Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

LMBQ-267: Security scanning improvements in Helpful Libraries and UI Testing Toolbox, running Windows builds on PR approves too #720

Merged
merged 47 commits into from
Apr 3, 2024
Merged

LMBQ-267: Security scanning improvements in Helpful Libraries and UI Testing Toolbox, running Windows builds on PR approves too #720

Show file tree
Hide file tree
Changes from 27 commits
Commits
Show all changes
47 commits
Select commit Hold shift + click to select a range
652463a
HelpfulLibraries code styling
Piedone Mar 8, 2024
c9acc14
HelpfulLibraries: Adding IContentSecurityPolicyProvider for frame-src
Piedone Mar 8, 2024
ba43e18
Security scanning improvement in HL and UITT
Piedone Mar 8, 2024
ee1765d
Fixing double spaces in Markdown
Piedone Mar 8, 2024
c3b5a44
Making it possible to run more than one ZAP scan at the same time in …
Piedone Mar 9, 2024
deb19ca
Security scanning configuration APIs in UITestingToolbox
Piedone Mar 9, 2024
bc61d5f
Spelling
Piedone Mar 9, 2024
358f7a6
Adding support for relative additional URLs in UITestingToolbox
Piedone Mar 9, 2024
f6c0b31
Adjusting XSLT Injection rule config in UITT
Piedone Mar 10, 2024
ba1ade1
Merge remote-tracking branch 'origin/dev' into issue/LMBQ-267
Piedone Mar 10, 2024
57ab51f
UITT docs
Piedone Mar 10, 2024
62c6d06
Spelling
Piedone Mar 10, 2024
440472b
"Xss" spelling too
Piedone Mar 10, 2024
5f1fe42
Centralizing buildsville/add-remove-label usage
Piedone Mar 10, 2024
d033552
Fixing GHA branch references
Piedone Mar 10, 2024
553ec97
Merge remote-tracking branch 'origin/dev' into issue/LMBQ-267
Piedone Mar 10, 2024
8625b9b
Fixing GHA references for Windows builds too
Piedone Mar 10, 2024
5270eb9
Excluding unused DB technologies during security scans in UITestingTo…
Piedone Mar 10, 2024
c53a6f9
Docs formatting
Piedone Mar 10, 2024
b404078
Missing case of non-centralized add-remove-label
Piedone Mar 10, 2024
2163a69
Merge remote-tracking branch 'origin/dev' into issue/LMBQ-267
Piedone Mar 12, 2024
3e5fe87
Merge remote-tracking branch 'origin/dev' into issue/LMBQ-267
Piedone Mar 18, 2024
ee31567
Consolidation verification docs
Piedone Mar 18, 2024
8c864bb
LGHA issue branch references
Piedone Mar 18, 2024
16fc7a4
Merge remote-tracking branch 'origin/dev' into issue/LMBQ-267
Piedone Mar 24, 2024
2fdb246
Running Windows builds on PR approves too
Piedone Mar 24, 2024
0a05a36
Running Windows NuGet build and PS analysis on PR approve too
Piedone Mar 24, 2024
7d43499
Fixing copy-paste error
Piedone Mar 24, 2024
fab6e66
Dummy change to kick off build
Piedone Mar 24, 2024
75cac51
Revert "Dummy change to kick off build"
Piedone Mar 24, 2024
15ab6a1
HelpfulLibraries docs
Piedone Mar 28, 2024
720f4f0
Merge remote-tracking branch 'origin/dev' into issue/LMBQ-267
Piedone Mar 28, 2024
562ac14
Adding CSP directives for ReCaptcha in HelpfulLibraries
Piedone Mar 28, 2024
24e293b
CSP config for Google Analytics, Application Insights
Piedone Mar 28, 2024
4ba26b7
Code styling
Piedone Mar 28, 2024
0d2ab2c
Spelling
Piedone Mar 28, 2024
d487375
More spelling
Piedone Mar 28, 2024
6d2b5fd
Sealed of approval
Piedone Mar 28, 2024
699d924
Better ExternalLoginContentSecurityPolicyProvider
Piedone Mar 28, 2024
19b95b3
Dummy change to kick off build
Piedone Mar 28, 2024
67d14d9
Revert "Dummy change to kick off build"
Piedone Mar 28, 2024
e6ada15
Merge remote-tracking branch 'origin/dev' into issue/LMBQ-267
Piedone Mar 29, 2024
e0f23ec
Merge remote-tracking branch 'origin/dev' into issue/LMBQ-267
Piedone Apr 1, 2024
aaedbbc
DRY feature operations in HelpfulLibraries
Piedone Apr 2, 2024
889b1a8
Replacing issue branch references with dev in workflows
DemeSzabolcs Apr 2, 2024
7503d8f
Updating submodules to latest devs
DemeSzabolcs Apr 2, 2024
b980071
Updating Lombiq.Lombiq.GitHub.Actions to latest dev too
DemeSzabolcs Apr 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 13 additions & 9 deletions .github/workflows/build-and-test-windows.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ on:
push:
branches:
- dev
pull_request_review:
types: [submitted]

