From c3dc47af0d03c43f7eef405ad2d202ec74316c09 Mon Sep 17 00:00:00 2001 From: davidka91 <145442579+davidka91@users.noreply.github.com> Date: Tue, 3 Dec 2024 09:36:15 +0200 Subject: [PATCH 01/18] Set up CI with Azure Pipelines [skip ci] --- azure-pipelines.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 azure-pipelines.yml diff --git a/azure-pipelines.yml b/azure-pipelines.yml new file mode 100644 index 00000000..e53f129e --- /dev/null +++ b/azure-pipelines.yml @@ -0,0 +1,19 @@ +# Starter pipeline +# Start with a minimal pipeline that you can customize to build and deploy your code. +# Add steps that build, run tests, deploy, and more: +# https://aka.ms/yaml + +trigger: +- master + +pool: + name: davidka + +steps: +- script: echo Hello, world! + displayName: 'Run a one-line script' + +- script: | + echo Add other tasks to build, test, and deploy your project. + echo See https://aka.ms/yaml + displayName: 'Run a multi-line script' From 091b7941b363f5567c567267a443f65249478ed2 Mon Sep 17 00:00:00 2001 From: davidka91 <145442579+davidka91@users.noreply.github.com> Date: Wed, 4 Dec 2024 09:20:29 +0200 Subject: [PATCH 02/18] Create frogbot-scan-repository.yml --- .github/workflows/frogbot-scan-repository.yml | 50 +++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 .github/workflows/frogbot-scan-repository.yml diff --git a/.github/workflows/frogbot-scan-repository.yml b/.github/workflows/frogbot-scan-repository.yml new file mode 100644 index 00000000..35b496a5 --- /dev/null +++ b/.github/workflows/frogbot-scan-repository.yml @@ -0,0 +1,50 @@ +name: "Frogbot Scan Repository" +on: + workflow_dispatch: + schedule: + # The repository will be scanned once a day at 00:00 GMT. + - cron: "0 0 * * *" +permissions: + contents: write + pull-requests: write + security-events: write + # [Mandatory If using OIDC authentication protocol instead of JF_ACCESS_TOKEN] + # id-token: write +jobs: + scan-repository: + runs-on: ubuntu-latest + strategy: + matrix: + # The repository scanning will be triggered periodically on the following branches. + branch: ["dev"] + steps: + - uses: jfrog/frogbot@v2 + env: + # [Mandatory] + # JFrog platform URL + JF_URL: ${{ secrets.JF_URL }} + + # [Mandatory if JF_USER and JF_PASSWORD are not provided] + # JFrog access token with 'read' permissions on Xray service + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + + # [Mandatory if JF_ACCESS_TOKEN is not provided] + # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD + # JF_USER: ${{ secrets.JF_USER }} + + # [Mandatory if JF_ACCESS_TOKEN is not provided] + # JFrog password. Must be provided with JF_USER + # JF_PASSWORD: ${{ secrets.JF_PASSWORD }} + + # [Mandatory] + # The GitHub token is automatically generated for the job + JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # [Mandatory] + # The name of the branch on which Frogbot will perform the scan + JF_GIT_BASE_BRANCH: ${{ matrix.branch }} + + # [Mandatory if using OIDC authentication protocol instead of JF_ACCESS_TOKEN] + # Insert to oidc-provider-name the 'Provider Name' defined in the OIDC integration configured in the JPD + # with: + # oidc-provider-name: "" From 447d9cbdc18feaad2e848843b57db4477a63743c Mon Sep 17 00:00:00 2001 From: davidka91 <145442579+davidka91@users.noreply.github.com> Date: Wed, 4 Dec 2024 09:22:08 +0200 Subject: [PATCH 03/18] Create frogbot-scan-pull-request.yml --- .../workflows/frogbot-scan-pull-request.yml | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 .github/workflows/frogbot-scan-pull-request.yml diff --git a/.github/workflows/frogbot-scan-pull-request.yml b/.github/workflows/frogbot-scan-pull-request.yml new file mode 100644 index 00000000..8806d1f3 --- /dev/null +++ b/.github/workflows/frogbot-scan-pull-request.yml @@ -0,0 +1,42 @@ +name: "Frogbot Scan Pull Request" +on: + pull_request_target: + types: [opened, synchronize] +permissions: + pull-requests: write + contents: read + # [Mandatory If using OIDC authentication protocol instead of JF_ACCESS_TOKEN] + # id-token: write +jobs: + scan-pull-request: + runs-on: ubuntu-latest + # A pull request needs to be approved before Frogbot scans it. Any GitHub user who is associated with the + # "frogbot" GitHub environment can approve the pull request to be scanned. + environment: frogbot + steps: + - uses: jfrog/frogbot@v2 + env: + # [Mandatory] + # JFrog platform URL + JF_URL: ${{ secrets.JF_URL }} + + # [Mandatory if JF_USER and JF_PASSWORD are not provided] + # JFrog access token with 'read' permissions on Xray service + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + + # [Mandatory if