diff --git a/.github/workflows/backend-api-spec-update.yml b/.github/workflows/backend-api-spec-update.yml index a80d763a1d..5204adcafe 100644 --- a/.github/workflows/backend-api-spec-update.yml +++ b/.github/workflows/backend-api-spec-update.yml @@ -10,19 +10,19 @@ jobs: update_backend_api_spec: runs-on: ubuntu-latest steps: - - uses: peterjgrainger/action-create-branch@v2.4.0 + - uses: peterjgrainger/action-create-branch@v3.0.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: branch: 'infra/update-backend-api-spec' - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: ref: 'infra/update-backend-api-spec' fetch-depth: 0 # we need a full history to make rebase with master - name: Set up Java - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: 17 distribution: temurin @@ -45,7 +45,7 @@ jobs: echo SAVE_CLI_GRADLE_OPTS=-PsaveCliPath=${{ github.workspace }}/save-cli >> $GITHUB_ENV - name: Generate open api doc - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@v3 with: gradle-version: wrapper arguments: | diff --git a/.github/workflows/build-base-images.yaml b/.github/workflows/build-base-images.yaml index bbf8522bd4..05173c78e9 100644 --- a/.github/workflows/build-base-images.yaml +++ b/.github/workflows/build-base-images.yaml @@ -43,13 +43,13 @@ jobs: - base_image_name: ubuntu base_image_tag: '20.04' steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - if: github.event_name == 'workflow_dispatch' name: Prepare to build from branch run: | git fetch git checkout origin/${{ inputs.branch }} - - uses: docker/login-action@v2 + - uses: docker/login-action@v3 with: registry: ghcr.io username: saveourtool @@ -57,7 +57,7 @@ jobs: - name: Prepare formatted tags run: | echo FORMATTED_TAG=${{ matrix.base_image_tag }} | sed -e "s/-focal$//" | sed -e "s/20.04$/latest/" >> $GITHUB_ENV - - uses: docker/build-push-action@v4 + - uses: docker/build-push-action@v5 with: context: save-deploy/base-images push: true @@ -72,18 +72,18 @@ jobs: name: Build custom Paketo builder for CPG-demo runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - if: github.event_name == 'workflow_dispatch' name: Prepare to build from branch run: | git fetch git checkout origin/${{ inputs.branch }} - - uses: docker/login-action@v2 + - uses: docker/login-action@v3 with: registry: ghcr.io username: saveourtool password: ${{ secrets.GITHUB_TOKEN }} - - uses: docker/build-push-action@v4 + - uses: docker/build-push-action@v5 with: context: save-demo-cpg/builder push: true diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml index 381ac243cb..ddfd6db4e1 100644 --- a/.github/workflows/build_and_test.yml +++ b/.github/workflows/build_and_test.yml @@ -40,11 +40,11 @@ jobs: steps: - id: checkout if: ${{ github.event_name == 'push' }} - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 2 - id: git-changed-files - uses: tj-actions/changed-files@v41 + uses: tj-actions/changed-files@v42 with: files_yaml: | root_gradle: @@ -230,9 +230,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Download gradle reports - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 - name: Code coverage report - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@v4 with: fail_ci_if_error: false diff --git a/.github/workflows/build_and_test_reusable.yml b/.github/workflows/build_and_test_reusable.yml index 367a94651c..0b06718a27 100644 --- a/.github/workflows/build_and_test_reusable.yml +++ b/.github/workflows/build_and_test_reusable.yml @@ -20,12 +20,12 @@ jobs: if: inputs.do-build runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: # required for correct codecov upload fetch-depth: 0 - name: Set up JDK 17 - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: 17 distribution: temurin @@ -38,12 +38,12 @@ jobs: kv=$(cat gradle/libs.versions.toml | grep '^kotlin =' | awk -F'[=]' '{print $2}' | tr -d '" ') echo KOTLIN_VERSION=$kv >> $GITHUB_ENV - name: Cache konan - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.konan key: ${{ runner.os }}-gradle-konan-${{ env.KOTLIN_VERSION }} - name: Build ${{ inputs.module }} - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@v3 with: gradle-version: wrapper gradle-home-cache-cleanup: true @@ -60,14 +60,14 @@ jobs: --build-cache - name: Upload gradle reports ${{ inputs.module }} if: ${{ always() }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: gradle-reports-${{ inputs.module }} path: '${{ inputs.module }}/build/reports/' retention-days: 1 - name: Upload frontend distribution if: inputs.module == 'save-frontend' - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: save-frontend path: 'save-frontend/build/libs/save-frontend-*-distribution.jar' diff --git a/.github/workflows/build_save-agent_reusable.yml b/.github/workflows/build_save-agent_reusable.yml index 6bf08e126b..8f31e984cf 100644 --- a/.github/workflows/build_save-agent_reusable.yml +++ b/.github/workflows/build_save-agent_reusable.