From e4226b8935f873d7f5c2fe925d092735936499d8 Mon Sep 17 00:00:00 2001 From: kiy0taka Date: Fri, 5 Aug 2022 11:08:30 +0900 Subject: [PATCH 1/9] =?UTF-8?q?docker=20compose=E3=81=A7APP=5FENV/APP=5FDE?= =?UTF-8?q?BUG=E3=82=92=E8=B5=B7=E5=8B=95=E6=99=82=E3=81=AB=E8=A8=AD?= =?UTF-8?q?=E5=AE=9A=E3=81=A7=E3=81=8D=E3=82=8B=E3=82=88=E3=81=86=E3=81=AB?= =?UTF-8?q?=E3=81=99=E3=82=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 1f35beb700c..750f37cc4ce 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -31,8 +31,8 @@ services: - "node_modules:/var/www/html/node_modules" environment: # EC-CUBE environments - APP_ENV: "dev" - APP_DEBUG: 1 + APP_ENV: "${APP_ENV-dev}" + APP_DEBUG: "${APP_DEBUG:-1}" DATABASE_URL: "sqlite:///var/eccube.db" DATABASE_SERVER_VERSION: 3 DATABASE_CHARSET: 'utf8' From 31fd0aa68b1c43cc1df64fd055c3c97fd2135fb4 Mon Sep 17 00:00:00 2001 From: kiy0taka Date: Mon, 15 Aug 2022 21:04:49 +0900 Subject: [PATCH 2/9] zaproxy --- .github/workflows/coverage.yml | 259 ---- .github/workflows/deny-test.yml | 137 --- .github/workflows/deploy.yml | 150 --- .github/workflows/dockerbuild.yml | 110 -- .github/workflows/e2e-test.yml | 166 --- .github/workflows/penetration-test.yml | 87 -- .github/workflows/phpstan.yml | 32 - .github/workflows/plugin-test.yml | 607 ---------- .github/workflows/unit-test.yml | 133 --- .github/workflows/vaddy-1.yml | 507 -------- .github/workflows/vaddy-2.yml | 508 -------- .github/workflows/zaproxy.yml | 210 ++++ docker-compose.owaspzap.ci.yml | 20 + zap/automation/template.yml | 120 ++ zap/delete_data.sh | 25 + zap/delete_files.sh | 9 + zap/generate_automation_config.sh | 50 + zap/options.properties | 1047 ++++++++++++++--- zap/scripts/admin_authority.zst | 98 ++ zap/scripts/admin_content_block.zst | 245 ++++ zap/scripts/admin_content_cache.zst | 140 +++ zap/scripts/admin_content_file.zst | 355 ++++++ zap/scripts/admin_content_layout.zst | 237 ++++ zap/scripts/admin_create_customer.zst | 463 ++++++++ zap/scripts/admin_create_customers.zst | 106 ++ zap/scripts/admin_create_orders_100.zst | 90 ++ zap/scripts/admin_customer_delivery.zst | 255 ++++ zap/scripts/admin_customer_edit.zst | 371 ++++++ zap/scripts/admin_customer_list.zst | 176 +++ zap/scripts/admin_delivery.zst | 259 ++++ zap/scripts/admin_js_css.zst | 187 +++ zap/scripts/admin_log.zst | 118 ++ zap/scripts/admin_mail.zst | 162 +++ zap/scripts/admin_masterdata.zst | 230 ++++ zap/scripts/admin_member_edit.zst | 300 +++++ zap/scripts/admin_member_setting.zst | 445 +++++++ zap/scripts/admin_news.zst | 288 +++++ zap/scripts/admin_order_edit.zst | 183 +++ zap/scripts/admin_order_edit_search.zst | 261 ++++ zap/scripts/admin_order_list.zst | 295 +++++ zap/scripts/admin_order_mail.zst | 467 ++++++++ zap/scripts/admin_page.zst | 234 ++++ zap/scripts/admin_payment.zst | 375 ++++++ zap/scripts/admin_product_category.zst | 300 +++++ zap/scripts/admin_product_class_name.zst | 561 +++++++++ zap/scripts/admin_product_copy.zst | 105 ++ zap/scripts/admin_product_csv.zst | 255 ++++ zap/scripts/admin_product_edit.zst | 283 +++++ zap/scripts/admin_product_edit_class.zst | 305 +++++ zap/scripts/admin_product_tag.zst | 192 +++ zap/scripts/admin_product_view.zst | 273 +++++ zap/scripts/admin_shipping_csv.zst | 180 +++ zap/scripts/admin_shop_setting.zst | 175 +++ zap/scripts/admin_system.zst | 142 +++ zap/scripts/admin_tax.zst | 215 ++++ zap/scripts/admin_template.zst | 264 +++++ zap/scripts/assert_no_high_risks.js | 23 + zap/scripts/configure_tech.js | 50 + zap/scripts/dump_alerts.js | 26 + zap/scripts/entry.zst | 421 +++++++ zap/scripts/front_block.zst | 109 ++ zap/scripts/front_contact.zst | 133 +++ zap/scripts/front_help.zst | 131 +++ zap/scripts/front_mypage.zst | 220 ++++ zap/scripts/front_product.zst | 154 +++ zap/scripts/front_sitemap.zst | 109 ++ zap/scripts/guest_cart.zst | 183 +++ zap/scripts/guest_front.zst | 43 + zap/scripts/guest_shopping.zst | 429 +++++++ zap/scripts/guest_shopping_customer_edit.zst | 394 +++++++ zap/scripts/guest_shopping_shipping_edit.zst | 449 +++++++ .../guest_shopping_shipping_multiple.zst | 607 ++++++++++ zap/scripts/mypage_change.zst | 406 +++++++ zap/scripts/mypage_delivery.zst | 271 +++++ zap/scripts/mypage_favorite.zst | 309 +++++ zap/scripts/mypage_order.zst | 151 +++ 76 files changed, 15503 insertions(+), 2882 deletions(-) delete mode 100644 .github/workflows/coverage.yml delete mode 100644 .github/workflows/deny-test.yml delete mode 100644 .github/workflows/deploy.yml delete mode 100644 .github/workflows/dockerbuild.yml delete mode 100644 .github/workflows/e2e-test.yml delete mode 100644 .github/workflows/penetration-test.yml delete mode 100644 .github/workflows/phpstan.yml delete mode 100644 .github/workflows/plugin-test.yml delete mode 100644 .github/workflows/unit-test.yml delete mode 100644 .github/workflows/vaddy-1.yml delete mode 100644 .github/workflows/vaddy-2.yml create mode 100644 .github/workflows/zaproxy.yml create mode 100644 docker-compose.owaspzap.ci.yml create mode 100644 zap/automation/template.yml create mode 100755 zap/delete_data.sh create mode 100755 zap/delete_files.sh create mode 100755 zap/generate_automation_config.sh create mode 100644 zap/scripts/admin_authority.zst create mode 100644 zap/scripts/admin_content_block.zst create mode 100644 zap/scripts/admin_content_cache.zst create mode 100644 zap/scripts/admin_content_file.zst create mode 100644 zap/scripts/admin_content_layout.zst create mode 100644 zap/scripts/admin_create_customer.zst create mode 100644 zap/scripts/admin_create_customers.zst create mode 100644 zap/scripts/admin_create_orders_100.zst create mode 100644 zap/scripts/admin_customer_delivery.zst create mode 100644 zap/scripts/admin_customer_edit.zst create mode 100644 zap/scripts/admin_customer_list.zst create mode 100644 zap/scripts/admin_delivery.zst create mode 100644 zap/scripts/admin_js_css.zst create mode 100644 zap/scripts/admin_log.zst create mode 100644 zap/scripts/admin_mail.zst create mode 100644 zap/scripts/admin_masterdata.zst create mode 100644 zap/scripts/admin_member_edit.zst create mode 100644 zap/scripts/admin_member_setting.zst create mode 100644 zap/scripts/admin_news.zst create mode 100644 zap/scripts/admin_order_edit.zst create mode 100644 zap/scripts/admin_order_edit_search.zst create mode 100644 zap/scripts/admin_order_list.zst create mode 100644 zap/scripts/admin_order_mail.zst create mode 100644 zap/scripts/admin_page.zst create mode 100644 zap/scripts/admin_payment.zst create mode 100644 zap/scripts/admin_product_category.zst create mode 100644 zap/scripts/admin_product_class_name.zst create mode 100644 zap/scripts/admin_product_copy.zst create mode 100644 zap/scripts/admin_product_csv.zst create mode 100644 zap/scripts/admin_product_edit.zst create mode 100644 zap/scripts/admin_product_edit_class.zst create mode 100644 zap/scripts/admin_product_tag.zst create mode 100644 zap/scripts/admin_product_view.zst create mode 100644 zap/scripts/admin_shipping_csv.zst create mode 100644 zap/scripts/admin_shop_setting.zst create mode 100644 zap/scripts/admin_system.zst create mode 100644 zap/scripts/admin_tax.zst create mode 100644 zap/scripts/admin_template.zst create mode 100644 zap/scripts/assert_no_high_risks.js create mode 100644 zap/scripts/configure_tech.js create mode 100644 zap/scripts/dump_alerts.js create mode 100644 zap/scripts/entry.zst create mode 100644 zap/scripts/front_block.zst create mode 100644 zap/scripts/front_contact.zst create mode 100644 zap/scripts/front_help.zst create mode 100644 zap/scripts/front_mypage.zst create mode 100644 zap/scripts/front_product.zst create mode 100644 zap/scripts/front_sitemap.zst create mode 100644 zap/scripts/guest_cart.zst create mode 100644 zap/scripts/guest_front.zst create mode 100644 zap/scripts/guest_shopping.zst create mode 100644 zap/scripts/guest_shopping_customer_edit.zst create mode 100644 zap/scripts/guest_shopping_shipping_edit.zst create mode 100644 zap/scripts/guest_shopping_shipping_multiple.zst create mode 100644 zap/scripts/mypage_change.zst create mode 100644 zap/scripts/mypage_delivery.zst create mode 100644 zap/scripts/mypage_favorite.zst create mode 100644 zap/scripts/mypage_order.zst diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml deleted file mode 100644 index 2dfb55fea28..00000000000 --- a/.github/workflows/coverage.yml +++ /dev/null @@ -1,259 +0,0 @@ -name: Coverage -on: - push: - branches: - - '*' - tags: - - '*' - paths: - - '**' - - '!*.md' - pull_request: - paths: - - '**' - - '!*.md' -jobs: - phpunit: - name: PHPUnit - runs-on: ${{ matrix.operating-system }} - strategy: - fail-fast: false - matrix: - operating-system: [ ubuntu-18.04 ] - php: [ 7.4 ] - db: [ pgsql ] - include: - - db: pgsql - database_url: postgres://postgres:password@127.0.0.1:5432/eccube_db - database_server_version: 14 - services: - postgres: - image: postgres:14 - env: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: password - ports: - - 5432:5432 - # needed because the postgres container does not provide a healthcheck - options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Get Composer Cache Directory - id: composer-cache - run: | - echo "::set-output name=dir::$(composer config cache-files-dir)" - - uses: actions/cache@v1 - with: - path: ${{ steps.composer-cache.outputs.dir }} - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} - restore-keys: | - ${{ runner.os }}-composer- - - - name: Setup PHP - uses: nanasess/setup-php@master - with: - php-version: ${{ matrix.php }} - - - name: composer install - run: composer install --dev --no-interaction -o --apcu-autoloader - - - name: Setup pcov - run: | - sudo apt-fast install -y php7.4-pcov - sudo phpenmod -s cli pcov - - - name: Setup EC-CUBE - env: - APP_ENV: 'test' - DATABASE_URL: ${{ matrix.database_url }} - DATABASE_SERVER_VERSION: ${{ matrix.database_server_version }} - run: | - bin/console doctrine:database:create - bin/console doctrine:schema:create - bin/console eccube:fixtures:load - - - name: PHPUnit - env: - APP_ENV: 'test' - DATABASE_URL: ${{ matrix.database_url }} - DATABASE_SERVER_VERSION: ${{ matrix.database_server_version }} - MAILER_URL: 'smtp://127.0.0.1:1025' - continue-on-error: true - run: bin/phpunit --exclude-group cache-clear,cache-clear-install,update-schema-doctrine --coverage-clover=coverage1.xml - - name: Upload report - if: success() - uses: actions/upload-artifact@v2 - with: - name: phpunit-reports - path: coverage1.xml - codeception: - name: Codeception - runs-on: ${{ matrix.operating-system }} - strategy: - fail-fast: false - matrix: - operating-system: [ ubuntu-18.04 ] - php: [ 7.4 ] - db: [ pgsql ] - group: [ admin01, admin02, admin03, front, installer ] - include: - - db: pgsql - database_url: postgres://postgres:password@127.0.0.1:5432/eccube_db - database_server_version: 14 - - group: admin01 - app_env: 'codeception' - - group: admin02 - app_env: 'codeception' - - group: admin03 - app_env: 'codeception' - - group: front - app_env: 'codeception' - - group: installer - app_env: 'install' - services: - postgres: - image: postgres:14 - env: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: password - ports: - - 5432:5432 - # needed because the postgres container does not provide a healthcheck - options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 - - mailcatcher: - image: schickling/mailcatcher - ports: - - 1080:1080 - - 1025:1025 - - steps: - - name: Checkout - uses: actions/checkout@master - - - name: Get Composer Cache Directory - id: composer-cache - run: | - echo "::set-output name=dir::$(composer config cache-files-dir)" - - uses: actions/cache@v1 - with: - path: ${{ steps.composer-cache.outputs.dir }} - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} - restore-keys: | - ${{ runner.os }}-composer- - - - name: Setup PHP - uses: nanasess/setup-php@master - with: - php-version: ${{ matrix.php }} - - - name: composer install - run: | - sudo composer selfupdate - composer install --dev --no-interaction -o --apcu-autoloader - - name: Setup to EC-CUBE - env: - APP_ENV: ${{ matrix.app_env }} - DATABASE_URL: ${{ matrix.database_url }} - DATABASE_SERVER_VERSION: ${{ matrix.database_server_version }} - run: | - echo "APP_ENV=${APP_ENV}" > .env - bin/console doctrine:database:create --env=dev - bin/console doctrine:schema:create --env=dev - bin/console eccube:fixtures:load --env=dev - - - name: setup-chromedriver - uses: nanasess/setup-chromedriver@master - - - name: Run chromedriver - run: | - export DISPLAY=:99 - chromedriver --url-base=/wd/hub & - echo ">>> Started chrome-driver" - sudo Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 & - echo ">>> Started xvfb" - - - name: Run package-api - run: | - if [[ ! -d ${PWD}/repos ]]; then mkdir -p ${PWD}/repos ; fi - docker run -d --rm -v ${PWD}/repos:/repos -e MOCK_REPO_DIR=/repos -p 8080:8080 eccube/mock-package-api:composer2 - cp codeception/_data/plugins/*-1.0.0.tgz repos - - - name: Setup xdebug - run: | - composer config --no-plugins allow-plugins.codeception/c3 true - composer require --dev codeception/c3 "2.*" - sudo phpenmod -s cli xdebug - sed -i "7a include __DIR__.'