Installing SNYK mutation tool for Static Analysis

.github/workflows/snyk-analysis.yml

@@ -0,0 +1,32 @@
+name: Snyk Vulnerability Scan
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  snyk:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v2
+        with:
+          node-version: '16'
+
+      - name: Install dependencies
+        run: npm install
+
+      - name: Run Snyk Scan
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        run: |
+          npx snyk auth $SNYK_TOKEN
+          npx snyk test --all-projects

.github/workflows/zap-analysis.yml

@@ -0,0 +1,34 @@
+name: OWASP ZAP Security Scan
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  zap:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Start NodeBB Application
+        run: |
+          # Commands to start your deployed NodeBB application
+          npm install
+          npm start &  # Starts NodeBB in the background
+
+      - name: Run OWASP ZAP Scan
+        uses: zaproxy/[email protected]
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          target: 'https://nodebb-pawsitive-p3.azurewebsites.net'  
+
+      - name: Stop NodeBB Application
+        run: |
+          # Stop NodeBB if necessary
+          npm stop

.gitignore

@@ -1,7 +1,8 @@
 dist/
 yarn.lock
 npm-debug.log
-node_modules/
+node_modules/*
+!node_modules/nodebb-plugin-composer-default
 sftp-config.json
 config.json
 jsconfig.json
@@ -66,7 +67,7 @@ coverage
 test/files/normalise.jpg.png
 test/files/normalise-resized.jpg
 package-lock.json
-/package.json
+#/package.json
 *.mongodb
 link-plugins.sh
 test.sh

README.md

@@ -1,3 +1,4 @@
+## Team members: Talal, Filippos, Moza, Sara, Nour
 # ![NodeBB](public/images/sm-card.png)
 
 [![Workflow](https://github.com/CMU-313/NodeBB/actions/workflows/test.yaml/badge.svg)](https://github.com/CMU-313/NodeBB/actions/workflows/test.yaml)

config.json

@@ -0,0 +1,18 @@
+{
+    "url": "http://localhost:4567",
+    "secret": "1fbf3fbd-fc64-4821-8eb2-a9349aecdc46",
+    "database": "redis",
+    "redis": {
+        "host": "127.0.0.1",
+        "port": "6379",
+        "password": "",
+        "database": "0"
+    },
+    "port": "4567",
+    "test_database": {
+        "host": "127.0.0.1",
+        "port": "6379",
+        "password": "",
+        "database": "1"
+    }
+}