From ddabc298b41cabbad75040f2c74c7f70dd38d10b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonathan=20Bokvad=20Engar=C3=A5s?=
 <jonathan.bokvad.engaras@omegapoint.se>
Date: Thu, 7 Sep 2023 16:54:42 +0200
Subject: [PATCH] added pentest

---
 cydigConfig.json                 | 41 ++++++++++++++++++++
 package-lock.json                | 46 +++++++++++++++++++++-
 package.json                     |  3 +-
 src/Pentest/PentestService.ts    | 42 ++++++++++++++++++++
 src/helpfunctions/JsonService.ts | 66 ++++++++++++++++++++++++++++++++
 src/index.ts                     |  7 +++-
 src/types/CyDigConfig.ts         | 41 ++++++++++++++++++++
 7 files changed, 243 insertions(+), 3 deletions(-)
 create mode 100644 cydigConfig.json
 create mode 100644 src/Pentest/PentestService.ts
 create mode 100644 src/helpfunctions/JsonService.ts
 create mode 100644 src/types/CyDigConfig.ts

diff --git a/cydigConfig.json b/cydigConfig.json
new file mode 100644
index 00000000..22824a2e
--- /dev/null
+++ b/cydigConfig.json
@@ -0,0 +1,41 @@
+{
+    "teamName": "name-of-your-team", 
+    "usingAzure": true,
+    "threatModeling": {
+        "date": "date-of-threat-modeling",
+        "boardsTag": "TM" 
+    },
+    "pentest": {
+        "date": "2023-09-07",
+        "boardsTag": "PT"
+    },
+    "githubDevOps": {
+        "usingRepos": true,
+        "repos": {
+            "username": "firstname.lastname (usually)"
+        },
+        "usingBoards": true,
+        "boards": {
+            "nameOfBoard": "name-of-boards (use 'not specified' for all boards in project)"
+        }
+    },
+    "scaTool": {
+        "nameOfTool": "name-of-tool", 
+        "owaspDependencyCheck": {
+            "reportPath": "Reports/dependency-check-report.csv",
+            "csvPath": "not specified"
+        }
+    },
+    "sastTool": {
+        "nameOfTool": "name-of-tool",
+        "semgrep": {
+            "reportPath": "semgrep-json.json"
+        }
+    },
+    "codeQualityTool": {
+        "nameOfTool": "name-of-tool"
+    },
+    "reposToExclude": {
+        "nameOfRepos": "not-specified"
+    }
+}
diff --git a/package-lock.json b/package-lock.json
index 130500fc..f14e5386 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,7 +10,8 @@
       "license": "MIT",
       "dependencies": {
         "@actions/core": "^1.10.0",
-        "@actions/github": "^5.1.1"
+        "@actions/github": "^5.1.1",
+        "joi": "^17.10.1"
       },
       "devDependencies": {
         "@types/node": "^20.5.7",
@@ -923,6 +924,19 @@
       "integrity": "sha512-gIhjdJp/c2beaIWWIlsXdqXVRUz3r2BxBCpfz/F3JXHvSAQ1paMYjLH+maEATtENg+k5eLV7gA+9yPp762ieuw==",
       "dev": true
     },
+    "node_modules/@hapi/hoek": {
+      "version": "9.3.0",
+      "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-9.3.0.tgz",
+      "integrity": "sha512-/c6rf4UJlmHlC9b5BaNvzAcFv7HZ2QHaV0D4/HNlBdvFnvQq8RI4kYdhyPCl7Xj+oWvTWQ8ujhqS53LIgAe6KQ=="
+    },
+    "node_modules/@hapi/topo": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/@hapi/topo/-/topo-5.1.0.tgz",
+      "integrity": "sha512-foQZKJig7Ob0BMAYBfcJk8d77QtOe7Wo4ox7ff1lQYoNNAb6jwcY1ncdoy2e9wQZzvNy7ODZCYJkK8kzmcAnAg==",
+      "dependencies": {
+        "@hapi/hoek": "^9.0.0"
+      }
+    },
     "node_modules/@humanwhocodes/config-array": {
       "version": "0.11.11",
       "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.11.tgz",
@@ -1602,6 +1616,24 @@
         "url": "https://opencollective.com/unts"
       }
     },
+    "node_modules/@sideway/address": {
+      "version": "4.1.4",
+      "resolved": "https://registry.npmjs.org/@sideway/address/-/address-4.1.4.tgz",
+      "integrity": "sha512-7vwq+rOHVWjyXxVlR76Agnvhy8I9rpzjosTESvmhNeXOXdZZB15Fl+TI9x1SiHZH5Jv2wTGduSxFDIaq0m3DUw==",
