Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/192 #193

Open
wants to merge 23 commits into
base: feature/187
Choose a base branch
from
Open

Feature/192 #193

wants to merge 23 commits into from

Conversation

KoolTheba
Copy link
Contributor

⚠️ WIP please no merge!

IMPORTANT

  • This PR should not be merged before Lerna Implementation #187
  • This PR is not yet ready to merge; please check Backlog 👇
  • @ckarande @UlisesGascon @lirantal As this PR is going to be quite long, please start review it even if it is not yet finished and provide feedback 🙏
  • The scope of this PR is to cover just the feature Benefits without DB but including testing, mocking, Docker, CI, etc...so this PR will determine how we are going to develop new features in the React API Rest app sample
  • Note: CI still broken due Lerna Implementation #187 current situation (cc: @UlisesGascon), so that part is going to be solved in Lerna Implementation #187. Once that is ready, I'll pull the changes to this current PR.

PR Backlog (see #192)

  • Add autogenerated React-app
  • Add autogenerated Express-api
  • Connect React to Express
  • Add basic tests
  • Add Docker/Docker-componse
  • Add CI support

Notable changes

React api

 cookie-parser   ~1.4.4  →   ~1.4.5
 debug           ~2.6.9  →   ~4.1.1
 express        ~4.16.1  →  ~4.17.1
 http-errors     ~1.6.3  →   ~1.7.3
 morgan          ~1.9.1  →  ~1.10.0

React client

  • Added autogenerated react app (8fd44fb)
  • Upgrade testing dependencies (fed2529)
@testing-library/jest-dom    ^4.2.4  →   ^5.1.1
@testing-library/react       ^9.3.2  →  ^10.0.1
@testing-library/user-event  ^7.1.2  →  ^10.0.0

Changelog

@KoolTheba
feat(react client): added autogenerated react app
8fd44fb 
Related OWASP#192
@KoolTheba
feat(react api): added autogenerated express project
0f3fb39 
Related OWASP#192
@KoolTheba
chore(react api): upgraded dependencies
f7aebe7 
- Related OWASP#192
```
 cookie-parser   ~1.4.4  →   ~1.4.5
 debug           ~2.6.9  →   ~4.1.1
 express        ~4.16.1  →  ~4.17.1
 http-errors     ~1.6.3  →   ~1.7.3
 morgan          ~1.9.1  →  ~1.10.0
```
@KoolTheba
feat(react api): added config files
8b1884d 
- Related OWASP#192
- Added depedency `[email protected]`
- Added main config file
@KoolTheba
chore(files): updated gitignore rules
5034336 
See: https://www.gitignore.io/api/node,code,linux,macos,windows,webstorm,sublimetext
@KoolTheba
fix(react api): project name
9ba3401 
Related OWASP#192
@KoolTheba
refactor(react api): ES6 migration
0efe7f0 
Related OWASP#192
@KoolTheba
refactor(react api): ES6 migration
49493d9 
Related OWASP#192
@KoolTheba
feat(react api): added standard linter
67cefa0 
- Related OWASP#192
- Added dev dependency `[email protected]`
- Added npm tasks for linting
@KoolTheba
feat(react api): added lint git hook
d316b82 
Related OWASP#192
@KoolTheba
chore(react api): files linted
bcaf6ef
@KoolTheba
feat(react api): added test environment
414e602 
- Related OWASP#192
- Added dev dependencies `[email protected]` & `[email protected]`
- Added npm tasks for testing
@KoolTheba
feat(react api): added test git hook
83e6b58 
Related OWASP#192
@KoolTheba
chore(react api): update linting rules
00bc5f3
@KoolTheba
feat(react api): added initial tests
e591970 
Related OWASP#192
@KoolTheba
chore(react client): upgrade testing dependencies
fed2529 
- Updated testing dependencies
```
@testing-library/jest-dom    ^4.2.4  →   ^5.1.1
 @testing-library/react       ^9.3.2  →  ^10.0.1
 @testing-library/user-event  ^7.1.2  →  ^10.0.0
```
@KoolTheba
feat(react client): added linter to project
a24718b 
- Related OWASP#192
@KoolTheba
feat(react client): added npm tasks for linting
b77296b 
- Related OWASP#192
@KoolTheba
chore(react client): files linted
780c963 
- Added jest to eslint rules
- Linted files
@KoolTheba
WIP(react client): npm tasks for testing
fc07d62 
- Related OWASP#192
- Added watch and CI support
- Missing coverage and snapshot update
@KoolTheba
feat(react client): added styled component & material UI
2f07bf1 
Related OWASP#192
@KoolTheba
feat(react client): added material ui icons
25addff 
Related OWASP#192
@KoolTheba
feat(react client): updated app component
5731cd9 
Related OWASP#192
@sher04lock sher04lock mentioned this pull request Apr 22, 2020
Open
@UlisesGascon UlisesGascon mentioned this pull request May 30, 2020
Open
2 tasks
@lirantal
Copy link
Collaborator

