From e03a9d24f27708a1ff52547ce08680226390f154 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 27 Oct 2024 20:04:50 +0000 Subject: [PATCH 01/22] fix: todolist-goof/Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN9-FREETYPE-1019584 - https://snyk.io/vuln/SNYK-DEBIAN9-INETUTILS-564742 - https://snyk.io/vuln/SNYK-DEBIAN9-SQLITE3-307593 - https://snyk.io/vuln/SNYK-DEBIAN9-WGET-300458 - https://snyk.io/vuln/SNYK-DEBIAN9-GLIBC-356506 --- todolist-goof/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/todolist-goof/Dockerfile b/todolist-goof/Dockerfile index 3d4c4fdfda..b8cdb36b88 100644 --- a/todolist-goof/Dockerfile +++ b/todolist-goof/Dockerfile @@ -10,7 +10,7 @@ COPY todolist-web-common todolist-web-common COPY todolist-web-struts todolist-web-struts RUN --mount=target=$HOME/.m2,type=cache mvn install -FROM tomcat:8.5.21 +FROM tomcat:8.5.100 RUN mkdir /tmp/extracted_files COPY web.xml /usr/local/tomcat/conf/web.xml From 37634a58a6e2ce5539221af418398f23b3992fb4 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 27 Oct 2024 20:06:55 +0000 Subject: [PATCH 02/22] fix: todolist-goof/Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-UBUNTU2204-EXPAT-7885369 - https://snyk.io/vuln/SNYK-UBUNTU2204-EXPAT-7885572 - https://snyk.io/vuln/SNYK-UBUNTU2204-KRB5-7413877 - https://snyk.io/vuln/SNYK-UBUNTU2204-KRB5-7413877 - https://snyk.io/vuln/SNYK-UBUNTU2204-WGET-7266700 --- todolist-goof/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/todolist-goof/Dockerfile b/todolist-goof/Dockerfile index b8cdb36b88..928577a7de 100644 --- a/todolist-goof/Dockerfile +++ b/todolist-goof/Dockerfile @@ -10,7 +10,7 @@ COPY todolist-web-common todolist-web-common COPY todolist-web-struts todolist-web-struts RUN --mount=target=$HOME/.m2,type=cache mvn install -FROM tomcat:8.5.100 +FROM tomcat:9.0.95-jdk8-corretto-al2 RUN mkdir /tmp/extracted_files COPY web.xml /usr/local/tomcat/conf/web.xml From e6327ccf0217dcaa2ab4cffe3a2d9689ca242919 Mon Sep 17 00:00:00 2001 From: MimiDas-Snyk Date: Thu, 31 Oct 2024 13:36:36 -0400 Subject: [PATCH 03/22] Create main.yml --- .github/workflows/main.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .github/workflows/main.yml diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000000..b56803c8f0 --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,11 @@ +name: Example workflow for Maven using Snyk +on: push +jobs: + security: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + - name: Run Snyk to check for vulnerabilities + uses: snyk/actions/maven@master + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} From e8af2d90bdb8adf31b9b78386291fab7ee5ba69a Mon Sep 17 00:00:00 2001 From: MimiDas-Snyk Date: Thu, 31 Oct 2024 13:38:22 -0400 Subject: [PATCH 04/22] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9e47442aab..6620af47ec 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,9 @@ ## Java Goof -This is a collection of Java demo apps that are vulnerable in different ways. +This is a collection of Java demo apps that are vulnerable in different ways.. It's divided into modules, each one having its own README: * [Todolist Goof](todolist-goof/README.md) * [Log4Shell Goof](log4shell-goof/README.md) -* [Quickstart for running both Todolist with Log4Shell in Kubernetes](README-K8S.md) \ No newline at end of file +* [Quickstart for running both Todolist with Log4Shell in Kubernetes](README-K8S.md) From 897c5103cc06d6684780627daec1175e7590a8b3 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 15 Nov 2024 17:47:18 +0000 Subject: [PATCH 05/22] fix: todolist-goof/todolist-web-struts/pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720 --- todolist-goof/todolist-web-struts/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/todolist-goof/todolist-web-struts/pom.xml