Fix vulnerabilities and fix auth (#34)

* fix: vulnerabilities CRITICAL (and a few HIGH). Thanks Simon! * fix: hook deps, minor bugs * fix: remove unused or upgrade dependencies * fix: auth infinite loop * fix: ci upgrade actions upload-artifact * fix: actions * fix: upgrade node * ci: add trivy analysis * ci: change trivy severity --------- Co-authored-by: Betty Becuwe <[email protected]> Co-authored-by: Simon Demaziere <[email protected]>
InseeFr · Nov 25, 2024 · 70df63e · 70df63e
1 parent 13e3a1f
commit 70df63e
Show file tree

Hide file tree

Showing 15 changed files with 6,890 additions and 8,271 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -9,24 +9,20 @@ jobs:
   install:
     runs-on: ubuntu-latest
     steps:
-      - name: Use Node.js 14C
-        uses: actions/setup-node@v1
-        with:
-          node-version: 14
+      - name: Use Node.js
+        uses: actions/setup-node@v4
       - run: yarn --frozen-lockfile
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - name: Use Node.js 14
-        uses: actions/setup-node@v1
-        with:
-          node-version: 14
+      - uses: actions/checkout@v4
+      - name: Use Node.js
+        uses: actions/setup-node@v4
       - run: yarn
       - run: yarn run test
       - run: yarn build
       - name: Upload build
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: build
           path: build
diff --git a/.github/workflows/develop-release.yml b/.github/workflows/develop-release.yml
@@ -11,31 +11,27 @@ jobs:
   install:
     runs-on: ubuntu-latest
     steps:
-      - name: Use Node.js 14C
-        uses: actions/setup-node@v1
-        with:
-          node-version: 14
+      - name: Use Node.js
+        uses: actions/setup-node@v4
       - run: yarn --frozen-lockfile
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - name: Use Node.js 14
-        uses: actions/setup-node@v1
-        with:
-          node-version: 14
+      - uses: actions/checkout@v4
+      - name: Use Node.js
+        uses: actions/setup-node@v4
       - run: yarn
       - run: yarn build
       - name: Upload build
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: build
           path: build
   release:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout current branch
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
       - name: Get current version
         id: version
         uses: notiz-dev/github-action-json-property@release

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -11,31 +11,27 @@ jobs:
   install:
     runs-on: ubuntu-latest
     steps:
-      - name: Use Node.js 14C
-        uses: actions/setup-node@v1
-        with:
-          node-version: 14
+      - name: Use Node.js 
+        uses: actions/setup-node@v4
       - run: yarn --frozen-lockfile
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - name: Use Node.js 14
+      - uses: actions/checkout@v4
+      - name: Use Node.js 
         uses: actions/setup-node@v1
-        with:
-          node-version: 14
       - run: yarn
       - run: yarn build
       - name: Upload build
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: build
           path: build
   release:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout current branch
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
       - name: Get current version
         id: version
         uses: notiz-dev/github-action-json-property@release
@@ -57,10 +53,10 @@ jobs:
     needs: build
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - name: Download build
         id: download
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v4
         with:
           name: build
           path: build

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -0,0 +1,32 @@
+name: Trivy Analysis
+
+on:
+  push:
+    branches:
+      - main
+      - develop
+  pull_request:
+    types: [opened, synchronize, reopened]
+jobs:
+  build:
+    name: Build and analyze
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: Set up JDK 21
+        uses: actions/setup-java@v3
+        with:
+          java-version: 21
+          distribution: 'temurin'
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/[email protected]
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
+        with:
+          format: 'table'
+          scan-type: 'repo'
+          exit-code: '1'
+          vuln-type: 'os,library'
+          severity: 'CRITICAL'
diff --git a/.gitignore b/.gitignore
@@ -16,7 +16,6 @@
 .env.test.local
 .env.production.local
 *.zip
-*.lock
 