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout save-cloud - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 ref: ${{ inputs.branch }} @@ -43,7 +43,7 @@ jobs: kv=$(cat gradle/libs.versions.toml | grep -m1 '^kotlin =' | awk -F'[=]' '{print $2}' | tr -d '" ') echo KOTLIN_VERSION=$kv >> $GITHUB_ENV - name: Cache konan - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.konan key: ${{ runner.os }}-gradle-konan-${{ env.KOTLIN_VERSION }} @@ -57,7 +57,7 @@ jobs: run: sudo apt-get update && sudo apt-get install -y libcurl4-openssl-dev - name: Build save-agent and save-demo-agent - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@v3 with: gradle-version: wrapper arguments: | @@ -73,20 +73,20 @@ jobs: - name: Upload save-agent if: inputs.build-save-agent - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: save-agent path: 'save-agent/build/libs/save-agent-*-distribution.jar' - name: Upload save-demo-agent if: inputs.build-save-demo-agent - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: save-demo-agent path: 'save-demo-agent/build/libs/save-demo-agent-*-distribution.jar' - name: Upload gradle reports if: ${{ always() }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: gradle-reports path: '**/build/reports/' diff --git a/.github/workflows/build_save-cli_reusable.yml b/.github/workflows/build_save-cli_reusable.yml index 981d3440fa..56962136d7 100644 --- a/.github/workflows/build_save-cli_reusable.yml +++ b/.github/workflows/build_save-cli_reusable.yml @@ -15,7 +15,7 @@ jobs: version: ${{ steps.save-cli-version.outputs.version }} steps: - name: checkout save-cloud - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: sparse-checkout: | gradle/libs.versions.toml @@ -34,12 +34,12 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout save-cli - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: repository: saveourtool/save-cli fetch-depth: 0 - name: Set up JDK 17 - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: 17 distribution: temurin @@ -49,12 +49,12 @@ jobs: kv=$(cat gradle/libs.versions.toml | grep '^kotlin =' | awk -F'[=]' '{print $2}' | tr -d '" ') echo SAVE_CLI_KOTLIN_VERSION=$kv >> $GITHUB_ENV - name: Cache konan - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.konan key: ${{ runner.os }}-gradle-konan-${{ env.SAVE_CLI_KOTLIN_VERSION }} - name: Build save-cli - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@v3 with: gradle-version: wrapper arguments: | @@ -67,14 +67,14 @@ jobs: run: | find save-cli/build/bin/linuxX64/releaseExecutable -name "save-*.kexe" -exec sh -c 'printf "$1" | sed -r "s/.*save-(.*)-linuxX64.kexe/\1/" | echo "SAVE_CLI_VERSION=$(cat)" >> $GITHUB_ENV' _ {} \; - name: Upload save-cli - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: save-cli path: 'save-cli/build/bin/linuxX64/releaseExecutable/save-*.kexe' retention-days: 1 - name: Upload gradle reports if: ${{ always() }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: gradle-reports path: '**/build/reports/' diff --git a/.github/workflows/ct.yml b/.github/workflows/ct.yml index ff99fbb0e3..b5ae99e5af 100644 --- a/.github/workflows/ct.yml +++ b/.github/workflows/ct.yml @@ -9,7 +9,7 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 # https://github.com/helm/chart-testing#local-repo - uses: pozetroninc/github-action-get-latest-release@master id: ct-version diff --git a/.github/workflows/deploy_images_reusable.yml b/.github/workflows/deploy_images_reusable.yml index db17a9defe..80d90d357e 100644 --- a/.github/workflows/deploy_images_reusable.yml +++ b/.github/workflows/deploy_images_reusable.yml @@ -29,7 +29,7 @@ jobs: steps: - name: checkout save-cloud - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 ref: ${{ inputs.branch }} @@ -53,19 +53,19 @@ jobs: kv=$(cat gradle/libs.versions.toml | grep -m1 '^kotlin =' | awk -F'[=]' '{print $2}' | tr -d '" ') echo KOTLIN_VERSION=$kv >> $GITHUB_ENV - name: Cache konan - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.konan key: ${{ runner.os }}-gradle-konan-${{ env.KOTLIN_VERSION }} - name: Set up JDK 17 - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: 17 distribution: temurin - name: Download save-cli if: ${{ endsWith(inputs.save-cli-version, '-SNAPSHOT') }} - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: save-cli path: ${{ github.workspace }}/save-cli @@ -76,7 +76,7 @@ jobs: - name: Download save-agent if: inputs.module == 'save-backend' - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: save-agent path: ${{ github.workspace }}/save-agent @@ -87,7 +87,7 @@ jobs: - name: Download save-demo-agent if: inputs.module == 'save-demo' - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: save-demo-agent path: ${{ github.workspace }}/save-demo-agent @@ -97,7 +97,7 @@ jobs: echo SAVE_DEMO_AGENT_GRADLE_OPTS=-PsaveDemoAgentPath=${{ github.workspace }}/save-demo-agent >> $GITHUB_ENV - name: Build image for ${{ inputs.module }} - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@v3 with: gradle-version: wrapper arguments: | @@ -113,7 +113,7 @@ jobs: ${{ env.ADDITIONAL_GRADLE_OPTS }} - name: Upload gradle reports if: ${{ always() }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: gradle-reports path: '**/build/reports/' diff --git a/.github/workflows/detekt.yml b/.github/workflows/detekt.yml index 122def56a9..08622d4398 100644 --- a/.github/workflows/detekt.yml +++ b/.github/workflows/detekt.yml @@ -13,13 +13,13 @@ jobs: security-events: write steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up JDK 17 - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: 17 distribution: temurin - - uses: gradle/gradle-build-action@v2 + - uses: gradle/gradle-build-action@v3 with: gradle-version: wrapper arguments: | @@ -29,12 +29,12 @@ jobs: -PgprUser=${{ github.actor }} -PgprKey=${{ secrets.GITHUB_TOKEN }} - name: Upload SARIF report to Github - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 if: ${{ always() }} with: sarif_file: build/detekt-sarif-reports/detekt-merged.sarif - name: Upload SARIF artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: ${{ failure() }} with: name: sarif-reports diff --git a/.github/workflows/diktat.yml b/.github/workflows/diktat.yml index acd4c3bb3a..781a9420bc 100644 --- a/.github/workflows/diktat.yml +++ b/.github/workflows/diktat.yml @@ -13,13 +13,13 @@ jobs: security-events: write steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up JDK 17 - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: 17 distribution: temurin - - uses: gradle/gradle-build-action@v2 + - uses: gradle/gradle-build-action@v3 with: gradle-version: wrapper arguments: | @@ -32,12 +32,12 @@ jobs: -PgprUser=${{ github.actor }} -PgprKey=${{ secrets.GITHUB_TOKEN }} - name: Upload SARIF report to Github - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 if: ${{ always() }} with: sarif_file: build/reports/diktat/diktat-merged.sarif - name: Upload SARIF artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: ${{ failure() }} with: name: sarif-reports diff --git a/.github/workflows/helm_push.yml b/.github/workflows/helm_push.yml index 8acb75d301..878f8ab26e 100644 --- a/.github/workflows/helm_push.yml +++ b/.github/workflows/helm_push.yml @@ -19,21 +19,21 @@ on: jobs: deploy_chart: name: Package and push Helm chart - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest env: CHARTS_DIR: save-cloud-charts/save-cloud steps: - name: checkout save-cloud - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Install Helm - uses: azure/setup-helm@v3 + uses: azure/setup-helm@v4 with: version: latest - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} @@ -42,10 +42,10 @@ jobs: name: Prepare to build from branch run: | git switch --force-create ${{ inputs.branch }} origin/${{ inputs.branch }} - - uses: gittools/actions/gitversion/setup@v0.12.0 + - uses: gittools/actions/gitversion/setup@v0.13.2 with: versionSpec: 5.x - - uses: gittools/actions/gitversion/execute@v0.12.0 + - uses: gittools/actions/gitversion/execute@v0.13.2 id: calculate-semver with: targetPath: ${{ env.CHARTS_DIR }} diff --git a/.github/workflows/kjs-yarn-update.yml b/.github/workflows/kjs-yarn-update.yml index 82f2dbeaef..49b83ffe89 100644 --- a/.github/workflows/kjs-yarn-update.yml +++ b/.github/workflows/kjs-yarn-update.yml @@ -14,18 +14,18 @@ jobs: update_kjs_yarn_lock: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 if: github.event_name == 'pull_request' with: # Checkout source branch directly, without merging base into it ref: ${{ github.event.pull_request.head.ref }} - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 if: github.event_name == 'push' with: # Checkout source branch directly, without merging base into it ref: ${{ github.event.push.ref }} - name: Generate yarn.lock - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@v3 with: gradle-version: wrapper arguments: | diff --git a/.github/workflows/save-api-build.yml b/.github/workflows/save-api-build.yml index d554cc8715..ef3ee1d12c 100644 --- a/.github/workflows/save-api-build.yml +++ b/.github/workflows/save-api-build.yml @@ -9,12 +9,12 @@ on: jobs: build_and_test_with_code_coverage: name: Build, test and upload code coverage - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up JDK 17 - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: 17 distribution: temurin @@ -22,12 +22,12 @@ jobs: # libcurl is needed for ktor-client-curl, libc-bin for orchestrator run: sudo apt-get update && sudo apt-get install -y libcurl4-openssl-dev libc-bin - name: Cache konan - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.konan key: ${{ runner.os }}-gradle-konan-1.7.0 - - uses: gradle/gradle-build-action@v2 + - uses: gradle/gradle-build-action@v3 with: gradle-version: wrapper arguments: | @@ -41,7 +41,7 @@ jobs: - name: Upload gradle reports if: ${{ always() }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: gradle-reports