-
-
Notifications
You must be signed in to change notification settings - Fork 280
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pull request dedicated to support analysis and integration of the functional modules designed for ANAC project 2024 #4313 #4314
base: devel
Are you sure you want to change the base?
Changes from 250 commits
84476d2
69038b2
d68464d
95d2792
2abde61
c77e0ad
9f09b31
3d3f960
f37e0a8
e66f661
120ff4b
e3a6884
fc5ebeb
f326957
2e5237c
587fb48
f249c6b
338716b
cae0aa5
0a90c78
4abd7bc
97ece45
7022e60
68dec4b
56ab34d
a43319b
54fdee9
6c11e57
4b023ca
f5d62ca
5271828
abac4a3
380513e
2b6cde8
b07c2be
7f792dd
191af53
c1a27e8
b9754db
59cb1fa
53d3c05
7513ffe
9f0dfe5
a8d113a
55fcfd3
cb8d3be
ad07d42
29483fa
0b21379
8402ba5
8494afd
f2d8617
fd9233d
c63843e
096f94b
ee5b9db
bdf6c3a
188e6a6
a356212
868db90
5939a15
6727161
e9479c7
df83ad5
71965fa
94d8d65
162ef4a
b700eab
0f919fd
efa0e12
5b0d241
4c6bcbb
caa7e59
1619008
10b51c5
5d8f05c
bf780cc
0b2f1a1
5242ec0
c63b98c
cc9b5ca
246234d
10021ed
7432c35
c1ce8bc
4ccc29b
0adf625
e107507
2e1971e
aff6137
498db92
fde03b7
2bf14a5
61afe59
7679a17
ec7950a
7f8945c
7c8c804
06188bc
b3b363e
341f735
9d4bfdf
78b3539
9cd10b0
dbb7e72
4927cd7
9d7be32
420035b
d0a470e
fb05494
7c8e358
403c449
4fb94c8
1573a31
275f55f
c02e69e
b265db2
8bd5ee6
2fc895d
4672988
4b62e27
21ca857
c2d20c2
7b0de80
56cb24b
a77e761
ad2d430
c385404
a7e8c73
e377417
2ee0d44
12d89e3
ce31750
b3ec82f
7756b8c
ad7e69a
0462415
d27b965
2e19d06
2a9a9f1
ade0cbc
a9f16c8
b64f3c0
91ff473
e49ca75
9a410b2
d653538
7f17dd4
2da743d
e0067ef
fcf74ba
6779e59
d50a5e7
8f2e655
27c0d1d
8d9f181
2de4b68
3d31368
08193b9
0d1b5ef
cd99af5
6da4925
1a0991a
4f5156f
7b34a08
25aa408
fab0a02
4e28101
205524f
ddfb292
8543940
d13616d
540d307
8ca7a7c
da3ca6e
302b1b1
ffa74fd
966f883
cb34c6c
783f8c1
1b13a9b
5e19bc9
7b80423
ba206c0
e4deb09
0e18a1b
94e2fbf
9a9ad46
b8a302c
60f7cae
ff99894
2297c34
521d18c
3a0f11c
98dc869
48dee7d
8a1119d
8b65d53
e659a01
dc6df67
44ea3db
2e49917
1b4dd2c
11e20a9
f08622c
af8fccc
72bd264
19bb06c
2e39fc1
cfd58a1
55b8719
bbf69ca
c5d0a0a
e5eae06
6d412d4
3f8032a
38f9612
4e092f8
90c93ea
72110d1
81b0c24
34b693b
b99f2e4
044a5e8
0d8b773
e825c1c
56e81fc
c27a529
2e6112f
288be68
bb24cb2
3f27284
8393ef8
aca1778
19632c9
9913112
d7febf6
51d2d59
3d703a8
c525907
27ee7f1
700dba0
1eaa3b9
fd3c8f8
dc20adb
4be8f8b
0fee1ab
ec934a8
0bd19ef
1198d41
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
@evilaliv3 | ||
* @globaleaks/maintainers |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
version: 2 | ||
updates: | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This file has been edited across multiple commits with instances of code being removed and then re-added. To streamline the review, the offending commits should be removed, either by rebasing or squashing them into a single, meaningful commit. |
||
- package-ecosystem: github-actions | ||
directory: / | ||
open-pull-requests-limit: 0 | ||
schedule: | ||
interval: daily | ||
|
||
- package-ecosystem: pip | ||
directory: /backend | ||
open-pull-requests-limit: 0 | ||
schedule: | ||
interval: daily | ||
|
||
- package-ecosystem: pip | ||
directory: backend/requirements | ||
schedule: | ||
interval: "monthly" | ||
labels: [ ] | ||
ignore: | ||
- dependency-name: "*" | ||
|
||
- package-ecosystem: npm | ||
directory: /client | ||
open-pull-requests-limit: 0 | ||
schedule: | ||
interval: daily | ||
|
||
- package-ecosystem: docker | ||
directory: /docker | ||
open-pull-requests-limit: 0 | ||
schedule: | ||
interval: daily | ||
|
||
- package-ecosystem: pip | ||
directory: /documentation | ||
open-pull-requests-limit: 0 | ||
schedule: | ||
interval: daily |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,12 +2,15 @@ name: Build | |
|
||
on: [ push, pull_request ] | ||
|
||
# Declare default permissions as read only. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This file has been edited across multiple commits with instances of code being removed and then re-added. To streamline the review, the offending commits should be removed, either by rebasing or squashing them into a single, meaningful commit. |
||
