From b80d12bda59941f07ad061159c9585f89c587880 Mon Sep 17 00:00:00 2001 From: Angel Pastor Date: Wed, 13 May 2026 11:17:16 +0100 Subject: [PATCH 1/3] CCM-17437: updated versions nodejs version update --- .python-version | 2 +- .tool-versions | 2 +- package-lock.json | 12 ------------ 3 files changed, 2 insertions(+), 14 deletions(-) diff --git a/.python-version b/.python-version index 09dcc7808..3e388a4ac 100644 --- a/.python-version +++ b/.python-version @@ -1 +1 @@ -3.10.11 +3.13.2 diff --git a/.tool-versions b/.tool-versions index e79b3597d..534b691b8 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1,4 +1,4 @@ python 3.13.2 poetry 2.2.1 jq 1.6 -nodejs 20.2.0 +nodejs 22.22.3 diff --git a/package-lock.json b/package-lock.json index d4e451f03..77d38cf20 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1960,18 +1960,6 @@ "node": ">= 0.6" } }, - "node_modules/core-js": { - "version": "3.49.0", - "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.49.0.tgz", - "integrity": "sha512-es1U2+YTtzpwkxVLwAFdSpaIMyQaq0PBgm3YD1W3Qpsn1NAmO3KSgZfu+oGSWVu6NvLHoHCV/aYcsE5wiB7ALg==", - "dev": true, - "hasInstallScript": true, - "peer": true, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/core-js" - } - }, "node_modules/core-js-compat": { "version": "3.49.0", "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.49.0.tgz", From 33689aa68a90b58a339111d307cead1aa123a5b1 Mon Sep 17 00:00:00 2001 From: Angel Pastor Date: Wed, 13 May 2026 15:58:23 +0100 Subject: [PATCH 2/3] CCM-17437: Updated zap version --- zap/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zap/Dockerfile b/zap/Dockerfile index 6cab073a1..30f25b575 100644 --- a/zap/Dockerfile +++ b/zap/Dockerfile @@ -1,4 +1,4 @@ -FROM zaproxy/zap-stable:2.16.1 +FROM zaproxy/zap-stable:2.17.0 COPY ./zap/policies/ /home/zap/.ZAP/policies/ From 0afa700be1cac726397f7994bfcb08b6fb917677 Mon Sep 17 00:00:00 2001 From: Angel Pastor Date: Thu, 14 May 2026 12:27:59 +0100 Subject: [PATCH 3/3] CCM-17437: Enforcing glob-promise due using hbs-cli Replace hbs-cli with handlers and added a script to replicate that --- package-lock.json | 131 +----------------------- package.json | 7 +- scripts/config/sonar-scanner.properties | 2 +- scripts/render_hbs.js | 20 ++++ scripts/run_zap.sh | 17 +-- 5 files changed, 37 insertions(+), 140 deletions(-) create mode 100644 scripts/render_hbs.js diff --git a/package-lock.json b/package-lock.json index 77d38cf20..3141128c3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -29,7 +29,7 @@ "eslint-plugin-unicorn": "^56.0.1", "eslint-plugin-workspaces": "^0.11.0", "eslint-plugin-yml": "^1.2.0", - "hbs-cli": "^1.4.1", + "handlebars": "^4.7.9", "license-checker": "^25.0.1", "minimist": "^1.2.2", "newman": "^6.2.2", @@ -1238,12 +1238,6 @@ "url": "https://github.com/chalk/ansi-styles?sponsor=1" } }, - "node_modules/any-promise": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/any-promise/-/any-promise-0.1.0.tgz", - "integrity": "sha512-lqzY9o+BbeGHRCOyxQkt/Tgvz0IZhTmQiA+LxQW8wSNpcTbj8K+0cZiSEvbpNZZP9/11Gy7dnLO3GNWUXO4d1g==", - "dev": true - }, "node_modules/argparse": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", @@ -1483,22 +1477,6 @@ "node": ">= 0.4" } }, - "node_modules/babel-runtime": { - "version": "5.8.38", - "resolved": "https://registry.npmjs.org/babel-runtime/-/babel-runtime-5.8.38.tgz", - "integrity": "sha512-KpgoA8VE/pMmNCrnEeeXqFG24TIH11Z3ZaimIhJWsin8EbfZy3WzFKUTIan10ZIDgRVvi9EkLbruJElJC9dRlg==", - "dev": true, - "dependencies": { - "core-js": "^1.0.0" - } - }, - "node_modules/babel-runtime/node_modules/core-js": { - "version": "1.2.7", - "resolved": "https://registry.npmjs.org/core-js/-/core-js-1.2.7.tgz", - "integrity": "sha512-ZiPp9pZlgxpWRu0M+YWbm6+aQ84XEfH1JRXvfOc/fILWI0VKhLC2LX13X1NYq4fULzLMq7Hfh43CSo2/aIaUPA==", - "deprecated": "core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.", - "dev": true - }, "node_modules/balanced-match": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", @@ -3413,16 +3391,6 @@ "node": "*" } }, - "node_modules/fs-promise": { - "version": "0.3.1", - "resolved": "https://registry.npmjs.org/fs-promise/-/fs-promise-0.3.1.tgz", - "integrity": "sha512-JjkAd4+JaA8VTL1vmX54f7xz6AgBZ9VA6mXlIvN8eJMJGZMVyJ6fdRyjwCP0pIuEkWkM0XcbVz/4F6sFu7OdQg==", - "deprecated": "Use mz or fs-extra^3.0 with Promise Support", - "dev": true, - "dependencies": { - "any-promise": "~0.1.0" - } - }, "node_modules/fs.realpath": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", @@ -3537,18 +3505,6 @@ "node": ">= 0.4" } }, - "node_modules/get-stdin": { - "version": "8.0.0", - "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-8.0.0.tgz", - "integrity": "sha512-sY22aA6xchAzprjyqmSEQv4UbAAzRN0L2dQB0NlN5acTTK9Don6nhoc3eAbUnpZiCANAMfd/+40kVdKfFygohg==", - "dev": true, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, "node_modules/get-symbol-description": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/get-symbol-description/-/get-symbol-description-1.1.0.tgz", @@ -3604,18 +3560,6 @@ "node": ">=10.13.0" } }, - "node_modules/glob-promise": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/glob-promise/-/glob-promise-1.0.6.tgz", - "integrity": "sha512-7Yk7SsodU1bikTDz2zvtpfhuqYm9G2JezJbAWprvFS+ceiu73pYV43ODtX1WzCdBCviQCQBVaXRSJ2QLwzIhcw==", - "dev": true, - "dependencies": { - "glob": "*" - }, - "engines": { - "node": ">=0.12" - } - }, "node_modules/glob/node_modules/balanced-match": { "version": "4.0.4", "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz", @@ -3860,63 +3804,6 @@ "node": ">= 0.4" } }, - "node_modules/hbs-cli": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/hbs-cli/-/hbs-cli-1.4.1.tgz", - "integrity": "sha512-khgpBo6GUunYwM7C5r6b2KKWsomZub54pgH8uA/5F8c0ewVLne91CgRZDONTfZMFy/hjNkWc5BwF1iYwPSwuVA==", - "dev": true, - "dependencies": { - "babel-runtime": "^5.8.34", - "debug": "^2.2.0", - "fs-promise": "^0.3.1", - "get-stdin": "^8.0.0", - "glob-promise": "^1.0.4", - "handlebars": "^4.0.5", - "lodash.merge": "^4.6.2", - "minimist": "^1.2.0", - "mkdirp-then": "^1.2.0", - "resolve": "^1.1.6" - }, - "bin": { - "hbs": "lib/index.js" - } - }, - "node_modules/hbs-cli/node_modules/debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "dev": true, - "dependencies": { - "ms": "2.0.0" - } - }, - "node_modules/hbs-cli/node_modules/ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", - "dev": true - }, - "node_modules/hbs-cli/node_modules/resolve": { - "version": "1.22.12", - "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.12.tgz", - "integrity": "sha512-TyeJ1zif53BPfHootBGwPRYT1RUt6oGWsaQr8UyZW/eAm9bKoijtvruSDEmZHm92CwS9nj7/fWttqPCgzep8CA==", - "dev": true, - "dependencies": { - "es-errors": "^1.3.0", - "is-core-module": "^2.16.1", - "path-parse": "^1.0.7", - "supports-preserve-symlinks-flag": "^1.0.0" - }, - "bin": { - "resolve": "bin/resolve" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, "node_modules/hosted-git-info": { "version": "2.8.9", "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz", @@ -5131,22 +5018,6 @@ "mkdirp": "bin/cmd.js" } }, - "node_modules/mkdirp-then": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/mkdirp-then/-/mkdirp-then-1.2.0.tgz", - "integrity": "sha512-nbj022D7cd7n6hxDuON08SQciKHSTcRSFlLfCGyIuypo4cl6Z6qJxMVlatFyS6ZbgHqOebkYm/fvwtGiKqmSwQ==", - "dev": true, - "dependencies": { - "any-promise": "^1.1.0", - "mkdirp": "^0.5.0" - } - }, - "node_modules/mkdirp-then/node_modules/any-promise": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz", - "integrity": "sha512-7UvmKalWRt1wgjL1RrGxoSJW/0QZFIegpeGvZG9kjp8vrRu55XTHbwnqq2GpXm9uLbcuhxm3IqX9OB4MZR1b2A==", - "dev": true - }, "node_modules/mlly": { "version": "1.8.2", "resolved": "https://registry.npmjs.org/mlly/-/mlly-1.8.2.tgz", diff --git a/package.json b/package.json index c0e108563..00ff907b9 100644 --- a/package.json +++ b/package.json @@ -40,7 +40,7 @@ "eslint-plugin-unicorn": "^56.0.1", "eslint-plugin-workspaces": "^0.11.0", "eslint-plugin-yml": "^1.2.0", - "hbs-cli": "^1.4.1", + "handlebars": "^4.7.9", "license-checker": "^25.0.1", "minimist": "^1.2.2", "newman": "^6.2.2", @@ -57,6 +57,9 @@ "flatted": "^3.4.2", "postcss": "^8.5.12", "lodash": "^4.18.1", - "underscore": "^1.13.8" + "underscore": "^1.13.8", + "glob-promise": { + "glob": "^7.2.3" + } } } diff --git a/scripts/config/sonar-scanner.properties b/scripts/config/sonar-scanner.properties index 03b28d168..83561a36d 100644 --- a/scripts/config/sonar-scanner.properties +++ b/scripts/config/sonar-scanner.properties @@ -8,7 +8,7 @@ sonar.qualitygate.wait=true sonar.sources=. sonar.tests=tests/, sandbox/__test__ sonar.test.inclusions=tests/**.py, sandbox/__test__/** -sonar.exclusions=.venv/**,proxies/utils/performance/* +sonar.exclusions=.venv/**,proxies/utils/performance/*,scripts/render_hbs.js sonar.python.version=3.10.8 diff --git a/scripts/render_hbs.js b/scripts/render_hbs.js new file mode 100644 index 000000000..ccc3decc6 --- /dev/null +++ b/scripts/render_hbs.js @@ -0,0 +1,20 @@ +#!/usr/bin/env node +'use strict'; + +const fs = require('fs'); +const Handlebars = require('handlebars'); + +const [,, dataFile, templateFile] = process.argv; + +if (!dataFile || !templateFile) { + console.error('Usage: node scripts/render_hbs.js '); + process.exit(1); +} + +const data = JSON.parse(fs.readFileSync(dataFile, 'utf8')); +const templateSource = fs.readFileSync(templateFile, 'utf8'); +const template = Handlebars.compile(templateSource); + +// @generated is a data-frame variable used in the nunit template +const output = template(data, { data: { generated: new Date().toISOString() } }); +process.stdout.write(output); \ No newline at end of file diff --git a/scripts/run_zap.sh b/scripts/run_zap.sh index 1b89baceb..c19602a96 100755 --- a/scripts/run_zap.sh +++ b/scripts/run_zap.sh @@ -22,18 +22,21 @@ export INTEGRATION_PRIVATE_KEY_CONTENTS=$(cat $INTEGRATION_PRIVATE_KEY) docker build -t zap -f ./zap/Dockerfile . +echo "running zap" # run zap in a container docker container run \ --env INTEGRATION_PRIVATE_KEY_CONTENTS="$INTEGRATION_PRIVATE_KEY_CONTENTS" \ - --env INTEGRATION_API_KEY="$INTEGRATION_API_KEY" \ - -v $(pwd):/zap/wrk/:rw \ - -v $TEMP_DIR:/zap/tmp/:rw \ - -v $(pwd)/zap/comms-manager-json/:/home/zap/.ZAP/reports/comms-manager-json/:rw \ - -t zap \ - bash -c "./zap.sh -cmd -autorun /zap/wrk/zap/zap.yaml" + --env INTEGRATION_API_KEY="$INTEGRATION_API_KEY" \ + -v $(pwd):/zap/wrk/:rw \ + -v $TEMP_DIR:/zap/tmp/:rw \ + -v $(pwd)/zap/comms-manager-json/:/home/zap/.ZAP/reports/comms-manager-json/:rw \ + -t zap \ + bash -c "./zap.sh -cmd -autorun /zap/wrk/zap/zap.yaml" + +echo "ended running zap" # generate our nunit report from the zap JSON report -./node_modules/.bin/hbs --data $TEMP_DIR/zap-report.json zap/nunit-template.hbs -s > zap-report.xml +node scripts/render_hbs.js $TEMP_DIR/zap-report.json zap/nunit-template.hbs > zap-report.xml # delete our zap compatible report rm build/communications-manager-zap.json