softrams / bulwark Goto Github PK
View Code? Open in Web Editor NEWAn organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
License: MIT License
An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
License: MIT License
Following the Angular testing guidelines, implement unit tests for the ReportComponent.
At least 80% code coverage is required.
Following the Angular testing guidelines, implement unit tests for the InviteUserComponent.
At least 80% code coverage is required.
Following the Angular testing guidelines, implement unit tests for the AppService.
At least 80% code coverage is required.
Describe the bug
Angular linting is failing due to object access via string literals is disallowed
Problem Locations
WARNING: /Users/alejandrosaenz/Repositories/bulwark/frontend/src/app/app.service.spec.ts[9, 41]: get is deprecated: from v9.0.0 use TestBed.inject
ERROR: /Users/alejandrosaenz/Repositories/bulwark/frontend/src/app/app.service.ts[34, 9]: Expected a 'for-of' loop instead of a 'for' loop with this simple iteration
ERROR: /Users/alejandrosaenz/Repositories/bulwark/frontend/src/app/app.service.ts[67, 9]: Expected a 'for-of' loop instead of a 'for' loop with this simple iteration
WARNING: /Users/alejandrosaenz/Repositories/bulwark/frontend/src/app/auth.service.spec.ts[9, 42]: get is deprecated: from v9.0.0 use TestBed.inject
WARNING: /Users/alejandrosaenz/Repositories/bulwark/frontend/src/app/global-manager.service.spec.ts[9, 51]: get is deprecated: from v9.0.0 use TestBed.inject
WARNING: /Users/alejandrosaenz/Repositories/bulwark/frontend/src/app/loader.service.spec.ts[9, 44]: get is deprecated: from v9.0.0 use TestBed.inject
ERROR: /Users/alejandrosaenz/Repositories/bulwark/frontend/src/app/org-form/org-form.component.ts[32, 27]: object access via string literals is disallowed
ERROR: /Users/alejandrosaenz/Repositories/bulwark/frontend/src/app/org-form/org-form.component.ts[33, 54]: object access via string literals is disallowed
ERROR: /Users/alejandrosaenz/Repositories/bulwark/frontend/src/app/vuln-form/vuln-form.component.ts[288, 12]: object access via string literals is disallowed
ERROR: /Users/alejandrosaenz/Repositories/bulwark/frontend/src/app/vuln-form/vuln-form.component.ts[304, 42]: object access via string literals is disallowed
ERROR: /Users/alejandrosaenz/Repositories/bulwark/frontend/src/app/vuln-form/vuln-form.component.ts[304, 50]: object access via string literals is disallowed
ERROR: /Users/alejandrosaenz/Repositories/bulwark/frontend/src/app/vuln-form/vuln-form.component.ts[319, 60]: object access via string literals is disallowed
ERROR: /Users/alejandrosaenz/Repositories/bulwark/frontend/src/app/vuln-form/vuln-form.component.ts[342, 84]: object access via string literals is disallowed```
**Steps to Reproduce**
Steps to reproduce the behavior:
1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error
**Expected behavior**
Linting rules should pass
Currently, Dependabot only will look at the package.json on the root directory.
Dependabot needs to be configured to also include the package.json within the angular application.
https://docs.github.com/en/github/administering-a-repository/enabling-and-disabling-version-updates
Currently the back-end code lacks unit testing. This ticket is responsible for setting up the initial unit testing framework and is required before any unit tests are implemented.
seed-user.ts needs to be updated to include the new 3.0.0. User fields for firstName
, lastName
, and title
.
A user cannot login due to the User
updates with the inclusion of firstName
, lastName
, and title
columns.
Existing users will manually have to be updated via the database.
The register component has been updated to include these fields.
Following the Angular testing guidelines, implement unit tests for the DashboardComponent.
At least 80% code coverage is required.
rm
is not OS agnostic. Utilize the rimraf library and replace the rm -rf
command in the package.json to remove the dist folders.
Following the Angular testing guidelines, implement unit tests for the LoginComponent.
At least 80% code coverage is required.
Following the Angular testing guidelines, implement unit tests for the NavbarComponent.
At least 80% code coverage is required.
Following the Angular testing guidelines, implement unit tests for the VulnFormComponent.
At least 80% code coverage is required.
As a system, a Github action needs to be created so that pull requests automatically run linting and future unit testing.
A Github action is required to run linting and unit testing on pull requests before merging is possible. This will avoid breaking the build in the master
and develop
environments.
The Application Security Team
in the generated report is hardcoded. Now that user information has been implemented, it's time to make the team dynamic. The assessment form will have a new pick-list where the user can choose who the testers will be. These testers will then be listed on the generated report.
Creating the first user is complicated and requires multiple steps. This is confusing for first time users.