permissions: read-all | ||
|
||
jobs: | ||
run_build: | ||
runs-on: "ubuntu-latest" | ||
steps: | ||
- name: Check out repository code | ||
uses: actions/[email protected] | ||
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | ||
with: | ||
fetch-depth: 1 | ||
|
||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
# This workflow uses actions that are not certified by GitHub. | ||
# They are provided by a third-party and are governed by | ||
# separate terms of service, privacy policy, and support | ||
# documentation. | ||
|
||
# This workflow checks out code, performs a Codacy security scan | ||
# and integrates the results with the | ||
# GitHub Advanced Security code scanning feature. For more information on | ||
# the Codacy security scan action usage and parameters, see | ||
# https://github.com/codacy/codacy-analysis-cli-action. | ||
# For more information on Codacy Analysis CLI in general, see | ||
# https://github.com/codacy/codacy-analysis-cli. | ||
|
||
name: Codacy Security Scan | ||
|
||
on: | ||
push: | ||
branches: [ "stable", "devel" ] | ||
pull_request: | ||
# The branches below must be a subset of the branches above | ||
branches: [ "stable" ] | ||
schedule: | ||
- cron: '33 6 * * 2' | ||
|
||
# Declare default permissions as read only. | ||
permissions: read-all | ||
|
||
jobs: | ||
codacy-security-scan: | ||
permissions: | ||
contents: read # for actions/checkout to fetch code | ||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results | ||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status | ||
name: Codacy Security Scan | ||
runs-on: ubuntu-latest | ||
steps: | ||
# Checkout the repository to the GitHub Actions runner | ||
- name: Checkout code | ||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | ||
|
||
# Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis | ||
- name: Run Codacy Analysis CLI | ||
uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b | ||
with: | ||
# Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository | ||
# You can also omit the token and run the tools that support default configurations | ||
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} | ||
verbose: true | ||
output: results.sarif | ||
format: sarif | ||
# Adjust severity of non-security issues | ||
gh-code-scanning-compat: true | ||
# Force 0 exit code to allow SARIF file generation | ||
# This will handover control about PR rejection to the GitHub side | ||
max-allowed-issues: 2147483647 | ||
|
||
# Upload the SARIF file generated in the previous step | ||
- name: Upload SARIF results file | ||
uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 | ||
with: | ||
sarif_file: results.sarif |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
name: "CodeQL" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This file has been edited across multiple commits with instances of code being removed and then re-added. To streamline the review, the offending commits should be removed, either by rebasing or squashing them into a single, meaningful commit. |
||
|
||
on: | ||
push: | ||
branches: [ "stable"] | ||
pull_request: | ||
branches: [ "stable", "devel"] | ||
schedule: | ||
- cron: '15 14 * * 6' | ||
|
||
# Declare default permissions as read only. | ||
permissions: read-all | ||
|
||
jobs: | ||
analyze: | ||
name: Analyze (${{ matrix.language }}) | ||
# Runner size impacts CodeQL analysis time. To learn more, please see: | ||
# - https://gh.io/recommended-hardware-resources-for-running-codeql | ||
# - https://gh.io/supported-runners-and-hardware-resources | ||
# - https://gh.io/using-larger-runners (GitHub.com only) | ||
# Consider using larger runners or machines with greater resources for possible analysis time improvements. | ||
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} | ||
permissions: | ||