/c3.php';" index.php - - - name: Start PHP Development Server - env: - APP_ENV: 'codeception' - DATABASE_URL: ${{ matrix.database_url }} - DATABASE_SERVER_VERSION: ${{ matrix.database_server_version }} - MAILER_URL: 'smtp://127.0.0.1:1025' - ECCUBE_PACKAGE_API_URL: 'http://127.0.0.1:8080' - XDEBUG_MODE: coverage - run: php -S 127.0.0.1:8000 & - - - name: Codeception - env: - APP_ENV: ${{ matrix.app_env }} - DATABASE_URL: ${{ matrix.database_url }} - DATABASE_SERVER_VERSION: ${{ matrix.database_server_version }} - MAILER_URL: 'smtp://127.0.0.1:1025' - ECCUBE_PACKAGE_API_URL: 'http://127.0.0.1:8080' - GROUP: ${{ matrix.group }} - SYMFONY_DEPRECATIONS_HELPER: weak - XDEBUG_MODE: coverage - continue-on-error: true - run: vendor/bin/codecept -vvv run acceptance --env chrome,github_action -g ${GROUP} --skip-group excludeCoverage --coverage --coverage-xml - - name: Upload outputs - uses: actions/upload-artifact@v2 - with: - name: codeception-${{ matrix.group }}-evidence - path: codeception/_output/ - - name: Upload report - if: success() - uses: actions/upload-artifact@v2 - with: - name: codeception-${{ matrix.group }}-reports - path: codeception/_output/**/*.xml - - name: Upload logs - if: failure() - uses: actions/upload-artifact@v2 - with: - name: codeception-${{ matrix.group }}-logs - path: var/log/ - - upload: - name: Upload coverage reports - runs-on: ubuntu-latest - needs: [ phpunit, codeception ] - steps: - - name: Checkout - uses: actions/checkout@v2 - - uses: actions/download-artifact@v2 - with: - path: reports - - run: | - mv reports/codeception-admin01-reports/acceptance\ \(chrome,\ github_action\).remote.coverage.xml reports/acceptance.admin01.coverage.xml - mv reports/codeception-admin02-reports/acceptance\ \(chrome,\ github_action\).remote.coverage.xml reports/acceptance.admin02.coverage.xml - mv reports/codeception-admin03-reports/acceptance\ \(chrome,\ github_action\).remote.coverage.xml reports/acceptance.admin03.coverage.xml - mv reports/codeception-front-reports/acceptance\ \(chrome,\ github_action\).remote.coverage.xml reports/acceptance.front.coverage.xml - mv reports/codeception-installer-reports/acceptance\ \(chrome,\ github_action\).remote.coverage.xml reports/acceptance.installer.coverage.xml - - name: Upload unit test coverage - uses: codecov/codecov-action@v1 - with: - files: ./reports/phpunit-reports/coverage1.xml - flags: Unit - fail_ci_if_error: true - - name: Upload E2E coverage - uses: codecov/codecov-action@v1 - with: - files: ./reports/acceptance.admin01.coverage.xml,./reports/acceptance.admin02.coverage.xml,./reports/acceptance.admin03.coverage.xml,./reports/acceptance.front.coverage.xml,./reports/acceptance.installer.coverage.xml - flags: E2E - fail_ci_if_error: true diff --git a/.github/workflows/deny-test.yml b/.github/workflows/deny-test.yml deleted file mode 100644 index 3ae6620dbef..00000000000 --- a/.github/workflows/deny-test.yml +++ /dev/null @@ -1,137 +0,0 @@ -name: Deny check for EC-CUBE -on: - push: - branches: - - '*' - tags: - - '*' - paths: - - '**' - - '!*.md' - pull_request: - paths: - - '**' - - '!*.md' -jobs: - deploy: - name: Deny check - runs-on: ubuntu-18.04 - services: - postgres: - image: postgres:14 - env: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: password - ports: - - 5432:5432 - # needed because the postgres container does not provide a healthcheck - options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 - steps: - - name: Checkout - uses: actions/checkout@master - - - name: Setup PHP - uses: nanasess/setup-php@master - with: - php-version: '7.4' - - - name: Get Composer Cache Directory - id: composer-cache - run: | - echo "::set-output name=dir::$(composer config cache-files-dir)" - - uses: actions/cache@v1 - with: - path: ${{ steps.composer-cache.outputs.dir }} - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} - restore-keys: | - ${{ runner.os }}-composer- - - - name: Install to Composer - run: composer install --no-scripts --no-dev --no-interaction --optimize-autoloader - - - name: Translate to templates - run: php bin/template_jp.php - - - name: Setup to EC-CUBE - env: - APP_ENV: 'prod' - DATABASE_URL: postgres://postgres:password@127.0.0.1:5432/eccube_db - DATABASE_SERVER_VERSION: 14 - run: | - rm -rf $GITHUB_WORKSPACE/app/Plugin/* - echo "APP_ENV=${APP_ENV}" > .env - bin/console doctrine:database:create --env=dev - bin/console doctrine:schema:create --env=dev - bin/console eccube:fixtures:load --env=dev - - - name: Install Plugins - env: - APP_ENV: 'prod' - DATABASE_URL: postgres://postgres:password@127.0.0.1:5432/eccube_db - DATABASE_SERVER_VERSION: 14 - run: | - bin/console eccube:composer:require "ec-cube/recommend42" - bin/console eccube:composer:require "ec-cube/coupon42" - bin/console eccube:composer:require "ec-cube/mailmagazine42" - bin/console eccube:composer:require "ec-cube/salesreport42" - bin/console eccube:composer:require "ec-cube/relatedproduct42" - bin/console eccube:composer:require "ec-cube/securitychecker42" - bin/console eccube:composer:require "ec-cube/productreview42" - bin/console eccube:composer:require "ec-cube/api42" - bin/console eccube:composer:require "ec-cube/sitekit42" - - - name: Pre Install Plugins - env: - PGPASSWORD: 'password' - run: psql eccube_db -h 127.0.0.1 -U postgres -c "select id,name,code,0 as enabled,version,source,0 as initialized,'2021-08-13 00:00:00' as create_date,'2021-08-13 00:00:00' as update_date,discriminator_type from dtb_plugin;" -A -F, --pset footer > src/Eccube/Resource/doctrine/import_csv/ja/dtb_plugin.csv - - - name: Packaging - working-directory: ../ - run: ${{ github.event.repository.name }}/package.sh - - - name: Build Container - run: docker build -t ec-cube . - - - name: Container Run - run: | - docker run -e APP_ENV=prod -e APP_DEBUG=0 -e DATABASE_URL="sqlite:///var/eccube.db" -e DATABASE_SERVER_VERSION=3 --rm -d -p 8080:80 --name eccube ec-cube - echo -n $(docker inspect -f {{.State.Health.Status}} eccube) - until [ $(docker inspect -f {{.State.Health.Status}} eccube) != "starting" ]; do - echo -n . - sleep 10; - done; - docker inspect -f {{.State.Health.Status}} eccube - docker cp ../eccube.tar.gz eccube:/tmp/ - docker exec -w /tmp eccube bash -c "rm -rf /var/www/html; tar xf /tmp/eccube.tar.gz -C /var/www; mv /var/www/ec-cube /var/www/html; chown -R www-data: /var/www/html" - docker exec -u www-data eccube bin/console eccube:install -n - docker exec -u www-data eccube bash -c 'for code in Api42 Coupon42 MailMagazine42 ProductReview42 Recommend42 RelatedProduct42 SalesReport42 Securitychecker42 SiteKit42; do bin/console eccube:plugin:enable --code $code; done' - - - name: setup-chromedriver - uses: nanasess/setup-chromedriver@master - - - name: Prepare test - run: | - export DISPLAY=:99 - chromedriver --url-base=/wd/hub & - echo ">>> Started chrome-driver" - sudo Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 & - echo ">>> Started xvfb" - composer install --no-scripts --no-interaction --optimize-autoloader - echo "modules: - enabled: - - REST: - depends: PhpBrowser - url: 'http://127.0.0.1:8080' - config: - WebDriver: - host: '127.0.0.1' - port: 9515 - url: 'http://127.0.0.1:8080'" > codeception/_envs/local.yml - - - name: Run tests - env: - APP_ENV: 'codeception' - DATABASE_URL: postgres://postgres:password@127.0.0.1:5432/eccube_db - DATABASE_SERVER_VERSION: 14 - run: | - vendor/bin/codecept -vvv run acceptance --env chrome,local CL01DenyCest diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml deleted file mode 100644 index dfafc84641e..00000000000 --- a/.github/workflows/deploy.yml +++ /dev/null @@ -1,150 +0,0 @@ -name: Deploy for EC-CUBE -on: - release: - types: [ published ] -jobs: - deploy: - name: Deploy - runs-on: ubuntu-18.04 - services: - postgres: - image: postgres:14 - env: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: password - ports: - - 5432:5432 - # needed because the postgres container does not provide a healthcheck - options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 - steps: - - name: Checkout - uses: actions/checkout@master - - - name: Setup PHP - uses: nanasess/setup-php@master - with: - php-version: '7.4' - - - name: Get Composer Cache Directory - id: composer-cache - run: | - echo "::set-output name=dir::$(composer config cache-files-dir)" - - uses: actions/cache@v1 - with: - path: ${{ steps.composer-cache.outputs.dir }} - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} - restore-keys: | - ${{ runner.os }}-composer- - - - name: Install to Composer - run: composer install --no-scripts --no-dev --no-interaction --optimize-autoloader - - - name: Translate to templates - run: php bin/template_jp.php - - - name: Setup to EC-CUBE - env: - APP_ENV: 'prod' - DATABASE_URL: postgres://postgres:password@127.0.0.1:5432/eccube_db - DATABASE_SERVER_VERSION: 14 - run: | - rm -rf $GITHUB_WORKSPACE/app/Plugin/* - echo "APP_ENV=${APP_ENV}" > .env - bin/console doctrine:database:create --env=dev - bin/console doctrine:schema:create --env=dev - bin/console eccube:fixtures:load --env=dev - - - name: Install Plugins - env: - APP_ENV: 'prod' - DATABASE_URL: postgres://postgres:password@127.0.0.1:5432/eccube_db - DATABASE_SERVER_VERSION: 14 - run: | - bin/console eccube:composer:require "ec-cube/recommend42" - bin/console eccube:composer:require "ec-cube/coupon42" - bin/console eccube:composer:require "ec-cube/mailmagazine42" - bin/console eccube:composer:require "ec-cube/salesreport42" - bin/console eccube:composer:require "ec-cube/relatedproduct42" - bin/console eccube:composer:require "ec-cube/securitychecker42" - bin/console eccube:composer:require "ec-cube/productreview42" - bin/console eccube:composer:require "ec-cube/api42" - bin/console eccube:composer:require "ec-cube/sitekit42" - - - name: revert to config platform.php - run: composer config platform.php 7.4.0 - - - name: Pre Install Plugins - env: - PGPASSWORD: 'password' - run: psql eccube_db -h 127.0.0.1 -U postgres -c "select id,name,code,0 as enabled,version,source,0 as initialized,'2021-08-13 00:00:00' as create_date,'2021-08-13 00:00:00' as update_date,discriminator_type from dtb_plugin;" -A -F, --pset footer > src/Eccube/Resource/doctrine/import_csv/ja/dtb_plugin.csv - - - name: Packaging - working-directory: ../ - env: - TAG_NAME: ${{ github.event.release.tag_name }} - run: ${{ github.event.repository.name }}/package.sh - - - name: Upload binaries to release of TGZ - uses: svenstaro/upload-release-action@v1-release - with: - repo_token: ${{ secrets.GITHUB_TOKEN }} - file: ${{ runner.workspace }}/eccube-${{ github.event.release.tag_name }}.tar.gz - asset_name: eccube-${{ github.event.release.tag_name }}.tar.gz - tag: ${{ github.ref }} - overwrite: true - - name: Upload binaries to release of ZIP - uses: svenstaro/upload-release-action@v1-release - with: - repo_token: ${{ secrets.GITHUB_TOKEN }} - file: ${{ runner.workspace }}/eccube-${{ github.event.release.tag_name }}.zip - asset_name: eccube-${{ github.event.release.tag_name }}.zip - tag: ${{ github.ref }} - overwrite: true - - name: Upload binaries to release of TGZ md5 checksum - uses: svenstaro/upload-release-action@v1-release - with: - repo_token: ${{ secrets.GITHUB_TOKEN }} - file: ${{ runner.workspace }}/eccube-${{ github.event.release.tag_name }}.tar.gz.checksum.md5 - asset_name: eccube-${{ github.event.release.tag_name }}.tar.gz.checksum.md5 - tag: ${{ github.ref }} - overwrite: true - - name: Upload binaries to release of TGZ sha1 checksum - uses: svenstaro/upload-release-action@v1-release - with: - repo_token: ${{ secrets.GITHUB_TOKEN }} - file: ${{ runner.workspace }}/eccube-${{ github.event.release.tag_name }}.tar.gz.checksum.sha1 - asset_name: eccube-${{ github.event.release.tag_name }}.tar.gz.checksum.sha1 - tag: ${{ github.ref }} - overwrite: true - - name: Upload binaries to release of TGZ sha256 checksum - uses: svenstaro/upload-release-action@v1-release - with: - repo_token: ${{ secrets.GITHUB_TOKEN }} - file: ${{ runner.workspace }}/eccube-${{ github.event.release.tag_name }}.tar.gz.checksum.sha256 - asset_name: eccube-${{ github.event.release.tag_name }}.tar.gz.checksum.sha256 - tag: ${{ github.ref }} - overwrite: true - - name: Upload binaries to release of ZIP md5 checksum - uses: svenstaro/upload-release-action@v1-release - with: - repo_token: ${{ secrets.GITHUB_TOKEN }} - file: ${{ runner.workspace }}/eccube-${{ github.event.release.tag_name }}.zip.checksum.md5 - asset_name: eccube-${{ github.event.release.tag_name }}.zip.checksum.md5 - tag: ${{ github.ref }} - overwrite: true - - name: Upload binaries to release of ZIP sha1 checksum - uses: svenstaro/upload-release-action@v1-release - with: - repo_token: ${{ secrets.GITHUB_TOKEN }} - file: ${{ runner.workspace }}/eccube-${{ github.event.release.tag_name }}.zip.checksum.sha1 - asset_name: eccube-${{ github.event.release.tag_name }}.zip.checksum.sha1 - tag: ${{ github.ref }} - overwrite: true - - name: Upload binaries to release of ZIP sha256 checksum - uses: svenstaro/upload-release-action@v1-release - with: - repo_token: ${{ secrets.GITHUB_TOKEN }} - file: ${{ runner.workspace }}/eccube-${{ github.event.release.tag_name }}.zip.checksum.sha256 - asset_name: eccube-${{ github.event.release.tag_name }}.zip.checksum.sha256 - tag: ${{ github.ref }} - overwrite: true diff --git a/.github/workflows/dockerbuild.yml b/.github/workflows/dockerbuild.yml deleted file mode 100644 index e1cebcfa1ae..00000000000 --- a/.github/workflows/dockerbuild.yml +++ /dev/null @@ -1,110 +0,0 @@ -name: Testing dockerbuild -on: - push: - paths: - - 'Dockerfile' - - 'dockerbuild/*' - - 'docker-compose*.yml' - - '.github/workflows/dockerbuild.yml' - pull_request: - paths: - - 'Dockerfile' - - 'dockerbuild/*' - - 'docker-compose*.yml' - - '.github/workflows/dockerbuild.yml' - -jobs: - dockerbuild: - name: dockerbuild - runs-on: ${{ matrix.operating-system }} - strategy: - fail-fast: false - matrix: - operating-system: [ ubuntu-18.04 ] - php: [ 7.4 ] - db: [ pgsql ] - group: [ admin01 ] - include: - - db: pgsql - database_url: postgres://dbuser:secret@127.0.0.1:15432/eccubedb - database_server_version: 14 - - group: admin01 - app_env: 'codeception' - # - group: admin02 - # app_env: 'codeception' - # - group: admin03 - # app_env: 'codeception' - # - group: front - # app_env: 'codeception' - # - group: installer - # app_env: 'install' - - steps: - - name: Checkout - uses: actions/checkout@master - - - name: docker build - run: docker compose build - - - name: Get Composer Cache Directory - id: composer-cache - run: | - echo "::set-output name=dir::$(composer config cache-files-dir)" - - uses: actions/cache@v1 - with: - path: ${{ steps.composer-cache.outputs.dir }} - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} - restore-keys: | - ${{ runner.os }}-composer- - - - name: Setup PHP - uses: nanasess/setup-php@master - with: - php-version: ${{ matrix.php }} - - - name: composer install - run: composer install --dev --no-interaction -o --apcu-autoloader - - name: Setup to EC-CUBE - env: - APP_ENV: ${{ matrix.app_env }} - DATABASE_URL: ${{ matrix.database_url }} - DATABASE_SERVER_VERSION: ${{ matrix.database_server_version }} - run: | - docker compose -f docker-compose.yml -f docker-compose.pgsql.yml up -d --wait - sed -i 's!APP_ENV: "dev"!APP_ENV: "prod"!g' docker-compose.yml - docker compose -f docker-compose.yml -f docker-compose.pgsql.yml up -d --wait - - - name: setup-chromedriver - uses: nanasess/setup-chromedriver@master - - - name: Run chromedriver - run: | - export DISPLAY=:99 - chromedriver --url-base=/wd/hub & - echo ">>> Started chrome-driver" - sudo Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 & - echo ">>> Started xvfb" - - - name: Codeception - env: - APP_ENV: ${{ matrix.app_env }} - DATABASE_URL: ${{ matrix.database_url }} - DATABASE_SERVER_VERSION: ${{ matrix.database_server_version }} - MAILER_URL: 'smtp://127.0.0.1:1025' - GROUP: ${{ matrix.group }} - SYMFONY_DEPRECATIONS_HELPER: weak - run: | - echo "APP_ENV=${APP_ENV}" > .env - vendor/bin/codecept -vvv run acceptance --env chrome,github_action_docker -g ${GROUP} - - name: Upload evidence - if: failure() - uses: actions/upload-artifact@v2 - with: - name: codeception-${{ matrix.group }}-evidence - path: codeception/_output/ - - name: Upload logs - if: failure() - uses: actions/upload-artifact@v2 - with: - name: codeception-${{ matrix.group }}-logs - path: var/log/ diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml deleted file mode 100644 index b702aca280b..00000000000 --- a/.github/workflows/e2e-test.yml +++ /dev/null @@ -1,166 +0,0 @@ -name: E2E test for EC-CUBE -on: - push: - branches: - - '*' - tags: - - '*' - paths: - - '**' - - '!*.md' - pull_request: - paths: - - '**' - - '!*.md' -jobs: - codeception: - name: Codeception - runs-on: ubuntu-18.04 - strategy: - fail-fast: false - matrix: - php: [ 7.4 ] - db: [ pgsql ] - group: [ 'admin01', 'admin02', 'admin03', 'front', 'restrict-fileupload', 'installer' ] - include: - - db: pgsql - database_url: postgres://postgres:password@127.0.0.1:5432/eccube_db - database_server_version: 14 - - group: 'admin01' - app_env: 'codeception' - - group: 'admin02' - app_env: 'codeception' - - group: 'admin03' - app_env: 'codeception' - - group: 'front' - app_env: 'codeception' - - group: 'restrict-fileupload' - app_env: 'codeception' - - group: 'installer' - app_env: 'install' - services: - postgres: - image: postgres:14 - env: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: password - ports: - - 5432:5432 - # needed because the postgres container does not provide a healthcheck - options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 - - mailcatcher: - image: schickling/mailcatcher - ports: - - 1080:1080 - - 1025:1025 - - steps: - - name: Checkout - uses: actions/checkout@master - - - name: Get Composer Cache Directory - id: composer-cache - run: | - echo "::set-output name=dir::$(composer config cache-files-dir)" - - uses: actions/cache@v1 - with: - path: ${{ steps.composer-cache.outputs.dir }} - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} - restore-keys: | - ${{ runner.os }}-composer- - - - name: Setup PHP - uses: nanasess/setup-php@master - with: - php-version: ${{ matrix.php }} - - - name: composer install - run: composer install --dev --no-interaction -o --apcu-autoloader - - name: Setup to EC-CUBE - env: - APP_ENV: ${{ matrix.app_env }} - DATABASE_URL: ${{ matrix.database_url }} - DATABASE_SERVER_VERSION: ${{ matrix.database_server_version }} - run: | - echo "APP_ENV=${APP_ENV}" > .env - echo "TRUSTED_HOSTS=127.0.0.1,localhost" >> .env - bin/console doctrine:database:create --env=dev - bin/console doctrine:schema:create --env=dev - bin/console eccube:fixtures:load --env=dev - - - name: setup-chromedriver - uses: nanasess/setup-chromedriver@master - - - name: Run chromedriver - run: | - export DISPLAY=:99 - chromedriver --url-base=/wd/hub & - echo ">>> Started chrome-driver" - sudo Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 & - echo ">>> Started xvfb" - - - name: Run package-api - run: | - if [[ ! -d ${PWD}/repos ]]; then mkdir -p ${PWD}/repos ; fi - docker run -d --rm -v ${PWD}/repos:/repos -e MOCK_REPO_DIR=/repos -p 8080:8080 eccube/mock-package-api:composer2 - cp codeception/_data/plugins/*-1.0.0.tgz repos - - - name: Start PHP Development Server - if: ${{ matrix.group != 'restrict-fileupload' }} - env: - APP_ENV: 'codeception' - DATABASE_URL: ${{ matrix.database_url }} - DATABASE_SERVER_VERSION: ${{ matrix.database_server_version }} - MAILER_DSN: 'smtp://127.0.0.1:1025' - ECCUBE_PACKAGE_API_URL: 'http://127.0.0.1:8080' - run: php -S 127.0.0.1:8000 codeception/router.php & - - - name: Start PHP Development Server - if: ${{ matrix.group == 'restrict-fileupload' }} - env: - APP_ENV: 'codeception' - DATABASE_URL: ${{ matrix.database_url }} - DATABASE_SERVER_VERSION: ${{ matrix.database_server_version }} - MAILER_DSN: 'smtp://127.0.0.1:1025' - ECCUBE_PACKAGE_API_URL: 'http://127.0.0.1:8080' - ECCUBE_RESTRICT_FILE_UPLOAD: '1' - run: php -S 127.0.0.1:8000 codeception/router.php & - - - name: Codeception - if: ${{ matrix.group != 'restrict-fileupload' }} - env: - APP_ENV: ${{ matrix.app_env }} - DATABASE_URL: ${{ matrix.database_url }} - DATABASE_SERVER_VERSION: ${{ matrix.database_server_version }} - MAILER_DSN: 'smtp://127.0.0.1:1025' - ECCUBE_PACKAGE_API_URL: 'http://127.0.0.1:8080' - GROUP: ${{ matrix.group }} - SYMFONY_DEPRECATIONS_HELPER: weak - run: vendor/bin/codecept -vvv run acceptance --env chrome,github_action -g ${GROUP} --skip-group restrict-file-upload --html report.html - - - name: Codeception with Restrict file upload - if: ${{ matrix.group == 'restrict-fileupload' }} - env: - APP_ENV: ${{ matrix.app_env }} - DATABASE_URL: ${{ matrix.database_url }} - DATABASE_SERVER_VERSION: ${{ matrix.database_server_version }} - MAILER_DSN: 'smtp://127.0.0.1:1025' - ECCUBE_PACKAGE_API_URL: 'http://127.0.0.1:8080' - GROUP: ${{ matrix.group }} - SYMFONY_DEPRECATIONS_HELPER: weak - ECCUBE_RESTRICT_FILE_UPLOAD: '1' - run: vendor/bin/codecept -vvv run acceptance --env chrome,github_action -g ${GROUP} --html report.html - - - name: Upload evidence - if: failure() - uses: actions/upload-artifact@v2 - with: - name: codeception-${{ matrix.group }}-evidence - path: codeception/_output/ - - name: Upload logs - if: failure() - uses: actions/upload-artifact@v2 - with: - name: codeception-${{ matrix.group }}-logs - path: var/log/ diff --git a/.github/workflows/penetration-test.yml b/.github/workflows/penetration-test.yml deleted file mode 100644 index f68197bca64..00000000000 --- a/.github/workflows/penetration-test.yml +++ /dev/null @@ -1,87 +0,0 @@ -name: Penetration testing for EC-CUBE -on: - schedule: - - cron: '0 15 * * 1' - -jobs: - PenetrationTest: - name: Penetration testing - runs-on: ${{ matrix.operating-system }} - strategy: - fail-fast: false - matrix: - operating-system: [ ubuntu-18.04 ] - group: - - 'test/front_login/contact.test.ts' - - 'test/front_guest/about.test.ts' - - 'test/front_guest/contact.test.ts' - - 'test/admin/content_layout.test.ts' - - 'test/admin/content_layout_delete.test.ts' - - 'test/admin/customer_new.test.ts' - - 'test/admin/customer.test.ts' - - 'test/admin/content_cache.test.ts' - - 'test/admin/customer_edit.test.ts' - - 'test/admin/product_class_name.test.ts' - - 'test/admin/order_mail.test.ts' - - 'test/admin/product.test.ts' - - 'test/admin/product_csv_template.test.ts' - - 'test/admin/content_block.test.ts' - - 'test/admin/content_page.test.ts' - - 'test/admin/product_category_export.test.ts' - - 'test/admin/change_password.test.ts' - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Setup to EC-CUBE - run: | - sudo chown -R 1001:1000 zap - sudo chmod -R g+w zap - docker-compose -f docker-compose.yml -f docker-compose.pgsql.yml -f docker-compose.dev.yml -f docker-compose.owaspzap.yml -f docker-compose.owaspzap.daemon.yml up -d - docker-compose -f docker-compose.yml -f docker-compose.pgsql.yml -f docker-compose.dev.yml -f docker-compose.owaspzap.yml -f docker-compose.owaspzap.daemon.yml exec -T ec-cube bin/console doctrine:schema:create --env=dev - docker-compose -f docker-compose.yml -f docker-compose.pgsql.yml -f docker-compose.dev.yml -f docker-compose.owaspzap.yml -f docker-compose.owaspzap.daemon.yml exec -T ec-cube bin/console eccube:fixtures:load --env=dev - docker-compose -f docker-compose.yml -f docker-compose.pgsql.yml -f docker-compose.dev.yml -f docker-compose.owaspzap.yml -f docker-compose.owaspzap.daemon.yml exec -T ec-cube bin/console eccube:fixtures:generate --products=5 --customers=1 --orders=5 - docker-compose -f docker-compose.yml -f docker-compose.pgsql.yml -f docker-compose.dev.yml -f docker-compose.owaspzap.yml -f docker-compose.owaspzap.daemon.yml exec -T ec-cube bin/console doctrine:query:sql "UPDATE dtb_customer SET email = 'zap_user@example.com' WHERE id = 1;" - sed -i 's!APP_ENV: "dev"!APP_ENV: "prod"!g' docker-compose.yml - docker-compose -f docker-compose.yml -f docker-compose.pgsql.yml -f docker-compose.dev.yml -f docker-compose.owaspzap.yml -f docker-compose.owaspzap.daemon.yml up -d ec-cube - - - name: yarn install - working-directory: zap/selenium/ci/TypeScript - run: | - yarn install - yarn run playwright install --with-deps chromium - yarn playwright install-deps chromium - - run: | - git config --global user.name "$(git --no-pager log --format=format:'%an' -n 1)" - git config --global user.email "$(git --no-pager log --format=format:'%ae' -n 1)" - - name: Apply patch to change_password - if: matrix.group == 'test/admin/change_password.test.ts' - working-directory: zap/selenium/ci/TypeScript - run: git am patches/0001-Member.patch - - name: Apply patch to delete_layout - if: matrix.group == 'test/admin/content_layout_delete.test.ts' - working-directory: zap/selenium/ci/TypeScript - run: git am patches/0001-DeleteLayout.patch - - name: Apply patch to new_customer - if: matrix.group == 'test/admin/customer_new.test.ts' - working-directory: zap/selenium/ci/TypeScript - run: git am patches/0002-NewCustomer.patch - - name: Penetration testing - working-directory: zap/selenium/ci/TypeScript - env: - GROUP: ${{ matrix.group }} - HTTP_PROXY: 127.0.0.1:8090 - HTTPS_PROXY: 127.0.0.1:8090 - CI: 1 - FORCE_COLOR: 1 - run: yarn playwright test ${GROUP} - - env: - GROUP: ${{ matrix.group }} - if: always() - run: echo "ARTIFACT_NAME=$(echo ${GROUP} | sed 's,/,-,g')" >> $GITHUB_ENV - - name: Upload evidence - if: always() - uses: actions/upload-artifact@v2 - with: - name: zap-${{ env.ARTIFACT_NAME }}-session - path: zap/sessions diff --git a/.github/workflows/phpstan.yml b/.github/workflows/phpstan.yml deleted file mode 100644 index 72f3b87fc5d..00000000000 --- a/.github/workflows/phpstan.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: PHPStan -on: - push: - branches: - - '*' - tags: - - '*' - paths: - - '**' - - '!*.md' - pull_request: - paths: - - '**' - - '!*.md' - -jobs: - phpstan: - name: PHPStan - - runs-on: ubuntu-latest - - steps: - - name: "Checkout" - uses: actions/checkout@v2 - - name: Setup PHP - uses: nanasess/setup-php@master - with: - php-version: '7.4' - - name: composer install - run: composer install --dev --no-interaction -o --apcu-autoloader - - name: PHPStan - run: vendor/bin/phpstan analyze src/ --error-format=github diff --git a/.github/workflows/plugin-test.yml b/.github/workflows/plugin-test.yml deleted file mode 100644 index af096c21ee0..00000000000 --- a/.github/workflows/plugin-test.yml +++ /dev/null @@ -1,607 +0,0 @@ -name: Plugin test for EC-CUBE -on: - push: - branches: - - '*' - tags: - - '*' - paths: - - '**' - - '!*.md' - pull_request: - paths: - - '**' - - '!