Merge branch 'master' into rotemshynes-patch-3

linear-b · May 18, 2023 · 395362c · 395362c
2 parents 50ad828 + 7463fab
commit 395362c
Show file tree

Hide file tree

Showing 6 changed files with 69 additions and 42 deletions.
diff --git a/.cm/sonar.cm b/.cm/sonar.cm
@@ -0,0 +1,66 @@
+manifest:
+  version: 1.0
+automations:
+  # Add labels
+  vulnerabilities:
+    if:
+      - {{ sonar.vulnerabilities.count > 0}}
+    run:
+      - action: add-label@v1
+        args:
+          label: '{{ sonar.vulnerabilities.count }} 🛡️ Vulnerabilities'
+          color: {{ 'fecdca' if (sonar.vulnerabilities.rating == 'E') else ('f0f593' if (sonar.vulnerabilities.rating == 'C' ) else 'd1fadf') }}
+  security_hotspots:
+    if:
+      - {{ sonar.security_hotspots.count > 0}}
+    run:
+      - action: add-label@v1
+        args:
+          label: '{{ sonar.security_hotspots.count }} 🌶️ Security hotspots'
+          color: {{ 'fecdca' if (sonar.security_hotspots.rating == 'E') else ('f0f593' if (sonar.security_hotspots.rating == 'C' ) else 'd1fadf') }}
+  code_smells:
+    if:
+      - {{ sonar.code_smells.count > 0}}
+    run:
+      - action: add-label@v1
+        args:
+          label: '{{ sonar.code_smells.count }} 💩 Code Smells'
+          color: {{ 'fecdca' if (sonar.code_smells.rating == 'E') else ('f0f593' if (sonar.code_smells.rating == 'C' ) else 'd1fadf') }}
+  bugs:
+    if:
+      - {{ sonar.bugs.count > 0}}
+    run:
+      - action: add-label@v1
+        args:
+          label: '{{ sonar.bugs.count }} 🐞 Bugs'
+          color: {{ 'fecdca' if (sonar.bugs.rating == 'E') else ('f0f593' if (sonar.bugs.rating == 'C' ) else 'd1fadf') }}
+
+  mark_outstanding_pr:
+    if:
+      - {{ sonar.bugs.count == 0 }}
+      - {{ sonar.code_smells.count == 0 }}
+      - {{ sonar.vulnerabilities.count == 0 }}
+      - {{ sonar.security_hotspots.count == 0 }}
+      - {{ sonar.duplications == null or sonar.duplications == 0.0 }}
+    run: 
+      - action: add-label@v1
+        args:
+          label: '💯 Sonar'
+          color: 'd4333f'
+  Assign:
+    # Auto assign Security member
+    if:
+      - {{ sonar.code_smells.rating != 'A' or sonar.vulnerabilities.rating != 'A' or sonar.security_hotspots.rating != 'A'}}
+    run:
+      - action: add-reviewers@v1
+        args:
+          reviewers: [Dudu-linb]
+
+sonar: {{ pr | sonarParser }}
+
+colors:
+  A: 'd1fadf'
+  B: 'e1f5a8'
+  C: 'f0f593'
+  D: 'f5c778'
+  E: 'fecdca'
diff --git a/Dockerfile b/Dockerfile
@@ -21,9 +21,6 @@ COPY requirements.txt requirements.txt
 RUN pip install --no-cache-dir -r requirements.txt
 
