Version 0.4 (#61)

* Added samesite strict validation * Added validation for security profile * ✨ logout csrf validation * ✨ Configuration file validation * talisman file * 👷 set github relase to draft per default * changed default host uri in sample configuration file to localhost:8080 * fix: upgrade com.nimbusds:oauth2-oidc-sdk from 8.23 to 8.23.1 (#16) Snyk has created this PR to upgrade com.nimbusds:oauth2-oidc-sdk from 8.23 to 8.23.1. See this package in Maven Repository: https://mvnrepository.com/artifact/com.nimbusds/oauth2-oidc-sdk/ See this project in Snyk: https://app.snyk.io/org/gianlucafrei-och/project/181b8f16-e1ad-4f9e-a379-cc431e0f9f55?utm_source=github&utm_medium=upgrade-pr * fix: upgrade com.nimbusds:nimbus-jose-jwt from 9.1 to 9.1.1 (#15) Snyk has created this PR to upgrade com.nimbusds:nimbus-jose-jwt from 9.1 to 9.1.1. See this package in Maven Repository: https://mvnrepository.com/artifact/com.nimbusds/nimbus-jose-jwt/ See this project in Snyk: https://app.snyk.io/org/gianlucafrei-och/project/181b8f16-e1ad-4f9e-a379-cc431e0f9f55?utm_source=github&utm_medium=upgrade-pr * 👷 Added ci pipeline for dev branch * Hardcoded hosturi for tests * Fixed release pipeline to trigger on version tags only * Added contribution guideline * Update CONTRIBUTING.md * Session renewal (#36) Session renewal * Added config field renewWhenLessThan * ✨ Implemented session senewal * Made error message more precise * updated sample configuration * Added session renewal config to README * cleaned up code Co-authored-by: Gian-Luca Frei <gifr@Gian-Lucas-MacBook-Pro.local> * Initial compiling version - generating new TraceId - assigning to MDC for Logging Open: - taking over values - configuration - sending traceId downstream * Migrated to Spring Cloud Gateway and WebFlux * Init spring cloud gateway routes * ported login logout test * fixed concurrency issue in gateway filters * Migrated Zuul Filter * Added route rewrite * Server-side session invalidation with local persistent blacklist * First running version Open: - taking over values * Added taking over values from incoming calls Open: - a few tests and documentation review * Added implementations for noTrace and simpleTrace as well as api documentation and tests. * Implemented contextual logging * 34 correlation (#55) * Initial compiling version - generating new TraceId - assigning to MDC for Logging Open: - taking over values - configuration - sending traceId downstream * First running version Open: - taking over values * Added taking over values from incoming calls Open: - a few tests and documentation review * Added implementations for noTrace and simpleTrace as well as api documentation and tests. Co-authored-by: Padi Steger <patrick.steger@zuehlke.com> * Big package renaming * Renaming in pipelines * Updated terminology in code and config * Changed docker file to multi-stage build * Updated terminology in docu * Updated terminology in strings * Updated config path variable name * Cleaned up gitignore * Changed java version to 11 * updated banner * git updated dev pipeline to use docker build only * fixed dockerfile when no txt files are in root folder * Dockerfile fix2 * Updated build pipeline to docker only * Try fixed github_ref * Fix github_ref try 2 * Fixed github_ref try 3 * Fixed dockerfile copy error * Updated release pipeline * Fixed release pipeline * Refactored Bean Creation * Fixed container tag name in release pipeline * Added infrastructure package * Added factories for LoginDriver and CsrfProtection * Removed callbackUri from LoginDriverConstructor * Added Factory Classes for LoginDrivers * Changed session id to 64bit secure random nonce * Introduced reasonable trace interface. (#58) Co-authored-by: Padi Steger <patrick.steger@zuehlke.com> * Changed TraceContextBridge to use the Bean from the PostConfigBeanConfiguration class * Re fixed trace id, thanks padi for finding the bug 😁 Co-authored-by: = <=> Co-authored-by: Snyk bot <snyk-bot@snyk.io> Co-authored-by: Gian-Luca Frei <gifr@Gian-Lucas-MacBook-Pro.local> Co-authored-by: Padi Steger <patrick.steger@zuehlke.com> Co-authored-by: Padi Steger (OWASP Switzerland) <77661049+Padi-owasp@users.noreply.github.com>
The-OAG-Development-Project · Mar 2, 2021 · 9218b0b · 9218b0b
1 parent 88177fc
commit 9218b0b
Show file tree