path: '**/build/reports/' diff --git a/.github/workflows/save-api-release.yml b/.github/workflows/save-api-release.yml index 877b1bd5ea..b0abf89db4 100644 --- a/.github/workflows/save-api-release.yml +++ b/.github/workflows/save-api-release.yml @@ -14,23 +14,23 @@ env: jobs: release: name: Build release - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: # release workflow should have access to all tags fetch-depth: 0 - name: Set up JDK 17 - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: 17 distribution: temurin - name: Status git before run: git status - name: gradle release - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@v3 with: gradle-version: wrapper arguments: | @@ -46,7 +46,7 @@ jobs: run: git status - name: Upload artifact id: upload_artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: save-api-${{ runner.os }} path: save-api/build/* diff --git a/cosv-frontend/src/main/kotlin/com/saveourtool/cosv/frontend/components/basic/VulnerabilityIntroductionComponent.kt b/cosv-frontend/src/main/kotlin/com/saveourtool/cosv/frontend/components/basic/VulnerabilityIntroductionComponent.kt index 9c258bacd7..13fbac433d 100644 --- a/cosv-frontend/src/main/kotlin/com/saveourtool/cosv/frontend/components/basic/VulnerabilityIntroductionComponent.kt +++ b/cosv-frontend/src/main/kotlin/com/saveourtool/cosv/frontend/components/basic/VulnerabilityIntroductionComponent.kt @@ -40,12 +40,18 @@ val vulnerabilityIntroductionComponent: FC = FC { } } div { - className = ClassName("card-body pt-0 pb-1") - markdown("addNewMd".t().trimMargin()) - } - div { - className = ClassName("card-body pt-0 pb-1") - markdown("howToMd".t().trimMargin()) + className = ClassName("card-body d-flex align-items-start") + div { + className = ClassName("card-img-right flex-column d-none d-md-block") + img { + className = ClassName("img-fluid") + src = "/img/undraw_important.svg" + } + } + div { + className = ClassName("card-body pt-0 pb-1") + markdown("addNewMd".t().trimMargin()) + } } div { className = ClassName("card-body pt-0 pb-1") diff --git a/cosv-frontend/src/main/resources/img/codehub.svg b/cosv-frontend/src/main/resources/img/codehub.svg new file mode 100644 index 0000000000..6153995a75 --- /dev/null +++ b/cosv-frontend/src/main/resources/img/codehub.svg @@ -0,0 +1,37 @@ + + logo + + + + + + + + + + + + + + + + + + + + + + + + Layer 1 + + + \ No newline at end of file diff --git a/cosv-frontend/src/main/resources/locales/cn/vulnerability-collection.json b/cosv-frontend/src/main/resources/locales/cn/vulnerability-collection.json index 66403b7098..1fffdee618 100644 --- a/cosv-frontend/src/main/resources/locales/cn/vulnerability-collection.json +++ b/cosv-frontend/src/main/resources/locales/cn/vulnerability-collection.json @@ -1,7 +1,6 @@ { "Introducing": "快速开始", "introMd": "|## 开源漏洞库\n |当前页面给出的是已公开的安全漏洞详情", - "addNewMd": "|### 新增漏洞\n |你可以在此添加你自己的漏洞 [新增漏洞](/vuln/create-vulnerability), 如果你在列表中没发现相同的漏洞\n |在被审核通过后,你将会在漏洞库中发现属于你自己的漏洞报告,并且有一个独一无二的漏洞ID", - "howToMd": "|### 如何添加漏洞报告?\n |1. 创建 saveourtool [组织](/create-organization) 和 [项目](/create-project);\n |2. 到你的项目的安全页面;\n |3. 创建新的问题以及你的漏洞编号;\n |\n |以防有错,请随时 [联系我们](https://github.com/saveourtool/save-cloud/issues/new).", + "addNewMd": "|### 新增漏洞\n |你可以在此添加你自己的漏洞 [新增漏洞](/vuln/create-vulnerability), 如果你在列表中没发现相同的漏洞\n |在被审核通过后,你将会在漏洞库中发现属于你自己的漏洞报告,并且有一个独一无二的漏洞ID.\n |\n |以防有错,请随时 [联系我们](https://github.com/saveourtool/save-cloud/issues/new).", "topRatingMd": "|### 贡献排名\n |每一个被审核并接受的漏洞都可以获得一定贡献分数. 在此你可以看到个人用户或组织的 [贡献排名](/vuln/top-rating)" } \ No newline at end of file diff --git a/cosv-frontend/src/main/resources/locales/en/vulnerability-collection.json b/cosv-frontend/src/main/resources/locales/en/vulnerability-collection.json index 0bf68a5018..d00832167c 100644 --- a/cosv-frontend/src/main/resources/locales/en/vulnerability-collection.json +++ b/cosv-frontend/src/main/resources/locales/en/vulnerability-collection.json @@ -1,7 +1,6 @@ { "Introducing": "Introducing", "introMd": "|## International Vulnerabilities Archive\n |Current page provides the list of publicly disclosed information security vulnerabilities and exposures.", - "addNewMd": "|### New vulnerability\n |You can propose your own [new vulnerability](/vuln/create-vulnerability), if you didn't find it one in our list.\n |After the review and approval, it will appear in the database under a special identifier.", - "howToMd": "|### How to add vulnerability in project?\n |1. Create saveourtool [organization](/create-organization) and [project](/create-project);\n |2. Go to your project's security tab;\n |3. Create new problem and add vulnerability number;\n |\n |In case of any error feel free to [contact us](https://github.com/saveourtool/save-cloud/issues/new).", + "addNewMd": "|### New vulnerability\n |You can propose your own [new vulnerability](/vuln/create-vulnerability), if you didn't find it one in our list.