b/todolist-goof/todolist-web-struts/pom.xml index e58874f827..f64788a41d 100644 --- a/todolist-goof/todolist-web-struts/pom.xml +++ b/todolist-goof/todolist-web-struts/pom.xml @@ -27,7 +27,7 @@ org.apache.logging.log4j log4j-core - 2.7 + 2.12.2 org.apache.logging.log4j From b658064b02336913bcdaa25408a1a0c05d1862a8 Mon Sep 17 00:00:00 2001 From: MimiDas-Snyk Date: Wed, 8 Jan 2025 15:22:30 -0500 Subject: [PATCH 06/22] Update main.yml From 90429338273cfbc5bfce00f400c0852051a98859 Mon Sep 17 00:00:00 2001 From: MimiDas-Snyk Date: Thu, 9 Jan 2025 10:48:31 -0500 Subject: [PATCH 07/22] Create snyk-GHA-sharedaction-java-goof --- .github/workflows/snyk-GHA-sharedaction-java-goof | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 .github/workflows/snyk-GHA-sharedaction-java-goof diff --git a/.github/workflows/snyk-GHA-sharedaction-java-goof b/.github/workflows/snyk-GHA-sharedaction-java-goof new file mode 100644 index 0000000000..35d94d22e9 --- /dev/null +++ b/.github/workflows/snyk-GHA-sharedaction-java-goof @@ -0,0 +1,15 @@ +name: Snyk Scan (External Shared Action) + +on: + push: + branches: [ master ] + pull_request: + branches: [ master ] + +jobs: + monitor: + uses: mimidas-snyk/snyk-GHA-sharedaction-java-goof/.github/workflows/snyk-node-shared-action.yml@main + with: + SNYK_ORG: dc9e71be-cc1d-4b7a-87bf-6640adf930ee + secrets: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} From 4f207b59d141c406ff891fbe59c0526d45920d9d Mon Sep 17 00:00:00 2001 From: MimiDas-Snyk Date: Thu, 9 Jan 2025 10:50:01 -0500 Subject: [PATCH 08/22] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6620af47ec..1609bb4d16 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ ## Java Goof -This is a collection of Java demo apps that are vulnerable in different ways.. +This is a collection of Java demo apps that are vulnerable in different ways. It's divided into modules, each one having its own README: From 0f12e6b74facab823042a879dc8335eb90d66de0 Mon Sep 17 00:00:00 2001 From: MimiDas-Snyk Date: Thu, 9 Jan 2025 10:59:49 -0500 Subject: [PATCH 09/22] Update main.yml --- .github/workflows/main.yml | 52 +++++++++++++++++++++++++++++++------- 1 file changed, 43 insertions(+), 9 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index b56803c8f0..62f0a0b526 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,11 +1,45 @@ -name: Example workflow for Maven using Snyk -on: push +name: Snyk CLI Scans + +on: + push: + branches: [ main ] + # pull_request: + # branches: [ main ] + # + jobs: - security: + snyk-pipeline: runs-on: ubuntu-latest - steps: - - uses: actions/checkout@master - - name: Run Snyk to check for vulnerabilities - uses: snyk/actions/maven@master - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + name: Snyk CLI Scans + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + steps: + - uses: actions/checkout@v2 + - name: Download Snyk + run: | + wget -O snyk https://static.snyk.io/cli/latest/snyk-linux + chmod +x ./snyk + mv ./snyk /usr/local/bin/ + + - name: Authenticate Snyk + run: snyk auth ${SNYK_TOKEN} + + - name: Run Snyk Code + run: snyk code test --sarif-file-output=snyk_sast_results.json + continue-on-error: true + + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: snyk_sast_results.json + + - name: Install packages + run: npm install --loglevel=error + + - name: Run Snyk Test + run: snyk test --all-projects + continue-on-error: true + + - name: Run Snyk Monitor + run: snyk monitor --all-projects + continue-on-error: true From 324cf9ab0f515fdebe07ad1f670ef2b05e0612a3 Mon Sep 17 00:00:00 2001 From: MimiDas-Snyk Date: Thu, 9 Jan 2025 11:02:42 -0500 Subject: [PATCH 10/22] Update main.yml --- .github/workflows/main.