CodeIntelligenceTesting · PBetzler · Apr 25, 2024 · Apr 25, 2024 · Apr 30, 2024 · Apr 30, 2024
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -0,0 +1,83 @@
+name: CI Fuzz
+# Set a CI/CD variable called "CI_SENSE_API_TOKEN" with an API token
+# generated in CI Fuzz web interface and a variable called "CI_FUZZ_DOWNLOAD_TOKEN"
+# with a download token from https://downloads.code-intelligence.com.
+# To download the CI Fuzz maven extension or gradle plugin set the secrets
+# MAVEN_REGISTRY_USERNAME and MAVEN_REGISTRY_PASSWORD with the credentials
+# from https://downloads.code-intelligence.com.
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+env:
+  # Timeout until the pipeline is marked as 'success'
+  # if during that time no failing findings are found.
+  TIMEOUT: "60m"
+  # Minimum severity for findings that causes the pipeline to fail.
+  # Findings with lower severity are still reported but do not fail
+  # the pipeline.
+  # Possible values: 'LOW', 'MEDIUM', 'HIGH', 'CRITICAL'
+  MIN_FINDINGS_SEVERITY: MEDIUM
+  # The CI Sense URL.
+  CI_SENSE_HTTP_URL: https://app.code-intelligence.com
+  CI_SENSE_GRPC_URL: grpc.code-intelligence.com:443
+  # The CI Sense project name.
+  PROJECT: prj-4AYoO1XFWOx6
+  # Directory in which the repository will be cloned.
+  CHECKOUT_DIR: checkout-dir/
+jobs:
+  fuzz_tests:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '21'
+      - id: checkout
+        name: Checkout Repository
+        uses: actions/checkout@v2
+        with:
+          path: ${{ env.CHECKOUT_DIR }}
+      # Uncomment to configure access to CI Fuzz maven repository.
+      - uses: s4u/[email protected]
+        with:
+          servers: '[{"id": "code-intelligence", "username": "${{ secrets.MAVEN_REGISTRY_USERNAME }}", "password": "${{ secrets.MAVEN_REGISTRY_PASSWORD }}"}]'
+      - id: install-cifuzz
+        name: Install cifuzz
+        uses: CodeIntelligenceTesting/github-actions/install-cifuzz@v6
+        with:
+          download_token: ${{ secrets.CI_FUZZ_DOWNLOAD_TOKEN }}
+          version: 'latest'
+      - id: run-fuzz-tests
+        name: Run Fuzz Tests
+        uses: CodeIntelligenceTesting/github-actions/run-fuzz-tests@v6-keep-monitoring
+        with:
+          ci_sense_api_token: ${{ secrets.CI_SENSE_API_TOKEN }}
+          project_name: ${{ env.PROJECT }}
+          repository_dir: ${{ env.CHECKOUT_DIR }}
+          timeout: ${{ env.TIMEOUT }}
+          min_findings_severity: ${{ env.MIN_FINDINGS_SEVERITY }}
+          ci_sense_http_url: ${{ env.CI_SENSE_HTTP_URL }}
+      - id: save-results
+        name: Save Fuzz Test Results
+        uses: CodeIntelligenceTesting/github-actions/save-results@v6
+        if: ${{ success() || failure() }}
+        with:
+          ci_sense_api_token: ${{ secrets.CI_SENSE_API_TOKEN }}
+          ci_sense_http_url: ${{ env.CI_SENSE_HTTP_URL }}
+          ci_sense_grpc_url: ${{ env.CI_SENSE_GRPC_URL }}
+          project_name: ${{ env.PROJECT }}
+          started_run: ${{ steps.run-fuzz-tests.outputs.started_run }}
+      - id: upload-artifact
+        uses: actions/upload-artifact@v2
+        if: ${{ (success() || failure()) }}
+        with:
+          name: ci_fuzz_results
+          path: |
+            findings.json
+            coverage.json
+            web_app_address.txt
diff --git a/cifuzz.yaml b/cifuzz.yaml
@@ -54,3 +54,5 @@ timeout: 30m
 
 ## Style for CI Fuzz.
 #style: plain
+
+docker-image: eclipse-temurin:21
diff --git a/src/main/java/com/demo/controller/UserController.java b/src/main/java/com/demo/controller/UserController.java
@@ -61,7 +61,7 @@ public Collection<UserDTO> getUsers(@RequestParam (required = false) String role
     }
 
     /**
-     * GET endpoint with a ldap injection security issue, that should return one specific user object.
+     * GET endpoint that had a remote code execution vulnerability (RCE) that is fixed for now.
      * @param id category id
      * @param role requesting user role definition
      * @return the requested user object
@@ -72,7 +72,7 @@ public UserDTO getUser(@PathVariable String id, @RequestParam(defaultValue = "DE
         try {
             if (new String(Base64.getDecoder().decode(role)).equals("Admin")) {
                 // got here if the role value was "QURNSU4="
-                triggerRCE(id);
+                //triggerRCE(id); //"fixing" Remote-Code-Execution
                 return user;
             }
         } catch (Exception ignored) {}

diff --git a/src/test/java/com/demo/controller/UserControllerTest.java b/src/test/java/com/demo/controller/UserControllerTest.java
@@ -95,7 +95,7 @@ public void unitTestGetUsers() throws Exception {
      * <p/>
      * Execute test with <code>cifuzz run com.demo.controller.UserControllerTest::fuzzTestGetUser</code> or
      * <code>cifuzz container run com.demo.controller.UserControllerTest::fuzzTestGetUser</code>.
-     * Finds a security issue in form of a Remote-Code-Execution (RCE) vulnerability.
+     * Finds no issues as the security issue in form of a Remote-Code-Execution (RCE) vulnerability was fixed.
      * <p/>
      * @param id parameter filled in by the fuzzer.
      * @param role parameter filled in by the fuzzer.