From 53039453e5561801b8cd6f66ad372f70b274bb27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Linn=C3=A9a=20Oxenwaldt?= Date: Wed, 28 Feb 2024 08:29:45 +0100 Subject: [PATCH 1/3] delete validaition of schema --- src/cydigConfig.json | 45 +++++++++-------------------- src/lib/JsonService.ts | 56 ------------------------------------ src/lib/types/CyDigConfig.ts | 32 ++++++--------------- 3 files changed, 23 insertions(+), 110 deletions(-) diff --git a/src/cydigConfig.json b/src/cydigConfig.json index 19ace9e7..98735f62 100644 --- a/src/cydigConfig.json +++ b/src/cydigConfig.json @@ -1,46 +1,29 @@ { - "teamName": "Test-GitHub", + "teamName": "CyDig", "usingAzure": true, "threatModeling": { - "date": "2023-09-07", - "boardsTag": "TM" + "date": "2024-01-01", + "boardsTag": "TM" }, "pentest": { - "date": "2023-09-07", - "boardsTag": "PT" - }, - "github": { - "usingRepos": true + "date": "2023-01-01", + "boardsTag": "PT" }, "azureDevOps": { - "usingRepos": false, - "repos": { - "username": "firstname.lastname (usually)" - }, - "usingBoards": true, - "boards": { - "nameOfBoard": "not specified" - }, - "organizationName": "CyDig", - "projectName": "CyDig" + "usingBoards": true, + "boards": { + "organizationName": "CyDig", + "projectName": "CyDig", + "nameOfBoard": "not specified" + } }, "scaTool": { - "nameOfTool": "name-of-tool", - "owaspDependencyCheck": { - "reportPath": "Reports/dependency-check-report.csv", - "csvPath": "not specified" - } + "nameOfTool": "OWASP" }, "sastTool": { - "nameOfTool": "name-of-tool", - "semgrep": { - "reportPath": "semgrep-json.json" - } + "nameOfTool": "SEMGREP" }, "codeQualityTool": { - "nameOfTool": "name-of-tool" - }, - "reposToExclude": { - "nameOfRepos": "not-specified" + "nameOfTool": "not specified" } } diff --git a/src/lib/JsonService.ts b/src/lib/JsonService.ts index 6da5490e..0753f794 100644 --- a/src/lib/JsonService.ts +++ b/src/lib/JsonService.ts @@ -1,7 +1,6 @@ import * as fs from 'fs'; import * as path from 'path'; import { CyDigConfig } from './types/CyDigConfig'; -import Joi from 'joi'; export function getContentOfFile(jsonPath: string): CyDigConfig { const jsonFilePath: string = path.resolve( @@ -11,60 +10,5 @@ export function getContentOfFile(jsonPath: string): CyDigConfig { const fileContent: string = fs.readFileSync(jsonFilePath, { encoding: 'utf-8' }); const cydigConfig: CyDigConfig = JSON.parse(fileContent); - validateConfig(cydigConfig); - return cydigConfig; } - -export function validateConfig(config: unknown): void { - const schema: Joi.ObjectSchema = Joi.object({ - teamName: Joi.string().required(), - usingAzure: Joi.boolean(), - threatModeling: Joi.object({ - date: Joi.string(), - boardsTag: Joi.string(), - }), - pentest: Joi.object({ - date: Joi.string(), - boardsTag: Joi.string(), - }), - github: Joi.object({ - usingRepos: Joi.boolean(), - }), - azureDevOps: { - usingRepos: Joi.boolean(), - repos: Joi.object({ - username: Joi.string(), - }), - usingBoards: Joi.boolean(), - boards: Joi.object({ - nameOfBoard: Joi.string(), - }), - organizationName: Joi.string(), - projectName: Joi.string(), - }, - scaTool: Joi.object({ - nameOfTool: Joi.string(), - owaspDependencyCheck: Joi.object({ - reportPath: Joi.string(), - csvPath: Joi.string().optional(), - }), - }), - sastTool: Joi.object({ - nameOfTool: Joi.string(), - semgrep: Joi.object({ - reportPath: Joi.string(), - }), - }), - codeQualityTool: Joi.object({ - nameOfTool: Joi.string(), - }), - reposToExclude: Joi.object({ - nameOfRepos: Joi.string().optional(), - }), - }); - - if (schema.validate(config).error) { - throw new Error(`${schema.validate(config).error?.message} in your CyDig Config file`); - } -} diff --git a/src/lib/types/CyDigConfig.ts b/src/lib/types/CyDigConfig.ts