\n |After the review and approval, it will appear in the database under a special identifier.\n |\n |In case of any error feel free to [contact us](https://github.com/saveourtool/save-cloud/issues/new).", "topRatingMd": "|### Top rating\n |For each approved and accepted vulnerability you will get rating points. Here you can see the [top rating](/vuln/top-rating) of users and organizations." } \ No newline at end of file diff --git a/cosv-frontend/src/main/resources/locales/ru/vulnerability-collection.json b/cosv-frontend/src/main/resources/locales/ru/vulnerability-collection.json index 6d9c8d0c27..5aa9af6a35 100644 --- a/cosv-frontend/src/main/resources/locales/ru/vulnerability-collection.json +++ b/cosv-frontend/src/main/resources/locales/ru/vulnerability-collection.json @@ -1,7 +1,6 @@ { "Introducing": "Представляем", "introMd": "|## Международный Архив Уязвимостей\n |Данная страница предоставляет список публично раскрытых уязвимостей и инцидентов в области информационной безопасности.", - "addNewMd": "|### Новые уязвимости\n |Вы можете предложить свою [новую уязвимость](/vuln/create-vulnerability), если ее нет в нашем списке.\n |После подтверждения со стороны администрации, она появится в архиве под уникальным ID.", - "howToMd": "|### Как добавить уязвимость в проект?\n |1. Создайте saveourtool [организацию](/create-organization) и [проект](/create-project);\n |2. Откройте вкладку security вашего проекта;\n |3. Создайте новую проблему и добавьте ее уникальный ID;\n |\n |В случае любых ошибок не стесняйтесь [связываться с нами](https://github.com/saveourtool/save-cloud/issues/new).", + "addNewMd": "|### Новые уязвимости\n |Вы можете предложить свою [новую уязвимость](/vuln/create-vulnerability), если ее нет в нашем списке.\n |После подтверждения со стороны администрации, она появится в архиве под уникальным ID.\\n |\\n |В случае любых ошибок не стесняйтесь [связываться с нами](https://github.com/saveourtool/save-cloud/issues/new).\"", "topRatingMd": "|### Рейтинговая система\n |За каждую принятую уязвимость вы получаете очки рейтинга. Здесь вы можете ознакомиться с [рейтингом](/vuln/top-rating) пользователей и организаций." } \ No newline at end of file diff --git a/frontend-common/karma.config.d/custom-config.js b/frontend-common/karma.config.d/custom-config.js index 0c88d3dc9c..25274c721d 100644 --- a/frontend-common/karma.config.d/custom-config.js +++ b/frontend-common/karma.config.d/custom-config.js @@ -8,7 +8,7 @@ test: /\.js$/, use: {loader: 'istanbul-instrumenter-loader'}, // fixme: need to exclude Kotlin dependencies - include: [path.resolve(__dirname, '../save-cloud-save-frontend-common/kotlin/')] + include: [path.resolve(__dirname, '../save-cloud-frontend-common/kotlin/')] } ) config.coverageIstanbulReporter = { @@ -24,12 +24,12 @@ config.set({ } }, proxies: { - // serving mockServiceWorker.js.js from location relative to base url + // serving mockServiceWorker.js from location relative to base url // the file should be included into Karma's `files` to be served by server at all - '/mockServiceWorker.js': '/base/mockServiceWorker.js', + '/mockServiceWorker.js': '/base/node_modules/mockServiceWorker.js', }, }) // http://karma-runner.github.io/6.3/config/files.html -// 'All of the relative patterns will get resolved using the basePath first.', where basePath is set by KGP to `node_modules` -config.files.push('./mockServiceWorker.js') +// 'All of the relative patterns will get resolved using the basePath first.', where basePath is NOT set by KGP to `node_modules` after migration to 1.9 +config.files.push('./node_modules/mockServiceWorker.js') diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 8c3b1d6d20..1228d24b4a 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -1,12 +1,12 @@ [versions] -kotlin = "1.9.10" +kotlin = "1.9.22" jetbrains-annotations = "24.0.1" save-cli = "0.3.10" ktor = "2.3.6" okio = "3.3.0" -serialization = "1.6.0" -kotlinx-datetime = "0.4.1" -kotlinx-coroutines = "1.7.3" +serialization = "1.6.3" +kotlinx-datetime = "0.5.0" +kotlinx-coroutines = "1.8.0" kotlin-wrappers = "1.0.0-pre.634" spring-boot = "2.7.17" spring-cloud = "3.1.9" diff --git a/save-agent/src/commonMain/kotlin/com/saveourtool/save/agent/SaveAgent.kt b/save-agent/src/commonMain/kotlin/com/saveourtool/save/agent/SaveAgent.kt index 11e66b4276..afefa47c1e 100644 --- a/save-agent/src/commonMain/kotlin/com/saveourtool/save/agent/SaveAgent.kt +++ b/save-agent/src/commonMain/kotlin/com/saveourtool/save/agent/SaveAgent.kt @@ -51,12 +51,12 @@ class SaveAgent( /** * The current [AgentState] of this agent. Initial value corresponds to the period when agent needs to finish its configuration. */ - val state = GenericAtomicReference(AgentState.BUSY) + val state = createGenericAtomicReference(AgentState.BUSY) // fixme (limitation of old MM): can't use atomic reference to Instant here, because when using `Clock.System.now()` as an assigned value // Kotlin throws `kotlin.native.concurrent.InvalidMutabilityException: mutation attempt of frozen kotlinx.datetime.Instant...