react-native-insider 5.4.0-nh → 5.4.1-nh

package/.github/workflows/cxflow.yml

@@ -0,0 +1,66 @@
+# This is a basic workflow to create GitHub Issues using the Checkmarx CxFlow GitHub Action.  It runs on a pull-request to the main branch.
+#
+# The following GitHub Secrets must be first defined:
+#   - CHECKMARX_URL
+#   - CHECKMARX_USER
+#   - CHECKMARX_PASSWORD
+#   - CHECKMARX_CLIENT_SECRET
+#   - GH_TOKEN
+#
+# Update the 'team' field to reflect the team name used in Checkmarx.
+#
+# For full documentation,including a list of all inputs, please refer to the README https://github.com/checkmarx-ts/checkmarx-cxflow-github-action
+name: CxFlow-GitHub-Pull-Request
+# Controls when the action will run. Triggers the workflow on push or pull request events but only for the master branch
+on:
+  pull_request:
+    types: [ready_for_review]
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel - this job is specifically configured to use the Checkmarx CxFlow Action
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on - Ubuntu is required as Docker is leveraged for the action
+    runs-on: self-runner-node
+    steps:
+    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+    - uses: actions/checkout@v2
+    - name: Checkmarx CxFlow Action
+      id: checkmarx
+      uses: checkmarx-ts/checkmarx-cxflow-github-action@v1.4
+      with:
+        project: ${{ github.repository }}-PR
+        team: ${{ secrets.CHECKMARX_TEAMS }}
+        checkmarx_url: ${{ secrets.CHECKMARX_URL }}   # To be stored in GitHub Secrets.
+        checkmarx_username: ${{ secrets.CHECKMARX_USERNAME }}  # To be stored in GitHub Secrets.
+        checkmarx_password: ${{ secrets.CHECKMARX_PASSWORD }}  # To be stored in GitHub Secrets.
+        checkmarx_client_secret: ${{ secrets.CHECKMARX_CLIENT_SECRET }}  # To be stored in GitHub Secrets.
+        scan-preset: Checkmarx Default
+        incremental: true
+        break_build: false
+        scanners: sast
+        params: --namespace=${{ github.repository_owner }} --cx-flow.filterStatus=New --repo-name=${{ github.event.repository.name }} --branch=${{ github.head_ref }} --cx-flow.filterSeverity --cx-flow.filterCategory
+    - name: The job has failed
+      if: ${{ failure() }}
+      run: |
+        python -c '
+        import json,sys,requests;
+        github_result = {"repository": "'${{ github.repository }}'", "server_url": "'${{ github.server_url }}'", "run_id": "'${{ github.run_id }}'"};
+        request = {"checkmarx_result": "empty", "github": github_result};
+        requests.post("'$LambdaWebHook'", json=request);'
+      env:
+        LambdaWebHook: ${{ secrets.CHECKMARX_LAMBDA_WEBHOOK }}
+    - name: Checkmarx Response Send to Lambda
+      id: slack-notification
+      if: ${{ success() }}
+      run: |
+        python -c '
+        import json,sys,requests;
+        output=open("./cx.sarif");
+        json_result=json.loads(output.read());
+        response="";
+        json_result = json_result.get("runs", [{}])[0].get("tool", {}).get("driver", {}).get("rules", []);
+        github_result = {"repository": "'${{ github.repository }}'", "server_url": "'${{ github.server_url }}'", "run_id": "'${{ github.run_id }}'"};
+        request = {"checkmarx_result": json_result, "github": github_result};
+        requests.post("'$LambdaWebHook'", json=request);'
+      env:
+        LambdaWebHook: ${{ secrets.CHECKMARX_LAMBDA_WEBHOOK }}

