softrams / bulwark Goto Github PK

Following the Angular testing guidelines, implement unit tests for the ReportComponent.

At least 80% code coverage is required.

Following the Angular testing guidelines, implement unit tests for the InviteUserComponent.

At least 80% code coverage is required.

Following the Angular testing guidelines, implement unit tests for the AppService.

At least 80% code coverage is required.

Describe the bug
Angular linting is failing due to object access via string literals is disallowed

Problem Locations

WARNING: /Users/alejandrosaenz/Repositories/bulwark/frontend/src/app/app.service.spec.ts[9, 41]: get is deprecated: from v9.0.0 use TestBed.inject
ERROR: /Users/alejandrosaenz/Repositories/bulwark/frontend/src/app/app.service.ts[34, 9]: Expected a 'for-of' loop instead of a 'for' loop with this simple iteration
ERROR: /Users/alejandrosaenz/Repositories/bulwark/frontend/src/app/app.service.ts[67, 9]: Expected a 'for-of' loop instead of a 'for' loop with this simple iteration
WARNING: /Users/alejandrosaenz/Repositories/bulwark/frontend/src/app/auth.service.spec.ts[9, 42]: get is deprecated: from v9.0.0 use TestBed.inject
WARNING: /Users/alejandrosaenz/Repositories/bulwark/frontend/src/app/global-manager.service.spec.ts[9, 51]: get is deprecated: from v9.0.0 use TestBed.inject
WARNING: /Users/alejandrosaenz/Repositories/bulwark/frontend/src/app/loader.service.spec.ts[9, 44]: get is deprecated: from v9.0.0 use TestBed.inject
ERROR: /Users/alejandrosaenz/Repositories/bulwark/frontend/src/app/org-form/org-form.component.ts[32, 27]: object access via string literals is disallowed
ERROR: /Users/alejandrosaenz/Repositories/bulwark/frontend/src/app/org-form/org-form.component.ts[33, 54]: object access via string literals is disallowed
ERROR: /Users/alejandrosaenz/Repositories/bulwark/frontend/src/app/vuln-form/vuln-form.component.ts[288, 12]: object access via string literals is disallowed
ERROR: /Users/alejandrosaenz/Repositories/bulwark/frontend/src/app/vuln-form/vuln-form.component.ts[304, 42]: object access via string literals is disallowed
ERROR: /Users/alejandrosaenz/Repositories/bulwark/frontend/src/app/vuln-form/vuln-form.component.ts[304, 50]: object access via string literals is disallowed
ERROR: /Users/alejandrosaenz/Repositories/bulwark/frontend/src/app/vuln-form/vuln-form.component.ts[319, 60]: object access via string literals is disallowed
ERROR: /Users/alejandrosaenz/Repositories/bulwark/frontend/src/app/vuln-form/vuln-form.component.ts[342, 84]: object access via string literals is disallowed```

**Steps to Reproduce**
Steps to reproduce the behavior:
1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

**Expected behavior**
Linting rules should pass

Currently, Dependabot only will look at the package.json on the root directory.

Dependabot needs to be configured to also include the package.json within the angular application.

https://docs.github.com/en/github/administering-a-repository/enabling-and-disabling-version-updates

Currently the back-end code lacks unit testing. This ticket is responsible for setting up the initial unit testing framework and is required before any unit tests are implemented.

seed-user.ts needs to be updated to include the new 3.0.0. User fields for firstName, lastName, and title.

A user cannot login due to the User updates with the inclusion of firstName, lastName, and title columns.

Existing users will manually have to be updated via the database.

The register component has been updated to include these fields.

Following the Angular testing guidelines, implement unit tests for the DashboardComponent.

At least 80% code coverage is required.

rm is not OS agnostic. Utilize the rimraf library and replace the rm -rf command in the package.json to remove the dist folders.

Following the Angular testing guidelines, implement unit tests for the LoginComponent.

At least 80% code coverage is required.

Following the Angular testing guidelines, implement unit tests for the NavbarComponent.

At least 80% code coverage is required.

Following the Angular testing guidelines, implement unit tests for the VulnFormComponent.

At least 80% code coverage is required.

As a system, a Github action needs to be created so that pull requests automatically run linting and future unit testing.

A Github action is required to run linting and unit testing on pull requests before merging is possible. This will avoid breaking the build in the master and develop environments.

https://github.com/actions/typescript-action

The Application Security Team in the generated report is hardcoded. Now that user information has been implemented, it's time to make the team dynamic. The assessment form will have a new pick-list where the user can choose who the testers will be. These testers will then be listed on the generated report.

Creating the first user is complicated and requires multiple steps. This is confusing for first time users.

I suggest creating a seed-user.js file which will automatically create a user. For example:

node seed-user.js

This file will simply need a configuration object that will automatically be passed into the function. This object will include the user's credentials needed to login. Furthermore, this configuration will be thoroughly documented within the seed-user.js file for easy setup.

This task will also update the README with updated instructions.

This issue is to set up an initial test within Jest and beginning adding documentation for testing.

Implement pull-request and committing standards. Utilize husky and commitizen to enforce conventional commit messages. Create pull-request template for future commits.

Following the Angular testing guidelines, implement unit tests for the AssessmentsComponent.

At least 80% code coverage is required.

