

Fortify Scan Results

🟢 Status: 🔍 (Low Issues)

Summary

  • 🚨 Critical Issues: 0
  • 🛑 High Issues: 0
  • ⚠️ Medium Issues: 0
  • 🔍 Low Issues: 1

🛠 Action Required

Please address the identified vulnerabilities before merging this pull request.

Expand the "Detailed Results" section below for more information.

Detailed Results

📂 Scanned Path(s)

upload-server

📊 Detailed Scan Results


sourceanalyzer is installed.
FPRUtility is installed.
fortifyclient is installed.
Using Fortify Source Analyzer to scan the code from upload-server. Results will be upload-server.fpr.
Printing the results using Fortify FPRUtility, FPRUtility summarizes and translate results.
Summary of all issues:

Issue counts by category:

 "Cross-Site Request Forgery" => 1 Issues
     internal/ui/index.html:17 (content)

Total for all categories => 1 Issues

****************************************************
Number of critical issues:
No issues matched search query.
****************************************************
Number of high issues:
No issues matched search query.
****************************************************
Number of medium issues:
No issues matched search query.
****************************************************
Number of low issues:
1 issues of 1 matched search query.

Issue counts by category:

 "Cross-Site Request Forgery" => 1 Issues
     internal/ui/index.html:17 (Content)

Total for all categories => 1 Issues

****************************************************
Details of all issues:
IID,category,path,analyzer
"FF67A3F544C110AB3D0649B4190B950D","Cross-Site Request Forgery","internal/ui/index.html:17","content"

Total "1" issues

@fortify-pr-scan fortify-pr-scan
Copy link

Fortify Scan Results

🟢 Status: ✅ Passed

Summary

  • 🚨 Critical Issues: 0
  • 🛑 High Issues: 0
  • ⚠️ Medium Issues: 0
  • 🔍 Low Issues: 0

No Action Required

No vulnerabilities were identified in this scan.

Detailed Results

📂 Scanned Path(s)

upload-server

📊 Detailed Scan Results


sourceanalyzer is installed.
FPRUtility is installed.
fortifyclient is installed.
Using Fortify Source Analyzer to scan the code from upload-server. Results will be upload-server.fpr.
Printing the results using Fortify FPRUtility, FPRUtility summarizes and translate results.
Summary of all issues:

Total for all categories => 0 Issues

****************************************************
Number of critical issues:
No issues matched search query.
****************************************************
Number of high issues:
No issues matched search query.
****************************************************
Number of medium issues:
No issues matched search query.
****************************************************
Number of low issues:
No issues matched search query.
****************************************************

Details of all issues in csv format:

@fortify-pr-scan fortify-pr-scan
Copy link

Fortify Scan Results

🟢 Status: ✅ Passed

Summary

  • 🚨 Critical Issues: 0
  • 🛑 High Issues: 0
  • ⚠️ Medium Issues: 0
  • 🔍 Low Issues: 0

No Action Required

No vulnerabilities were identified in this scan.

Detailed Results

📂 Scanned Path(s)

upload-server

📊 Detailed Scan Results


sourceanalyzer is installed.
FPRUtility is installed.
fortifyclient is installed.
Using Fortify Source Analyzer to scan the code from upload-server. Results will be upload-server.fpr.
Printing the results using Fortify FPRUtility, FPRUtility summarizes and translate results.
Summary of all issues:

Total for all categories => 0 Issues

****************************************************
Number of critical issues:
No issues matched search query.
****************************************************
Number of high issues:
No issues matched search query.
****************************************************
Number of medium issues:
No issues matched search query.
****************************************************
Number of low issues:
No issues matched search query.
****************************************************

Details of all issues in csv format:

@fortify-pr-scan fortify-pr-scan
Copy link

Fortify Scan Results

🟢 Status: ✅ Passed

Summary

  • 🚨 Critical Issues: 0
  • 🛑 High Issues: 0
  • ⚠️ Medium Issues: 0
  • 🔍 Low Issues: 0

No Action Required

No vulnerabilities were identified in this scan.

Detailed Results

📂 Scanned Path(s)

upload-server

📊 Detailed Scan Results


sourceanalyzer is installed.
FPRUtility is installed.
fortifyclient is installed.
Using Fortify Source Analyzer to scan the code from upload-server. Results will be upload-server.fpr.
Printing the results using Fortify FPRUtility, FPRUtility summarizes and translate results.
Summary of all issues:

Total for all categories => 0 Issues

****************************************************
Number of critical issues:
No issues matched search query.
****************************************************
Number of high issues:
No issues matched search query.
****************************************************
Number of medium issues:
No issues matched search query.
****************************************************
Number of low issues:
No issues matched search query.
****************************************************

Details of all issues in csv format:

@fortify-pr-scan fortify-pr-scan
Copy link

Fortify Scan Results

🟢 Status: ✅ Passed

Summary

  • 🚨 Critical Issues: 0
  • 🛑 High Issues: 0
  • ⚠️ Medium Issues: 0
  • 🔍 Low Issues: 0

No Action Required

No vulnerabilities were identified in this scan.