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 62f0a0b526..6a0bc7f798 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -33,9 +33,7 @@ jobs: with: sarif_file: snyk_sast_results.json - - name: Install packages - run: npm install --loglevel=error - + - name: Run Snyk Test run: snyk test --all-projects continue-on-error: true From db1d05f1454e56973758e065fbe9c3501e0d4432 Mon Sep 17 00:00:00 2001 From: MimiDas-Snyk Date: Thu, 9 Jan 2025 11:48:38 -0500 Subject: [PATCH 11/22] Delete .github/workflows/snyk-GHA-sharedaction-java-goof --- .github/workflows/snyk-GHA-sharedaction-java-goof | 15 --------------- 1 file changed, 15 deletions(-) delete mode 100644 .github/workflows/snyk-GHA-sharedaction-java-goof diff --git a/.github/workflows/snyk-GHA-sharedaction-java-goof b/.github/workflows/snyk-GHA-sharedaction-java-goof deleted file mode 100644 index 35d94d22e9..0000000000 --- a/.github/workflows/snyk-GHA-sharedaction-java-goof +++ /dev/null @@ -1,15 +0,0 @@ -name: Snyk Scan (External Shared Action) - -on: - push: - branches: [ master ] - pull_request: - branches: [ master ] - -jobs: - monitor: - uses: mimidas-snyk/snyk-GHA-sharedaction-java-goof/.github/workflows/snyk-node-shared-action.yml@main - with: - SNYK_ORG: dc9e71be-cc1d-4b7a-87bf-6640adf930ee - secrets: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} From 5241c75d4f2c39d92a235d8a361ae08e4fa205b0 Mon Sep 17 00:00:00 2001 From: MimiDas-Snyk Date: Thu, 9 Jan 2025 11:49:53 -0500 Subject: [PATCH 12/22] Create snyk-GHA-sharedaction-java-goof.yml --- .../workflows/snyk-GHA-sharedaction-java-goof.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 .github/workflows/snyk-GHA-sharedaction-java-goof.yml diff --git a/.github/workflows/snyk-GHA-sharedaction-java-goof.yml b/.github/workflows/snyk-GHA-sharedaction-java-goof.yml new file mode 100644 index 0000000000..35d94d22e9 --- /dev/null +++ b/.github/workflows/snyk-GHA-sharedaction-java-goof.yml @@ -0,0 +1,15 @@ +name: Snyk Scan (External Shared Action) + +on: + push: + branches: [ master ] + pull_request: + branches: [ master ] + +jobs: + monitor: + uses: mimidas-snyk/snyk-GHA-sharedaction-java-goof/.github/workflows/snyk-node-shared-action.yml@main + with: + SNYK_ORG: dc9e71be-cc1d-4b7a-87bf-6640adf930ee + secrets: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} From 572cba964de12ae37e37ff7ec214a67e66de73c6 Mon Sep 17 00:00:00 2001 From: MimiDas-Snyk Date: Thu, 9 Jan 2025 12:12:16 -0500 Subject: [PATCH 13/22] Update main.yml --- .github/workflows/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 6a0bc7f798..cadc258bb8 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -32,7 +32,9 @@ jobs: uses: github/codeql-action/upload-sarif@v3 with: sarif_file: snyk_sast_results.json - + + - name: Install packages + run: mvn install --loglevel=error - name: Run Snyk Test run: snyk test --all-projects From a60cb96860185e50a4883138a004324e7eec3007 Mon Sep 17 00:00:00 2001 From: MimiDas-Snyk Date: Thu, 9 Jan 2025 12:14:11 -0500 Subject: [PATCH 14/22] Update main.yml --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index cadc258bb8..070f8a5d79 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -34,7 +34,7 @@ jobs: sarif_file: snyk_sast_results.json - name: Install packages - run: mvn install --loglevel=error + run: mvn install - name: Run Snyk Test run: snyk test --all-projects From a9b02e5aa8cf74ec420af32277e579744ae232cf Mon Sep 17 00:00:00 2001 From: MimiDas-Snyk Date: Fri, 10 Jan 2025 14:40:58 -0500 Subject: [PATCH 15/22] Update snyk-GHA-sharedaction-java-goof.yml --- .github/workflows/snyk-GHA-sharedaction-java-goof.