+      "dependencies": {
+        "@hapi/hoek": "^9.0.0"
+      }
+    },
+    "node_modules/@sideway/formula": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/@sideway/formula/-/formula-3.0.1.tgz",
+      "integrity": "sha512-/poHZJJVjx3L+zVD6g9KgHfYnb443oi7wLu/XKojDviHy6HOEOA6z1Trk5aR1dGcmPenJEgb2sK2I80LeS3MIg=="
+    },
+    "node_modules/@sideway/pinpoint": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/@sideway/pinpoint/-/pinpoint-2.0.0.tgz",
+      "integrity": "sha512-RNiOoTPkptFtSVzQevY/yWtZwf/RxyVnPy/OcA9HBM3MlGDnBEYL5B41H0MTn0Uec8Hi+2qUtTfG2WWZBmMejQ=="
+    },
     "node_modules/@sinclair/typebox": {
       "version": "0.27.8",
       "resolved": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.8.tgz",
@@ -5467,6 +5499,18 @@
         "url": "https://github.com/chalk/supports-color?sponsor=1"
       }
     },
+    "node_modules/joi": {
+      "version": "17.10.1",
+      "resolved": "https://registry.npmjs.org/joi/-/joi-17.10.1.tgz",
+      "integrity": "sha512-vIiDxQKmRidUVp8KngT8MZSOcmRVm2zV7jbMjNYWuHcJWI0bUck3nRTGQjhpPlQenIQIBC5Vp9AhcnHbWQqafw==",
+      "dependencies": {
+        "@hapi/hoek": "^9.0.0",
+        "@hapi/topo": "^5.0.0",
+        "@sideway/address": "^4.1.3",
+        "@sideway/formula": "^3.0.1",
+        "@sideway/pinpoint": "^2.0.0"
+      }
+    },
     "node_modules/js-tokens": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
diff --git a/package.json b/package.json
index e3adad9c..6668be2b 100644
--- a/package.json
+++ b/package.json
@@ -36,7 +36,8 @@
   "license": "MIT",
   "dependencies": {
     "@actions/core": "^1.10.0",
-    "@actions/github": "^5.1.1"
+    "@actions/github": "^5.1.1",
+    "joi": "^17.10.1"
   },
   "devDependencies": {
     "@types/node": "^20.5.7",
diff --git a/src/Pentest/PentestService.ts b/src/Pentest/PentestService.ts
new file mode 100644
index 00000000..c92e949a
--- /dev/null
+++ b/src/Pentest/PentestService.ts
@@ -0,0 +1,42 @@
+import * as core from '@actions/core';
+import * as github from '@actions/github';
+
+export class PentestService {
+    public static async getStateOfPentest(pentestDate: { 
+        date: string;
+        boardsTag: string;
+    }): Promise<void> {
+        console.log('Running Pentest Controls');
+        
+        if(!pentestDate.date){
+            core.warning("Pentest Date is not set!");
+            return;
+        }
+        core.setOutput("pentestDate", pentestDate.date);
+
+        
+
+        // const token = core.getInput('repo-token');
+        // console.log("Got the token");
+
+        // const octokit = github.getOctokit(token);
+        // console.log("octoKit authenticated");
+
+        // const { owner, repo } = github.context.repo;
+        // console.log(`Owner: ${owner}`);
+        // console.log(`Repo: ${repo}`);
+        
+        // console.log("Going to get branch protection");
+        // await octokit.rest.repos.getBranchProtection({
+        // owner: owner,
+        // repo: repo,
+        // branch: 'main',
+        // }).then((response) => { 
+        //     console.log("Got the branch protection");
+        //     console.log(response.data);
+        // }).catch((error) => {
+        //     core.warning("Error getting branch protection!");
+        //     core.warning("Error: ", error.message);
+        // });
+    }
+}
\ No newline at end of file
diff --git a/src/helpfunctions/JsonService.ts b/src/helpfunctions/JsonService.ts
new file mode 100644
index 00000000..c367dbaa
--- /dev/null
+++ b/src/helpfunctions/JsonService.ts
@@ -0,0 +1,66 @@
+import * as fs from 'fs';
+import * as path from 'path';
+import { CyDigConfig } from '../types/CyDigConfig';
+import Joi from 'joi';
+