` - private val executionStartSeconds = AtomicLong(0L) - private val saveProcessJob: GenericAtomicReference = GenericAtomicReference(null) + private val executionStartSeconds = createAtomicLong(0L) + private val saveProcessJob: GenericAtomicReference = createGenericAtomicReference(null) private val backgroundContext = newSingleThreadContext("background") private val saveProcessContext = newSingleThreadContext("save-process") private val reportFormat = Json { diff --git a/save-agent/src/commonMain/kotlin/com/saveourtool/save/agent/utils/HttpUtils.kt b/save-agent/src/commonMain/kotlin/com/saveourtool/save/agent/utils/HttpUtils.kt index 19d82dd1bd..b3477fa756 100644 --- a/save-agent/src/commonMain/kotlin/com/saveourtool/save/agent/utils/HttpUtils.kt +++ b/save-agent/src/commonMain/kotlin/com/saveourtool/save/agent/utils/HttpUtils.kt @@ -8,7 +8,7 @@ import com.saveourtool.save.agent.AgentState import com.saveourtool.save.agent.SaveAgent import com.saveourtool.save.core.logging.logWarn import com.saveourtool.save.core.utils.runIf -import com.saveourtool.save.utils.AtomicLong +import com.saveourtool.save.utils.createAtomicLong import com.saveourtool.save.utils.failureOrNotOk import com.saveourtool.save.utils.fs import com.saveourtool.save.utils.notOk @@ -82,7 +82,7 @@ internal suspend fun HttpClient.download(url: String, file: Path): Result if (httpResponse.status.isSuccess()) { val channel: ByteReadChannel = httpResponse.body() - val totalBytes = AtomicLong(0L) + val totalBytes = createAtomicLong(0L) while (!channel.isClosedForRead) { val packet = channel.readRemaining(DEFAULT_HTTP_BUFFER_SIZE.toLong()) while (!packet.isEmpty) { diff --git a/save-cloud-common/src/commonMain/kotlin/com/saveourtool/save/utils/PlatformUtils.kt b/save-cloud-common/src/commonMain/kotlin/com/saveourtool/save/utils/PlatformUtils.kt index 53b2cc1a3f..bd1ce5f44e 100644 --- a/save-cloud-common/src/commonMain/kotlin/com/saveourtool/save/utils/PlatformUtils.kt +++ b/save-cloud-common/src/commonMain/kotlin/com/saveourtool/save/utils/PlatformUtils.kt @@ -13,7 +13,7 @@ import kotlinx.datetime.Clock /** * Atomic values */ -expect class AtomicLong(value: Long) { +interface AtomicLong { /** * @return value */ @@ -32,12 +32,9 @@ expect class AtomicLong(value: Long) { } /** - * Class that holds value and shares atomic reference to the value - * - * @param valueToStore value to store + * Class that holds value and shares atomic reference to the value */ -@Suppress("USE_DATA_CLASS") -expect class GenericAtomicReference(valueToStore: T) { +interface GenericAtomicReference { /** * @return stored value */ @@ -61,8 +58,8 @@ class ExpiringValueWrapper( private val valueGetter: () -> T, ) { private val expirationTimeSeconds = expirationTime.toLong(DurationUnit.SECONDS) - private val lastUpdateTimeSeconds = AtomicLong(0) - private val value: GenericAtomicReference = GenericAtomicReference(valueGetter()) + private val lastUpdateTimeSeconds = createAtomicLong(0) + private val value: GenericAtomicReference = createGenericAtomicReference(valueGetter()) /** * @return cached value or refreshes the value and returns it @@ -77,6 +74,18 @@ class ExpiringValueWrapper( } } +/** + * @param value + * @return [AtomicLong] with initial value [value] + */ +expect fun createAtomicLong(value: Long): AtomicLong + +/** + * @param valueToStore + * @return create [GenericAtomicReference] with initial value [valueToStore] + */ +expect fun createGenericAtomicReference(valueToStore: T): GenericAtomicReference + /** * @param envName * @return env variable name diff --git a/save-cloud-common/src/jsMain/kotlin/com/saveourtool/save/utils/PlatformUtils.kt b/save-cloud-common/src/jsMain/kotlin/com/saveourtool/save/utils/PlatformUtils.kt index 5648366b5c..efd5fa26c9 100644 --- a/save-cloud-common/src/jsMain/kotlin/com/saveourtool/save/utils/PlatformUtils.kt +++ b/save-cloud-common/src/jsMain/kotlin/com/saveourtool/save/utils/PlatformUtils.kt @@ -4,22 +4,18 @@ package com.saveourtool.save.utils -actual class AtomicLong actual constructor(value: Long) { - actual fun get(): Long = throw NotImplementedError(NOT_IMPLEMENTED_ON_JS) +actual fun createAtomicLong(value: Long): AtomicLong = object : AtomicLong { + override fun get(): Long = throw NotImplementedError(NOT_IMPLEMENTED_ON_JS) - actual fun set(newValue: Long) { - throw NotImplementedError(NOT_IMPLEMENTED_ON_JS) - } + override fun set(newValue: Long) = throw NotImplementedError(NOT_IMPLEMENTED_ON_JS) - actual fun addAndGet(delta: Long): Long = throw NotImplementedError(NOT_IMPLEMENTED_ON_JS) + override fun addAndGet(delta: Long): Long = throw NotImplementedError(NOT_IMPLEMENTED_ON_JS) } -@Suppress("USE_DATA_CLASS") -actual class GenericAtomicReference actual constructor(valueToStore: T) { - actual fun get(): T = throw NotImplementedError(NOT_IMPLEMENTED_ON_JS) - actual