jobs:
remove-run-windows-build-label:
Expand All @@ -20,8 +22,7 @@ jobs:
timeout-minutes: 2
steps:
- name: Remove Run Windows Build Label
# v2.0.0
uses: buildsville/add-remove-label@eeae411a9be2e173f2420e1644514edbecc4e835
uses: Lombiq/GitHub-Actions/.github/actions/add-remove-label@issue/LMBQ-267
with:
# The token is necessary to be able to remove the label even if the workflow is triggered by a pull request
# coming from a fork.
Expand All @@ -31,7 +32,9 @@ jobs:

build-and-test-larger-runners:
if: github.ref_name != github.event.repository.default_branch &&
(github.event_name == 'workflow_dispatch' || github.event.label.name == 'run-windows-build')
(github.event_name == 'workflow_dispatch' ||
github.event.label.name == 'run-windows-build' ||
(github.event.review.state == 'APPROVED' && contains(github.event.pull_request.labels.*.name, 'requires-windows-build')))
name: Build and Test Windows - root solution (larger runners)
uses: Lombiq/GitHub-Actions/.github/workflows/build-and-test-orchard-core.yml@dev
with:
Expand All @@ -48,12 +51,12 @@ jobs:
test-filter: "FullyQualifiedName!~SecurityScanningTests"

build-and-test-standard-runners:
# Since dev builds are not awaited by anyone, they can run on the slower free runners.
if: github.ref_name == github.event.repository.default_branch
name: Build and Test Windows - root solution (standard runners)
uses: Lombiq/GitHub-Actions/.github/workflows/build-and-test-orchard-core.yml@dev
with:
parent-job-name: "root-solution-standard-runners"
# Since dev builds are not awaited by anyone, they can run on the slower free runners.
machine-types: "['windows-2022']"
timeout-minutes: 60
set-up-sql-server: "true"
Expand All @@ -67,7 +70,8 @@ jobs:
build-and-test-nuget-test:
if: github.ref_name == github.event.repository.default_branch ||
github.event_name == 'workflow_dispatch' ||
github.event.label.name == 'run-windows-build'
github.event.label.name == 'run-windows-build' ||
(github.event.review.state == 'APPROVED' && contains(github.event.pull_request.labels.*.name, 'requires-security-build'))
name: Build and Test Windows - NuGetTest solution
uses: Lombiq/GitHub-Actions/.github/workflows/build-and-test-orchard-core.yml@dev
with:
Expand All @@ -83,7 +87,8 @@ jobs:
powershell-static-code-analysis:
if: github.ref_name == github.event.repository.default_branch ||
github.event_name == 'workflow_dispatch' ||
github.event.label.name == 'run-windows-build'
github.event.label.name == 'run-windows-build' ||
(github.event.review.state == 'APPROVED' && contains(github.event.pull_request.labels.*.name, 'requires-security-build'))
name: PowerShell Static Code Analysis Windows
uses: Lombiq/PowerShell-Analyzers/.github/workflows/static-code-analysis.yml@dev
with:
Expand All @@ -94,7 +99,7 @@ jobs:
name: Post Pull Request Checks Automation
needs: [build-and-test-larger-runners, build-and-test-nuget-test, powershell-static-code-analysis]
if: github.event.pull_request != ''
uses: Lombiq/GitHub-Actions/.github/workflows/post-pull-request-checks-automation.yml@dev
uses: Lombiq/GitHub-Actions/.github/workflows/post-pull-request-checks-automation.yml@issue/LMBQ-267
secrets:
JIRA_BASE_URL: ${{ secrets.DEFAULT_JIRA_BASE_URL }}
JIRA_USER_EMAIL: ${{ secrets.DEFAULT_JIRA_USER_EMAIL }}
Expand All @@ -108,8 +113,7 @@ jobs:
needs: [build-and-test-larger-runners, build-and-test-nuget-test, powershell-static-code-analysis]
steps:
- name: Remove Windows Build Warning Label
# v2.0.0
uses: buildsville/add-remove-label@eeae411a9be2e173f2420e1644514edbecc4e835
uses: Lombiq/GitHub-Actions/.github/actions/add-remove-label@issue/LMBQ-267
with:
# The token is necessary to be able to remove the label even if the workflow is triggered by a pull request
# coming from a fork.
Expand Down
11 changes: 5 additions & 6 deletions .github/workflows/build-and-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,11 +25,11 @@ jobs:
build-enable-npm-caching: "true"

build-and-test-standard-runners:
# Since dev builds are not awaited by anyone, they can run on the slower free runners.
if: github.ref_name == github.event.repository.default_branch
name: Build and Test - root solution (standard runners)
uses: Lombiq/GitHub-Actions/.github/workflows/build-and-test-orchard-core.yml@dev
with:
# Since dev builds are not awaited by anyone, they can run on the slower free runners.
parent-job-name: "root-solution-standard-runners"
timeout-minutes: 50
set-up-sql-server: "true"
Expand All @@ -48,7 +48,7 @@ jobs:

