chore: Replace request dependency to fix security issue in the node e…

…nabler (#3909) Signed-off-by: Pavel Jareš <[email protected]> Signed-off-by: nx673747 <[email protected]> Signed-off-by: ac892247 <[email protected]> Co-authored-by: nx673747 <[email protected]> Co-authored-by: ac892247 <[email protected]>
zowe · Nov 27, 2024 · cc30d21 · cc30d21
1 parent 77f0d91
commit cc30d21
Show file tree

Hide file tree

Showing 33 changed files with 11,915 additions and 394 deletions.
diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml
@@ -1380,6 +1380,7 @@ jobs:
                     - /api-defs:/api-defs
                 env:
                     APIML_SERVICE_HOSTNAME: discovery-service-2
+                    APIML_DISCOVERY_ALLPEERSURLS: https://discovery-service-2:10011/eureka
             gateway-service-2:
                 image: ghcr.io/balhar-jakub/gateway-service:${{ github.run_id }}-${{ github.run_number }}
                 env:

diff --git a/.gitignore b/.gitignore
@@ -110,10 +110,11 @@ invalidated*.index
 onboarding-enabler-micronaut/target/
 onboarding-enabler-micronaut/out/
 onboarding-enabler-nodejs-sample-app/tools/
-
+onboarding-enabler-nodejs/coverage/
+onboarding-enabler-nodejs/lib/
 file/
 
 zowe-cli-id-federation-plugin/*.jcl
 
 data/*
-index/*
+index/*
diff --git a/api-catalog-ui/frontend/cypress/e2e/login/login-oauth2.cy.js b/api-catalog-ui/frontend/cypress/e2e/login/login-oauth2.cy.js
@@ -26,13 +26,12 @@ describe('>>> Login through Okta OK', () => {
             cy.log("System env CYPRESS_OKTA_PASSWORD is not set");
         }
 
-        cy.get('form span.o-form-input-name-identifier input').type(username);
+        cy.get('form span.o-form-input-name-username input').type(username);
         cy.get('form input[type="password"]').type(password);
 
         cy.get('form input.button-primary').should('not.be.disabled');
         cy.get('form input.button-primary').click();
 
-        cy.location('href').should('contain', '/oauth2/v1/authorize')
 
         cy.url().should('contain', '/application');
 

diff --git a/gradle/versions.gradle b/gradle/versions.gradle
@@ -67,12 +67,12 @@ dependencyResolutionManagement {
             version('log4j', '2.24.1')
             version('lombok', '1.18.34')
             version('netty', '4.1.115.Final')
-            version('nettyReactor', '1.2.0')
+            version('nettyReactor', '1.1.23')
             version('nimbusJoseJwt', '9.46')
             version('openApiDiff', '2.0.1')
             version('picocli', '4.7.6')
 
-            version('reactor', '3.7.0')
+            version('reactor', '3.6.11')
             version('restAssured', '5.5.0')
             version('rhino', '1.7.15')
             version('springDoc', '2.6.0')

diff --git a/onboarding-enabler-nodejs-sample-app/package-lock.json b/onboarding-enabler-nodejs-sample-app/package-lock.json
diff --git a/onboarding-enabler-nodejs-sample-app/package.json b/onboarding-enabler-nodejs-sample-app/package.json
@@ -2,6 +2,7 @@
     "name": "helloworld-expressjs",
     "version": "0.3.0",
     "description": "Hello World Service in Express",
+    "type": "module",
     "main": "src/index.js",
     "scripts": {
         "start": "node src/index.js",

diff --git a/onboarding-enabler-nodejs-sample-app/src/index.js b/onboarding-enabler-nodejs-sample-app/src/index.js
@@ -8,9 +8,9 @@
  * Copyright Contributors to the Zowe Project.
  */
 
-const express = require("express");
-const https = require("https");
-const apiLayerService = require("@zowe/apiml-onboarding-enabler-nodejs");
+import express from "express";
+import * as https from "https";
+import * as apiLayerService from "@zowe/apiml-onboarding-enabler-nodejs";
 
 // Command-line arguments:
 const args = {
@@ -54,7 +54,7 @@ function startHttpsService() {
     app.use(express.static("src/static"));
 