JF_ACCESS_TOKEN is not provided] + # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD + # JF_USER: ${{ secrets.JF_USER }} + + # [Mandatory if JF_ACCESS_TOKEN is not provided] + # JFrog password. Must be provided with JF_USER + # JF_PASSWORD: ${{ secrets.JF_PASSWORD }} + + # [Mandatory] + # The GitHub token is automatically generated for the job + JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # [Mandatory if using OIDC authentication protocol instead of JF_ACCESS_TOKEN] + # Insert to oidc-provider-name the 'Provider Name' defined in the OIDC integration configured in the JPD + # with: + # oidc-provider-name: "" From 62007633a06987534fb67c526bb93218675fa002 Mon Sep 17 00:00:00 2001 From: davidka91 <145442579+davidka91@users.noreply.github.com> Date: Wed, 4 Dec 2024 09:23:29 +0200 Subject: [PATCH 04/18] Update frogbot-scan-repository.yml --- .github/workflows/frogbot-scan-repository.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/frogbot-scan-repository.yml b/.github/workflows/frogbot-scan-repository.yml index 35b496a5..6d4906d4 100644 --- a/.github/workflows/frogbot-scan-repository.yml +++ b/.github/workflows/frogbot-scan-repository.yml @@ -16,7 +16,7 @@ jobs: strategy: matrix: # The repository scanning will be triggered periodically on the following branches. - branch: ["dev"] + branch: ["master"] steps: - uses: jfrog/frogbot@v2 env: From 32c3101dc4ab9eff8d0fd2b7728cd8326160b652 Mon Sep 17 00:00:00 2001 From: davidka91 <145442579+davidka91@users.noreply.github.com> Date: Wed, 4 Dec 2024 15:09:54 +0200 Subject: [PATCH 05/18] Update README.md --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index c1f2eb91..164badc7 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,11 @@ Java sec code is a very powerful and friendly project for learning Java vulnerab [Alibaba-Security attack and defense/research(P5-P7)](https://github.com/JoyChou93/java-sec-code/wiki/Alibaba-Purple-Team-Job-Description) + + + + + ## Introduce This project can also be called Java vulnerability code. From 377ae4067c16c6b3a8627313c941dfbaeade9f7f Mon Sep 17 00:00:00 2001 From: davidka91 <145442579+davidka91@users.noreply.github.com> Date: Thu, 5 Dec 2024 13:54:37 +0200 Subject: [PATCH 06/18] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index c1f2eb91..273d3f8b 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ Java sec code is a very powerful and friendly project for learning Java vulnerab [Alibaba-Security attack and defense/research(P5-P7)](https://github.com/JoyChou93/java-sec-code/wiki/Alibaba-Purple-Team-Job-Description) +---new text in readme after rebasing dev-dk--- ## Introduce From 19304b403e5e471a5d47aabdceae7cdcede35b91 Mon Sep 17 00:00:00 2001 From: davidka91 <145442579+davidka91@users.noreply.github.com> Date: Thu, 5 Dec 2024 13:55:38 +0200 Subject: [PATCH 07/18] Update README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 273d3f8b..c1f2eb91 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,6 @@ Java sec code is a very powerful and friendly project for learning Java vulnerab [Alibaba-Security attack and defense/research(P5-P7)](https://github.com/JoyChou93/java-sec-code/wiki/Alibaba-Purple-Team-Job-Description) ----new text in readme after rebasing dev-dk--- ## Introduce From 3e6cc5d00822fede1215d6f45c8df490eee30550 Mon Sep 17 00:00:00 2001 From: davidka91 <145442579+davidka91@users.noreply.github.com> Date: Thu, 5 Dec 2024 19:41:57 +0200 Subject: [PATCH 08/18] Update README.md testing pr scan --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 164badc7..8bb4dab0 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ Java sec code is a very powerful and friendly project for learning Java vulnerab [Alibaba-Security attack and defense/research(P5-P7)](https://github.com/JoyChou93/java-sec-code/wiki/Alibaba-Purple-Team-Job-Description) - +=====test insert for PR==== From 253658e6cb747b75dbc0e65a9b5989685dad7f82 Mon Sep 17 00:00:00 2001 From: davidka91 <145442579+davidka91@users.noreply.github.com> Date: Thu, 5 Dec 2024 20:14:59 +0200 Subject: [PATCH 09/18] Update README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 8bb4dab0..36e19fb5 100644 --- a/README.md +++ b/README.md @@ -9,9 +9,9 @@ Java sec code is a very powerful and friendly project for learning Java vulnerab [Alibaba-Security attack and defense/research(P5-P7)](https://github.com/JoyChou93/java-sec-code/wiki/Alibaba-Purple-Team-Job-Description) - -=====test insert for PR==== - +=== +=====test 2 insert for PR==== +=== From 4ea42743e56997309eeb313a2811fb64953b8679 Mon Sep 17 00:00:00 2001 From: davidka91 <145442579+davidka91@users.noreply.github.com> Date: Thu, 5 Dec 2024 20:18:13 +0200 Subject: [PATCH 10/18] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 36e19fb5..ba264dfa 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,7 @@ Java sec code is a very powerful and friendly project for learning Java vulnerab === =====test 2 insert for PR==== === +=== new test for FB PR scan=== From d2726e3c0d17e7d84e6e5c71db0f87bb93448d12 Mon Sep 17 00:00:00 2001 From: davidka91 <145442579+davidka91@users.noreply.github.com> Date: Thu, 5 Dec 2024 20:21:18 +0200 Subject: [PATCH 11/18] Update README.md --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index ba264dfa..b04cc030 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,11 @@ Java sec code is a very powerful and friendly project for learning Java vulnerab + + + + + ## Introduce This project can also be called Java vulnerability code. From c33dc4de914c02dcbe5dc4020fa0407c1f39cc33 Mon Sep 17 00:00:00 2001 From: davidka91 <145442579+davidka91@users.noreply.github.com> Date: Thu, 5 Dec 2024 20:40:38 +0200 Subject: [PATCH 12/18] Update frogbot-scan-pull-request.yml --- .github/workflows/frogbot-scan-pull-request.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/frogbot-scan-pull-request.yml b/.github/workflows/frogbot-scan-pull-request.yml index 8806d1f3..771a71d7 100644 --- a/.github/workflows/frogbot-scan-pull-request.yml +++ b/.github/workflows/frogbot-scan-pull-request.yml @@ -18,7 +18,9 @@ jobs: env: # [Mandatory] # JFrog platform URL + JFROG_CLI_LOG_LEVEL: DEBUG JF_URL: ${{ secrets.JF_URL }} + # [Mandatory if JF_USER and JF_PASSWORD are not provided] # JFrog access token with 'read' permissions on Xray service From 3669093e93432fd49d82a50add3917af11cab629 Mon Sep 17 00:00:00 2001 From: davidka91 <145442579+davidka91@users.noreply.github.com> Date: Thu, 5 Dec 2024 20:41:28 +0200 Subject: [PATCH 13/18] Update README.md --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index ba264dfa..b04cc030 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,11 @@ Java sec code is a very powerful and friendly project for learning Java vulnerab + + + + + ## Introduce This project can also be called Java vulnerability code. From 70683237ef0833b7e5643a05c9150f9e8710e868 Mon Sep 17 00:00:00 2001 From: davidka91 <145442579+davidka91@users.noreply.github.com> Date: Thu, 5 Dec 2024 20:41:55 +0200 Subject: [PATCH 14/18] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b04cc030..adc31113 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Java sec code is a very powerful and friendly project for learning Java vulnerab === === new test for FB PR scan=== - +-dev scan pr- From 122c2b4011905907589bdd61a635128bde9d415d Mon Sep 17 00:00:00 2001 From: davidka91 <145442579+davidka91@users.noreply.github.com> Date: Tue, 24 Dec 2024 14:41:15 +0200 Subject: [PATCH 15/18] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index adc31113..48f6668c 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,8 @@ Java sec code is a very powerful and friendly project for learning Java vulnerab -dev scan pr- +==after frogbot update=== + From cda5050f46d7d838f2678aa540f418b544648f12 Mon Sep 17 00:00:00 2001 From: davidka91 <145442579+davidka91@users.noreply.github.com> Date: Mon, 6 Jan 2025 14:33:50 +0200 Subject: [PATCH 16/18] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 48f6668c..e4a65ee8 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ Java sec code is a very powerful and friendly project for learning Java vulnerab [Alibaba-Security attack and defense/research(P5-P7)](https://github.com/JoyChou93/java-sec-code/wiki/Alibaba-Purple-Team-Job-Description) === -=====test 2 insert for PR==== +=====test 3 insert for PR==== === === new test for FB PR scan=== From a5320d26b5eb26c8dc2114432ae1678180d774df Mon Sep 17 00:00:00 2001 From: davidka91 <145442579+davidka91@users.noreply.github.com> Date: Mon, 27 Jan 2025 14:21:31 +0200 Subject: [PATCH 17/18] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index e4a65ee8..da974e43 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,7 @@ Java sec code is a very powerful and friendly project for learning Java vulnerab ==after frogbot update=== +--test4--- From c97725140c801f1c38abeb514314c4996cd45fb0 Mon Sep 17 00:00:00 2001 From: davidka91 <145442579+davidka91@users.noreply.github.com> Date: Wed, 19 Feb 2025 10:18:59 +0200 Subject: [PATCH 18/18] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index da974e43..84ae5db0 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,7 @@ Java sec code is a very powerful and friendly project for learning Java vulnerab --test4--- +==github repo UI