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/snyk-GHA-sharedaction-java-goof.yml b/.github/workflows/snyk-GHA-sharedaction-java-goof.yml index 35d94d22e9..457d220480 100644 --- a/.github/workflows/snyk-GHA-sharedaction-java-goof.yml +++ b/.github/workflows/snyk-GHA-sharedaction-java-goof.yml @@ -8,7 +8,7 @@ on: jobs: monitor: - uses: mimidas-snyk/snyk-GHA-sharedaction-java-goof/.github/workflows/snyk-node-shared-action.yml@main + uses: mimidas-snyk/snyk-shared-action/.github/workflows/snyk-node-shared-action.yml@main with: SNYK_ORG: dc9e71be-cc1d-4b7a-87bf-6640adf930ee secrets: From f218430f51949a541749ed7336b576267cd9dcaa Mon Sep 17 00:00:00 2001 From: MimiDas-Snyk Date: Mon, 13 Jan 2025 11:25:52 -0500 Subject: [PATCH 16/22] Update main.yml --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 070f8a5d79..457c5be2f7 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,4 +1,4 @@ -name: Snyk CLI Scans +name: Snyk CLI ScansS on: push: From 4f1cccbec2a75930d2528e4f05922dc469e6cdd6 Mon Sep 17 00:00:00 2001 From: MimiDas-Snyk Date: Mon, 13 Jan 2025 14:08:34 -0500 Subject: [PATCH 17/22] Update main.yml --- .github/workflows/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 457c5be2f7..807018d09a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -33,6 +33,12 @@ jobs: with: sarif_file: snyk_sast_results.json + - name: Upload snyk HTML report + uses: actions/upload-artifact@v3 + with: + name: snyk_sast_result_json + path: snyk_sast_results.json + - name: Install packages run: mvn install From d58317fe39bd250ad09f1f3bed049804852eb5dc Mon Sep 17 00:00:00 2001 From: MimiDas-Snyk Date: Mon, 13 Jan 2025 14:10:31 -0500 Subject: [PATCH 18/22] Update main.yml --- .github/workflows/main.yml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 807018d09a..1cc22a16e4 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -32,13 +32,7 @@ jobs: uses: github/codeql-action/upload-sarif@v3 with: sarif_file: snyk_sast_results.json - - - name: Upload snyk HTML report - uses: actions/upload-artifact@v3 - with: - name: snyk_sast_result_json - path: snyk_sast_results.json - + - name: Install packages run: mvn install From 7e7f7be3130065d5aeb825b842ff07f9f4d6de11 Mon Sep 17 00:00:00 2001 From: MimiDas-Snyk Date: Mon, 13 Jan 2025 14:16:04 -0500 Subject: [PATCH 19/22] Update main.yml --- .github/workflows/main.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 1cc22a16e4..04f088a3fa 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -32,7 +32,13 @@ jobs: uses: github/codeql-action/upload-sarif@v3 with: sarif_file: snyk_sast_results.json - + + - name: Use the Upload Artifact GitHub Action + uses: actions/upload-artifact@v2 + with: + name: snyk_sast_results_json + path: snyk_sast_results.json + - name: Install packages run: mvn install From 952317b5161ce1039d9e3b8cb83963775df5378b Mon Sep 17 00:00:00 2001 From: MimiDas-Snyk Date: Mon, 13 Jan 2025 14:16:44 -0500 Subject: [PATCH 20/22] Update main.yml --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 04f088a3fa..4bb31e77a4 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -34,7 +34,7 @@ jobs: sarif_file: snyk_sast_results.json - name: Use the Upload Artifact GitHub Action - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: snyk_sast_results_json path: snyk_sast_results.json From 3435aa06f1f0f717ffb21af51d492f983cd9ef9a Mon Sep 17 00:00:00 2001 From: MimiDas-Snyk Date: Mon, 13 Jan 2025 14:45:14 -0500 Subject: [PATCH 21/22] Update main.yml --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 4bb31e77a4..88c205afde 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,4 +1,4 @@ -name: Snyk CLI ScansS +name: Snyk CLI Scans on: push: From 4eb907c6201971628f815e6310646eae8a887d9d Mon Sep 17 00:00:00 2001 From: MimiDas-Snyk Date: Tue, 14 Jan 2025 13:06:19 -0500 Subject: [PATCH 22/22] Update main.yml --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 88c205afde..594f659b6e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,4 +1,4 @@ -name: Snyk CLI Scans +name: Snyk CLI Scanss on: push: