Vulnerabilities scanner (#334)

antoinejaussoin · Jan 19, 2022 · bc2aec2 · bc2aec2
1 parent 75d3bb0
commit bc2aec2
Show file tree

Hide file tree

Showing 8 changed files with 2,165 additions and 913 deletions.
diff --git a/.github/workflows/alpha.yml b/.github/workflows/alpha.yml
@@ -2,7 +2,7 @@ name: 'Alpha Build'
 
 on:
   push:
-    branches: [hotfix/vuln-5]
+    branches: [v4110/force-dep]
 
 jobs:
   build:
@@ -54,3 +54,24 @@ jobs:
           tags: retrospected/frontend:alpha
           platforms: linux/amd64
           push: true
+
+      - name: Trivy - Frontend
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: retrospected/frontend:alpha
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
+
+      - name: Trivy - Backend
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: retrospected/backend:alpha
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL'
+
diff --git a/.github/workflows/canary.yml b/.github/workflows/canary.yml
@@ -74,3 +74,23 @@ jobs:
           tags: retrospected/maintenance:canary
           platforms: linux/amd64,linux/arm64,linux/arm/v7
           push: true
+
+      - name: Trivy - Frontend
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: retrospected/frontend:canary
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
+
+      - name: Trivy - Backend
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: retrospected/backend:canary
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL'
diff --git a/.gitignore b/.gitignore
@@ -49,4 +49,7 @@ configuration.json
 /db
 
 *.rest
-.docusaurus
+.docusaurus
+
+output.txt
+vulnerabilities.md
diff --git a/backend/package.json b/backend/package.json
@@ -38,7 +38,6 @@
     "@types/passport-local": "1.0.34",
     "@types/passport-microsoft": "0.0.0",
     "@types/passport-twitter": "1.0.37",
-    "@types/random-words": "1.1.2",
     "@types/shortid": "0.0.29",
     "@types/socket.io-redis": "3.0.0",
     "@types/uuid": "8.3.4",
@@ -70,7 +69,6 @@
     "nodemon": "2.0.15",
     "passport": "0.5.0",
     "passport-github2": "0.1.12",
-    "passport-google-auth": "1.0.2",
     "passport-google-oauth20": "2.0.0",
     "passport-local": "1.0.0",
     "passport-microsoft": "0.1.0",
@@ -79,7 +77,6 @@
     "passport-twitter": "1.0.4",
     "pg": "8.7.1",
     "prettier": "2.5.1",
-    "random-words": "1.1.1",
     "rate-limiter-flexible": "2.3.6",
     "redis": "3.1.2",
     "rimraf": "3.0.2",

diff --git a/backend/src/email/emailSender.ts b/backend/src/email/emailSender.ts
@@ -1,6 +1,6 @@
 import sendGrid, { MailDataRequired } from '@sendgrid/mail';
 import config from '../config';
-import randomWords from 'random-words';
+import randomWords from './random-words';
 
 if (config.SENDGRID_API_KEY) {
   sendGrid.setApiKey(config.SENDGRID_API_KEY);
@@ -65,7 +65,7 @@ export async function sendResetPassword(
 }
 
 function generatePassword(): string {
-  return randomWords(4).join('-');
+  return randomWords({ exactly: 4 }).join('-');
 }
 
 export async function sendSelfHostWelcome(