From 18ddf380697ccf33ba5e0393092b73b817e90768 Mon Sep 17 00:00:00 2001 From: MCJ Vasseur <14887731+mvr320@users.noreply.github.com> Date: Tue, 16 Nov 2021 22:21:50 +0100 Subject: [PATCH] Dont run other CI checks --- .github/workflows/codespell.yml | 19 -------- .github/workflows/crunch42-analysis.yml | 42 ++++++++++++++++++ .github/workflows/mayhem-api.yml | 41 ----------------- .github/workflows/shiftleft.yml | 32 ------------- .gitlab-ci.yml | 32 ------------- webapp/config/packages/nelmio_api_doc.yaml | 16 +++++-- .../Controller/API/AbstractRestController.php | 1 + .../src/Controller/API/AwardsController.php | 1 - .../src/Controller/API/BalloonController.php | 1 - .../API/ClarificationController.php | 1 - .../src/Controller/API/ContestController.php | 1 - webapp/src/Controller/API/GroupController.php | 1 - .../Controller/API/JudgehostController.php | 39 +++++++++++++++- .../Controller/API/JudgementController.php | 1 - .../API/JudgementTypeController.php | 1 - .../src/Controller/API/LanguageController.php | 1 - .../Controller/API/OrganizationController.php | 1 - .../src/Controller/API/ProblemController.php | 1 - webapp/src/Controller/API/RunController.php | 1 - .../Controller/API/ScoreboardController.php | 1 - .../Controller/API/SubmissionController.php | 1 - webapp/src/Controller/API/TeamController.php | 1 - webapp/src/Controller/API/UserController.php | 1 - .../.FlattenExceptionHandler.php.swp | Bin 0 -> 12288 bytes 24 files changed, 94 insertions(+), 143 deletions(-) delete mode 100644 .github/workflows/codespell.yml create mode 100644 .github/workflows/crunch42-analysis.yml delete mode 100644 .github/workflows/mayhem-api.yml delete mode 100644 .github/workflows/shiftleft.yml delete mode 100644 .gitlab-ci.yml create mode 100644 webapp/src/FosRestBundle/.FlattenExceptionHandler.php.swp diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml deleted file mode 100644 index 22b29a738f5..00000000000 --- a/.github/workflows/codespell.yml +++ /dev/null @@ -1,19 +0,0 @@ -on: - pull_request: - -name: Spell Check - -jobs: - codespell: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Get dirs to skip - id: list_to_csv - run: echo "::set-output name=SKIP::$(awk '{print $1}' gitlab/codespellignorefiles.txt | paste -s -d, -)" - - uses: codespell-project/actions-codespell@master - with: - check_filenames: true - only_warn: 1 - ignore_words_file: gitlab/codespellignorewords.txt - skip: ${{ steps.list_to_csv.outputs.SKIP }} diff --git a/.github/workflows/crunch42-analysis.yml b/.github/workflows/crunch42-analysis.yml new file mode 100644 index 00000000000..ac13fe8faba --- /dev/null +++ b/.github/workflows/crunch42-analysis.yml @@ -0,0 +1,42 @@ +name: "42Crunch REST API Static Security Testing" + +# follow standard Code Scanning triggers +on: + push: + branches: [ main ] + pull_request_target: + # The branches below must be a subset of the branches above + branches: [ main ] + schedule: + - cron: '19 4 * * 3' + +jobs: + rest-api-static-security-testing: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Install DOMjudge + run: .github/workflowscripts/baseinstall.sh + + - name: Dump the OpenAPI + run: .github/workflowscripts/getapi.sh + + - name: Find all other JSON files and delete those + run: | + rm -rf ./installdir/domserver/lib/vendor ./lib/vendor + rm -f ./doc/manual/sphinx-team.json ./doc/manual/sphinx-team.json + find ./ -name "*.json" + + - name: 42Crunch REST API Static Security Testing + uses: 42Crunch/api-security-audit-action@v1 + with: + # Follow these steps to configure API_SECRET https://docs.42crunch.com/latest/content/tasks/integrate_github_actions.htm + api-token: ${{ secrets.API_SECRET }} + min-score: 9 + # Upload results to Github code scanning + upload-to-code-scanning: true + # Github token for uploading the results + github-token: ${{ github.token }} + ignore-failures: false + diff --git a/.github/workflows/mayhem-api.yml b/.github/workflows/mayhem-api.yml deleted file mode 100644 index 6f4b8d7f366..00000000000 --- a/.github/workflows/mayhem-api.yml +++ /dev/null @@ -1,41 +0,0 @@ -name: "Mayhem API analysis" - -on: - schedule: - - cron: '5 21 * * *' - -jobs: - mayhem: - name: Mayhem API analysis - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - env: - DB_DATABASE: domjudge - DB_USER: user - DB_PASSWORD: password - steps: - - uses: actions/checkout@v2 - - - name: Install DOMjudge - run: .github/workflowscripts/baseinstall.sh - - - name: Dump the OpenAPI - run: .github/workflowscripts/getapi.sh - - - name: Mayhem for API - uses: ForAllSecure/mapi-action@193b709971cc377675e33284aecbf9229853e010 - continue-on-error: true - with: - mapi-token: ${{ secrets.MAPI_TOKEN }} - api-url: http://localhost/domjudge - api-spec: http://localhost/domjudge/api/doc.json # swagger/openAPI doc hosted here - duration: 60 - sarif-report: mapi.sarif - - - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: mapi.sarif diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml deleted file mode 100644 index ed6df4d9533..00000000000 --- a/.github/workflows/shiftleft.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: SL Scan - -on: - push: - branches: [ main ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ main ] - schedule: - - cron: '24 23 * * 6' - -jobs: - Scan-Build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Perform Scan - uses: ShiftLeftSecurity/scan-action@master - env: - WORKSPACE: "" - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SCAN_AUTO_BUILD: true - SCAN_ANNOTATE_PR: 0 - with: - output: reports - type: python,bash - - - name: Upload report - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: reports diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index 8c0219070d7..00000000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,32 +0,0 @@ -include: - - '/gitlab/ci/sast.yml' - - '/gitlab/ci/unit.yml' - - '/gitlab/ci/integration.yml' - - '/gitlab/ci/visual.yml' - - '/gitlab/ci/webstandard.yml' - - '/gitlab/ci/template.yml' - - '/gitlab/ci/misc.yml' - -stages: - - test - - visual_pre - - integration - - compare - - accessibility - - unit - - style - - ci_checks - - sast - -image: domjudge/gitlabci:2.1 - -draw_graph: - stage: ci_checks - image: devdemisto/matplotlib:1.0.0.24512 - script: - - ls duration - - python3 showtimedata.py - artifacts: - paths: - - time.png - - duration diff --git a/webapp/config/packages/nelmio_api_doc.yaml b/webapp/config/packages/nelmio_api_doc.yaml index 0c6f395ad94..949dfe02b08 100644 --- a/webapp/config/packages/nelmio_api_doc.yaml +++ b/webapp/config/packages/nelmio_api_doc.yaml @@ -9,7 +9,7 @@ nelmio_api_doc: components: securitySchemes: basicAuth: - type: http + type: https scheme: basic parameters: cid: @@ -19,6 +19,8 @@ nelmio_api_doc: required: true schema: type: string + pattern: "^[A-Za-z0-9]{1,255}$" + maxLength: 255 examples: int0: value: "2" @@ -36,6 +38,8 @@ nelmio_api_doc: required: true schema: type: integer + minimum: 1 + maximum: 9999 examples: balloon: value: 1 @@ -46,7 +50,10 @@ nelmio_api_doc: description: The ID of the entity to get required: true schema: + $ref: "#/components/schemas/Id" type: string + pattern: "^[A-Za-z0-9]{1,255}$" + maxLength: 255 examples: generic: value: "1" @@ -68,8 +75,7 @@ nelmio_api_doc: schema: type: array items: - type: string - description: A single ID + $ref: "#/components/schemas/Id" strict: name: strict in: query @@ -97,6 +103,10 @@ nelmio_api_doc: schema: type: string schemas: + Id: + type: string + pattern: "^[A-Za-z0-9]{1,255}$" + maxLength: 255 ImageList: type: array items: diff --git a/webapp/src/Controller/API/AbstractRestController.php b/webapp/src/Controller/API/AbstractRestController.php index bb155311997..3fefa5da9cb 100644 --- a/webapp/src/Controller/API/AbstractRestController.php +++ b/webapp/src/Controller/API/AbstractRestController.php @@ -25,6 +25,7 @@ /** * Class AbstractRestController + * @OA\Response(response="400", ref="#/components/responses/InvalidResponse") * @package App\Controller\API */ abstract class AbstractRestController extends AbstractFOSRestController diff --git