*.md' -jobs: - plugin-install: - name: Plugin install - runs-on: ${{ matrix.operating-system }} - strategy: - fail-fast: false - matrix: - operating-system: [ ubuntu-18.04 ] - php: [ '7.4', '8.0', '8.1' ] - db: [ pgsql, mysql ] - method: - - test_install_enable_disable_remove_store - - test_install_enable_disable_remove_local - - test_install_enable_disable_enable_disable_remove_store - - test_install_enable_disable_enable_disable_remove_local - - test_install_remove_local - - test_install_remove_store - - test_bundle_install_enable_disable_remove_store - - test_bundle_install_update_enable_disable_remove_store - include: - - db: pgsql - database_url: postgres://postgres:password@127.0.0.1:5432/eccube_db - database_server_version: 14 - database_charset: utf8 - - db: mysql - database_url: mysql://root:password@127.0.0.1:3306/eccube_db - database_server_version: 5 - database_charset: utf8mb4 - - services: - mysql: - image: mysql:5.7 - env: - MYSQL_ROOT_PASSWORD: password - ports: - - 3306:3306 - options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3 - postgres: - image: postgres:14 - env: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: password - ports: - - 5432:5432 - # needed because the postgres container does not provide a healthcheck - options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 - mailcatcher: - image: schickling/mailcatcher - ports: - - 1080:1080 - - 1025:1025 - - steps: - - name: Checkout - uses: actions/checkout@master - - - name: Get Composer Cache Directory - id: composer-cache - run: | - echo "::set-output name=dir::$(composer config cache-files-dir)" - - uses: actions/cache@v1 - with: - path: ${{ steps.composer-cache.outputs.dir }} - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} - restore-keys: | - ${{ runner.os }}-composer- - - - name: Setup PHP - uses: nanasess/setup-php@master - with: - php-version: ${{ matrix.php }} - - - name: composer install - run: composer install --dev --no-interaction -o --apcu-autoloader - - - name: Setup to EC-CUBE - env: - APP_ENV: 'codeception' - DATABASE_URL: ${{ matrix.database_url }} - DATABASE_SERVER_VERSION: ${{ matrix.database_server_version }} - DATABASE_CHARSET: ${{ matrix.database_charset }} - run: | - echo "APP_ENV=${APP_ENV}" > .env - bin/console doctrine:database:create --env=dev - bin/console doctrine:schema:create --env=dev - bin/console eccube:fixtures:load --env=dev - - - name: Update baseinfo with pgsql - if: matrix.db == 'pgsql' - env: - PGPASSWORD: 'password' - run: | - sudo apt-fast install -y postgresql-client - psql eccube_db -h 127.0.0.1 -U postgres -c "update dtb_base_info set authentication_key='test';" - - - name: Update baseinfo with mysql - if: matrix.db == 'mysql' - run: mysql -h 127.0.0.1 -u root -ppassword eccube_db -e "update dtb_base_info set authentication_key='test';" - - - name: setup-chromedriver - uses: nanasess/setup-chromedriver@master - - - name: Run chromedriver - run: | - export DISPLAY=:99 - chromedriver --url-base=/wd/hub & - echo ">>> Started chrome-driver" - sudo Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 & - echo ">>> Started xvfb" - - - name: Start PHP Development Server - env: - APP_ENV: 'codeception' - DATABASE_URL: ${{ matrix.database_url }} - DATABASE_SERVER_VERSION: ${{ matrix.database_server_version }} - DATABASE_CHARSET: ${{ matrix.database_charset }} - MAILER_URL: 'smtp://127.0.0.1:1025' - ECCUBE_PACKAGE_API_URL: 'http://127.0.0.1:8080' - run: php -S 127.0.0.1:8000 codeception/router.php & - - ## ${PWD}/repos does not exist so service cannot be started - - name: Run package-api - run: | - if [[ ! -d ${PWD}/repos ]]; then mkdir -p ${PWD}/repos ; fi - docker run -d --rm -v ${PWD}/repos:/repos -e MOCK_REPO_DIR=/repos -p 8080:8080 eccube/mock-package-api:composer2 - - - name: Codeception - env: - APP_ENV: ${{ matrix.app_env }} - DATABASE_URL: ${{ matrix.database_url }} - DATABASE_SERVER_VERSION: ${{ matrix.database_server_version }} - DATABASE_CHARSET: ${{ matrix.database_charset }} - MAILER_URL: 'smtp://127.0.0.1:1025' - METHOD: ${{ matrix.method }} - ECCUBE_PACKAGE_API_URL: 'http://127.0.0.1:8080' - NO_FIXTURES: 1 - run: vendor/bin/codecept -vvv run acceptance --env chrome,github_action EA10PluginCest:${METHOD} - - name: Upload evidence - if: failure() - uses: actions/upload-artifact@v2 - with: - name: plugin-install-${{ matrix.method }}-evidence - path: codeception/_output/ - - name: Upload logs - if: failure() - uses: actions/upload-artifact@v2 - with: - name: plugin-install-${{ matrix.method }}-logs - path: var/log/ - - plugin-update: - name: Plugin Update - runs-on: ${{ matrix.operating-system }} - strategy: - fail-fast: false - matrix: - operating-system: [ ubuntu-18.04 ] - php: [ '7.4', '8.0', '8.1' ] - db: [ pgsql, mysql ] - method: - - test_install_update_remove_store - - test_install_update_remove_local - - test_install_enable_disable_update_enable_disable_remove_local - - test_install_enable_disable_update_enable_disable_remove_store - - test_install_enable_update_disable_remove_store - - test_install_enable_update_disable_remove_local - include: - - db: pgsql - database_url: postgres://postgres:password@127.0.0.1:5432/eccube_db - database_server_version: 14 - database_charset: utf8 - - db: mysql - database_url: mysql://root:password@127.0.0.1:3306/eccube_db - database_server_version: 5 - database_charset: utf8mb4 - - services: - mysql: - image: mysql:5.7 - env: - MYSQL_ROOT_PASSWORD: password - ports: - - 3306:3306 - options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3 - postgres: - image: postgres:14 - env: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: password - ports: - - 5432:5432 - # needed because the postgres container does not provide a healthcheck - options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 - mailcatcher: - image: schickling/mailcatcher - ports: - - 1080:1080 - - 1025:1025 - - steps: - - name: Checkout - uses: actions/checkout@master - - - name: Get Composer Cache Directory - id: composer-cache - run: | - echo "::set-output name=dir::$(composer config cache-files-dir)" - - uses: actions/cache@v1 - with: - path: ${{ steps.composer-cache.outputs.dir }} - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} - restore-keys: | - ${{ runner.os }}-composer- - - - name: Setup PHP - uses: nanasess/setup-php@master - with: - php-version: ${{ matrix.php }} - - - name: Install to Composer - run: composer install --dev --no-interaction -o --apcu-autoloader - - - name: Setup to EC-CUBE - env: - APP_ENV: 'codeception' - DATABASE_URL: ${{ matrix.database_url }} - DATABASE_SERVER_VERSION: ${{ matrix.database_server_version }} - DATABASE_CHARSET: ${{ matrix.database_charset }} - run: | - echo "APP_ENV=${APP_ENV}" > .env - bin/console doctrine:database:create --env=dev - bin/console doctrine:schema:create --env=dev - bin/console eccube:fixtures:load --env=dev - - - name: Update baseinfo with pgsql - if: matrix.db == 'pgsql' - env: - PGPASSWORD: 'password' - run: | - sudo apt-fast install -y postgresql-client - psql eccube_db -h 127.0.0.1 -U postgres -c "update dtb_base_info set authentication_key='test';" - - - name: Update baseinfo with mysql - if: matrix.db == 'mysql' - run: mysql -h 127.0.0.1 -u root -ppassword eccube_db -e "update dtb_base_info set authentication_key='test';" - - - name: setup-chromedriver - uses: nanasess/setup-chromedriver@master - - - name: Run chromedriver - run: | - export DISPLAY=:99 - chromedriver --url-base=/wd/hub & - echo ">>> Started chrome-driver" - sudo Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 & - echo ">>> Started xvfb" - - - name: Start PHP Development Server - env: - APP_ENV: 'codeception' - DATABASE_URL: ${{ matrix.database_url }} - DATABASE_SERVER_VERSION: ${{ matrix.database_server_version }} - DATABASE_CHARSET: ${{ matrix.database_charset }} - MAILER_URL: 'smtp://127.0.0.1:1025' - ECCUBE_PACKAGE_API_URL: 'http://127.0.0.1:8080' - run: php -S 127.0.0.1:8000 codeception/router.php & - - ## ${PWD}/repos does not exist so service cannot be started - - name: Run package-api - run: | - if [[ ! -d ${PWD}/repos ]]; then mkdir -p ${PWD}/repos ; fi - docker run -d --rm -v ${PWD}/repos:/repos -e MOCK_REPO_DIR=/repos -p 8080:8080 eccube/mock-package-api:composer2 - - - name: Run to Codeception - env: - APP_ENV: ${{ matrix.app_env }} - DATABASE_URL: ${{ matrix.database_url }} - DATABASE_SERVER_VERSION: ${{ matrix.database_server_version }} - DATABASE_CHARSET: ${{ matrix.database_charset }} - MAILER_URL: 'smtp://127.0.0.1:1025' - METHOD: ${{ matrix.method }} - ECCUBE_PACKAGE_API_URL: 'http://127.0.0.1:8080' - NO_FIXTURES: 1 - run: vendor/bin/codecept -vvv run acceptance --env chrome,github_action EA10PluginCest:${METHOD} - - name: Upload evidence - if: failure() - uses: actions/upload-artifact@v2 - with: - name: plugin-update-${{ matrix.method }}-evidence - path: codeception/_output/ - - name: Upload logs - if: failure() - uses: actions/upload-artifact@v2 - with: - name: plugin-update-${{ matrix.method }}-logs - path: var/log/ - - plugin-extend: - name: Plugin extend - runs-on: ${{ matrix.operating-system }} - strategy: - fail-fast: false - matrix: - operating-system: [ ubuntu-18.04 ] - php: [ '7.4', '8.0', '8.1' ] - db: [ pgsql, mysql ] - method: - - test_extend_same_table_store - - test_extend_same_table_disabled_remove_store - - test_extend_same_table_local - - test_extend_same_table_disabled_remove_local - - test_extend_same_table_crossed_store - - test_extend_same_table_crossed_local - include: - - db: pgsql - database_url: postgres://postgres:password@127.0.0.1:5432/eccube_db - database_server_version: 14 - database_charset: utf8 - - db: mysql - database_url: mysql://root:password@127.0.0.1:3306/eccube_db - database_server_version: 5 - database_charset: utf8mb4 - - services: - mysql: - image: mysql:5.7 - env: - MYSQL_ROOT_PASSWORD: password - ports: - - 3306:3306 - options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3 - postgres: - image: postgres:14 - env: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: password - ports: - - 5432:5432 - # needed because the postgres container does not provide a healthcheck - options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 - mailcatcher: - image: schickling/mailcatcher - ports: - - 1080:1080 - - 1025:1025 - - steps: - - name: Checkout - uses: actions/checkout@master - - - name: Get Composer Cache Directory - id: composer-cache - run: | - echo "::set-output name=dir::$(composer config cache-files-dir)" - - uses: actions/cache@v1 - with: - path: ${{ steps.composer-cache.outputs.dir }} - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} - restore-keys: | - ${{ runner.os }}-composer- - - - name: Setup PHP - uses: nanasess/setup-php@master - with: - php-version: ${{ matrix.php }} - - - name: Install to Composer - run: composer install --dev --no-interaction -o --apcu-autoloader - - - name: Setup to EC-CUBE - env: - APP_ENV: 'codeception' - DATABASE_URL: ${{ matrix.database_url }} - DATABASE_SERVER_VERSION: ${{ matrix.database_server_version }} - DATABASE_CHARSET: ${{ matrix.database_charset }} - run: | - echo "APP_ENV=${APP_ENV}" > .env - bin/console doctrine:database:create --env=dev - bin/console doctrine:schema:create --env=dev - bin/console eccube:fixtures:load --env=dev - - - name: Update baseinfo with pgsql - if: matrix.db == 'pgsql' - env: - PGPASSWORD: 'password' - run: | - sudo apt-fast install -y postgresql-client - psql eccube_db -h 127.0.0.1 -U postgres -c "update dtb_base_info set authentication_key='test';" - - - name: Update baseinfo with mysql - if: matrix.db == 'mysql' - run: mysql -h 127.0.0.1 -u root -ppassword eccube_db -e "update dtb_base_info set authentication_key='test';" - - - name: setup-chromedriver - uses: nanasess/setup-chromedriver@master - - - name: Run chromedriver - run: | - export DISPLAY=:99 - chromedriver --url-base=/wd/hub & - echo ">>> Started chrome-driver" - sudo Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 & - echo ">>> Started xvfb" - - - name: Start PHP Development Server - env: - APP_ENV: 'codeception' - DATABASE_URL: ${{ matrix.database_url }} - DATABASE_SERVER_VERSION: ${{ matrix.database_server_version }} - DATABASE_CHARSET: ${{ matrix.database_charset }} - MAILER_URL: 'smtp://127.0.0.1:1025' - ECCUBE_PACKAGE_API_URL: 'http://127.0.0.1:8080' - run: php -S 127.0.0.1:8000 codeception/router.php & - - ## ${PWD}/repos does not exist so service cannot be started - - name: Run package-api - run: | - if [[ ! -d ${PWD}/repos ]]; then mkdir -p ${PWD}/repos ; fi - docker run -d --rm -v ${PWD}/repos:/repos -e MOCK_REPO_DIR=/repos -p 8080:8080 eccube/mock-package-api:composer2 - - - name: Run to Codeception - env: - APP_ENV: ${{ matrix.app_env }} - DATABASE_URL: ${{ matrix.database_url }} - DATABASE_SERVER_VERSION: ${{ matrix.database_server_version }} - DATABASE_CHARSET: ${{ matrix.database_charset }} - MAILER_URL: 'smtp://127.0.0.1:1025' - METHOD: ${{ matrix.method }} - ECCUBE_PACKAGE_API_URL: 'http://127.0.0.1:8080' - NO_FIXTURES: 1 - run: vendor/bin/codecept -vvv run acceptance --env chrome,github_action EA10PluginCest:${METHOD} - - name: Upload evidence - if: failure() - uses: actions/upload-artifact@v2 - with: - name: plugin-extend-${{ matrix.method }}-evidence - path: codeception/_output/ - - name: Upload logs - if: failure() - uses: actions/upload-artifact@v2 - with: - name: plugin-extend-${{ matrix.method }}-logs - path: var/log/ - - plugin-depend: - name: Plugin depend - runs-on: ${{ matrix.operating-system }} - strategy: - fail-fast: false - matrix: - operating-system: [ ubuntu-18.04 ] - php: [ '7.4', '8.0', '8.1' ] - db: [ pgsql, mysql ] - method: - - test_dependency_each_install_plugin - - test_dependency_plugin_install - - test_dependency_plugin_update - - test_install_error - - install_enable_disable_enable_disable_remove_store - - test_enhance_plugin_entity - include: - - db: pgsql - database_url: postgres://postgres:password@127.0.0.1:5432/eccube_db - database_server_version: 14 - database_charset: utf8 - - db: mysql - database_url: mysql://root:password@127.0.0.1:3306/eccube_db - database_server_version: 5 - database_charset: utf8mb4 - exclude: - - db: mysql - method: test_dependency_plugin_update - - services: - mysql: - image: mysql:5.7 - env: - MYSQL_ROOT_PASSWORD: password - ports: - - 3306:3306 - options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3 - postgres: - image: postgres:14 - env: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: password - ports: - - 5432:5432 - # needed because the postgres container does not provide a healthcheck - options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 - mailcatcher: - image: schickling/mailcatcher - ports: - - 1080:1080 - - 1025:1025 - - steps: - - name: Checkout - uses: actions/checkout@master - - - name: Get Composer Cache Directory - id: composer-cache - run: | - echo "::set-output name=dir::$(composer config cache-files-dir)" - - uses: actions/cache@v1 - with: - path: ${{ steps.composer-cache.outputs.dir }} - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} - restore-keys: | - ${{ runner.os }}-composer- - - - name: Setup PHP - uses: nanasess/setup-php@master - with: - php-version: ${{ matrix.php }} - - - name: Install to Composer - run: composer install --dev --no-interaction -o --apcu-autoloader - - - name: Setup to EC-CUBE - env: - APP_ENV: 'codeception' - DATABASE_URL: ${{ matrix.database_url }} - DATABASE_SERVER_VERSION: ${{ matrix.database_server_version }} - DATABASE_CHARSET: ${{ matrix.database_charset }} - run: | - echo "APP_ENV=${APP_ENV}" > .env - bin/console doctrine:database:create --env=dev - bin/console doctrine:schema:create --env=dev - bin/console eccube:fixtures:load --env=dev - - - name: Update baseinfo with pgsql - if: matrix.db == 'pgsql' - env: - PGPASSWORD: 'password' - run: | - sudo apt-fast install -y postgresql-client - psql eccube_db -h 127.0.0.1 -U postgres -c "update dtb_base_info set authentication_key='test';" - - - name: Update baseinfo with mysql - if: matrix.db == 'mysql' - run: mysql -h 127.0.0.1 -u root -ppassword eccube_db -e "update dtb_base_info set authentication_key='test';" - - - name: setup-chromedriver - uses: nanasess/setup-chromedriver@master - - - name: Run chromedriver - run: | - export DISPLAY=:99 - chromedriver --url-base=/wd/hub & - echo ">>> Started chrome-driver" - sudo Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 & - echo ">>> Started xvfb" - - - name: Start PHP Development Server - env: - APP_ENV: 'codeception' - DATABASE_URL: ${{ matrix.database_url }} - DATABASE_SERVER_VERSION: ${{ matrix.database_server_version }} - DATABASE_CHARSET: ${{ matrix.database_charset }} - MAILER_URL: 'smtp://127.0.0.1:1025' - ECCUBE_PACKAGE_API_URL: 'http://127.0.0.1:8080' - run: php -S 127.0.0.1:8000 codeception/router.php & - - ## ${PWD}/repos does not exist so service cannot be started - - name: Run package-api - run: | - if [[ ! -d ${PWD}/repos ]]; then mkdir -p ${PWD}/repos ; fi - docker run -d --rm -v ${PWD}/repos:/repos -e MOCK_REPO_DIR=/repos -p 8080:8080 eccube/mock-package-api:composer2 - - - name: Run to Codeception - env: - APP_ENV: ${{ matrix.app_env }} - DATABASE_URL: ${{ matrix.database_url }} - DATABASE_SERVER_VERSION: ${{ matrix.database_server_version }} - DATABASE_CHARSET: ${{ matrix.database_charset }} - MAILER_URL: 'smtp://127.0.0.1:1025' - METHOD: ${{ matrix.method }} - ECCUBE_PACKAGE_API_URL: 'http://127.0.0.1:8080' - NO_FIXTURES: 1 - run: vendor/bin/codecept -vvv run acceptance --env chrome,github_action EA10PluginCest:${METHOD} - - name: Upload evidence - if: failure() - uses: actions/upload-artifact@v2 - with: - name: plugin-depend-${{ matrix.method }}-evidence - path: codeception/_output/ - - name: Upload logs - if: failure() - uses: actions/upload-artifact@v2 - with: - name: plugin-depend-${{ matrix.method }}-logs - path: var/log/ diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml deleted file mode 100644 index 95f6e106280..00000000000 --- a/.github/workflows/unit-test.yml +++ /dev/null @@ -1,133 +0,0 @@ -name: Unit test for EC-CUBE -on: - push: - branches: - - '*' - tags: - - '*' - paths: - - '**' - - '!*.md' - pull_request: - paths: - - '**' - - '!*.md' -jobs: - phpunit: - name: PHPUnit - runs-on: ${{ matrix.operating-system }} - strategy: - fail-fast: false - matrix: - operating-system: [ ubuntu-18.04 ] - php: [ '7.4', '8.0', '8.1' ] - db: [ mysql, pgsql, sqlite3 ] - include: - - db: mysql - database_url: mysql://root:password@127.0.0.1:3306/eccube_db - database_server_version: 5 - database_charset: utf8mb4 - - db: pgsql - database_url: postgres://postgres:password@127.0.0.1:5432/eccube_db - database_server_version: 14 - database_charset: utf8 - - db: sqlite3 - database_url: sqlite:///var/eccube.db - database_server_version: 3 - database_charset: utf8 - - services: - mysql: - image: mysql:5.7 - env: - MYSQL_ROOT_PASSWORD: password - ports: - - 3306:3306 - options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3 - postgres: - image: postgres:14 - env: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: password - ports: - - 5432:5432 - # needed because the postgres container does not provide a healthcheck - options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 - - steps: - - name: Checkout - uses: actions/checkout@master - - - name: Get Composer Cache Directory - id: composer-cache - run: | - echo "::set-output name=dir::$(composer config cache-files-dir)" - - uses: actions/cache@v1 - with: - path: ${{ steps.composer-cache.outputs.dir }} - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} - restore-keys: | - ${{ runner.os }}-composer- - - - name: Setup PHP - uses: nanasess/setup-php@master - with: - php-version: ${{ matrix.php }} - - - name: composer install - run: composer install --dev --no-interaction -o --apcu-autoloader - - - name: Setup EC-CUBE - env: - APP_ENV: 'test' - DATABASE_URL: ${{ matrix.database_url }} - DATABASE_SERVER_VERSION: ${{ matrix.database_server_version }} - DATABASE_CHARSET: ${{ matrix.database_charset }} - run: | - bin/console doctrine:database:create - bin/console doctrine:schema:create - bin/console eccube:fixtures:load - - - name: PHPUnit - env: - APP_ENV: 'test' - DATABASE_URL: ${{ matrix.database_url }} - DATABASE_SERVER_VERSION: ${{ matrix.database_server_version }} - DATABASE_CHARSET: ${{ matrix.database_charset }} - MAILER_URL: 'smtp://127.0.0.11025' - run: bin/phpunit --exclude-group cache-clear,cache-clear-install,update-schema-doctrine,plugin-service - - name: PHPUnit - env: - APP_ENV: 'test' - DATABASE_URL: ${{ matrix.database_url }} - DATABASE_SERVER_VERSION: ${{ matrix.database_server_version }} - DATABASE_CHARSET: ${{ matrix.database_charset }} - MAILER_URL: 'smtp://127.0.0.11025' - run: | - bin/phpunit --group cache-clear - bin/phpunit --group cache-clear-install - bin/phpunit --group update-schema-doctrine --exclude-group update-schema-doctrine-install - bin/phpunit --group update-schema-doctrine-install --filter=testInstallPluginWithNoProxy - bin/phpunit --group update-schema-doctrine-install --filter=testInstallPluginWithProxy - bin/phpunit --group update-schema-doctrine-install --filter=testEnablePluginWithNoProxy - bin/phpunit --group update-schema-doctrine-install --filter=testEnablePluginWithProxy - bin/phpunit --group update-schema-doctrine-install --filter=testDisablePluginWithNoProxy - bin/phpunit --group update-schema-doctrine-install --filter=testDisablePluginWithProxy - bin/phpunit --group update-schema-doctrine-install --filter=testCreateEntityAndTrait - ## XXX MySQL で Syntax error or access violation: 1305 SAVEPOINT DOCTRINE2_SAVEPOINT_3 does not exist が - ## 発生するため \DAMA\DoctrineTestBundle\PHPUnit\PHPUnitListener を削除する - ## see https://github.com/dmaicher/doctrine-test-bundle/issues/58#issuecomment-391081408 - - run: sed -e '/DoctrineTestBundle/d' phpunit.xml.dist > phpunit.xml - if: ${{ matrix.db == 'mysql' }} - - name: PHPUnit - env: - APP_ENV: 'test' - DATABASE_URL: ${{ matrix.database_url }} - DATABASE_SERVER_VERSION: ${{ matrix.database_server_version }} - DATABASE_CHARSET: ${{ matrix.database_charset }} - MAILER_URL: 'smtp://127.0.0.11025' - run: | - rm -r app/Plugin/* - git checkout app/Plugin - rm -r var/cache - bin/phpunit --group plugin-service diff --git a/.github/workflows/vaddy-1.yml b/.github/workflows/vaddy-1.yml deleted file mode 100644 index ea146bd4dfe..00000000000 --- a/.github/workflows/vaddy-1.yml +++ /dev/null @@ -1,507 +0,0 @@ -name: VAddy -on: - schedule: - - cron: '0 15 * * 0' - -jobs: - vaddy: - name: VAddy - runs-on: ubuntu-18.04 - strategy: - matrix: - include: - - vaddy_project: 'ADMIN01' - command1: 'EA03ProductCest' - command2: 'EA05CustomerCest' - command3: 'EA08SysteminfoCest' - command4: 'EA09ShippingCest' - - vaddy_project: 'ADMIN02' - command1: 'EA04OrderCest' - - vaddy_project: 'FRONT' - command1: '-x admin -x plugin' - services: - postgres: - image: postgres:14 - env: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: password - ports: - - 5432:5432 - # needed because the postgres container does not provide a healthcheck - options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 - mailcatcher: - image: schickling/mailcatcher - ports: - - 1080:1080 - - 1025:1025 - steps: - - name: Checkout - uses: actions/checkout@master - - - name: Setup PHP - uses: nanasess/setup-php@master - with: - php-version: '7.4' - - - name: setup-chromedriver - uses: nanasess/setup-chromedriver@master - - - name: "VAddy: install" - working-directory: /tmp - run: | - wget -q https://github.com/vaddy/go-vaddy/archive/master.zip - unzip master.zip - echo 'export VADDY_AUTH_KEY="${{ secrets.VADDY_AUTH_KEY }}" - export VADDY_FQDN="${{ secrets[format('{0}{1}', 'VADDY_FQDN_', matrix.vaddy_project)] }}" - export VADDY_VERIFICATION_CODE="${{ secrets[format('{0}{1}', 'VADDY_VERIFICATION_CODE_', matrix.vaddy_project)] }}" - export VADDY_USER="${{ secrets.VADDY_USER }}" - export VADDY_YOUR_LOCAL_IP="127.0.0.1" - export VADDY_YOUR_LOCAL_PORT="8080" - export VADDY_HTTPS_PROXY=""' > go-vaddy-master/privatenet/conf/vaddy.conf - mkdir -p ${HOME}/.ssh - echo 'Host *.vaddy.net - StrictHostKeyChecking no' >> ${HOME}/.ssh/config - - - name: Get Composer Cache Directory - id: composer-cache - run: | - echo "::set-output name=dir::$(composer config cache-files-dir)" - - uses: actions/cache@v1 - with: - path: ${{ steps.composer-cache.outputs.dir }} - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} - restore-keys: | - ${{ runner.os }}-composer- - - - name: "EC-CUBE: setup" - env: - DATABASE_URL: postgres://postgres:password@127.0.0.1:5432/eccube_db - DATABASE_SERVER_VERSION: 14 - run: | - composer install --no-scripts --no-dev --no-interaction --optimize-autoloader - php bin/template_jp.php - rm -rf app/Plugin/* - echo 'getEntityManager()->detach($event->getEntity()); - } - }' > CancelDeletionEventSubscriber.php - sed -i.bak -e 's_$fs->remove_// $fs->remove_' src/Eccube/Controller/Admin/Content/PageController.php - rm -f app/config/eccube/packages/dev/web_profiler.yaml - bin/console doctrine:database:create --env=dev - bin/console doctrine:schema:create --env=dev - bin/console eccube:fixtures:load --env=dev - chmod -R 777 html - - - name: Install Plugins - env: - APP_ENV: 'prod' - DATABASE_URL: postgres://postgres:password@127.0.0.1:5432/eccube_db - DATABASE_SERVER_VERSION: 14 - run: | - bin/console eccube:composer:require "ec-cube/recommend4" - bin/console eccube:composer:require "ec-cube/coupon4" - bin/console eccube:composer:require "ec-cube/mailmagazine4" - bin/console eccube:composer:require "ec-cube/salesreport4" - bin/console eccube:composer:require "ec-cube/relatedproduct4" - bin/console eccube:composer:require "ec-cube/securitychecker4" - bin/console eccube:composer:require "ec-cube/productreview4" - bin/console eccube:composer:require "ec-cube/api" - bin/console eccube:composer:require "ec-cube/sitekit" - bin/console eccube:composer:require "ec-cube/gmc" - - - name: Pre Install Plugins - env: - DATABASE_URL: postgres://postgres:password@127.0.0.1:5432/eccube_db - DATABASE_SERVER_VERSION: 14 - PGPASSWORD: 'password' - run: | - psql eccube_db -h 127.0.0.1 -U postgres -c "select id,name,code,0 as enabled,version,source,0 as initialized,'2021-08-13 00:00:00' as create_date,'2021-08-13 00:00:00' as update_date,discriminator_type from dtb_plugin;" -A -F, --pset footer > src/Eccube/Resource/doctrine/import_csv/ja/dtb_plugin.csv - for code in Api Coupon4 GMC MailMagazine4 ProductReview4 Recommend4 RelatedProduct4 SalesReport4 Securitychecker4 SiteKit; do bin/console eccube:plugin:enable --code $code; done - - - name: "EC-CUBE: package" - working-directory: ../ - run: ${{ github.event.repository.name }}/package.sh - - - name: "EC-CUBE: build" - run: docker build -t ec-cube --build-arg SKIP_INSTALL_SCRIPT_ON_DOCKER_BUILD=true . - - name: "Codeception: prepare" - run: | - echo "APP_ENV=codeception" > .env - export DISPLAY=:99 - chromedriver --url-base=/wd/hub & - echo ">>> Started chrome-driver" - sudo Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 & - echo ">>> Started xvfb" - composer install --no-scripts --no-interaction --optimize-autoloader - sudo echo "127.0.0.1 ${{ secrets[format('{0}{1}', 