# required for all workflows | ||
security-events: write | ||
|
||
# required to fetch internal or private CodeQL packs | ||
packages: read | ||
|
||
# only required for workflows in private repositories | ||
actions: read | ||
contents: read | ||
|
||
strategy: | ||
fail-fast: false | ||
matrix: | ||
include: | ||
- language: javascript-typescript | ||
build-mode: none | ||
- language: python | ||
build-mode: none | ||
# CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' | ||
# Use `c-cpp` to analyze code written in C, C++ or both | ||
# Use 'java-kotlin' to analyze code written in Java, Kotlin or both | ||
# Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both | ||
# To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, | ||
# see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. | ||
# If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how | ||
# your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages | ||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | ||
|
||
# Initializes the CodeQL tools for scanning. | ||
- name: Initialize CodeQL | ||
uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 | ||
with: | ||
languages: ${{ matrix.language }} | ||
build-mode: ${{ matrix.build-mode }} | ||
# If you wish to specify custom queries, you can do so here or in a config file. | ||
# By default, queries listed here will override any specified in a config file. | ||
# Prefix the list here with "+" to use these queries and those in the config file. | ||
|
||
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs | ||
# queries: security-extended,security-and-quality | ||
|
||
# If the analyze step fails for one of the languages you are analyzing with | ||
# "We were unable to automatically build your code", modify the matrix above | ||
# to set the build mode to "manual" for that language. Then modify this step | ||
# to build your code. | ||
# ℹ️ Command-line programs to run using the OS shell. | ||
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun | ||
- if: matrix.build-mode == 'manual' | ||
shell: bash | ||
run: | | ||
echo 'If you are using a "manual" build mode for one or more of the' \ | ||
'languages you are analyzing, replace this with the commands to build' \ | ||
'your code, for example:' | ||
echo ' make bootstrap' | ||
echo ' make release' | ||
exit 1 | ||
|
||
- name: Perform CodeQL Analysis | ||
uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 | ||
with: | ||
category: "/language:${{matrix.language}}" |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
# This workflow uses actions that are not certified by GitHub. They are provided | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This file has been edited across multiple commits with instances of code being removed and then re-added. To streamline the review, the offending commits should be removed, either by rebasing or squashing them into a single, meaningful commit. |
||
# by a third-party and are governed by separate terms of service, privacy | ||
# policy, and support documentation. | ||
|
||
name: Scorecard supply-chain security | ||
on: | ||
# For Branch-Protection check. Only the default branch is supported. See | ||
# https://github.com/ossf/scorecard/blob/stable/docs/checks.md#branch-protection | ||
branch_protection_rule: | ||
# To guarantee Maintained check is occasionally updated. See | ||
# https://github.com/ossf/scorecard/blob/stable/docs/checks.md#maintained | ||
schedule: | ||
- cron: '33 21 * * 4' | ||
push: | ||
branches: [ "stable" ] | ||
|
||
# Declare default permissions as read only. | ||
permissions: read-all | ||
|
||
jobs: | ||
analysis: | ||
name: Scorecard analysis | ||
runs-on: ubuntu-latest | ||
permissions: | ||
# Needed to upload the results to code-scanning dashboard. | ||
security-events: write | ||
# Needed to publish results and get a badge (see publish_results below). | ||
id-token: write | ||