a/webapp/src/Controller/API/AwardsController.php b/webapp/src/Controller/API/AwardsController.php index ca50278eac4..f1a943a0421 100644 --- a/webapp/src/Controller/API/AwardsController.php +++ b/webapp/src/Controller/API/AwardsController.php @@ -25,7 +25,6 @@ * @OA\Parameter(ref="#/components/parameters/cid") * @OA\Response(response="404", ref="#/components/responses/NotFound") * @OA\Response(response="401", ref="#/components/responses/Unauthorized") - * @OA\Response(response="400", ref="#/components/responses/InvalidResponse") */ class AwardsController extends AbstractRestController { diff --git a/webapp/src/Controller/API/BalloonController.php b/webapp/src/Controller/API/BalloonController.php index 04d27d3697d..e04ed5b4f9d 100644 --- a/webapp/src/Controller/API/BalloonController.php +++ b/webapp/src/Controller/API/BalloonController.php @@ -19,7 +19,6 @@ * @OA\Parameter(ref="#/components/parameters/cid") * @OA\Response(response="404", ref="#/components/responses/NotFound") * @OA\Response(response="401", ref="#/components/responses/Unauthorized") - * @OA\Response(response="400", ref="#/components/responses/InvalidResponse") * @Security("is_granted('ROLE_JURY') or is_granted('ROLE_API_READER') or is_granted('ROLE_BALLOON')") */ class BalloonController extends AbstractRestController diff --git a/webapp/src/Controller/API/ClarificationController.php b/webapp/src/Controller/API/ClarificationController.php index 6fbc8c8c741..b7dfcada564 100644 --- a/webapp/src/Controller/API/ClarificationController.php +++ b/webapp/src/Controller/API/ClarificationController.php @@ -25,7 +25,6 @@ * @OA\Parameter(ref="#/components/parameters/cid") * @OA\Response(response="404", ref="#/components/responses/NotFound") * @OA\Response(response="401", ref="#/components/responses/Unauthorized") - * @OA\Response(response="400", ref="#/components/responses/InvalidResponse") */ class ClarificationController extends AbstractRestController { diff --git a/webapp/src/Controller/API/ContestController.php b/webapp/src/Controller/API/ContestController.php index 4827c1b6a23..89363ca5cad 100644 --- a/webapp/src/Controller/API/ContestController.php +++ b/webapp/src/Controller/API/ContestController.php @@ -41,7 +41,6 @@ * @OA\Tag(name="Contests") * @OA\Response(response="404", ref="#/components/responses/NotFound") * @OA\Response(response="401", ref="#/components/responses/Unauthorized") - * @OA\Response(response="400", ref="#/components/responses/InvalidResponse") */ class ContestController extends AbstractRestController { diff --git a/webapp/src/Controller/API/GroupController.php b/webapp/src/Controller/API/GroupController.php index cadde2f667c..703bdb96d0f 100644 --- a/webapp/src/Controller/API/GroupController.php +++ b/webapp/src/Controller/API/GroupController.php @@ -22,7 +22,6 @@ * @OA\Parameter(ref="#/components/parameters/cid") * @OA\Response(response="404", ref="#/components/responses/NotFound") * @OA\Response(response="401", ref="#/components/responses/Unauthorized") - * @OA\Response(response="400", ref="#/components/responses/InvalidResponse") */ class GroupController extends AbstractRestController { diff --git a/webapp/src/Controller/API/JudgehostController.php b/webapp/src/Controller/API/JudgehostController.php index b5c253158b2..d189b60f1d9 100644 --- a/webapp/src/Controller/API/JudgehostController.php +++ b/webapp/src/Controller/API/JudgehostController.php @@ -50,7 +50,6 @@ /** * @Rest\Route("/judgehosts") * @OA\Tag(name="Judgehosts") - * @OA\Response(response="400", ref="#/components/responses/InvalidResponse") */ class JudgehostController extends AbstractFOSRestController { @@ -1324,6 +1323,44 @@ private function getTestcaseFiles(string $id): array /** * Fetch work tasks. * @Rest\Post("/fetch-work") + * @OA\RequestBody( + * description="The hostname of the judgedaemon requesting.", + * @OA\JsonContent( + * required={"hostname"}, + * @OA\Property( + * property="hostname", + * type="string", + * format="string", + * description="Hostname of judgedaemon" + * ), + * @OA\Property( + * property="max-batchsize", + * type="integer", + * format="integer", + * description="Maximum