Following the Angular testing guidelines, implement unit tests for the OrganizationComponent.

At least 80% code coverage is required.

Currently, linting is a pre-commit hook. It should be moved to the Github action.

When a report with 0 findings is generated, the vulnerability summary table still shows and an additional page is also created. This may be confusing for the reader.

A 0 finding report should replace the vulnerability summary table with a clear an concise message such as "No vulnerabilities were found during this assessment."

Describe the bug
Any package.json scripts that utilize the ng commands do not work on a windows machine.

Problem Locations

Invalid option for project: '.'
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] lint: `tslint --project '.' && cd frontend && node ./node_modules/@angular/cli/bin/ng lint`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] lint script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

Expected behavior
Package.json scripts should be OS agnostic.

There is no official semantic versioning implemented.

We can automate this process by implementing a Github action using Semantic Release.

Github Documentation is found here

Following the Angular testing guidelines, implement unit tests for the AssessmentFormComponent.

At least 80% code coverage is required.

Following the Angular testing guidelines, implement unit tests for the AlertComponent.

At least 80% code coverage is required.

Following the Angular testing guidelines, implement unit tests for the AlertService.

At least 80% code coverage is required.

Following the Angular testing guidelines, implement unit tests for the OrgFormComponent.

At least 80% code coverage is required.

This ticket is to complete the backend unit tests for the file-upload.controller.ts file. Please refer to the testing guidelines for more information.

Currently, Angular's DatePipe uses locale to display date in user's timezone. This is causing Angular to display incorrect dates to the user. To fix this, we need to display dates with the client's timezone data offset. Follow the Angular documentation for more information.

Steps to reproduce

1. Log into the application
2. Select an Organization
3. Select an asset
4. Create an assessment (keep track of the start date and end date selected)
5. Notice incorrect dates on the Assessment summary table.

As a system, a refresh token is required so that the user does have to re-authenticate when their JWT token expires.

The current JWT token has an expiration time of 30 minutes which forces the user to re-authenticate. It is frustrating to fill out a vulnerability form only to receive a HTTP 401 message because the token expired.

I prefer to keep the JWT tokens stateless.

Acceptance criteria

1. Implement a second refresh token which is created on authentication.
2. The refresh token should have a longer expiry date than the current auth token.
3. The refresh token should be stored along side the auth token in local storage.
4. The HTTP interceptor should be modified to handle the expiration of a token.
5. A refresh API token should be implemented that will seamlessly create new tokens and return to the client
6. The HTTP interceptor should seamlessly store these tokens in local storage

The start/end date is listed as Start Date / Start Date on the assessment form. This should be changed to Start Date / End Date.

Describe the bug
Menu drop-down opens outside of window

Steps to Reproduce
Steps to reproduce the behavior:

1. Log into the application
2. Click the menu drop-down
3. Notice drop-down bleeds outside of window

Expected behavior
Adjust menu drop-down so it's within the page window

Screenshots

Desktop (please complete the following information):

• OS: Windows 10
• Firefox

Following the Angular testing guidelines, implement unit tests for the AppComponent.

At least 80% code coverage is required.

Create unit test for Password Utility.

This ticket is to create backend unit tests for the authentication.controller.ts file. Please refer to the testing guidelines for more information.

As a user, I should be able to update my email address so that I can update my login information.

Append to the user-profile.component by adding an additional form below the profile information. This will be a single field form that allows the user to update their email address.

Once a user's email has been updated, a confirmation email should be sent to the new email address so that Bulwark can verify the user. If the email is not verified, then the previous email is still active.

Following the Angular testing guidelines, implement unit tests for the ForgotPasswordComponent.

At least 80% code coverage is required.

Following the Angular testing guidelines, implement unit tests for the RegisterComponent.

At least 80% code coverage is required.

Following the Angular testing guidelines, implement unit tests for the VulnerabilityComponent.

At least 80% code coverage is required.

As a user, I should be able to update my password so that I can continue to keep my account secure.

A new form should be appended to the user-profile.component that gives the ability to update the user's password. The form should contain three fields:

1. Current user password
2. New user password
3. Confirm new user password

Utilize the updatePassword function in the user.controller.ts file.

Once the password is updated, it'll take effect immediately for the next login.

This ticket is to create the backend unit test for organization.controller.ts. Please refer to the testing guidelines for more information.

Following the Angular testing guidelines, implement unit tests for the PasswordResetComponent.

At least 80% code coverage is required.

Currently, thecheckToken function can not be tested without loading the env var its test file.

The test should be isolated from using env var. Therefore, the checkToken needs to be updated to add the secret in the formal parameters of the function and consequently passed into the verification.

Following the Angular testing guidelines, implement unit tests for the AuthGuard.

At least 80% code coverage is required.

As a user, I want to update my profile so that I can update my email address and password.

Acceptance criteria

• Add a new link to the navbar menu option called Profile
• The link should navigate to /user/profile
• The link should render the new user-profile component
• The component should contain an input field containing the email of the user
• The component should contain an input field containing the title of the user
• The component should contain input fields for user's first name and last name

Goal:
This ticket should encompass creating a scalable API call to update the user's first name, last name, and title. Make sure that the JWT token is utilized to update the user profile to mitigate IDOR. This ticket will not implement the ability to update the user's email address or password.