package/.github/workflows/git-leak.yml

@@ -8,11 +8,11 @@ jobs:
     runs-on: self-runner-node
     steps:
     - name: Checkout Repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v2
       with:
         fetch-depth: '2'
     - name: Clone GitLeak Action
-      uses: actions/checkout@v3
+      uses: actions/checkout@v2
       with:
         repository: useinsider/gitleaks-action
         ref: master
@@ -22,4 +22,17 @@ jobs:
       run: npm install
       working-directory: .github/actions/gitleaks-action
     - name: gitleaks-action
-      uses:  ./.github/actions/gitleaks-action
+      uses:  ./.github/actions/gitleaks-action
+    - name: Send to Lambda
+      if: ${{ always() }}
+      run: |
+        python -c '
+        import json,sys,requests;
+        output=open("./results.sarif");
+        json_result=json.loads(output.read());
+        response="";
+        github_result = {"repository": "'${{ github.repository }}'", "server_url": "'${{ github.server_url }}'", "run_id": "'${{ github.run_id }}'"};
+        request = {"gitleaks_result": json_result, "github": github_result};
+        requests.post("'$LambdaWebHook'", json=request);'
+      env:
+        LambdaWebHook: ${{ secrets.CHECKMARX_LAMBDA_WEBHOOK }}

package/.github/workflows/trivy.yml

@@ -0,0 +1,52 @@
+name: Trivy Vulnerability Scanner
+on:
+  pull_request:
+    types: [ready_for_review]
+jobs:
+  build:
+    name: Build
+    runs-on: self-hosted
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Install Trivy
+        run: |
+          sudo apt-get install wget apt-transport-https gnupg lsb-release
+          wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
+          echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
+          sudo apt-get update
+          sudo apt-get install trivy
+      - name: Trivy Scanner
+        run: |
+          python -c '
+          import glob, os;
+          files = glob.glob("**/Dockerfile", recursive=True);
+          count = 0;
+          for file in files:
+            diff_command1 =  f"git diff origin/main -- {file} > diff1.txt";
+            diff_command2 =  f"git diff origin/master -- {file} > diff2.txt";
+            os.system(diff_command1);
+            os.system(diff_command2);
+            main_lenght = len(open("./diff1.txt", "r").read());
+            master_lenght = len(open("./diff2.txt", "r").read());
+            if len(open("./diff1.txt", "r").read()) + len(open("./diff2.txt", "r").read()) > 0:
+              build_command = f"docker build -f {file} -t image{count} "+("/".join(file.split("/")[0:-1]) or ".");
+              os.system(build_command);
+              os.system(f"trivy image image{count} -f json -o trivy-result{count}.json --severity=CRITICAL,HIGH,MEDIUM");
+              count+=1; 
+          print("Build Finished")'
+      - name: Trivy Response Send to Lambda
+        run: |
+          python -c '
+          import json,sys,requests,glob;
+          files = glob.glob("trivy-result*");
+          for file in files:
+            output=open(f"./{file}");
+            json_result=json.loads(output.read());
+            github_result = {"repository": "'${{ github.repository }}'", "server_url": "'${{ github.server_url }}'", "run_id": "'${{ github.run_id }}'"};
+            request = {"trivy_result": json_result, "github": github_result};
+            requests.post("'$LambdaWebHook'", json=request);'
+        env:
+          LambdaWebHook: ${{ secrets.CHECKMARX_LAMBDA_WEBHOOK }}

package/android/build.gradle

@@ -35,7 +35,7 @@ repositories {
 
 dependencies {
     implementation "com.facebook.react:react-native:${getVersionFromPartner('reactNativeVersion', '+')}"
-    implementation ('com.useinsider:insider:13.6.0-nh')
+    implementation ('com.useinsider:insider:13.6.1-nh')
     implementation ('com.useinsider:insiderhybrid:1.1.5')
 
     implementation 'androidx.legacy:legacy-support-v4:1.0.0'

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "react-native-insider",
-    "version": "5.4.0-nh",
+    "version": "5.4.1-nh",
     "description": "React Native Insider SDK",
     "main": "index.js",
     "keywords": [