# Uncomment the permissions below if installing in a private repository. | ||
# contents: read | ||
# actions: read | ||
|
||
steps: | ||
- name: "Checkout code" | ||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
with: | ||
persist-credentials: false | ||
|
||
- name: "Run analysis" | ||
uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 | ||
with: | ||
results_file: results.sarif | ||
results_format: sarif | ||
# (Optional) "write" PAT token. Uncomment the `repo_token` line below if: | ||
# - you want to enable the Branch-Protection check on a *public* repository, or | ||
# - you are installing Scorecard on a *private* repository | ||
# To create the PAT, follow the steps in https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional. | ||
# repo_token: ${{ secrets.SCORECARD_TOKEN }} | ||
|
||
# Public repositories: | ||
# - Publish results to OpenSSF REST API for easy access by consumers | ||
# - Allows the repository to include the Scorecard badge. | ||
# - See https://github.com/ossf/scorecard-action#publishing-results. | ||
# For private repositories: | ||
# - `publish_results` will always be set to `false`, regardless | ||
# of the value entered here. | ||
publish_results: true | ||
|
||
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF | ||
# format to the repository Actions tab. | ||
- name: "Upload artifact" | ||
uses: actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db # v3.pre.node20 | ||
with: | ||
name: SARIF file | ||
path: results.sarif | ||
retention-days: 5 | ||
|
||
# Upload the results to GitHub's code scanning dashboard (optional). | ||
# Commenting out will disable upload of results to your repo's Code Scanning dashboard | ||
- name: "Upload to code-scanning" | ||
uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 | ||
with: | ||
sarif_file: results.sarif |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,7 +4,7 @@ set -e | |
echo "Running Build & Install" | ||
distro="$(lsb_release -cs)" | ||
|
||
cd /build/whistleblowing-software | ||
cd /build/globaleaks-whistleblowing-software | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This file has been edited across multiple commits with instances of code being removed and then re-added. To streamline the review, the offending commits should be removed, either by rebasing or squashing them into a single, meaningful commit. |
||
|
||
sudo apt-get -y update | ||
|
||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,21 +2,6 @@ | |
|
||
set -e | ||
|
||
LOGFILE="/var/globaleaks/log/globaleaks.log" | ||
ACCESSLOG="/var/globaleaks/log/access.log" | ||
|
||
function atexit { | ||
if [[ -f $LOGFILE ]]; then | ||
cat $LOGFILE | ||
fi | ||
|
||
if [[ -f $ACCESSLOG ]]; then | ||
cat $ACCESSLOG | ||
fi | ||
} | ||
|
||
trap atexit EXIT | ||
|
||
sudo apt-get install -y debootstrap | ||
|
||
export chroot="/tmp/globaleaks_chroot/" | ||
|
@@ -38,4 +23,4 @@ sudo -E chroot "$chroot" locale-gen | |
sudo -E chroot "$chroot" useradd -m builduser | ||
sudo -E su -c 'echo "builduser ALL=NOPASSWD: ALL" >> "$chroot"/etc/sudoers' | ||
sudo -E chroot "$chroot" chown builduser -R /build | ||
sudo -E chroot "$chroot" su - builduser /bin/bash -c '/build/whistleblowing-software/.github/workflows/scripts/build_and_install.sh' | ||
sudo -E chroot "$chroot" su - builduser /bin/bash -c '/build/globaleaks-whistleblowing-software/.github/workflows/scripts/build_and_install.sh' | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This file has been edited across multiple commits with instances of code being removed and then re-added. To streamline the review, the offending commits should be removed, either by rebasing or squashing them into a single, meaningful commit. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This file has been edited across multiple commits with instances of code being removed and then re-added. To streamline the review, the offending commits should be removed, either by rebasing or squashing them into a single, meaningful commit.