lirantal commented Mar 6, 2023

Hey @KoolTheba this is awesome!
I'm going to push in a bunch of small but needed changes and updates to the codebase and your PR would be great as another follow-up. I know we're like 2 years late here but would you like to keep working on pushing it in? :-)

@KoolTheba
Copy link
Contributor Author

Hi @lirantal !
It would be great to collaborate with whatever you need! And for sure, this PR can be a perfect push!
I can have a look also with @UlisesGascon this week and we can align the 3 of us on the next steps for this PR and for stuff next to come. The plan here, as far as I remember, was to migrate the current web to new stack with React and Express.

@lirantal
Copy link
Collaborator

lirantal commented Mar 6, 2023

@KoolTheba when and if we do that migration - will it come with the exact same set of vulnerabilities in the new stack?

@KoolTheba
Copy link
Contributor Author

Hi @lirantal !
I've sent you a couple of messages in Slack :-)
I've said that I wanted to clarify some details. When you mention the exact same set of vulnerabilities you mean that you are thinking about adding more to the top 10 or vulnerabilities of the libraries as dependencies? According to the second one, we can stick to the stack chosen 2 years ago. I'd just upgrade React to the latest and maybe use NextJS, and probably, but on this @UlisesGascon can confirm, we could use Turborepo instead of Lerna.

@lirantal
Copy link
Collaborator

lirantal commented Apr 2, 2023

@KoolTheba apologies, hard to keep up with many slacks and GitHub notifications.

So what I mean is that we should maintain the current state of vulnerabilities as is demoed on the NodeGoat project right now. It is ok if we have different ways to exploit them, but the same set of vulnerabilities that are documented today in the project's tutorial should be kept.

Is that the case for this PR?

@lirantal
Copy link
Collaborator

ping @KoolTheba

@KoolTheba
Copy link
Contributor Author

Hi @lirantal !
Thanks for the clarification!
Even if this PR is about changes in the stack, the same set of vulnerabilities will remain the same, as demoed in the past.

@lirantal
Copy link
Collaborator

lirantal commented Aug 4, 2023

Thanks for replying. I wasn't participating at the time it was demo'ed. Any chance there's a recording that easily verifies that?

@KoolTheba
Copy link
Contributor Author

Hi @lirantal !
By demoed I meant the original video demos of the project that can be found here 😃 https://www.youtube.com/@owaspnodegoatproject910/videos

I'm going to push in a bunch of small but needed changes and updates to the codebase and your PR would be great as another follow-up. I know we're like 2 years late here but would you like to keep working on pushing it in? :-)

If you want to take leadership on it, feel free to add the changes you mentioned. And if you need a contributor/maintainer, let me know, very happy to collaborate with you if you guide the next iteration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@KoolTheba @lirantal