index 174d3083..10897246 100644 --- a/src/lib/types/CyDigConfig.ts +++ b/src/lib/types/CyDigConfig.ts @@ -9,29 +9,15 @@ export type CyDigConfig = { date: string; boardsTag: string; }; - github: { - usingRepos: boolean; - repos: { - username: string; - }; - usingBoards: boolean; + azureDevOps: { + usingBoards: boolean boards: { + organizationName: string; + projectName: string; nameOfBoard: string; - }; - }; - scaTool: { - nameOfTool: string; - owaspDependencyCheck: { - reportPath: string; - }; - }; - sastTool: { - nameOfTool: string; - semgrep: { - reportPath: string; - }; - }; - codeQualityTool: { - nameOfTool: string; - }; + } + } + scaTool: string; + sastTool: string; + codeQualityTool: string; }; From 970f0a56fca1c047e85b8b2d1f065bc7adbf4b17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Linn=C3=A9a=20Oxenwaldt?= Date: Wed, 28 Feb 2024 09:55:20 +0100 Subject: [PATCH 2/3] updated cydig condig --- src/lib/BodyBuilder.ts | 8 ++++---- src/lib/types/CyDigConfig.ts | 16 +++++++++++----- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/src/lib/BodyBuilder.ts b/src/lib/BodyBuilder.ts index 4dc215f9..4c6c0c0a 100644 --- a/src/lib/BodyBuilder.ts +++ b/src/lib/BodyBuilder.ts @@ -38,7 +38,7 @@ export class BodyBuilder { const cqNumberOfSeverity5: string | undefined = process.env?.CQnumberOfSeverity5; const sastNumberOfSeverity1: string | undefined = process.env?.SASTnumberOfSeverity1; - const sastNumberOfSeverity2: string | undefined = process.env.SASTnumberOfSeverity2; + const sastNumberOfSeverity2: string | undefined = process.env?.SASTnumberOfSeverity2; const sastNumberOfSeverity3: string | undefined = process.env?.SASTnumberOfSeverity3; const tmNumberOfActiveTickets: string | undefined = process.env?.tmNumberOfActiveTickets @@ -47,9 +47,9 @@ export class BodyBuilder { const ptNumberOfActiveTickets: string | undefined = process.env?.ptNumberOfActiveTickets; const ptNumberOfClosedTickets: string | undefined = process.env?.ptNumberOfClosedTickets; - const numUserInProdSeverity1: string | undefined = process.env.numUserInProdSeverity1; - const numUserInProdSeverity2: string | undefined = process.env.numUserInProdSeverity2; - const numUserInProdSeverity3: string | undefined = process.env.numUserInProdSeverity3; + const numUserInProdSeverity1: string | undefined = process.env?.numUserInProdSeverity1; + const numUserInProdSeverity2: string | undefined = process.env?.numUserInProdSeverity2; + const numUserInProdSeverity3: string | undefined = process.env?.numUserInProdSeverity3; //For printing urls in the pipeline const urlBody: UrlBody = new UrlBodyBuilder() diff --git a/src/lib/types/CyDigConfig.ts b/src/lib/types/CyDigConfig.ts index 10897246..d10c8451 100644 --- a/src/lib/types/CyDigConfig.ts +++ b/src/lib/types/CyDigConfig.ts @@ -10,14 +10,20 @@ export type CyDigConfig = { boardsTag: string; }; azureDevOps: { - usingBoards: boolean + usingBoards: boolean; boards: { organizationName: string; projectName: string; nameOfBoard: string; - } + }; + }; + scaTool: { + nameOfTool: string; + }, + sastTool: { + nameOfTool: string; + }, + codeQualityTool: { + nameOfTool: string; } - scaTool: string; - sastTool: string; - codeQualityTool: string; }; From 05f2e45cb0e973f66833985bd5cd51113b4c4e6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Linn=C3=A9a=20Oxenwaldt?= Date: Wed, 28 Feb 2024 10:34:18 +0100 Subject: [PATCH 3/3] confg --- src/cydigConfig.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cydigConfig.json b/src/cydigConfig.json index 98735f62..da1ca6e9 100644 --- a/src/cydigConfig.json +++ b/src/cydigConfig.json @@ -21,7 +21,7 @@ "nameOfTool": "OWASP" }, "sastTool": { - "nameOfTool": "SEMGREP" + "nameOfTool": "CodeQL" }, "codeQualityTool": { "nameOfTool": "not specified"