Hide file tree

Showing 198 changed files with 5,776 additions and 3,125 deletions.
diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml
diff --git a/.github/workflows/dockerbuild.yml b/.github/workflows/dockerbuild.yml
@@ -0,0 +1,68 @@
+# This workflow will build a Java project with Maven
+# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
+
+name: CI/CD
+
+on:
+  push:
+    branches: [ dev, main ]
+
+jobs:
+  build-docker:
+    name: Build and Push Docker Image
+    runs-on: ubuntu-latest
+
+    steps:
+      #############
+      # Preparation
+      - uses: actions/checkout@v2
+      - uses: docker/setup-qemu-action@v1
+      - uses: docker/setup-buildx-action@v1
+
+      - name: Extract branch name
+        shell: bash
+        run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
+        id: extract_branch
+
+      - name: Add commit hash to artifact
+        run: echo $GITHUB_SHA >> oag/commit-hash.txt
+
+      - name: "Compile container tag"
+        run: echo "tag=owasp/application-gateway:${{ steps.extract_branch.outputs.branch }}-SNAPSHOT" >> $GITHUB_ENV
+
+      #############
+      # Docker build
+      - name: Docker Build
+        run: docker build -t ${{ env.tag }} .
+
+      # Dockle Check
+      - name: Install Dockle
+        run: VERSION=$(curl --silent "https://api.github.com/repos/goodwithtech/dockle/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') && curl -L -o dockle.tar.gz https://github.com/goodwithtech/dockle/releases/download/v${VERSION}/dockle_${VERSION}_Linux-64bit.tar.gz &&  tar zxvf dockle.tar.gz
+      - name: Run Dockle Tests
+        run: ./dockle --exit-code 1 ${{ env.tag }}
+
+      #############
+      # Post build: extract binary from docker build and publish artifact
+      - name: Docker create
+        run: docker create --name build ${{ env.tag }}
+
+      - name: Create build folder
+        run: mkdir build
+
+      - name: Copy binary from container
+        run: docker cp "build:/app/" build/ 
+
+      - name: Clean up container
+        run: docker rm build
+
+      - name: Publish Artifact
+        uses: actions/upload-artifact@v2
+        with:
+            path: build
+            retention-days: 5
+
+      # Docker Push
+      - name: Docker Login
+        run: docker login --username gianlucafrei --password ${{ secrets.DOCKER_PASSWORD }}
+      - name: Docker Push
+        run: docker push ${{ env.tag }}
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -5,56 +5,87 @@ on:
     types: [created]
 