size judge requests to handle" + * ), + * @OA\Schema( + * @OA\Property( + * property="hostname", + * type="string", + * format="string", + * description="Hostname of judgedaemon" + * ), + * @OA\Property( + * property="max-batchsize", + * type="integer", + * format="integer", + * description="Maximum size judge requests to handle" + * ), + * ), + * @OA\Examples(example="example-data", value={"hostname": "example-judgehost1"}, summary="Fetch work with example judgedaemon."), + * ) + * ) + * @OA\Response( + * response="200", + * description="List of judgeTasks.", + * @OA\Schema(ref="#/definitions/JudgeTaskList") + * ) * @Security("is_granted('ROLE_JUDGEHOST')") */ public function getJudgeTasksAction(Request $request): array diff --git a/webapp/src/Controller/API/JudgementController.php b/webapp/src/Controller/API/JudgementController.php index 4d53344b377..564bc3269f5 100644 --- a/webapp/src/Controller/API/JudgementController.php +++ b/webapp/src/Controller/API/JudgementController.php @@ -25,7 +25,6 @@ * @OA\Parameter(ref="#/components/parameters/cid") * @OA\Response(response="404", ref="#/components/responses/NotFound") * @OA\Response(response="401", ref="#/components/responses/Unauthorized") - * @OA\Response(response="400", ref="#/components/responses/InvalidResponse") */ class JudgementController extends AbstractRestController implements QueryObjectTransformer { diff --git a/webapp/src/Controller/API/JudgementTypeController.php b/webapp/src/Controller/API/JudgementTypeController.php index 4648fe72721..bd63d4fcd8c 100644 --- a/webapp/src/Controller/API/JudgementTypeController.php +++ b/webapp/src/Controller/API/JudgementTypeController.php @@ -15,7 +15,6 @@ /** * @Rest\Route("/contests/{cid}/judgement-types") * @OA\Tag(name="Judgement types") - * @OA\Response(response="400", ref="#/components/responses/InvalidResponse") */ class JudgementTypeController extends AbstractRestController { diff --git a/webapp/src/Controller/API/LanguageController.php b/webapp/src/Controller/API/LanguageController.php index d41ac117a2a..1bcb6e2df27 100644 --- a/webapp/src/Controller/API/LanguageController.php +++ b/webapp/src/Controller/API/LanguageController.php @@ -18,7 +18,6 @@ * @OA\Parameter(ref="#/components/parameters/cid") * @OA\Response(response="404", ref="#/components/responses/NotFound") * @OA\Response(response="401", ref="#/components/responses/Unauthorized") - * @OA\Response(response="400", ref="#/components/responses/InvalidResponse") */ class LanguageController extends AbstractRestController { diff --git a/webapp/src/Controller/API/OrganizationController.php b/webapp/src/Controller/API/OrganizationController.php index 2b14f4f71c6..47919cbd8df 100644 --- a/webapp/src/Controller/API/OrganizationController.php +++ b/webapp/src/Controller/API/OrganizationController.php @@ -34,7 +34,6 @@ * @OA\Parameter(ref="#/components/parameters/cid") * @OA\Response(response="404", ref="#/components/responses/NotFound") * @OA\Response(response="401", ref="#/components/responses/Unauthorized") - * @OA\Response(response="400", ref="#/components/responses/InvalidResponse") */ class OrganizationController extends AbstractRestController { diff --git a/webapp/src/Controller/API/ProblemController.php b/webapp/src/Controller/API/ProblemController.php index c86dfa34b9f..223f10095bd 100644 --- a/webapp/src/Controller/API/ProblemController.php +++ b/webapp/src/Controller/API/ProblemController.php @@ -32,7 +32,6 @@ * @OA\Parameter(ref="#/components/parameters/cid") * @OA\Response(response="404", ref="#/components/responses/NotFound") * @OA\Response(response="401", ref="#/components/responses/Unauthorized") - * @OA\Response(response="400", ref="#/components/responses/InvalidResponse") */ class ProblemController extends AbstractRestController implements QueryObjectTransformer { diff --git a/webapp/src/Controller/API/RunController.php b/webapp/src/Controller/API/RunController.php index d49c7dff252..37c225b5613 100644 --- a/webapp/src/Controller/API/RunController.php +++ b/webapp/src/Controller/API/RunController.php @@ -25,7 +25,6 @@ * @OA\Parameter(ref="#/components/parameters/cid") * @OA\Response(response="404", ref="#/components/responses/NotFound") * @OA\Response(response="401", ref="#/components/responses/Unauthorized") - * @OA\Response(response="400", ref="#/components/responses/InvalidResponse") */ class RunController extends AbstractRestController implements QueryObjectTransformer { diff --git a/webapp/src/Controller/API/ScoreboardController.php b/webapp/src/Controller/API/ScoreboardController.php index 95a43752a42..82ab1e1d23a 100644 --- a/webapp/src/Controller/API/ScoreboardController.php +++ b/webapp/src/Controller/API/ScoreboardController.php @@ -28,7 +28,6 @@ * @OA\Parameter(ref="#/components/parameters/cid") * @OA\Response(response="404", ref="#/components/responses/NotFound") * @OA\Response(response="401", ref="#/components/responses/Unauthorized") - * @OA\Response(response="400", ref="#/components/responses/InvalidResponse") */ class ScoreboardController extends AbstractRestController { diff --git a/webapp/src/Controller/API/SubmissionController.php b/webapp/src/Controller/API/SubmissionController.php index 1cb1316c240..a721edba385 100644 --- a/webapp/src/Controller/API/SubmissionController.php +++ b/webapp/src/Controller/API/SubmissionController.php @@ -38,7 +38,6 @@ * @OA\Parameter(ref="#/components/parameters/cid") * @OA\Response(response="404", ref="#/components/responses/NotFound") * @OA\Response(response="401", ref="#/components/responses/Unauthorized") - * @OA\Response(response="400", ref="#/components/responses/InvalidResponse") */ class SubmissionController extends AbstractRestController { diff --git a/webapp/src/Controller/API/TeamController.php b/webapp/src/Controller/API/TeamController.php index e6a1ae76f47..5ae71c9d489 100644 --- a/webapp/src/Controller/API/TeamController.php +++ b/webapp/src/Controller/API/TeamController.php @@ -33,7 +33,6 @@ * @OA\Parameter(ref="#/components/parameters/cid") * @OA\Response(response="404", ref="#/components/responses/NotFound") * @OA\Response(response="401", ref="#/components/responses/Unauthorized") - * @OA\Response(response="400", ref="#/components/responses/InvalidResponse") */ class TeamController extends AbstractRestController { diff --git a/webapp/src/Controller/API/UserController.php b/webapp/src/Controller/API/UserController.php index 1ee2f4a0348..a14fff55a0f 100644 --- a/webapp/src/Controller/API/UserController.php +++ b/webapp/src/Controller/API/UserController.php @@ -28,7 +28,6 @@ * @OA\Tag(name="Users") * @OA\Response(response="404", ref="#/components/responses/NotFound") * @OA\Response(response="401", ref="#/components/responses/Unauthorized") - * @OA\Response(response="400", ref="#/components/responses/InvalidResponse") */ class UserController extends AbstractRestController { diff --git a/webapp/src/FosRestBundle/.FlattenExceptionHandler.php.swp b/webapp/src/FosRestBundle/.FlattenExceptionHandler.php.swp new file mode 100644 index 0000000000000000000000000000000000000000..740b4fd8d985bfe21ac5e7377c49174b4f9e77f3 GIT binary patch literal 12288 zcmeI2&u<$=6vrn>2nr-EAhp*4EZK>YIw?JX^NWyQb-_s+J5fa(g|$7gx2$(pGqXuU z68HQTL|?f$MR1)XdhqkvJsDDVg> zApIfoKJt1@=XPCx52e2Kt@$zv7zK<1MggOMQNSo*6fg=H1&jhl0i%FX;D4xq)ga`j z#|gRg1cJx^|Kq>^@1G^)SMWXf4txlXz&f}9{um+TGjI%!zya6-WpEixf|c(ZDOv;WJNXPMyH7~kFQR*x`V@b{kkoxhGaK;kLEJ6Ws8Zq2CD_l zQF_!3YNywIw#|gFnk-9a=V(UXjFWhD^_{JI4c#uJB?GaD`>u%&5b11pM@glw{lW&P z`+Uz8tWd~A&MNGd6x;endETM(^EAsi_jtA&>j`C!U`QkxSsd?aDN9jSr&JLw??AWF z<6}BdrA*Qgg^JYFX^4{LPt2j*p0m$ZxYrIVux7PcE>%%o8kDpXcS@PAqNkH6chpYi z(O-#PKXuQQ&^4S@3sQ2s7D$%MMn=0~JrmO`oG+a&ElUjQq9&5kf3!d?&aJ~lIToW4 zX-50$~}4d@KzKw z&FJX0EJ4k&>s?iZ?!qdb@^DI))Vkj3Mx_Q-7nZtgd5v(TXH)L7eauyEp>aB`LLuCX z`gGazc-xZE2saUBKer8=v#`*i*($gE)|$0%H!T#dh-u6BunQInOT~@l#Y%B~ZMVF< zQCxVl_|}5D>m78Pgqh((&w%JbG)w(RK{e@huyI7B|kUXf%T<4_omgNKt+f0v_aa!{{M~^-l zMH;W3WJsN7JrNv{uxd12O?{}E+HK!qZRScr6Z+`ZPGJZg%LDqFZ`I$ydxI|cepRg! z?m0M`U0t|VM6D0= zzBqjhE;$K`2*q57QVFwyL~+*NB^%uZno{TGZ~4PXEO literal 0 HcmV?d00001