From a12044d83a7715e11a83cb08ccc1d45a9315bebb Mon Sep 17 00:00:00 2001 From: David Jones Date: Thu, 6 Apr 2023 16:11:50 +0100 Subject: [PATCH 1/3] PAY-4884: Add to audit suppressions. --- audit.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/audit.json b/audit.json index 8ee1c6f2..3207f560 100644 --- a/audit.json +++ b/audit.json @@ -2,5 +2,6 @@ "10010_Cookie No HttpOnly Flag_http://ccpay-notifications-service-aat.service.core-compute-aat.internal/v2/api-docs_GET":"ignore", "10054_Cookie without SameSite Attribute_http://ccpay-notifications-service-aat.service.core-compute-aat.internal/v2/api-docs_GET":"ignore", "100000_A Client Error response code was returned by the server_http://ccpay-notifications-service-aat.service.core-compute-aat.internal/v2/api-docs_GET":"ignore", - "90033_Loosely Scoped Cookie_http://ccpay-notifications-service-aat.service.core-compute-aat.internal/v2/api-docs_GET": "ignore" + "90033_Loosely Scoped Cookie_http://ccpay-notifications-service-aat.service.core-compute-aat.internal/v2/api-docs_GET": "ignore", + "10096_Timestamp Disclosure - Unix_http://ccpay-notifications-service-aat.service.core-compute-aat.internal/v2/api-docs_GET":"ignore" } From b14a1b6a4e6e3d91c570bac45695cfc2e2ebf810 Mon Sep 17 00:00:00 2001 From: David Jones Date: Tue, 11 Apr 2023 11:18:28 +0100 Subject: [PATCH 2/3] Remove security.sh --- charts/ccpay-notifications-service/Chart.yaml | 2 +- security.sh | 13 ------------- 2 files changed, 1 insertion(+), 14 deletions(-) delete mode 100644 security.sh diff --git a/charts/ccpay-notifications-service/Chart.yaml b/charts/ccpay-notifications-service/Chart.yaml index 950cdfae..2167e730 100644 --- a/charts/ccpay-notifications-service/Chart.yaml +++ b/charts/ccpay-notifications-service/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "1.0" description: A Helm chart for notifications-service App name: ccpay-notifications-service home: https://github.com/hmcts/ccpay-notifications-service -version: 1.0.3 +version: 1.0.4 maintainers: - name: HMCTS Fees and Pay team dependencies: diff --git a/security.sh b/security.sh deleted file mode 100644 index 7be03ed9..00000000 --- a/security.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/env bash -echo ${TEST_URL} -zap-api-scan.py -t ${TEST_URL}/v2/api-docs -f openapi -S -d -u ${SecurityRules} -P 1001 -l FAIL -cat zap.out -echo "ZAP has successfully started" -export LC_ALL=C.UTF-8 -export LANG=C.UTF-8 -curl --fail http://0.0.0.0:1001/OTHER/core/other/jsonreport/?formMethod=GET --output report.json -zap-cli --zap-url http://0.0.0.0 -p 1001 report -o /zap/api-report.html -f html -zap-cli --zap-url http://0.0.0.0 -p 1001 alerts -l High --exit-code False -mkdir -p functional-output -chmod a+wx functional-output -cp /zap/api-report.html functional-output/ From be7e922d1daea9211817501047847a4f7ff2c257 Mon Sep 17 00:00:00 2001 From: David Jones Date: Tue, 11 Apr 2023 12:25:26 +0100 Subject: [PATCH 3/3] Updated audit.json --- audit.json | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/audit.json b/audit.json index 3207f560..96b17d0a 100644 --- a/audit.json +++ b/audit.json @@ -3,5 +3,15 @@ "10054_Cookie without SameSite Attribute_http://ccpay-notifications-service-aat.service.core-compute-aat.internal/v2/api-docs_GET":"ignore", "100000_A Client Error response code was returned by the server_http://ccpay-notifications-service-aat.service.core-compute-aat.internal/v2/api-docs_GET":"ignore", "90033_Loosely Scoped Cookie_http://ccpay-notifications-service-aat.service.core-compute-aat.internal/v2/api-docs_GET": "ignore", - "10096_Timestamp Disclosure - Unix_http://ccpay-notifications-service-aat.service.core-compute-aat.internal/v2/api-docs_GET":"ignore" + "10096_Timestamp Disclosure - Unix_http://ccpay-notifications-service-aat.service.core-compute-aat.internal/v2/api-docs_GET":"ignore", + "10010_Cookie No HttpOnly Flag_http://ccpay-notifications-service-aat.service.core-compute-aat.internal_GET":"ignore", + "10010_Cookie No HttpOnly Flag_http://ccpay-notifications-service-aat.service.core-compute-aat.internal/_GET":"ignore", + "10010_Cookie No HttpOnly Flag_http://ccpay-notifications-service-aat.service.core-compute-aat.internal/robots.txt_GET":"ignore", + "10054_Cookie without SameSite Attribute_http://ccpay-notifications-service-aat.service.core-compute-aat.internal_GET":"ignore", + "10054_Cookie without SameSite Attribute_http://ccpay-notifications-service-aat.service.core-compute-aat.internal/_GET":"ignore", + "10054_Cookie without SameSite Attribute_http://ccpay-notifications-service-aat.service.core-compute-aat.internal/robots.txt_GET":"ignore", + "10096_Timestamp Disclosure - Unix_http://ccpay-notifications-service-aat.service.core-compute-aat.internal/sitemap.xml_GET":"ignore", + "90033_Loosely Scoped Cookie_http://ccpay-notifications-service-aat.service.core-compute-aat.internal_GET":"ignore", + "90033_Loosely Scoped Cookie_http://ccpay-notifications-service-aat.service.core-compute-aat.internal/_GET":"ignore", + "90033_Loosely Scoped Cookie_http://ccpay-notifications-service-aat.service.core-compute-aat.internal/robots.txt_GET":"ignore" }