     // Start HTTPS server and register to Discovery Service:
-    tlsOptions = apiLayerService.tlsOptions;
+    const tlsOptions = apiLayerService.tlsOptions;
     httpsServer = https.createServer(tlsOptions, app);
     httpsServer.listen(args.port, function () {
         console.log(`${args.serviceId} service listening on port ${args.port}`);

diff --git a/onboarding-enabler-nodejs/.babelrc b/onboarding-enabler-nodejs/.babelrc
@@ -0,0 +1,3 @@
+{
+  "presets": ["env"]
+}
diff --git a/onboarding-enabler-nodejs/.eslintrc b/onboarding-enabler-nodejs/.eslintrc
@@ -0,0 +1,10 @@
+{
+  "extends": ["airbnb-base"],
+  "rules": {
+    "no-param-reassign": [2, {"props": false}],
+    "consistent-return": 0
+  },
+  "env": {
+    "mocha": true
+  }
+}
diff --git a/onboarding-enabler-nodejs/.npmrc b/onboarding-enabler-nodejs/.npmrc
@@ -1,2 +1,2 @@
 legacy-peer-deps=true
-registry=https://zowe.jfrog.io/artifactory/api/npm/npm-org/
+registry=https://zowe.jfrog.io/artifactory/api/npm/npm-org
diff --git a/onboarding-enabler-nodejs/gulpfile.babel.js b/onboarding-enabler-nodejs/gulpfile.babel.js
@@ -0,0 +1,64 @@
+/*
+ * This program and the accompanying materials are made available under the terms of the
+ * Eclipse Public License v2.0 which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-v20.html
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Copyright Contributors to the Zowe Project.
+ */
+
+import gulp from 'gulp';
+import babel from 'gulp-babel';
+import mocha from 'gulp-mocha';
+import eslint from 'gulp-eslint';
+import { Instrumenter } from 'babel-istanbul';
+import istanbul from 'gulp-istanbul';
+import env from 'gulp-env';
+
+gulp.task('build', () => (
+  gulp.src('src/**/*.js')
+    .pipe(babel())
+    .pipe(gulp.dest('lib'))
+));
+
+gulp.task('lint', () => (
+  gulp.src(['src/**/*.js', 'test/**/*.js'])
+    .pipe(eslint())
+    .pipe(eslint.format())
+    .pipe(eslint.failOnError())
+));
+
+gulp.task('mocha', (cb) => {
+  const envs = env.set({
+    NODE_ENV: 'test',
+  });
+
+  return gulp.src('src/**/*.js')
+    .pipe(envs)
+    .pipe(istanbul({
+      instrumenter: Instrumenter,
+    })) // Covering files
+    .pipe(istanbul.hookRequire()) // Force `require` to return covered files
+    .on('finish', () => {
+      gulp.src(['test/**/*.js', '!test/integration.test.js'])
+        .pipe(mocha())
+        .pipe(istanbul.writeReports())
+        .pipe(istanbul.enforceThresholds({ thresholds: { global: 0 } }))
+        .pipe(envs.reset)
+        .on('end', cb);
+    });
+});
+
+gulp.task('test:integration', () => (
+  gulp.src('test/integration.test.js')
+    .pipe(mocha({ timeout: 120000 }))
+));
+
+gulp.task('test', gulp.series('lint', 'mocha'));
+
+gulp.task('test:watch', () => (
+  gulp.watch(['src/**/*.js', 'test/**/*.test.js'], ['test'])
+));
+
+gulp.task('default', gulp.series('build'));
diff --git a/onboarding-enabler-nodejs/license-checker-config.json b/onboarding-enabler-nodejs/license-checker-config.json
@@ -0,0 +1,16 @@
+{
+  "license": "../.licence/EPL-2.0-licence-header.txt",
+  "licenseFormats": {
+    "ts|js": {
+      "prepend": "/*",
+      "append": " */\n",
+      "eachLine": {
+        "prepend": " * "
+      }
+    }
+  },
+  "ignore": [
+    "bin", "lib", "coverage",
+    ".*", "*.md", "*.gradle", "**/*.yml"
+  ]
+}