 npm-debug.log*
 yarn-debug.log*

diff --git a/jsconfig.json b/jsconfig.json
@@ -0,0 +1,5 @@
+{
+    "compilerOptions": {
+      "baseUrl": "src"
+    }
+  }
diff --git a/package.json b/package.json
@@ -1,37 +1,34 @@
 {
   "name": "front-moog",
-  "version": "2.2.6",
+  "version": "2.2.7",
   "private": true,
   "dependencies": {
-    "@vtex/react-csv-parse": "^3.0.2",
-    "axios": "^0.18.1",
+    "axios": "^0.21.2",
     "babel-polyfill": "^6.23.0",
     "file-saver": "^2.0.5",
     "json2csv": "^5.0.5",
-    "keycloak-js": "^18.0.0",
-    "papaparse": "^4.6.2",
+    "keycloak-js": "^26.0.0",
+    "papaparse": "^5.2.0",
     "prop-types": "^15.7.2",
     "react": "^16.14.0",
     "react-csv": "^1.1.2",
-    "react-csv-reader": "^1.3.1",
     "react-dom": "^16.14.0",
-    "react-js-pagination": "^3.0.2",
+    "react-js-pagination": "^3.0.3",
     "react-loading": "^2.0.3",
     "react-redux": "^6.0.1",
     "react-responsive-modal": "^3.5.1",
     "react-router": "^3.2.6",
     "react-router-dom": "^4.3.1",
-    "react-scripts": "2.0.5",
+    "react-scripts": "5.0.1",
     "redux": "^4.0.5",
     "redux-logger": "^3.0.6",
     "redux-thunk": "^2.3.0",
     "tachyons-components": "^1.0.1"
   },
   "scripts": {
-    "start": "cross-env NODE_PATH=src/ react-scripts start ",
-    "build": "cross-env NODE_PATH=src/ react-scripts build",
-    "test": "cross-env NODE_PATH=src/ react-scripts test",
-    "eject": "react-scripts eject"
+    "start": "cross-env NODE_PATH=src/  react-scripts --openssl-legacy-provider start ",
+    "build": "cross-env NODE_PATH=src/ react-scripts --openssl-legacy-provider build",
+    "test": "cross-env NODE_PATH=src/ react-scripts --openssl-legacy-provider test"
   },
   "eslintConfig": {
     "extends": "react-app"
@@ -43,16 +40,13 @@
     "not op_mini all"
   ],
   "devDependencies": {
-    "bestzip": "^2.1.7",
-    "copy-and-watch": "^0.1.5",
-    "cross-env": "^5.2.1",
+    "cross-env": "^7.0.3",
     "eslint-config-airbnb": "^17.1.1",
     "eslint-config-prettier": "^3.6.0",
     "eslint-plugin-import": "^2.22.1",
     "eslint-plugin-jsx-a11y": "^6.4.1",
     "eslint-plugin-prettier": "^3.1.4",
-    "eslint-plugin-react": "^7.21.5",
-    "ftp-deploy": "^2.3.8",
+    "eslint-plugin-react": "^7.37.1",
     "prettier": "^1.19.1"
   }
 }
diff --git a/src/components/auth/component.js b/src/components/auth/component.js
@@ -44,39 +44,41 @@ const Auth = ({
     if (authType === KEYCLOAK && identityProvider) {
       const keycloakTemp = new Keycloak(confKeycloak);
       const kcLogin = keycloakTemp.login;
-      keycloakTemp.login = (options) => {
-        const options2 = options;
-        options2.idpHint = identityProvider;
-        kcLogin(options2);
-      };
-      keycloakTemp.redirectUri = window.location.href.replace(
-        window.location.search,
-        ""
-      );
+      keycloakTemp.login = (options = {}) =>
+        kcLogin({ ...options, idpHint: identityProvider });
       setKc(keycloakTemp);
     }
-  }, [authType, identityProvider]);
+  }, [
+    authType,
+    identityProvider,
+    saveRoleAdministrateur,
+    saveRoleAssistance,
+    saveRoleGestionnaire,
+    saveUrlBackEnd,
+    saveUrlColemanPromotion,
+    saveUrlSiteMirroir,
+  ]);
 
-  const refreshToken = () => {
-    kc.updateToken(30)
-      .then((isUpdated) => {
-        if (isUpdated) {
-          setToken(kc.token);
-          refreshKeycloakToken(kc);
-        }
-      })
-      .catch(() => {
-        window.location.href = window.location;
-      });
-  };
+  useEffect(() => {
+    const loginNoAuth = () => {
+      saveNoAuthLogin();
+    };
 
