Dont run other CI checks

.github/workflows/crunch42-analysis.yml

@@ -0,0 +1,42 @@
+name: "42Crunch REST API Static Security Testing"
+
+# follow standard Code Scanning triggers
+on:
+  push:
+    branches: [ main ]
+  pull_request_target:
+    # The branches below must be a subset of the branches above
+    branches: [ main ]
+  schedule:
+    - cron: '19 4 * * 3'
+
+jobs:
+  rest-api-static-security-testing:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Install DOMjudge
+        run: .github/workflowscripts/baseinstall.sh
+
+      - name: Dump the OpenAPI
+        run: .github/workflowscripts/getapi.sh
+
+      - name: Find all other JSON files and delete those
+        run: |
+          rm -rf ./installdir/domserver/lib/vendor ./lib/vendor
+          rm -f ./doc/manual/sphinx-team.json ./doc/manual/sphinx-team.json
+          find ./ -name "*.json"
+
+      - name: 42Crunch REST API Static Security Testing
+        uses: 42Crunch/api-security-audit-action@v1
+        with:
+          # Follow these steps to configure API_SECRET https://docs.42crunch.com/latest/content/tasks/integrate_github_actions.htm
+          api-token: ${{ secrets.API_SECRET }}
+          min-score: 9
+          # Upload results to Github code scanning
+          upload-to-code-scanning: true
+          # Github token for uploading the results
+          github-token: ${{ github.token }}
+          ignore-failures: false
+

webapp/config/packages/nelmio_api_doc.yaml

@@ -9,7 +9,7 @@ nelmio_api_doc:
         components:
             securitySchemes:
                 basicAuth:
-                    type: http
+                    type: https
                     scheme: basic
             parameters:
                 cid:
@@ -19,6 +19,8 @@ nelmio_api_doc:
                     required: true
                     schema:
                         type: string
+                        pattern: "^[A-Za-z0-9]{1,255}$"
+                        maxLength: 255
                     examples:
                         int0:
                             value: "2"
@@ -36,6 +38,8 @@ nelmio_api_doc:
                     required: true
                     schema:
                         type: integer
+                        minimum: 1
+                        maximum: 9999
                     examples:
                         balloon:
                             value: 1
@@ -46,7 +50,10 @@ nelmio_api_doc:
                     description: The ID of the entity to get
                     required: true
                     schema:
+                        $ref: "#/components/schemas/Id"
                         type: string
+                        pattern: "^[A-Za-z0-9]{1,255}$"
+                        maxLength: 255
                     examples:
                         generic:
                             value: "1"
@@ -68,8 +75,7 @@ nelmio_api_doc:
                     schema:
                         type: array
                         items:
-                            type: string
-                            description: A single ID
+                            $ref: "#/components/schemas/Id"
                 strict:
                     name: strict
                     in: query
@@ -97,6 +103,10 @@ nelmio_api_doc:
                             schema:
                                 type: string
             schemas:
+                Id:
+                    type: string
+                    pattern: "^[A-Za-z0-9]{1,255}$"
+                    maxLength: 255
                 ImageList:
                     type: array
                     items:

webapp/src/Controller/API/AbstractRestController.php

@@ -25,6 +25,7 @@
 
 /**
  * Class AbstractRestController
+ * @OA\Response(response="400", ref="#/components/responses/InvalidResponse")
  * @package App\Controller\API
  */
 abstract class AbstractRestController extends AbstractFOSRestController

webapp/src/Controller/API/AwardsController.php

@@ -25,7 +25,6 @@
  * @OA\Parameter(ref="#/components/parameters/cid")
  * @OA\Response(response="404", ref="#/components/responses/NotFound")
  * @OA\Response(response="401", ref="#/components/responses/Unauthorized")
- * @OA\Response(response="400", ref="#/components/responses/InvalidResponse")
  */
 class AwardsController extends AbstractRestController
 {

webapp/src/Controller/API/BalloonController.php

@@ -19,7 +19,6 @@
  * @OA\Parameter(ref="#/components/parameters/cid")
  * @OA\Response(response="404", ref="#/components/responses/NotFound")
  * @OA\Response(response="401", ref="#/components/responses/Unauthorized")
- * @OA\Response(response="400", ref="#/components/responses/InvalidResponse")
  * @Security("is_granted('ROLE_JURY') or is_granted('ROLE_API_READER') or is_granted('ROLE_BALLOON')")
  */
 class BalloonController extends AbstractRestController

webapp/src/Controller/API/ClarificationController.php

@@ -25,7 +25,6 @@
  * @OA\Parameter(ref="#/components/parameters/cid")
  * @OA\Response(response="404", ref="#/components/responses/NotFound")
  * @OA\Response(response="401", ref="#/components/responses/Unauthorized")
- * @OA\Response(response="400", ref="#/components/responses/InvalidResponse")
  */
 class ClarificationController extends AbstractRestController
 {

webapp/src/Controller/API/ContestController.php

@@ -41,7 +41,6 @@
  * @OA\Tag(name="Contests")
  * @OA\Response(response="404", ref="#/components/responses/NotFound")
  * @OA\Response(response="401", ref="#/components/responses/Unauthorized")
- * @OA\Response(response="400", ref="#/components/responses/InvalidResponse")
  */
 class ContestController extends AbstractRestController
 {

webapp/src/Controller/API/GroupController.php

@@ -22,7 +22,6 @@
  * @OA\Parameter(ref="#/components/parameters/cid")
  * @OA\Response(response="404", ref="#/components/responses/NotFound")
  * @OA\Response(response="401", ref="#/components/responses/Unauthorized")
- * @OA\Response(response="400", ref="#/components/responses/InvalidResponse")
  */
 class GroupController extends AbstractRestController
 {

webapp/src/Controller/API/JudgehostController.php

@@ -50,7 +50,6 @@
 /**
  * @Rest\Route("/judgehosts")
  * @OA\Tag(name="Judgehosts")
- * @OA\Response(response="400", ref="#/components/responses/InvalidResponse")
  */
 class JudgehostController extends AbstractFOSRestController
 {
@@ -1324,6 +1323,44 @@ private function getTestcaseFiles(string $id): array
     /**
      * Fetch work tasks.
      * @Rest\Post("/fetch-work")
+     * @OA\RequestBody(
+     *   description="The hostname of the judgedaemon requesting.",
+     *   @OA\JsonContent(
+     *      required={"hostname"},
+     *      @OA\Property(
+     *          property="hostname",
+     *          type="string",
+     *          format="string",
+     *          description="Hostname of judgedaemon"
+     *      ),
+     *      @OA\Property(
+     *          property="max-batchsize",
+     *          type="integer",
+     *          format="integer",
+     *          description="Maximum size judge requests to handle"
+     *      ),
+     *      @OA\Schema(
+     *          @OA\Property(
+     *              property="hostname",
+     *              type="string",
+     *              format="string",
+     *              description="Hostname of judgedaemon"
+     *          ),
+     *          @OA\Property(
+     *              property="max-batchsize",
+     *              type="integer",
+     *              format="integer",
+     *              description="Maximum size judge requests to handle"
+     *          ),
+     *     ),
+     *     @OA\Examples(example="example-data", value={"hostname": "example-judgehost1"}, summary="Fetch work with example judgedaemon."),
+     *   )
+     * )
+     * @OA\Response(
+     *     response="200",
+     *     description="List of judgeTasks.",
+     *     @OA\Schema(ref="#/definitions/JudgeTaskList")
+     * )
      * @Security("is_granted('ROLE_JUDGEHOST')")
      */
     public function getJudgeTasksAction(Request $request): array

webapp/src/Controller/API/JudgementController.php

@@ -25,7 +25,6 @@
  * @OA\Parameter(ref="#/components/parameters/cid")
  * @OA\Response(response="404", ref="#/components/responses/NotFound")
  * @OA\Response(response="401", ref="#/components/responses/Unauthorized")
- * @OA\Response(response="400", ref="#/components/responses/InvalidResponse")
  */
 class JudgementController extends AbstractRestController implements QueryObjectTransformer
 {

webapp/src/Controller/API/JudgementTypeController.php

@@ -15,7 +15,6 @@
 /**
  * @Rest\Route("/contests/{cid}/judgement-types")
  * @OA\Tag(name="Judgement types")
- * @OA\Response(response="400", ref="#/components/responses/InvalidResponse")
  */
 class JudgementTypeController extends AbstractRestController
 {

webapp/src/Controller/API/LanguageController.php

@@ -18,7 +18,6 @@
  * @OA\Parameter(ref="#/components/parameters/cid")
  * @OA\Response(response="404", ref="#/components/responses/NotFound")
  * @OA\Response(response="401", ref="#/components/responses/Unauthorized")
- * @OA\Response(response="400", ref="#/components/responses/InvalidResponse")
  */
 class LanguageController extends AbstractRestController
 {

webapp/src/Controller/API/OrganizationController.php

@@ -34,7 +34,6 @@
  * @OA\Parameter(ref="#/components/parameters/cid")
  * @OA\Response(response="404", ref="#/components/responses/NotFound")
  * @OA\Response(response="401", ref="#/components/responses/Unauthorized")
- * @OA\Response(response="400", ref="#/components/responses/InvalidResponse")
  */
 class OrganizationController extends AbstractRestController
 {

webapp/src/Controller/API/ProblemController.php

@@ -32,7 +32,6 @@
  * @OA\Parameter(ref="#/components/parameters/cid")
  * @OA\Response(response="404", ref="#/components/responses/NotFound")
  * @OA\Response(response="401", ref="#/components/responses/Unauthorized")
- * @OA\Response(response="400", ref="#/components/responses/InvalidResponse")
  */
 class ProblemController extends AbstractRestController implements QueryObjectTransformer
 {

webapp/src/Controller/API/RunController.php

@@ -25,7 +25,6 @@
  * @OA\Parameter(ref="#/components/parameters/cid")
  * @OA\Response(response="404", ref="#/components/responses/NotFound")
  * @OA\Response(response="401", ref="#/components/responses/Unauthorized")
- * @OA\Response(response="400", ref="#/components/responses/InvalidResponse")
  */
 class RunController extends AbstractRestController implements QueryObjectTransformer
 {

webapp/src/Controller/API/ScoreboardController.php

@@ -28,7 +28,6 @@
  * @OA\Parameter(ref="#/components/parameters/cid")
  * @OA\Response(response="404", ref="#/components/responses/NotFound")
  * @OA\Response(response="401", ref="#/components/responses/Unauthorized")
- * @OA\Response(response="400", ref="#/components/responses/InvalidResponse")
  */
 class ScoreboardController extends AbstractRestController
 {

webapp/src/Controller/API/SubmissionController.php

@@ -38,7 +38,6 @@
  * @OA\Parameter(ref="#/components/parameters/cid")
  * @OA\Response(response="404", ref="#/components/responses/NotFound")
  * @OA\Response(response="401", ref="#/components/responses/Unauthorized")
- * @OA\Response(response="400", ref="#/components/responses/InvalidResponse")
  */
 class SubmissionController extends AbstractRestController
 {