I suggest creating a seed-user.js
file which will automatically create a user. For example:
node seed-user.js
This file will simply need a configuration object that will automatically be passed into the function. This object will include the user's credentials needed to login. Furthermore, this configuration will be thoroughly documented within the seed-user.js
file for easy setup.
This task will also update the README with updated instructions.
This issue is to set up an initial test within Jest and beginning adding documentation for testing.
Implement pull-request and committing standards. Utilize husky and commitizen to enforce conventional commit messages. Create pull-request template for future commits.
Following the Angular testing guidelines, implement unit tests for the AssessmentsComponent.
At least 80% code coverage is required.
Following the Angular testing guidelines, implement unit tests for the OrganizationComponent.
At least 80% code coverage is required.
Currently, linting is a pre-commit hook. It should be moved to the Github action.
When a report with 0 findings is generated, the vulnerability summary table still shows and an additional page is also created. This may be confusing for the reader.
A 0 finding report should replace the vulnerability summary table with a clear an concise message such as "No vulnerabilities were found during this assessment."
Describe the bug
Any package.json scripts that utilize the ng
commands do not work on a windows machine.
Problem Locations
Invalid option for project: '.'
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] lint: `tslint --project '.' && cd frontend && node ./node_modules/@angular/cli/bin/ng lint`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] lint script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
Expected behavior
Package.json scripts should be OS agnostic.
There is no official semantic versioning implemented.
We can automate this process by implementing a Github action using Semantic Release.
Github Documentation is found here
Following the Angular testing guidelines, implement unit tests for the AssessmentFormComponent.
At least 80% code coverage is required.
Following the Angular testing guidelines, implement unit tests for the AlertComponent.
At least 80% code coverage is required.
Following the Angular testing guidelines, implement unit tests for the AlertService.
At least 80% code coverage is required.
Following the Angular testing guidelines, implement unit tests for the OrgFormComponent.
At least 80% code coverage is required.
This ticket is to complete the backend unit tests for the file-upload.controller.ts file. Please refer to the testing guidelines for more information.
Currently, Angular's DatePipe uses locale to display date in user's timezone. This is causing Angular to display incorrect dates to the user. To fix this, we need to display dates with the client's timezone data offset. Follow the Angular documentation for more information.
Steps to reproduce
As a system, a refresh token is required so that the user does have to re-authenticate when their JWT token expires.
The current JWT token has an expiration time of 30 minutes which forces the user to re-authenticate. It is frustrating to fill out a vulnerability form only to receive a HTTP 401 message because the token expired.
I prefer to keep the JWT tokens stateless.
Acceptance criteria
Describe the bug
Menu drop-down opens outside of window
Steps to Reproduce
Steps to reproduce the behavior:
Expected behavior
Adjust menu drop-down so it's within the page window
Desktop (please complete the following information):
Following the Angular testing guidelines, implement unit tests for the AppComponent.
At least 80% code coverage is required.
Create unit test for Password Utility.
This ticket is to create backend unit tests for the authentication.controller.ts file. Please refer to the testing guidelines for more information.
As a user, I should be able to update my email address so that I can update my login information.
Append to the user-profile.component by adding an additional form below the profile information. This will be a single field form that allows the user to update their email address.
Once a user's email has been updated, a confirmation email should be sent to the new email address so that Bulwark can verify the user. If the email is not verified, then the previous email is still active.
Following the Angular testing guidelines, implement unit tests for the ForgotPasswordComponent.
At least 80% code coverage is required.
Following the Angular testing guidelines, implement unit tests for the RegisterComponent.
At least 80% code coverage is required.
Following the Angular testing guidelines, implement unit tests for the VulnerabilityComponent.
At least 80% code coverage is required.
As a user, I should be able to update my password so that I can continue to keep my account secure.
A new form should be appended to the user-profile.component that gives the ability to update the user's password. The form should contain three fields:
Utilize the updatePassword
function in the user.controller.ts file.
Once the password is updated, it'll take effect immediately for the next login.
This ticket is to create the backend unit test for organization.controller.ts. Please refer to the testing guidelines for more information.
Following the Angular testing guidelines, implement unit tests for the PasswordResetComponent.
At least 80% code coverage is required.
Currently, thecheckToken
function can not be tested without loading the env var its test file.
The test should be isolated from using env var. Therefore, the checkToken
needs to be updated to add the secret in the formal parameters of the function and consequently passed into the verification.
Following the Angular testing guidelines, implement unit tests for the AuthGuard.
At least 80% code coverage is required.
As a user, I want to update my profile so that I can update my email address and password.
Acceptance criteria
Profile
/user/profile
user-profile
componentGoal:
This ticket should encompass creating a scalable API call to update the user's first name, last name, and title. Make sure that the JWT token is utilized to update the user profile to mitigate IDOR. This ticket will not implement the ability to update the user's email address or password.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.