 
-# copy project
-COPY . /app/
-
 
 # install pygoat
 EXPOSE 8000

diff --git a/introduction/apis.py b/introduction/apis.py
@@ -4,7 +4,6 @@
 from introduction.playground.A9.main import Log
 from introduction.playground.A6.utility import check_vuln
 from django.contrib.auth import login,authenticate
-from .utility import *
 from django.views.decorators.csrf import csrf_exempt
 import time
 from .views import authentication_decorator
@@ -18,33 +17,10 @@
 def ssrf_code_checker(request):
     if request.user.is_authenticated:
         if request.method == 'POST':
-            python_code = request.POST['python_code']
-            html_code = request.POST['html_code']
-            if not (ssrf_code_converter(python_code)):
-                return JsonResponse({"status": "error", "message": "Invalid code"})
-            test_bench1 = ssrf_html_input_extractor(html_code)
-
-            if (len(test_bench1) >4):
-                return JsonResponse({'message':'too many inputs in Html\n Try again'},status = 400)
-            test_bench2 = ['secret.txt']
-            correct_output1 = [{"blog": "blog1-passed"}, {"blog": "blog2-passed"}, {"blog": "blog3-passed"}, {"blog": "blog4-passed"}]
-            outputs = []
-            for inputs in test_bench1:
-                outputs.append(main.ssrf_lab(inputs))
-            if outputs == correct_output1:
-                outputs = []
-            else:
-                return JsonResponse({'message':'Testbench failed, Code is not working\n Try again'},status = 200)
-
-            correct_output2 = [{"blog": "No blog found"}]
-            for inputs in test_bench2:
-                outputs.append(main.ssrf_lab(inputs))
-            if outputs == correct_output2:
-                return JsonResponse({'message':'Congratulation, you have written a secure code.', 'passed':1}, status = 200)
 
             return JsonResponse({'message':'Test bench passed but the code is not secure'}, status = 200,safe = False)
         else:
-            return JsonResponse({'message':'method not allowed'},status = 405)
+            return JsonResponse({'message':'1method not allowed'},status = 405)
     else:
         return JsonResponse({'message':'UnAuthenticated User'},status = 401)
 
@@ -82,7 +58,7 @@ def log_function_checker(request):
         f.close()
         return JsonResponse({"message":"success", "logs": lines},status = 200)
     else:
-        return JsonResponse({"message":"method not allowed"},status = 405)
+        return JsonResponse({"message":"2method not allowed"},status = 405)
 
 #a7 codechecking api
 @csrf_exempt
@@ -120,7 +96,7 @@ def A6_disscussion_api(request):
 @csrf_exempt
 def A6_disscussion_api_2(request):
     if request.method != 'POST':
-        return JsonResponse({"message":"method not allowed"},status = 405)
+        return JsonResponse({"message":"3method not allowed"},status = 405)
     try:
         code = request.POST.get('code')
         dirname = os.path.dirname(__file__)

diff --git a/introduction/mitre.py b/introduction/mitre.py
@@ -210,11 +210,6 @@ def csrf_transfer_monei_api(request,recipent,amount):
 # @authentication_decorator
 @csrf_exempt
 def mitre_lab_25_api(request):
-    if request.method == "POST":
-        expression = request.POST.get('expression')
-        result = eval(expression)
-        return JsonResponse({'result': result})
-    else:
         return redirect('/mitre/25/lab/')
 
 

diff --git a/introduction/static/css/dark-theme.css b/introduction/static/css/dark-theme.css
@@ -406,7 +406,6 @@ h2 {
   padding: 17px;
   border-radius: 10px;
   text-align: center;
-  padding: 13% 0 0 0;
 }
 #owasp10_2017 {
   width: 90%;
@@ -417,7 +416,6 @@ h2 {
   padding: 17px;
   border-radius: 10px;
   text-align: center;
-  padding: 13% 0 0 0;
 }
 
 #sidebar li ul a #owasp10_2021 {
@@ -442,7 +440,6 @@ h2 {
   padding: 17px;
   border-radius: 10px;
   text-align: center;
-  padding: 13% 0 0 0;
 }
 
 #homeSubmenu {
@@ -464,7 +461,6 @@ h2 {
   padding: 17px;
   border-radius: 10px;
   text-align: center;
-  padding: 13% 0% 0% 0%;
 }
 #challengeSubmenu {
   width: 95%;
@@ -488,7 +484,6 @@ h2 {
   padding: 17px;
   border-radius: 10px;
   text-align: center;
-  padding: 13% 0% 0% 0%;
 }
 #mitre25 {
   width: 90%;
@@ -499,7 +494,6 @@ h2 {
   padding: 17px;
   border-radius: 10px;
   text-align: center;
-  padding: 13% 0% 0% 0%;
 }
 
 #stylesheet-toggle{

diff --git a/introduction/views.py b/introduction/views.py
@@ -133,7 +133,6 @@ def xss_lab3(request):
         return redirect('login')
 
 
-
 def insec_des(request):
     if request.user.is_authenticated:
         return  render(request,'Lab/insec_des/insec_des.html')