fun set(newValue: T) { - throw NotImplementedError(NOT_IMPLEMENTED_ON_JS) - } +actual fun createGenericAtomicReference(valueToStore: T): GenericAtomicReference = object : GenericAtomicReference { + override fun get(): T = throw NotImplementedError(NOT_IMPLEMENTED_ON_JS) + + override fun set(newValue: T) = throw NotImplementedError(NOT_IMPLEMENTED_ON_JS) } actual fun getenv(envName: String): String? = throw NotImplementedError(NOT_IMPLEMENTED_ON_JS) diff --git a/save-cloud-common/src/jvmMain/kotlin/com/saveourtool/save/entitiescosv/RawCosvFile.kt b/save-cloud-common/src/jvmMain/kotlin/com/saveourtool/save/entitiescosv/RawCosvFile.kt index bbdc4d3be8..dee30616d8 100644 --- a/save-cloud-common/src/jvmMain/kotlin/com/saveourtool/save/entitiescosv/RawCosvFile.kt +++ b/save-cloud-common/src/jvmMain/kotlin/com/saveourtool/save/entitiescosv/RawCosvFile.kt @@ -30,6 +30,7 @@ import kotlinx.datetime.toKotlinLocalDateTime @Table(schema = "cosv", name = "raw_cosv_file") @Suppress("LongParameterList") class RawCosvFile( + @Column(name = "file_name") var fileName: String, @Column(name = "user_id") var userId: Long, @@ -39,9 +40,13 @@ class RawCosvFile( var status: RawCosvFileStatus, @Formula("LOWER(file_name) LIKE '%_$ZIP_ARCHIVE_EXTENSION'") var isZip: Boolean? = null, + @Column(name = "status_message") var statusMessage: String? = null, + @Column(name = "content_length") var contentLength: Long? = null, + @Column(name = "create_date") override var createDate: LocalDateTime? = null, + @Column(name = "update_date") override var updateDate: LocalDateTime? = null, ) : BaseEntityWithDtoWithId(), IBaseEntityWithDate { override fun toDto(): RawCosvFileDto = RawCosvFileDto( diff --git a/save-cloud-common/src/jvmMain/kotlin/com/saveourtool/save/utils/PlatformUtils.kt b/save-cloud-common/src/jvmMain/kotlin/com/saveourtool/save/utils/PlatformUtils.kt index 5edfb454cd..fd23413b5a 100644 --- a/save-cloud-common/src/jvmMain/kotlin/com/saveourtool/save/utils/PlatformUtils.kt +++ b/save-cloud-common/src/jvmMain/kotlin/com/saveourtool/save/utils/PlatformUtils.kt @@ -1,3 +1,7 @@ +/** + * Platform utils + */ + @file:Suppress("FILE_NAME_MATCH_CLASS") /** * Platform dependent utility methods @@ -7,13 +11,19 @@ package com.saveourtool.save.utils -actual typealias AtomicLong = java.util.concurrent.atomic.AtomicLong +actual fun createAtomicLong(value: Long): AtomicLong = object : AtomicLong { + private val holder = java.util.concurrent.atomic.AtomicLong(value) + override fun get(): Long = holder.get() + + override fun set(newValue: Long) = holder.set(newValue) + + override fun addAndGet(delta: Long): Long = holder.addAndGet(delta) +} -@Suppress("USE_DATA_CLASS") -actual class GenericAtomicReference actual constructor(valueToStore: T) { +actual fun createGenericAtomicReference(valueToStore: T): GenericAtomicReference = object : GenericAtomicReference { private val holder: java.util.concurrent.atomic.AtomicReference = java.util.concurrent.atomic.AtomicReference(valueToStore) - actual fun get(): T = holder.get() - actual fun set(newValue: T) { + override fun get(): T = holder.get() + override fun set(newValue: T) { holder.set(newValue) } } diff --git a/save-cloud-common/src/nativeMain/kotlin/com/saveourtool/save/utils/PlatformUtils.kt b/save-cloud-common/src/nativeMain/kotlin/com/saveourtool/save/utils/PlatformUtils.kt index 0d5ff19117..a48a4b361b 100644 --- a/save-cloud-common/src/nativeMain/kotlin/com/saveourtool/save/utils/PlatformUtils.kt +++ b/save-cloud-common/src/nativeMain/kotlin/com/saveourtool/save/utils/PlatformUtils.kt @@ -7,23 +7,22 @@ package com.saveourtool.save.utils import kotlinx.cinterop.ExperimentalForeignApi import kotlinx.cinterop.toKString -actual class AtomicLong actual constructor(value: Long) { - private val kotlinAtomicLong = kotlin.native.concurrent.AtomicLong(value) +actual fun createAtomicLong(value: Long): AtomicLong = object : AtomicLong { + private val kotlinAtomicLong = kotlin.concurrent.AtomicLong(value) - actual fun get(): Long = kotlinAtomicLong.value + override fun get(): Long = kotlinAtomicLong.value - actual fun set(newValue: Long) { + override fun set(newValue: Long) { kotlinAtomicLong.value = newValue } - actual fun addAndGet(delta: Long): Long = kotlinAtomicLong.addAndGet(delta) + override fun addAndGet(delta: Long): Long = kotlinAtomicLong.addAndGet(delta) } -@Suppress("USE_DATA_CLASS") -actual class GenericAtomicReference actual constructor(valueToStore: T) { +actual fun createGenericAtomicReference(valueToStore: T): GenericAtomicReference = object : GenericAtomicReference { private val holder: kotlin.concurrent.AtomicReference = kotlin.concurrent.AtomicReference(valueToStore) - actual fun get(): T = holder.value - actual fun set(newValue: T) { + override fun get(): T = holder.value + override fun set(newValue: T) { holder.value = newValue } } diff --git a/save-demo-agent/src/nativeTest/kotlin/com/saveoourtool/save/demo/agent/ServerTest.kt b/save-demo-agent/src/nativeTest/kotlin/com/saveoourtool/save/demo/agent/ServerTest.kt index cf82d3c44f..63dfb52d8d 100644 --- a/save-demo-agent/src/nativeTest/kotlin/com/saveoourtool/save/demo/agent/ServerTest.kt +++ b/save-demo-agent/src/nativeTest/kotlin/com/saveoourtool/save/demo/agent/ServerTest.kt @@ -10,6 +10,7 @@ import io.ktor.utils.io.core.