+export function getContentOfFile(jsonPath: string): CyDigConfig {
+  const jsonFilePath: string = path.resolve(
+    __dirname,
+    path.relative(__dirname, path.normalize(jsonPath).replace(/^(\.\.(\/|\\|$))+/, ''))
+  );
+  const fileContent: string = fs.readFileSync(jsonFilePath, { encoding: 'utf-8' });
+
+  const cydigConfig: CyDigConfig = JSON.parse(fileContent);
+
+  validateConfig(cydigConfig);
+
+  return cydigConfig;
+}
+
+export function validateConfig(config: unknown): void {
+  const schema: Joi.ObjectSchema<CyDigConfig> = Joi.object({
+    teamName: Joi.string().required(),
+    usingAzure: Joi.boolean().required(),
+    threatModeling: Joi.object({
+      date: Joi.string().required(),
+      boardsTag: Joi.string().required(),
+    }).required(),
+    pentest: Joi.object({
+      date: Joi.string().required(),
+      boardsTag: Joi.string().required(),
+    }).required(),
+    githubDevOps: Joi.object({
+      usingRepos: Joi.boolean().required(),
+      repos: Joi.object({
+        username: Joi.string().required(),
+      }).required(),
+      usingBoards: Joi.boolean().required(),
+      boards: Joi.object({
+        nameOfBoard: Joi.string().required(),
+      }).required(),
+    }).required(),
+    scaTool: Joi.object({
+      nameOfTool: Joi.string().required(),
+      owaspDependencyCheck: Joi.object({
+        reportPath: Joi.string().required(),
+        csvPath: Joi.string().optional(),
+      }),
+    }).required(),
+    sastTool: Joi.object({
+      nameOfTool: Joi.string().required(),
+      semgrep: Joi.object({
+        reportPath: Joi.string().required(),
+      }).required(),
+    }).required(),
+    codeQualityTool: Joi.object({
+      nameOfTool: Joi.string().required(),
+    }).required(),
+    reposToExclude: Joi.object({
+      nameOfRepos: Joi.string().optional(),
+    }),
+  });
+
+  if (schema.validate(config).error) {
+    throw new Error(`${schema.validate(config).error.message} in your CyDig Config file`);
+  }
+}
diff --git a/src/index.ts b/src/index.ts
index 9e302c83..2cabae1b 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -1,13 +1,18 @@
 import * as core from '@actions/core';
 import * as github from '@actions/github';
 import { BranchProtectionService } from './branchprotection/BranchProtectionService';
+import { CyDigConfig } from './types/CyDigConfig';
+import { getContentOfFile } from './helpfunctions/JsonService';
+import { PentestService } from './Pentest/PentestService';
 /**
  * The main function for the action.
  * @returns {Promise<void>} Resolves when the action is complete.
  */
 export async function run(): Promise<void> {
   try {
-
+    const cydigConfig: CyDigConfig = getContentOfFile("./cydigconfig.json");
+    await PentestService.getStateOfPentest(cydigConfig.pentest); 
+    
     await BranchProtectionService.getStateOfBranchProtection();
 
     
diff --git a/src/types/CyDigConfig.ts b/src/types/CyDigConfig.ts
new file mode 100644
index 00000000..47f3da04
--- /dev/null
+++ b/src/types/CyDigConfig.ts
@@ -0,0 +1,41 @@
+export type CyDigConfig = {
+  teamName: string;
+  usingAzure: boolean;
+  threatModeling: {
+    date: string;
+    boardsTag: string;
+  };
+  pentest: {
+    date: string;
+    boardsTag: string;
+  };
+  githubDevOps: {
+    usingRepos: boolean;
+    repos: {
+      username: string;
+    };
+    usingBoards: boolean;
+    boards: {
+      nameOfBoard: string;
+    };
+  };
+  scaTool: {
+    nameOfTool: string;
+    owaspDependencyCheck: {
+      reportPath: string;
+      csvPath: string;
+    };
+  };
+  sastTool: {
+    nameOfTool: string;
+    semgrep: {
+      reportPath: string;
+    };
+  };
+  codeQualityTool: {
+    nameOfTool: string;
+  };
+  reposToExclude: {
+    nameOfRepos: string;
+  };
+};