 jobs:
-  build:
+  build-release:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
-    - name: Set up JDK 1.8
-      uses: actions/setup-java@v1
-      with:
-        java-version: 15
-    - name: Build with Maven
-      run: mvn -B package --file nellygateway/pom.xml 
-    - name: Create Artifact Folder
-      run: mkdir nellygateway/target/artifact/ && cp nellygateway/target/nellygateway*.jar nellygateway/target/artifact/nellygateway.jar && cp nellygateway/sample-nelly-config.yaml nellygateway/target/artifact/sample-nelly-config.yaml
-    - name: Add commit hash to artifact
-      run: echo $GITHUB_SHA >> nellygateway/target/artifact/commit-hash.txt
-    - name: Publish Artifact
-      uses: actions/upload-artifact@v2
-      with:
-          path: nellygateway/target/artifact/
-
-    - name: Get the version
-      id: get_version
-      run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\//}
-
-    - uses: papeloto/action-zip@v1
-      with:
-        files: nellygateway/target/artifact/
-        recursive: false
-        dest: nellygateway-${{ steps.get_version.outputs.VERSION }}.zip
-
-    - name: Get release
-      id: get_release
-      uses: bruceadams/get-release@v1.2.2
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-    - name: Upload Release Asset
-      id: upload-release-asset 
-      uses: actions/upload-release-asset@v1
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        upload_url: ${{ steps.get_release.outputs.upload_url }}
-        asset_path: ./nellygateway-${{ steps.get_version.outputs.VERSION }}.zip
-        asset_name: nellygateway-${{ steps.get_version.outputs.VERSION }}.zip
-        asset_content_type: application/gzip
-
-    # Docker build
-    - name: Docker Build
-      run: docker build -t gianlucafrei/nellygateway:${{ steps.get_version.outputs.VERSION }} -t gianlucafrei/nellygateway:latest .
-    - name: Docker Login
-      run: docker login --username gianlucafrei --password ${{ secrets.DOCKER_PASSWORD }}
-    - name: Docker Push
-      run: docker push gianlucafrei/nellygateway:${{ steps.get_version.outputs.VERSION }}
+
+      - name: Get the version
+        run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\//}
+
+      #############
+      # Preparation
+      - uses: actions/checkout@v2
+      - uses: docker/setup-qemu-action@v1
+      - uses: docker/setup-buildx-action@v1
+
+      - name: Get version name
+        shell: bash
+        run: echo "##[set-output name=version;]$(echo ${GITHUB_REF/refs\/tags\//})"
+        id: get_version
+
+      - name: Add commit hash to artifact
+        run: echo $GITHUB_SHA >> oag/commit-hash.txt
+
+      - name: "Compile container tag"
+        run: echo "tag=owasp/application-gateway:${{ steps.get_version.outputs.version }}" >> $GITHUB_ENV
+
+      - name: Get release
+        id: get_release
+        uses: bruceadams/get-release@v1.2.2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      #############
+      # Docker build
+      - name: Docker Build
+        run: docker build -t ${{ env.tag }} .
+
+      # Dockle Check
+      - name: Install Dockle
+        run: VERSION=$(curl --silent "https://api.github.com/repos/goodwithtech/dockle/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') && curl -L -o dockle.tar.gz https://github.com/goodwithtech/dockle/releases/download/v${VERSION}/dockle_${VERSION}_Linux-64bit.tar.gz &&  tar zxvf dockle.tar.gz
+      - name: Run Dockle Tests
+        run: ./dockle --exit-code 1 ${{ env.tag }}
+
+      #############
+      # Post build: extract binary from docker build and publish artifact
+      - name: Docker create
+        run: docker create --name build ${{ env.tag }}
+
+      - name: Create build folder
+        run: mkdir build
+
+      - name: Copy binary from container
+        run: docker cp "build:/app/" build/ 
+
+      - name: Clean up container
+        run: docker rm build
+
+      - name: Publish Artifact
+        uses: actions/upload-artifact@v2
+        with:
+            path: build
+            retention-days: 5
+
+      # Assemble and upload release assets
+      - uses: papeloto/action-zip@v1
+        with:
+          files: build/
+          recursive: false
+          dest: oag-${{ steps.get_version.outputs.VERSION }}.zip
+
+      - name: Upload Release Asset
+        id: upload-release-asset 
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.get_release.outputs.upload_url }}
+          asset_path: ./oag-${{ steps.get_version.outputs.VERSION }}.zip
+          asset_name: oag-${{ steps.get_version.outputs.VERSION }}.zip
+          asset_content_type: application/gzip
+
+      # Docker Push
+      - name: Docker Login
+        run: docker login --username gianlucafrei --password ${{ secrets.DOCKER_PASSWORD }}
+      - name: Docker Push
+        run: docker push ${{ env.tag }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -17,5 +17,5 @@ jobs:
       with:
         java-version: 15
     - name: Build with Maven
-      run: mvn -B package --file nellygateway/pom.xml 
+      run: mvn -B package --file oag/pom.xml
 
diff --git a/.gitignore b/.gitignore
@@ -1,7 +1,6 @@
 HELP.md
-nellygateway/sample-nelly-config-secret.yaml
 target/
-nellygateway/nelly.log/
+*.log
 !.mvn/wrapper/maven-wrapper.jar
 !**/src/main/**/target/
 !**/src/test/**/target/

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -40,7 +40,7 @@ cd nellygateway #Inner source folder
 
 ### IntelliJ
 
-If you use IntelliJ you just import the inner source folder (`...repo/nellygateway/`) and everything should work out of the box.
+If you use IntelliJ you just import the inner source folder (`...repo/oag/`) and everything should work out of the box.
 
 Please use the following code style file:
 
@@ -50,9 +50,8 @@ It is also recommended to use the "Save Actions" plugin to automatically optimiz
 
 We currently use the following tools for CI/CD
 
-- GitHub Actions for automatic build and releases (See https://github.com/gianlucafrei/nellygateway/actions)
-- Codacy for static analysis (See https://app.codacy.com/gh/gianlucafrei/nellygateway/dashboard)
-- Dockle for container security analysis (Within build pipelines: https://github.com/gianlucafrei/nellygateway/blob/main/.github/workflows/main.yml, https://github.com/goodwithtech/dockle)
+- GitHub Actions for automatic build and releases (See https://github.com/gianlucafrei/Application-Gateway/actions)
+- Dockle for container security analysis (Within build pipelines: https://github.com/gianlucafrei/Application-Gateway/blob/main/.github/workflows/main.yml, https://github.com/goodwithtech/dockle)
 
 
 ## Varia