* import kotlinx.coroutines.CoroutineScope import kotlinx.coroutines.Dispatchers import kotlinx.coroutines.launch +import kotlin.experimental.ExperimentalNativeApi import kotlin.test.* class ServerTest { @@ -27,6 +28,7 @@ class ServerTest { server.stop() } + @OptIn(ExperimentalNativeApi::class) @Test fun testServerStartup() { httpClient().use { client -> diff --git a/save-frontend/karma.config.d/custom-config.js b/save-frontend/karma.config.d/custom-config.js index 89c1081706..f84f21137a 100644 --- a/save-frontend/karma.config.d/custom-config.js +++ b/save-frontend/karma.config.d/custom-config.js @@ -24,12 +24,12 @@ config.set({ } }, proxies: { - // serving mockServiceWorker.js.js from location relative to base url + // serving mockServiceWorker.js from location relative to base url // the file should be included into Karma's `files` to be served by server at all - '/mockServiceWorker.js': '/base/mockServiceWorker.js', + '/mockServiceWorker.js': '/base/node_modules/mockServiceWorker.js', }, }) // http://karma-runner.github.io/6.3/config/files.html -// 'All of the relative patterns will get resolved using the basePath first.', where basePath is set by KGP to `node_modules` -config.files.push('./mockServiceWorker.js') +// 'All of the relative patterns will get resolved using the basePath first.', where basePath is NOT set by KGP to `node_modules` after migration to 1.9 +config.files.push('./node_modules/mockServiceWorker.js') diff --git a/save-frontend/src/main/kotlin/com/saveourtool/save/frontend/externals/graph/sigma/layouts/LayoutCircular.kt b/save-frontend/src/main/kotlin/com/saveourtool/save/frontend/externals/graph/sigma/layouts/LayoutCircular.kt index e032f7ee0b..e02f3ffa18 100644 --- a/save-frontend/src/main/kotlin/com/saveourtool/save/frontend/externals/graph/sigma/layouts/LayoutCircular.kt +++ b/save-frontend/src/main/kotlin/com/saveourtool/save/frontend/externals/graph/sigma/layouts/LayoutCircular.kt @@ -1,15 +1,12 @@ @file:Suppress("FILE_NAME_MATCH_CLASS", "HEADER_MISSING_IN_NON_SINGLE_CLASS_FILE") -@file:JsModule("@react-sigma/layout-circular") -@file:JsNonModule package com.saveourtool.save.frontend.externals.graph.sigma.layouts -import react.* - /** * @param settings * @return [LayoutInstance] with positions and assign functions */ -@JsName("useLayoutCircular") +@JsModule("@react-sigma/layout-circular") +@JsNonModule @JsExport external fun useLayoutCircular(settings: dynamic = definedExternally): LayoutInstance diff --git a/save-frontend/src/main/kotlin/com/saveourtool/save/frontend/externals/graph/sigma/layouts/LayoutForceAtlas2.kt b/save-frontend/src/main/kotlin/com/saveourtool/save/frontend/externals/graph/sigma/layouts/LayoutForceAtlas2.kt index 2a1b490b77..76008bc9c1 100644 --- a/save-frontend/src/main/kotlin/com/saveourtool/save/frontend/externals/graph/sigma/layouts/LayoutForceAtlas2.kt +++ b/save-frontend/src/main/kotlin/com/saveourtool/save/frontend/externals/graph/sigma/layouts/LayoutForceAtlas2.kt @@ -1,14 +1,12 @@ @file:Suppress("FILE_NAME_MATCH_CLASS", "HEADER_MISSING_IN_NON_SINGLE_CLASS_FILE") -@file:JsModule("@react-sigma/layout-forceatlas2") -@file:JsNonModule package com.saveourtool.save.frontend.externals.graph.sigma.layouts -import react.* - /** * @param settings * @return [LayoutInstance] with positions and assign functions */ -@JsName("useLayoutForceAtlas2") +@JsModule("@react-sigma/layout-forceatlas2") +@JsNonModule +@JsExport external fun useLayoutForceAtlas2(settings: dynamic = definedExternally): LayoutInstance diff --git a/save-frontend/src/main/kotlin/com/saveourtool/save/frontend/externals/graph/sigma/layouts/LayoutRandom.kt b/save-frontend/src/main/kotlin/com/saveourtool/save/frontend/externals/graph/sigma/layouts/LayoutRandom.kt index 8b229d530a..305b38a7da 100644 --- a/save-frontend/src/main/kotlin/com/saveourtool/save/frontend/externals/graph/sigma/layouts/LayoutRandom.kt +++ b/save-frontend/src/main/kotlin/com/saveourtool/save/frontend/externals/graph/sigma/layouts/LayoutRandom.kt @@ -1,15 +1,12 @@ @file:Suppress("FILE_NAME_MATCH_CLASS", "HEADER_MISSING_IN_NON_SINGLE_CLASS_FILE") -@file:JsModule("@react-sigma/layout-random") -@file:JsNonModule package com.saveourtool.save.frontend.externals.graph.sigma.layouts -import react.* - /** * @param settings * @return [LayoutInstance] with positions and assign functions */ -@JsName("useLayoutRandom") +@JsModule("@react-sigma/layout-random") +@JsNonModule @JsExport external fun useLayoutRandom(settings: dynamic = definedExternally): LayoutInstance