spelling:
name: Spelling
uses: Lombiq/GitHub-Actions/.github/workflows/spelling.yml@dev
uses: Lombiq/GitHub-Actions/.github/workflows/spelling.yml@issue/LMBQ-267
with:
additional-dictionaries: |
cspell:csharp/csharp.txt
Expand All @@ -60,9 +60,9 @@ jobs:
cspell:node/dict/node.txt
cspell:npm/dict/npm.txt
lombiq-lgha:dictionaries/Liquid.txt
lombiq-lgha:dictionaries/Xml.txt
lombiq-lgha:dictionaries/Lombiq.people.txt
lombiq-lgha:dictionaries/Security.txt
lombiq-lgha:dictionaries/Xml.txt

powershell-static-code-analysis:
name: PowerShell Static Code Analysis
Expand All @@ -81,7 +81,7 @@ jobs:
name: Post Pull Request Checks Automation
needs: [build-and-test-larger-runners, build-and-test-nuget-test, spelling, powershell-static-code-analysis]
if: github.event.pull_request != ''
uses: Lombiq/GitHub-Actions/.github/workflows/post-pull-request-checks-automation.yml@dev
uses: Lombiq/GitHub-Actions/.github/workflows/post-pull-request-checks-automation.yml@issue/LMBQ-267
secrets:
JIRA_BASE_URL: ${{ secrets.DEFAULT_JIRA_BASE_URL }}
JIRA_USER_EMAIL: ${{ secrets.DEFAULT_JIRA_USER_EMAIL }}
Expand All @@ -95,8 +95,7 @@ jobs:
needs: [build-and-test-larger-runners, build-and-test-nuget-test, powershell-static-code-analysis]
steps:
- name: Add Windows Build Warning Label
# v2.0.0
uses: buildsville/add-remove-label@eeae411a9be2e173f2420e1644514edbecc4e835
uses: Lombiq/GitHub-Actions/.github/actions/add-remove-label@issue/LMBQ-267
with:
# The token is necessary to be able to add the label even if the workflow is triggered by a pull request coming
# from a fork.
Expand Down
2 changes: 1 addition & 1 deletion src/Libraries/Lombiq.HelpfulLibraries
Open in desktop
Submodule Lombiq.HelpfulLibraries updated 8 files
+2 −0 Lombiq.HelpfulLibraries.AspNetCore/Docs/Security.md
+1 −1 Lombiq.HelpfulLibraries.AspNetCore/Security/ApplicationBuilderExtensions.cs
+4 −14 Lombiq.HelpfulLibraries.AspNetCore/Security/CdnContentSecurityPolicyProvider.cs
+18 −0 Lombiq.HelpfulLibraries.AspNetCore/Security/CspHelper.cs
+34 −0 Lombiq.HelpfulLibraries.AspNetCore/Security/EmbeddedMediaContentSecurityPolicyProvider.cs
+34 −0 Lombiq.HelpfulLibraries.AspNetCore/Security/ExternalLoginContentSecurityPolicyProvider.cs
+2 −2 Lombiq.HelpfulLibraries.AspNetCore/Security/IContentSecurityPolicyProvider.cs
+3 −1 Lombiq.HelpfulLibraries.OrchardCore/Security/SecurityOrchardCoreBuilderExtensions.cs
2 changes: 1 addition & 1 deletion test/Lombiq.UITestingToolbox
Open in desktop
Submodule Lombiq.UITestingToolbox updated 8 files
+1 −2 Lombiq.Tests.UI.Shortcuts/Controllers/ErrorController.cs
+3 −2 Lombiq.Tests.UI/Docs/SecurityScanning.md
+12 −9 Lombiq.Tests.UI/SecurityScanning/AutomationFrameworkPlans/Baseline.yml
+32 −9 Lombiq.Tests.UI/SecurityScanning/AutomationFrameworkPlans/FullScan.yml
+78 −1 Lombiq.Tests.UI/SecurityScanning/SecurityScanConfiguration.cs
+1 −1 Lombiq.Tests.UI/SecurityScanning/SecurityScanningUITestContextExtensions.cs
+18 −0 Lombiq.Tests.UI/SecurityScanning/ZapManager.cs
+3 −0 Lombiq.Tests.UI/Services/OrchardCoreUITestExecutorConfiguration.cs
2 changes: 1 addition & 1 deletion tools/Lombiq.GitHub.Actions
Open in desktop
Submodule Lombiq.GitHub.Actions updated 12 files
+35 −0 .github/actions/add-remove-label/action.yml
+1 −2 .github/actions/auto-merge-pull-request/action.yml
+1 −2 .github/actions/auto-transition-jira-issue/action.yml
+1 −1 .github/actions/spelling/action.yml
+2 −0 .github/actions/spelling/dictionaries/Security.txt
+3 −1 .github/actions/verify-dotnet-consolidation/action.yml
+3 −2 .github/workflows/build-and-test-dotnet.yml
+3 −2 .github/workflows/build-and-test-orchard-core.yml
+1 −1 .github/workflows/build-dotnet.yml
+3 −4 .github/workflows/post-pull-request-checks-automation.yml
+1 −1 .github/workflows/spelling-this-repo.yml
+2 −2 .github/workflows/spelling.yml
Loading