-  const loginNoAuth = () => {
-    saveNoAuthLogin();
-  };
+    const refreshToken = () => {
+      kc.updateToken(30)
+        .then((isUpdated) => {
+          if (isUpdated) {
+            setToken(kc.token);
+            refreshKeycloakToken(kc);
+          }
+        })
+        .catch(() => {
+          window.location.href = window.location;
+        });
+    };
 
-  useEffect(() => {
     if (authType === KEYCLOAK && !!kc) {
-      kc.init({ onLoad: "login-required" })
+      kc.init({ onLoad: "login-required", checkLoginIframe: false })
         .then(() => {
           setToken(kc.token);
           saveKeycloakToken(kc);
@@ -86,7 +88,7 @@ const Auth = ({
     } else if (authType === NO_AUTH) {
       loginNoAuth();
     }
-  }, [kc, authType]);
+  }, [kc, authType, saveKeycloakToken, saveNoAuthLogin, refreshKeycloakToken]);
 
   return (
     <>
@@ -95,7 +97,7 @@ const Auth = ({
       )}
       {!error && authType === KEYCLOAK && token && <AppContainer />}
       {!error && authType === NO_AUTH && <AppContainer />}
-      {error && <div>Erreur inconnue - probléme authentification !</div>}
+      {error && <div>Erreur inconnue - problème d'authentification !</div>}
     </>
   );
 };

diff --git a/src/components/consultation/consultation.js b/src/components/consultation/consultation.js
@@ -22,7 +22,7 @@ import {
 } from "../../utils/properties";
 import Form from "./formAjoutISG";
 
-const Consultation = ({ roles, linkQuestionnaire, urlColemanPromotion }) => {
+const Consultation = ({ roles, urlColemanPromotion }) => {
   const convertTimeStampToFormattedDate = (isg) => {
     const timestamp = isg.dateInfo;
     // expected format : "dd-MM-yyyy hh:mm"
@@ -84,19 +84,10 @@ const Consultation = ({ roles, linkQuestionnaire, urlColemanPromotion }) => {
       const newItemsCountPerPage = bdd.size;
       const newTotalItemsCount = bdd.totalElements;
       const results = MapObjects(bdd.content, "surveyUnitFilter");
-      const updatedResults = results.map((result) => {
-        const timestamp = new Date(result.pubDate);
-        console.log(timestamp);
-        const dateString = timestamp.toGMTString();
-        return {
-          ...result,
-          dateString,
-        };
-      });
       setIsMailTableauVisible(false);
       setTotalItemsCount(newTotalItemsCount);
       setItemsCountPerPage(newItemsCountPerPage);
-      setUeFiltree(updatedResults);
+      setUeFiltree(results);
     };
 
     const fetchURL = (page, motFiltre1, motFiltre2) => {
@@ -118,7 +109,7 @@ const Consultation = ({ roles, linkQuestionnaire, urlColemanPromotion }) => {
     setHistoriqueSelectionne([]);
 
     if (motFiltre.length > 2) {
-      if (estGestionnaire(roles)) {
+      if (isGestionnaire) {
         fetchURL(activePage - 1, motFiltre, motFiltre);
       } else {
         fetchURL(activePage - 1, motFiltre, null);
@@ -127,7 +118,7 @@ const Consultation = ({ roles, linkQuestionnaire, urlColemanPromotion }) => {
       setIsMailTableauVisible(false);
       setUeFiltree([]);
     }
-  }, [motFiltre, activePage]);
+  }, [motFiltre, activePage, isGestionnaire]);
 
   const linkSiteMirroir = (obj) => {
     const {
@@ -470,18 +461,19 @@ const Consultation = ({ roles, linkQuestionnaire, urlColemanPromotion }) => {
         closeIconSize={0}
         center
       >
-        <Form
-          closeModal={() => closeAddISGForm()}
-          uniteEnquete={ueSelectionne}
-          ajouterISG={ajouterISG}
-        />
+        {ueSelectionne && (
+          <Form
+            closeModal={() => closeAddISGForm()}
+            uniteEnquete={ueSelectionne}
+            ajouterISG={ajouterISG}
+          />
+        )}
       </Modal>
     </div>
   );
 };
 export default Consultation;
 Consultation.propTypes = {
   roles: PropTypes.arrayOf(PropTypes.string).isRequired,
-  linkQuestionnaire: PropTypes.string.isRequired,
   urlColemanPromotion: PropTypes.string.isRequired,
 };