Detailed Results

📂 Scanned Path(s)

upload-server

📊 Detailed Scan Results


sourceanalyzer is installed.
FPRUtility is installed.
fortifyclient is installed.
Using Fortify Source Analyzer to scan the code from upload-server. Results will be upload-server.fpr.
Printing the results using Fortify FPRUtility, FPRUtility summarizes and translate results.
Summary of all issues:

Total for all categories => 0 Issues

****************************************************
Number of critical issues:
No issues matched search query.
****************************************************
Number of high issues:
No issues matched search query.
****************************************************
Number of medium issues:
No issues matched search query.
****************************************************
Number of low issues:
No issues matched search query.
****************************************************

Details of all issues in csv format:

@fortify-pr-scan fortify-pr-scan
Copy link

Fortify Scan Results

🟢 Status: ✅ Passed

Summary

  • 🚨 Critical Issues: 0
  • 🛑 High Issues: 0
  • ⚠️ Medium Issues: 0
  • 🔍 Low Issues: 0

No Action Required

No vulnerabilities were identified in this scan.

Detailed Results

📂 Scanned Path(s)

upload-server

📊 Detailed Scan Results


sourceanalyzer is installed.
FPRUtility is installed.
fortifyclient is installed.
Using Fortify Source Analyzer to scan the code from upload-server. Results will be upload-server.fpr.
Printing the results using Fortify FPRUtility, FPRUtility summarizes and translate results.
Summary of all issues:

Total for all categories => 0 Issues

****************************************************
Number of critical issues:
No issues matched search query.
****************************************************
Number of high issues:
No issues matched search query.
****************************************************
Number of medium issues:
No issues matched search query.
****************************************************
Number of low issues:
No issues matched search query.
****************************************************

Details of all issues in csv format:

@fortify-pr-scan fortify-pr-scan
Copy link

Fortify Scan Results

🟢 Status: ✅ Passed

Summary

  • 🚨 Critical Issues: 0
  • 🛑 High Issues: 0
  • ⚠️ Medium Issues: 0
  • 🔍 Low Issues: 0

No Action Required

No vulnerabilities were identified in this scan.

Detailed Results

📂 Scanned Path(s)

upload-server

📊 Detailed Scan Results


sourceanalyzer is installed.
FPRUtility is installed.
fortifyclient is installed.
Using Fortify Source Analyzer to scan the code from upload-server. Results will be upload-server.fpr.
Printing the results using Fortify FPRUtility, FPRUtility summarizes and translate results.
Summary of all issues:

Total for all categories => 0 Issues

****************************************************
Number of critical issues:
No issues matched search query.
****************************************************
Number of high issues:
No issues matched search query.
****************************************************
Number of medium issues:
No issues matched search query.
****************************************************
Number of low issues:
No issues matched search query.
****************************************************

Details of all issues in csv format:

@fortify-pr-scan fortify-pr-scan
Copy link

Fortify Scan Results

🟢 Status: ✅ Passed

Summary

  • 🚨 Critical Issues: 0
  • 🛑 High Issues: 0
  • ⚠️ Medium Issues: 0
  • 🔍 Low Issues: 0

No Action Required

No vulnerabilities were identified in this scan.

Detailed Results

📂 Scanned Path(s)

upload-server

📊 Detailed Scan Results


sourceanalyzer is installed.
FPRUtility is installed.
fortifyclient is installed.
Using Fortify Source Analyzer to scan the code from upload-server. Results will be upload-server.fpr.
Printing the results using Fortify FPRUtility, FPRUtility summarizes and translate results.
Summary of all issues:

Total for all categories => 0 Issues

****************************************************
Number of critical issues:
No issues matched search query.
****************************************************
Number of high issues:
No issues matched search query.
****************************************************
Number of medium issues:
No issues matched search query.
****************************************************
Number of low issues:
No issues matched search query.
****************************************************

Details of all issues in csv format:

@fortify-pr-scan fortify-pr-scan
Copy link

Fortify Scan Results

🟢 Status: ✅ Passed

Summary

  • 🚨 Critical Issues: 0
  • 🛑 High Issues: 0
  • ⚠️ Medium Issues: 0
  • 🔍 Low Issues: 0

No Action Required

No vulnerabilities were identified in this scan.

Detailed Results

📂 Scanned Path(s)

upload-server

📊 Detailed Scan Results


sourceanalyzer is installed.
FPRUtility is installed.
fortifyclient is installed.
Using Fortify Source Analyzer to scan the code from upload-server. Results will be upload-server.fpr.
Printing the results using Fortify FPRUtility, FPRUtility summarizes and translate results.
Summary of all issues:

Total for all categories => 0 Issues

****************************************************
Number of critical issues:
No issues matched search query.
****************************************************
Number of high issues:
No issues matched search query.
****************************************************
Number of medium issues:
No issues matched search query.
****************************************************
Number of low issues:
No issues matched search query.
****************************************************

Details of all issues in csv format:

@whytheplatypus whytheplatypus merged commit 03f3aae into main Sep 30, 2024
3 checks passed
@whytheplatypus whytheplatypus deleted the testing/test-main branch September 30, 2024 12:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thetif thetif thetif approved these changes

@cfarmer-fearless cfarmer-fearless cfarmer-fearless approved these changes

@rohitpanwar rohitpanwar Awaiting requested review from rohitpanwar

@cyber-decker cyber-decker Awaiting requested review from cyber-decker

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@whytheplatypus @cfarmer-fearless @thetif