'VADDY_FQDN_', matrix.vaddy_project)] }}" | sudo tee -a /etc/hosts - echo "modules: - config: - WebDriver: - host: '127.0.0.1' - port: 9515 - url: "http://${{ secrets[format('{0}{1}', 'VADDY_FQDN_', matrix.vaddy_project)] }}:8080" - browser: chrome - capabilities: - chromeOptions: - args: ["--headless", "--disable-gpu"] - prefs: - download.default_directory: '%PWD%/codeception/_support/_downloads' - MailCatcher: - url: 'mail' - port: 1080" > codeception/_envs/local.yml - - - name: "Scan 1" - run: echo 'Scan 1' - - - name: "EC-CUBE: run" - run: | - docker run \ - -e APP_ENV=dev \ - -e APP_DEBUG=1 \ - -e DATABASE_URL="postgres://postgres:password@172.17.0.1:5432/eccube_db" \ - -e DATABASE_SERVER_VERSION=14 \ - -e MAILER_URL="smtp://172.17.0.1:1025" \ - -v ${PWD}/html:/tmp/html \ - --rm -d -p 8080:80 --name eccube ec-cube - docker cp ../eccube.tar.gz eccube:/tmp/ - docker exec -w /tmp eccube bash -c "rm -rf /var/www/html; tar xf /tmp/eccube.tar.gz -C /var/www; mv /var/www/ec-cube /var/www/html; chown -R www-data: /var/www/html" - docker exec eccube bash -c "rm -rf /var/www/html/html; ln -s /tmp/html /var/www/html/html;" - docker exec -u www-data eccube bin/console eccube:install -n - docker exec -u www-data -e VADDY_VERIFICATION_CODE=${{ secrets[format('{0}{1}', 'VADDY_VERIFICATION_CODE_', matrix.vaddy_project)] }} eccube bash -c 'echo ${VADDY_VERIFICATION_CODE} > vaddy-${VADDY_VERIFICATION_CODE}.html' - docker exec -u www-data eccube bash -c 'for code in Api Coupon4 GMC MailMagazine4 ProductReview4 Recommend4 RelatedProduct4 SalesReport4 Securitychecker4 SiteKit; do bin/console eccube:plugin:enable --code $code; done' - - - name: "VAddy: connect" - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh connect - - - name: "VAddy: crawl" - env: - APP_ENV: "codeception" - DATABASE_URL: "postgres://postgres:password@127.0.0.1:5432/eccube_db" - DATABASE_SERVER_VERSION: "14" - MAILER_URL: "smtp://127.0.0.1:1025" - BASE_URL: "http://${{ secrets[format('{0}{1}', 'VADDY_FQDN_', matrix.vaddy_project)] }}:8080" - VADDY_PROXY: "${{ secrets.VADDY_PROXY }}" - VADDY_PROXY_PORT: "${{ secrets.VADDY_PROXY_PORT }}" - VADDY_VERIFICATION_CODE: "${{ secrets[format('{0}{1}', 'VADDY_VERIFICATION_CODE_', matrix.vaddy_project)] }}" - VADDY_CRAWL: "${{ matrix.command1 }}" - run: | - vendor/bin/codecept -vvv run acceptance --env chrome,local,vaddy VaddyCest:begin - vendor/bin/codecept -vvv run -g vaddy acceptance --env chrome,local,vaddy --html report.html ${{ matrix.command1 }} || true - vendor/bin/codecept -vvv run acceptance --env chrome,local,vaddy VaddyCest:commit - - - name: Upload report - uses: actions/upload-artifact@v2 - with: - name: crawl-reports - path: codeception/_output/**/* - - - name: "VAddy: disconnect" - if: ${{ always() }} - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh disconnect - - - name: "VAddy: scan" - continue-on-error: true - env: - VADDY_CRAWL: "${{ matrix.command1 }}" - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh scan - - - name: "EC-CUBE: stop" - if: ${{ always() }} - continue-on-error: true - run: docker rm -f -v eccube - - - name: "Scan 2" - if: ${{ matrix.command2 != '' }} - run: echo 'Scan 2' - - - name: "EC-CUBE: run" - if: ${{ matrix.command2 != '' }} - run: | - docker run \ - -e APP_ENV=dev \ - -e APP_DEBUG=1 \ - -e DATABASE_URL="postgres://postgres:password@172.17.0.1:5432/eccube_db" \ - -e DATABASE_SERVER_VERSION=14 \ - -e MAILER_URL="smtp://172.17.0.1:1025" \ - -v ${PWD}/html:/tmp/html \ - --rm -d -p 8080:80 --name eccube ec-cube - docker cp ../eccube.tar.gz eccube:/tmp/ - docker exec -w /tmp eccube bash -c "rm -rf /var/www/html; tar xf /tmp/eccube.tar.gz -C /var/www; mv /var/www/ec-cube /var/www/html; chown -R www-data: /var/www/html" - docker exec eccube bash -c "rm -rf /var/www/html/html; ln -s /tmp/html /var/www/html/html;" - docker exec -u www-data eccube bin/console eccube:install -n - docker exec -u www-data -e VADDY_VERIFICATION_CODE=${{ secrets[format('{0}{1}', 'VADDY_VERIFICATION_CODE_', matrix.vaddy_project)] }} eccube bash -c 'echo ${VADDY_VERIFICATION_CODE} > vaddy-${VADDY_VERIFICATION_CODE}.html' - docker exec -u www-data eccube bash -c 'for code in Api Coupon4 GMC MailMagazine4 ProductReview4 Recommend4 RelatedProduct4 SalesReport4 Securitychecker4 SiteKit; do bin/console eccube:plugin:enable --code $code; done' - - - name: "VAddy: connect" - if: ${{ matrix.command2 != '' }} - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh connect - - - name: "VAddy: crawl" - if: ${{ matrix.command2 != '' && success() }} - env: - APP_ENV: "codeception" - DATABASE_URL: "postgres://postgres:password@127.0.0.1:5432/eccube_db" - DATABASE_SERVER_VERSION: "14" - MAILER_URL: "smtp://127.0.0.1:1025" - BASE_URL: "http://${{ secrets[format('{0}{1}', 'VADDY_FQDN_', matrix.vaddy_project)] }}:8080" - VADDY_PROXY: "${{ secrets.VADDY_PROXY }}" - VADDY_PROXY_PORT: "${{ secrets.VADDY_PROXY_PORT }}" - VADDY_VERIFICATION_CODE: "${{ secrets[format('{0}{1}', 'VADDY_VERIFICATION_CODE_', matrix.vaddy_project)] }}" - VADDY_CRAWL: "${{ matrix.command2 }}" - run: | - vendor/bin/codecept -vvv run acceptance --env chrome,local,vaddy VaddyCest:begin - vendor/bin/codecept -vvv run -g vaddy acceptance --env chrome,local,vaddy --html report.html ${{ matrix.command2 }} || true - vendor/bin/codecept -vvv run acceptance --env chrome,local,vaddy VaddyCest:commit - - - name: Upload report - if: ${{ matrix.command2 != '' && success() }} - uses: actions/upload-artifact@v2 - with: - name: crawl-reports - path: codeception/_output/**/* - - - name: "VAddy: disconnect" - if: ${{ matrix.command2 }} - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh disconnect - - - name: "VAddy: scan" - if: ${{ matrix.command2 != '' && success() }} - continue-on-error: true - env: - VADDY_CRAWL: "${{ matrix.command2 }}" - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh scan - - - name: "EC-CUBE: stop" - if: ${{ matrix.command2 }} - continue-on-error: true - run: docker rm -f -v eccube - - - name: "Scan 3" - if: ${{ matrix.command3 != '' }} - run: echo 'Scan 3' - - - name: "EC-CUBE: run" - if: ${{ matrix.command3 != '' }} - run: | - docker run \ - -e APP_ENV=dev \ - -e APP_DEBUG=1 \ - -e DATABASE_URL="postgres://postgres:password@172.17.0.1:5432/eccube_db" \ - -e DATABASE_SERVER_VERSION=14 \ - -e MAILER_URL="smtp://172.17.0.1:1025" \ - -v ${PWD}/html:/tmp/html \ - --rm -d -p 8080:80 --name eccube ec-cube - docker cp ../eccube.tar.gz eccube:/tmp/ - docker exec -w /tmp eccube bash -c "rm -rf /var/www/html; tar xf /tmp/eccube.tar.gz -C /var/www; mv /var/www/ec-cube /var/www/html; chown -R www-data: /var/www/html" - docker exec eccube bash -c "rm -rf /var/www/html/html; ln -s /tmp/html /var/www/html/html;" - docker exec -u www-data eccube bin/console eccube:install -n - docker exec -u www-data -e VADDY_VERIFICATION_CODE=${{ secrets[format('{0}{1}', 'VADDY_VERIFICATION_CODE_', matrix.vaddy_project)] }} eccube bash -c 'echo ${VADDY_VERIFICATION_CODE} > vaddy-${VADDY_VERIFICATION_CODE}.html' - docker exec -u www-data eccube bash -c 'for code in Api Coupon4 GMC MailMagazine4 ProductReview4 Recommend4 RelatedProduct4 SalesReport4 Securitychecker4 SiteKit; do bin/console eccube:plugin:enable --code $code; done' - - - name: "VAddy: connect" - if: ${{ matrix.command3 != '' }} - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh connect - - - name: "VAddy: crawl" - if: ${{ matrix.command3 != '' && success() }} - env: - APP_ENV: "codeception" - DATABASE_URL: "postgres://postgres:password@127.0.0.1:5432/eccube_db" - DATABASE_SERVER_VERSION: "14" - MAILER_URL: "smtp://127.0.0.1:1025" - BASE_URL: "http://${{ secrets[format('{0}{1}', 'VADDY_FQDN_', matrix.vaddy_project)] }}:8080" - VADDY_PROXY: "${{ secrets.VADDY_PROXY }}" - VADDY_PROXY_PORT: "${{ secrets.VADDY_PROXY_PORT }}" - VADDY_VERIFICATION_CODE: "${{ secrets[format('{0}{1}', 'VADDY_VERIFICATION_CODE_', matrix.vaddy_project)] }}" - VADDY_CRAWL: "${{ matrix.command3 }}" - run: | - vendor/bin/codecept -vvv run acceptance --env chrome,local,vaddy VaddyCest:begin - vendor/bin/codecept -vvv run -g vaddy acceptance --env chrome,local,vaddy --html report.html ${{ matrix.command3 }} || true - vendor/bin/codecept -vvv run acceptance --env chrome,local,vaddy VaddyCest:commit - - - name: Upload report - if: ${{ matrix.command3 != '' && success() }} - uses: actions/upload-artifact@v2 - with: - name: crawl-reports - path: codeception/_output/**/* - - - name: "VAddy: disconnect" - if: ${{ matrix.command3 }} - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh disconnect - - - name: "VAddy: scan" - if: ${{ matrix.command3 != '' && success() }} - continue-on-error: true - env: - VADDY_CRAWL: "${{ matrix.command3 }}" - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh scan - - - name: "EC-CUBE: stop" - if: ${{ matrix.command3 }} - continue-on-error: true - run: docker rm -f -v eccube - - - name: "Scan 4" - if: ${{ matrix.command4 != '' }} - run: echo 'Scan 4' - - - name: "EC-CUBE: run" - if: ${{ matrix.command4 != '' }} - run: | - docker run \ - -e APP_ENV=dev \ - -e APP_DEBUG=1 \ - -e DATABASE_URL="postgres://postgres:password@172.17.0.1:5432/eccube_db" \ - -e DATABASE_SERVER_VERSION=14 \ - -e MAILER_URL="smtp://172.17.0.1:1025" \ - -v ${PWD}/html:/tmp/html \ - --rm -d -p 8080:80 --name eccube ec-cube - docker cp ../eccube.tar.gz eccube:/tmp/ - docker exec -w /tmp eccube bash -c "rm -rf /var/www/html; tar xf /tmp/eccube.tar.gz -C /var/www; mv /var/www/ec-cube /var/www/html; chown -R www-data: /var/www/html" - docker exec eccube bash -c "rm -rf /var/www/html/html; ln -s /tmp/html /var/www/html/html;" - docker exec -u www-data eccube bin/console eccube:install -n - docker exec -u www-data -e VADDY_VERIFICATION_CODE=${{ secrets[format('{0}{1}', 'VADDY_VERIFICATION_CODE_', matrix.vaddy_project)] }} eccube bash -c 'echo ${VADDY_VERIFICATION_CODE} > vaddy-${VADDY_VERIFICATION_CODE}.html' - docker exec -u www-data eccube bash -c 'for code in Api Coupon4 GMC MailMagazine4 ProductReview4 Recommend4 RelatedProduct4 SalesReport4 Securitychecker4 SiteKit; do bin/console eccube:plugin:enable --code $code; done' - - - name: "VAddy: connect" - if: ${{ matrix.command4 != '' }} - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh connect - - - name: "VAddy: crawl" - if: ${{ matrix.command4 != '' && success() }} - env: - APP_ENV: "codeception" - DATABASE_URL: "postgres://postgres:password@127.0.0.1:5432/eccube_db" - DATABASE_SERVER_VERSION: "14" - MAILER_URL: "smtp://127.0.0.1:1025" - BASE_URL: "http://${{ secrets[format('{0}{1}', 'VADDY_FQDN_', matrix.vaddy_project)] }}:8080" - VADDY_PROXY: "${{ secrets.VADDY_PROXY }}" - VADDY_PROXY_PORT: "${{ secrets.VADDY_PROXY_PORT }}" - VADDY_VERIFICATION_CODE: "${{ secrets[format('{0}{1}', 'VADDY_VERIFICATION_CODE_', matrix.vaddy_project)] }}" - VADDY_CRAWL: "${{ matrix.command4 }}" - run: | - vendor/bin/codecept -vvv run acceptance --env chrome,local,vaddy VaddyCest:begin - vendor/bin/codecept -vvv run -g vaddy acceptance --env chrome,local,vaddy --html report.html ${{ matrix.command4 }} || true - vendor/bin/codecept -vvv run acceptance --env chrome,local,vaddy VaddyCest:commit - - - name: Upload report - if: ${{ matrix.command4 != '' && success() }} - uses: actions/upload-artifact@v2 - with: - name: crawl-reports - path: codeception/_output/**/* - - - name: "VAddy: disconnect" - if: ${{ matrix.command4 }} - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh disconnect - - - name: "VAddy: scan" - if: ${{ matrix.command4 != '' && success() }} - continue-on-error: true - env: - VADDY_CRAWL: "${{ matrix.command4 }}" - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh scan - - - name: "EC-CUBE: stop" - if: ${{ matrix.command4 }} - continue-on-error: true - run: docker rm -f -v eccube - - - name: "Scan 5" - if: ${{ matrix.command5 != '' }} - run: echo 'Scan 5' - - - name: "EC-CUBE: run" - if: ${{ matrix.command5 != '' }} - run: | - docker run \ - -e APP_ENV=dev \ - -e APP_DEBUG=1 \ - -e DATABASE_URL="postgres://postgres:password@172.17.0.1:5432/eccube_db" \ - -e DATABASE_SERVER_VERSION=14 \ - -e MAILER_URL="smtp://172.17.0.1:1025" \ - -v ${PWD}/html:/tmp/html \ - --rm -d -p 8080:80 --name eccube ec-cube - docker cp ../eccube.tar.gz eccube:/tmp/ - docker exec -w /tmp eccube bash -c "rm -rf /var/www/html; tar xf /tmp/eccube.tar.gz -C /var/www; mv /var/www/ec-cube /var/www/html; chown -R www-data: /var/www/html" - docker exec eccube bash -c "rm -rf /var/www/html/html; ln -s /tmp/html /var/www/html/html;" - docker exec -u www-data eccube bin/console eccube:install -n - docker exec -u www-data -e VADDY_VERIFICATION_CODE=${{ secrets[format('{0}{1}', 'VADDY_VERIFICATION_CODE_', matrix.vaddy_project)] }} eccube bash -c 'echo ${VADDY_VERIFICATION_CODE} > vaddy-${VADDY_VERIFICATION_CODE}.html' - docker exec -u www-data eccube bash -c 'for code in Api Coupon4 GMC MailMagazine4 ProductReview4 Recommend4 RelatedProduct4 SalesReport4 Securitychecker4 SiteKit; do bin/console eccube:plugin:enable --code $code; done' - - - name: "VAddy: connect" - if: ${{ matrix.command5 != '' }} - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh connect - - - name: "VAddy: crawl" - if: ${{ matrix.command5 != '' && success() }} - env: - APP_ENV: "codeception" - DATABASE_URL: "postgres://postgres:password@127.0.0.1:5432/eccube_db" - DATABASE_SERVER_VERSION: "14" - MAILER_URL: "smtp://127.0.0.1:1025" - BASE_URL: "http://${{ secrets[format('{0}{1}', 'VADDY_FQDN_', matrix.vaddy_project)] }}:8080" - VADDY_PROXY: "${{ secrets.VADDY_PROXY }}" - VADDY_PROXY_PORT: "${{ secrets.VADDY_PROXY_PORT }}" - VADDY_VERIFICATION_CODE: "${{ secrets[format('{0}{1}', 'VADDY_VERIFICATION_CODE_', matrix.vaddy_project)] }}" - VADDY_CRAWL: "${{ matrix.command5 }}" - run: | - vendor/bin/codecept -vvv run acceptance --env chrome,local,vaddy VaddyCest:begin - vendor/bin/codecept -vvv run -g vaddy acceptance --env chrome,local,vaddy --html report.html ${{ matrix.command5 }} || true - vendor/bin/codecept -vvv run acceptance --env chrome,local,vaddy VaddyCest:commit - - - name: Upload report - if: ${{ matrix.command5 != '' && success() }} - uses: actions/upload-artifact@v2 - with: - name: crawl-reports - path: codeception/_output/**/* - - - name: "VAddy: disconnect" - if: ${{ matrix.command5 }} - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh disconnect - - - name: "VAddy: scan" - if: ${{ matrix.command5 != '' && success() }} - continue-on-error: true - env: - VADDY_CRAWL: "${{ matrix.command5 }}" - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh scan - - - name: "EC-CUBE: stop" - if: ${{ matrix.command5 }} - continue-on-error: true - run: docker rm -f -v eccube - -# - name: VAddy private net logs -# if: ${{ always() }} -# working-directory: /tmp/go-vaddy-master/privatenet -# run: cat vaddy/*.txt diff --git a/.github/workflows/vaddy-2.yml b/.github/workflows/vaddy-2.yml deleted file mode 100644 index c8fd1ce4518..00000000000 --- a/.github/workflows/vaddy-2.yml +++ /dev/null @@ -1,508 +0,0 @@ -name: VAddy -on: - schedule: - - cron: '0 21 * * 0' - -jobs: - vaddy: - name: VAddy - runs-on: ubuntu-18.04 - strategy: - matrix: - include: - - vaddy_project: 'ADMIN01' - command1: 'EA06ContentsManagementCest' - - vaddy_project: 'ADMIN02' - command1: ' -x delivery -x basicsetting -x taxrule -x mailsetting -x csvsetting -x orderstatus -x pluginauth EA07BasicinfoCest' - command2: '-x paymentmethod -x basicsetting -x taxrule -x mailsetting -x csvsetting -x orderstatus -x pluginauth EA07BasicinfoCest' - command3: '-x paymentmethod -x delivery -x mailsetting -x csvsetting -x orderstatus EA07BasicinfoCest' - command4: '-x paymentmethod -x delivery -x basicsetting -x taxrule -x orderstatus -x pluginauth EA07BasicinfoCest' - command5: '-x paymentmethod -x delivery -x basicsetting -x taxrule -x mailsetting -x csvsetting -x pluginauth EA07BasicinfoCest' - - vaddy_project: 'FRONT' - command1: '-x admin -x front' - services: - postgres: - image: postgres:14 - env: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: password - ports: - - 5432:5432 - # needed because the postgres container does not provide a healthcheck - options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 - mailcatcher: - image: schickling/mailcatcher - ports: - - 1080:1080 - - 1025:1025 - steps: - - name: Checkout - uses: actions/checkout@master - - - name: Setup PHP - uses: nanasess/setup-php@master - with: - php-version: '7.4' - - - name: setup-chromedriver - uses: nanasess/setup-chromedriver@master - - - name: "VAddy: install" - working-directory: /tmp - run: | - wget -q https://github.com/vaddy/go-vaddy/archive/master.zip - unzip master.zip - echo 'export VADDY_AUTH_KEY="${{ secrets.VADDY_AUTH_KEY }}" - export VADDY_FQDN="${{ secrets[format('{0}{1}', 'VADDY_FQDN_', matrix.vaddy_project)] }}" - export VADDY_VERIFICATION_CODE="${{ secrets[format('{0}{1}', 'VADDY_VERIFICATION_CODE_', matrix.vaddy_project)] }}" - export VADDY_USER="${{ secrets.VADDY_USER }}" - export VADDY_YOUR_LOCAL_IP="127.0.0.1" - export VADDY_YOUR_LOCAL_PORT="8080" - export VADDY_HTTPS_PROXY=""' > go-vaddy-master/privatenet/conf/vaddy.conf - mkdir -p ${HOME}/.ssh - echo 'Host *.vaddy.net - StrictHostKeyChecking no' >> ${HOME}/.ssh/config - - - name: Get Composer Cache Directory - id: composer-cache - run: | - echo "::set-output name=dir::$(composer config cache-files-dir)" - - uses: actions/cache@v1 - with: - path: ${{ steps.composer-cache.outputs.dir }} - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} - restore-keys: | - ${{ runner.os }}-composer- - - - name: "EC-CUBE: setup" - env: - DATABASE_URL: postgres://postgres:password@127.0.0.1:5432/eccube_db - DATABASE_SERVER_VERSION: 14 - run: | - composer install --no-scripts --no-dev --no-interaction --optimize-autoloader - php bin/template_jp.php - rm -rf app/Plugin/* - echo 'getEntityManager()->detach($event->getEntity()); - } - }' > CancelDeletionEventSubscriber.php - sed -i.bak -e 's_$fs->remove_// $fs->remove_' src/Eccube/Controller/Admin/Content/PageController.php - rm -f app/config/eccube/packages/dev/web_profiler.yaml - bin/console doctrine:database:create --env=dev - bin/console doctrine:schema:create --env=dev - bin/console eccube:fixtures:load --env=dev - chmod -R 777 html - - - name: Install Plugins - env: - APP_ENV: 'prod' - DATABASE_URL: postgres://postgres:password@127.0.0.1:5432/eccube_db - DATABASE_SERVER_VERSION: 14 - run: | - bin/console eccube:composer:require "ec-cube/recommend4" - bin/console eccube:composer:require "ec-cube/coupon4" - bin/console eccube:composer:require "ec-cube/mailmagazine4" - bin/console eccube:composer:require "ec-cube/salesreport4" - bin/console eccube:composer:require "ec-cube/relatedproduct4" - bin/console eccube:composer:require "ec-cube/securitychecker4" - bin/console eccube:composer:require "ec-cube/productreview4" - bin/console eccube:composer:require "ec-cube/api" - bin/console eccube:composer:require "ec-cube/sitekit" - bin/console eccube:composer:require "ec-cube/gmc" - - - name: Pre Install Plugins - env: - DATABASE_URL: postgres://postgres:password@127.0.0.1:5432/eccube_db - DATABASE_SERVER_VERSION: 14 - PGPASSWORD: 'password' - run: | - psql eccube_db -h 127.0.0.1 -U postgres -c "select id,name,code,0 as enabled,version,source,0 as initialized,'2021-08-13 00:00:00' as create_date,'2021-08-13 00:00:00' as update_date,discriminator_type from dtb_plugin;" -A -F, --pset footer > src/Eccube/Resource/doctrine/import_csv/ja/dtb_plugin.csv - for code in Api Coupon4 GMC MailMagazine4 ProductReview4 Recommend4 RelatedProduct4 SalesReport4 Securitychecker4 SiteKit; do bin/console eccube:plugin:enable --code $code; done - - - name: "EC-CUBE: package" - working-directory: ../ - run: ${{ github.event.repository.name }}/package.sh - - - name: "EC-CUBE: build" - run: docker build -t ec-cube --build-arg SKIP_INSTALL_SCRIPT_ON_DOCKER_BUILD=true . - - name: "Codeception: prepare" - run: | - echo "APP_ENV=codeception" > .env - export DISPLAY=:99 - chromedriver --url-base=/wd/hub & - echo ">>> Started chrome-driver" - sudo Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 & - echo ">>> Started xvfb" - composer install --no-scripts --no-interaction --optimize-autoloader - sudo echo "127.0.0.1 ${{ secrets[format('{0}{1}', 'VADDY_FQDN_', matrix.vaddy_project)] }}" | sudo tee -a /etc/hosts - echo "modules: - config: - WebDriver: - host: '127.0.0.1' - port: 9515 - url: "http://${{ secrets[format('{0}{1}', 'VADDY_FQDN_', matrix.vaddy_project)] }}:8080" - browser: chrome - capabilities: - chromeOptions: - args: ["--headless", "--disable-gpu"] - prefs: - download.default_directory: '%PWD%/codeception/_support/_downloads' - MailCatcher: - url: 'mail' - port: 1080" > codeception/_envs/local.yml - - - name: "Scan 1" - run: echo 'Scan 1' - - - name: "EC-CUBE: run" - run: | - docker run \ - -e APP_ENV=dev \ - -e APP_DEBUG=1 \ - -e DATABASE_URL="postgres://postgres:password@172.17.0.1:5432/eccube_db" \ - -e DATABASE_SERVER_VERSION=14 \ - -e MAILER_URL="smtp://172.17.0.1:1025" \ - -v ${PWD}/html:/tmp/html \ - --rm -d -p 8080:80 --name eccube ec-cube - docker cp ../eccube.tar.gz eccube:/tmp/ - docker exec -w /tmp eccube bash -c "rm -rf /var/www/html; tar xf /tmp/eccube.tar.gz -C /var/www; mv /var/www/ec-cube /var/www/html; chown -R www-data: /var/www/html" - docker exec eccube bash -c "rm -rf /var/www/html/html; ln -s /tmp/html /var/www/html/html;" - docker exec -u www-data eccube bin/console eccube:install -n - docker exec -u www-data -e VADDY_VERIFICATION_CODE=${{ secrets[format('{0}{1}', 'VADDY_VERIFICATION_CODE_', matrix.vaddy_project)] }} eccube bash -c 'echo ${VADDY_VERIFICATION_CODE} > vaddy-${VADDY_VERIFICATION_CODE}.html' - docker exec -u www-data eccube bash -c 'for code in Api Coupon4 GMC MailMagazine4 ProductReview4 Recommend4 RelatedProduct4 SalesReport4 Securitychecker4 SiteKit; do bin/console eccube:plugin:enable --code $code; done' - - - name: "VAddy: connect" - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh connect - - - name: "VAddy: crawl" - env: - APP_ENV: "codeception" - DATABASE_URL: "postgres://postgres:password@127.0.0.1:5432/eccube_db" - DATABASE_SERVER_VERSION: "14" - MAILER_URL: "smtp://127.0.0.1:1025" - BASE_URL: "http://${{ secrets[format('{0}{1}', 'VADDY_FQDN_', matrix.vaddy_project)] }}:8080" - VADDY_PROXY: "${{ secrets.VADDY_PROXY }}" - VADDY_PROXY_PORT: "${{ secrets.VADDY_PROXY_PORT }}" - VADDY_VERIFICATION_CODE: "${{ secrets[format('{0}{1}', 'VADDY_VERIFICATION_CODE_', matrix.vaddy_project)] }}" - VADDY_CRAWL: "${{ matrix.command1 }}" - run: | - vendor/bin/codecept -vvv run acceptance --env chrome,local,vaddy VaddyCest:begin - vendor/bin/codecept -vvv run -g vaddy acceptance --env chrome,local,vaddy --html report.html ${{ matrix.command1 }} || true - vendor/bin/codecept -vvv run acceptance --env chrome,local,vaddy VaddyCest:commit - - - name: Upload report - uses: actions/upload-artifact@v2 - with: - name: crawl-reports - path: codeception/_output/**/* - - - name: "VAddy: disconnect" - if: ${{ always() }} - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh disconnect - - - name: "VAddy: scan" - continue-on-error: true - env: - VADDY_CRAWL: "${{ matrix.command1 }}" - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh scan - - - name: "EC-CUBE: stop" - if: ${{ always() }} - continue-on-error: true - run: docker rm -f -v eccube - - - name: "Scan 2" - if: ${{ matrix.command2 != '' }} - run: echo 'Scan 2' - - - name: "EC-CUBE: run" - if: ${{ matrix.command2 != '' }} - run: | - docker run \ - -e APP_ENV=dev \ - -e APP_DEBUG=1 \ - -e DATABASE_URL="postgres://postgres:password@172.17.0.1:5432/eccube_db" \ - -e DATABASE_SERVER_VERSION=14 \ - -e MAILER_URL="smtp://172.17.0.1:1025" \ - -v ${PWD}/html:/tmp/html \ - --rm -d -p 8080:80 --name eccube ec-cube - docker cp ../eccube.tar.gz eccube:/tmp/ - docker exec -w /tmp eccube bash -c "rm -rf /var/www/html; tar xf /tmp/eccube.tar.gz -C /var/www; mv /var/www/ec-cube /var/www/html; chown -R www-data: /var/www/html" - docker exec eccube bash -c "rm -rf /var/www/html/html; ln -s /tmp/html /var/www/html/html;" - docker exec -u www-data eccube bin/console eccube:install -n - docker exec -u www-data -e VADDY_VERIFICATION_CODE=${{ secrets[format('{0}{1}', 'VADDY_VERIFICATION_CODE_', matrix.vaddy_project)] }} eccube bash -c 'echo ${VADDY_VERIFICATION_CODE} > vaddy-${VADDY_VERIFICATION_CODE}.html' - docker exec -u www-data eccube bash -c 'for code in Api Coupon4 GMC MailMagazine4 ProductReview4 Recommend4 RelatedProduct4 SalesReport4 Securitychecker4 SiteKit; do bin/console eccube:plugin:enable --code $code; done' - - - name: "VAddy: connect" - if: ${{ matrix.command2 != '' }} - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh connect - - - name: "VAddy: crawl" - if: ${{ matrix.command2 != '' && success() }} - env: - APP_ENV: "codeception" - DATABASE_URL: "postgres://postgres:password@127.0.0.1:5432/eccube_db" - DATABASE_SERVER_VERSION: "14" - MAILER_URL: "smtp://127.0.0.1:1025" - BASE_URL: "http://${{ secrets[format('{0}{1}', 'VADDY_FQDN_', matrix.vaddy_project)] }}:8080" - VADDY_PROXY: "${{ secrets.VADDY_PROXY }}" - VADDY_PROXY_PORT: "${{ secrets.VADDY_PROXY_PORT }}" - VADDY_VERIFICATION_CODE: "${{ secrets[format('{0}{1}', 'VADDY_VERIFICATION_CODE_', matrix.vaddy_project)] }}" - VADDY_CRAWL: "${{ matrix.command2 }}" - run: | - vendor/bin/codecept -vvv run acceptance --env chrome,local,vaddy VaddyCest:begin - vendor/bin/codecept -vvv run -g vaddy acceptance --env chrome,local,vaddy --html report.html ${{ matrix.command2 }} || true - vendor/bin/codecept -vvv run acceptance --env chrome,local,vaddy VaddyCest:commit - - - name: Upload report - if: ${{ matrix.command2 != '' && success() }} - uses: actions/upload-artifact@v2 - with: - name: crawl-reports - path: codeception/_output/**/* - - - name: "VAddy: disconnect" - if: ${{ matrix.command2 }} - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh disconnect - - - name: "VAddy: scan" - if: ${{ matrix.command2 != '' && success() }} - continue-on-error: true - env: - VADDY_CRAWL: "${{ matrix.command2 }}" - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh scan - - - name: "EC-CUBE: stop" - if: ${{ matrix.command2 }} - continue-on-error: true - run: docker rm -f -v eccube - - - name: "Scan 3" - if: ${{ matrix.command3 != '' }} - run: echo 'Scan 3' - - - name: "EC-CUBE: run" - if: ${{ matrix.command3 != '' }} - run: | - docker run \ - -e APP_ENV=dev \ - -e APP_DEBUG=1 \ - -e DATABASE_URL="postgres://postgres:password@172.17.0.1:5432/eccube_db" \ - -e DATABASE_SERVER_VERSION=14 \ - -e MAILER_URL="smtp://172.17.0.1:1025" \ - -v ${PWD}/html:/tmp/html \ - --rm -d -p 8080:80 --name eccube ec-cube - docker cp ../eccube.tar.gz eccube:/tmp/ - docker exec -w /tmp eccube bash -c "rm -rf /var/www/html; tar xf /tmp/eccube.tar.gz -C /var/www; mv /var/www/ec-cube /var/www/html; chown -R www-data: /var/www/html" - docker exec eccube bash -c "rm -rf /var/www/html/html; ln -s /tmp/html /var/www/html/html;" - docker exec -u www-data eccube bin/console eccube:install -n - docker exec -u www-data -e VADDY_VERIFICATION_CODE=${{ secrets[format('{0}{1}', 'VADDY_VERIFICATION_CODE_', matrix.vaddy_project)] }} eccube bash -c 'echo ${VADDY_VERIFICATION_CODE} > vaddy-${VADDY_VERIFICATION_CODE}.html' - docker exec -u www-data eccube bash -c 'for code in Api Coupon4 GMC MailMagazine4 ProductReview4 Recommend4 RelatedProduct4 SalesReport4 Securitychecker4 SiteKit; do bin/console eccube:plugin:enable --code $code; done' - - - name: "VAddy: connect" - if: ${{ matrix.command3 != '' }} - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh connect - - - name: "VAddy: crawl" - if: ${{ matrix.command3 != '' && success() }} - env: - APP_ENV: "codeception" - DATABASE_URL: "postgres://postgres:password@127.0.0.1:5432/eccube_db" - DATABASE_SERVER_VERSION: "14" - MAILER_URL: "smtp://127.0.0.1:1025" - BASE_URL: "http://${{ secrets[format('{0}{1}', 'VADDY_FQDN_', matrix.vaddy_project)] }}:8080" - VADDY_PROXY: "${{ secrets.VADDY_PROXY }}" - VADDY_PROXY_PORT: "${{ secrets.VADDY_PROXY_PORT }}" - VADDY_VERIFICATION_CODE: "${{ secrets[format('{0}{1}', 'VADDY_VERIFICATION_CODE_', matrix.vaddy_project)] }}" - VADDY_CRAWL: "${{ matrix.command3 }}" - run: | - vendor/bin/codecept -vvv run acceptance --env chrome,local,vaddy VaddyCest:begin - vendor/bin/codecept -vvv run -g vaddy acceptance --env chrome,local,vaddy --html report.html ${{ matrix.command3 }} || true - vendor/bin/codecept -vvv run acceptance --env chrome,local,vaddy VaddyCest:commit - - - name: Upload report - if: ${{ matrix.command3 != '' && success() }} - uses: actions/upload-artifact@v2 - with: - name: crawl-reports - path: codeception/_output/**/* - - - name: "VAddy: disconnect" - if: ${{ matrix.command3 }} - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh disconnect - - - name: "VAddy: scan" - if: ${{ matrix.command3 != '' && success() }} - continue-on-error: true - env: - VADDY_CRAWL: "${{ matrix.command3 }}" - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh scan - - - name: "EC-CUBE: stop" - if: ${{ matrix.command3 }} - continue-on-error: true - run: docker rm -f -v eccube - - - name: "Scan 4" - if: ${{ matrix.command4 != '' }} - run: echo 'Scan 4' - - - name: "EC-CUBE: run" - if: ${{ matrix.command4 != '' }} - run: | - docker run \ - -e APP_ENV=dev \ - -e APP_DEBUG=1 \ - -e DATABASE_URL="postgres://postgres:password@172.17.0.1:5432/eccube_db" \ - -e DATABASE_SERVER_VERSION=14 \ - -e MAILER_URL="smtp://172.17.0.1:1025" \ - -v ${PWD}/html:/tmp/html \ - --rm -d -p 8080:80 --name eccube ec-cube - docker cp ../eccube.tar.gz eccube:/tmp/ - docker exec -w /tmp eccube bash -c "rm -rf /var/www/html; tar xf /tmp/eccube.tar.gz -C /var/www; mv /var/www/ec-cube /var/www/html; chown -R www-data: /var/www/html" - docker exec eccube bash -c "rm -rf /var/www/html/html; ln -s /tmp/html /var/www/html/html;" - docker exec -u www-data eccube bin/console eccube:install -n - docker exec -u www-data -e VADDY_VERIFICATION_CODE=${{ secrets[format('{0}{1}', 'VADDY_VERIFICATION_CODE_', matrix.vaddy_project)] }} eccube bash -c 'echo ${VADDY_VERIFICATION_CODE} > vaddy-${VADDY_VERIFICATION_CODE}.html' - docker exec -u www-data eccube bash -c 'for code in Api Coupon4 GMC MailMagazine4 ProductReview4 Recommend4 RelatedProduct4 SalesReport4 Securitychecker4 SiteKit; do bin/console eccube:plugin:enable --code $code; done' - - - name: "VAddy: connect" - if: ${{ matrix.command4 != '' }} - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh connect - - - name: "VAddy: crawl" - if: ${{ matrix.command4 != '' && success() }} - env: - APP_ENV: "codeception" - DATABASE_URL: "postgres://postgres:password@127.0.0.1:5432/eccube_db" - DATABASE_SERVER_VERSION: "14" - MAILER_URL: "smtp://127.0.0.1:1025" - BASE_URL: "http://${{ secrets[format('{0}{1}', 'VADDY_FQDN_', matrix.vaddy_project)] }}:8080" - VADDY_PROXY: "${{ secrets.VADDY_PROXY }}" - VADDY_PROXY_PORT: "${{ secrets.VADDY_PROXY_PORT }}" - VADDY_VERIFICATION_CODE: "${{ secrets[format('{0}{1}', 'VADDY_VERIFICATION_CODE_', matrix.vaddy_project)] }}" - VADDY_CRAWL: "${{ matrix.command4 }}" - run: | - vendor/bin/codecept -vvv run acceptance --env chrome,local,vaddy VaddyCest:begin - vendor/bin/codecept -vvv run -g vaddy acceptance --env chrome,local,vaddy --html report.html ${{ matrix.command4 }} || true - vendor/bin/codecept -vvv run acceptance --env chrome,local,vaddy VaddyCest:commit - - - name: Upload report - if: ${{ matrix.command4 != '' && success() }} - uses: actions/upload-artifact@v2 - with: - name: crawl-reports - path: codeception/_output/**/* - - - name: "VAddy: disconnect" - if: ${{ matrix.command4 }} - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh disconnect - - - name: "VAddy: scan" - if: ${{ matrix.command4 != '' && success() }} - continue-on-error: true - env: - VADDY_CRAWL: "${{ matrix.command4 }}" - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh scan - - - name: "EC-CUBE: stop" - if: ${{ matrix.command4 }} - continue-on-error: true - run: docker rm -f -v eccube - - - name: "Scan 5" - if: ${{ matrix.command5 != '' }} - run: echo 'Scan 5' - - - name: "EC-CUBE: run" - if: ${{ matrix.command5 != '' }} - run: | - docker run \ - -e APP_ENV=dev \ - -e APP_DEBUG=1 \ - -e DATABASE_URL="postgres://postgres:password@172.17.0.1:5432/eccube_db" \ - -e DATABASE_SERVER_VERSION=14 \ - -e MAILER_URL="smtp://172.17.0.1:1025" \ - -v ${PWD}/html:/tmp/html \ - --rm -d -p 8080:80 --name eccube ec-cube - docker cp ../eccube.tar.gz eccube:/tmp/ - docker exec -w /tmp eccube bash -c "rm -rf /var/www/html; tar xf /tmp/eccube.tar.gz -C /var/www; mv /var/www/ec-cube /var/www/html; chown -R www-data: /var/www/html" - docker exec eccube bash -c "rm -rf /var/www/html/html; ln -s /tmp/html /var/www/html/html;" - docker exec -u www-data eccube bin/console eccube:install -n - docker exec -u www-data -e VADDY_VERIFICATION_CODE=${{ secrets[format('{0}{1}', 'VADDY_VERIFICATION_CODE_', matrix.vaddy_project)] }} eccube bash -c 'echo ${VADDY_VERIFICATION_CODE} > vaddy-${VADDY_VERIFICATION_CODE}.html' - docker exec -u www-data eccube bash -c 'for code in Api Coupon4 GMC MailMagazine4 ProductReview4 Recommend4 RelatedProduct4 SalesReport4 Securitychecker4 SiteKit; do bin/console eccube:plugin:enable --code $code; done' - - - name: "VAddy: connect" - if: ${{ matrix.command5 != '' }} - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh connect - - - name: "VAddy: crawl" - if: ${{ matrix.command5 != '' && success() }} - env: - APP_ENV: "codeception" - DATABASE_URL: "postgres://postgres:password@127.0.0.1:5432/eccube_db" - DATABASE_SERVER_VERSION: "14" - MAILER_URL: "smtp://127.0.0.1:1025" - BASE_URL: "http://${{ secrets[format('{0}{1}', 'VADDY_FQDN_', matrix.vaddy_project)] }}:8080" - VADDY_PROXY: "${{ secrets.VADDY_PROXY }}" - VADDY_PROXY_PORT: "${{ secrets.VADDY_PROXY_PORT }}" - VADDY_VERIFICATION_CODE: "${{ secrets[format('{0}{1}', 'VADDY_VERIFICATION_CODE_', matrix.vaddy_project)] }}" - VADDY_CRAWL: "${{ matrix.command5 }}" - run: | - vendor/bin/codecept -vvv run acceptance --env chrome,local,vaddy VaddyCest:begin - vendor/bin/codecept -vvv run -g vaddy acceptance --env chrome,local,vaddy --html report.html ${{ matrix.command5 }} || true - vendor/bin/codecept -vvv run acceptance --env chrome,local,vaddy VaddyCest:commit - - - name: Upload report - if: ${{ matrix.command5 != '' && success() }} - uses: actions/upload-artifact@v2 - with: - name: crawl-reports - path: codeception/_output/**/* - - - name: "VAddy: disconnect" - if: ${{ matrix.command5 }} - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh disconnect - - - name: "VAddy: scan" - if: ${{ matrix.command5 != '' && success() }} - continue-on-error: true - env: - VADDY_CRAWL: "${{ matrix.command5 }}" - working-directory: /tmp/go-vaddy-master/privatenet - run: ./vaddy_privatenet.sh scan - - - name: "EC-CUBE: stop" - if: ${{ matrix.command5 }} - continue-on-error: true - run: docker rm -f -v eccube - -# - name: VAddy private net logs -# if: ${{ always() }} -# working-directory: /tmp/go-vaddy-master/privatenet -# run: cat vaddy/*.txt diff --git a/.github/workflows/zaproxy.yml b/.github/workflows/zaproxy.yml new file mode 100644 index 00000000000..470a6708e64 --- /dev/null +++ b/.github/workflows/zaproxy.yml @@ -0,0 +1,210 @@ +name: OWASP ZAP +on: + push: + paths: + - '**' + - '!*.md' +jobs: + build: + name: Build + runs-on: ubuntu-22.04 + steps: + - name: Checkout + uses: actions/checkout@master + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Container Build + uses: docker/build-push-action@v2 + with: + context: . + tags: ec-cube_ec-cube + outputs: type=docker,dest=/tmp/ec-cube.tar + + - name: Upload image + uses: actions/upload-artifact@v2 + with: + name: ec-cube + path: /tmp/ec-cube.tar + + scan: + name: Scan + needs: build + runs-on: ubuntu-22.04 + strategy: + fail-fast: false + matrix: + target: + - admin_authority + # - admin_content_block + # - admin_content_cache + # - admin_content_file + # - admin_content_layout + # - admin_customer_delivery + # - admin_customer_edit + # - admin_customer_list + # - admin_delivery + - admin_js_css + - admin_log + # - admin_mail + # - admin_masterdata + # - admin_member_edit + # - admin_member_setting + # - admin_news + # - admin_order_edit + # - admin_order_edit_search + # - admin_order_list + # - admin_order_mail + # - admin_page + # - admin_payment + # - admin_product_category + # - admin_product_class_name + # - admin_product_csv + # - admin_product_copy + # - admin_product_edit + # - admin_product_edit_class + # - admin_product_tag + # - admin_product_view + # - admin_shipping_csv + # - admin_shop_setting + # - admin_system + # - admin_tax + # - admin_template + # - entry + # - front_block + # - front_contact + # - front_help + # - front_mypage + # - front_product + # - front_sitemap + # - guest_cart + # - guest_front + # - guest_shopping + # - guest_shopping_customer_edit + # - guest_shopping_shipping_edit + # - guest_shopping_shipping_multiple + # - mypage_change + # - mypage_delivery + # - mypage_favorite + # - mypage_order + include: + # - target: admin_authority + # thread_per_host: 1 + # - target: admin_customer_delivery + # before_script: admin_create_customer.zst + # - target: admin_content_cache + # thread_per_host: 1 + - target: admin_js_css + thread_per_host: 1 + # - target: admin_mail + # thread_per_host: 1 + # - target: admin_masterdata + # thread_per_host: 1 + # - target: admin_member_setting + # context: default + # - target: admin_order_edit_search + # before_script: admin_create_customers.zst + # - target: admin_shop_setting + # thread_per_host: 1 + # - target: admin_system + # thread_per_host: 1 + # - target: admin_template + # thread_per_host: 1 + # - target: entry + # thread_per_host: 1 + # - target: mypage_delivery + # before_script: admin_create_customer.zst + # - target: mypage_order + # before_script: admin_create_customer.zst + + steps: + + - name: Maximize build space + run: | + sudo rm -rf /usr/local/lib/android + sudo rm -rf /usr/share/dotnet + sudo rm -rf /opt/ghc + + - name: Checkout + uses: actions/checkout@master + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Download image + uses: actions/download-artifact@v2 + with: + name: ec-cube + path: /tmp + + - name: Load image + run: | + docker load --input /tmp/ec-cube.tar + + - name: Run containers + env: + APP_ENV: prod + APP_DEBUG: 0 + run: | + docker compose -f docker-compose.yml -f docker-compose.pgsql.yml -f docker-compose.owaspzap.ci.yml up -d --wait + docker compose cp zap/delete_data.sh postgres:/ + docker compose exec -d -e PGUSER=dbuser -e PGDATABASE=eccubedb postgres /delete_data.sh + docker compose cp zap/delete_files.sh ec-cube:/ + docker compose exec -d ec-cube /delete_files.sh + + - name: Generate automation config + env: + ZAP_CONTEXT: "${{ matrix.context }}" + ZAP_THREAD_PER_HOST: "${{ matrix.thread_per_host }}" + ZAP_BEFORE_SCRIPT: "${{ matrix.before_script }}" + run: | + zap/generate_automation_config.sh \ + -t ${{ matrix.target }} \ + ${ZAP_BEFORE_SCRIPT:+"-b ${ZAP_BEFORE_SCRIPT}"} \ + ${ZAP_CONTEXT:+"-c ${ZAP_CONTEXT}"} \ + ${ZAP_THREAD_PER_HOST:+"-n ${ZAP_THREAD_PER_HOST}"} + cat zap/automation/${{ matrix.target }}.yml + + - name: Autorun + run: docker compose exec -it zap ./zap.sh -cmd -configfile /zap/wrk/options.properties -autorun wrk/automation/${{ matrix.target }}.yml + + - name: Copy report + if: ${{ always() }} + run: | + docker compose cp zap:/tmp/report /tmp + docker compose cp zap:/tmp/alerts.json /tmp + + - name: Upload report + if: ${{ always() }} + uses: actions/upload-artifact@v2 + with: + name: zap-${{ matrix.target }}-report + path: /tmp/report + + - name: Upload alerts + if: ${{ always() }} + uses: actions/upload-artifact@v2 + with: + name: zap-${{ matrix.target }}-report + path: /tmp/alerts.json + + merge: + name: Merge alerts + needs: scan + runs-on: ubuntu-22.04 + steps: + - uses: actions/download-artifact@v3 + with: + path: artifacts + - name: Display structure of downloaded files + run: | + find . + jq -s add **/alerts.json > all_alerts.json + working-directory: artifacts + - name: Upload alerts + if: ${{ always() }} + uses: actions/upload-artifact@v2 + with: + name: all_alerts + path: artifacts/all_alerts.json diff --git a/docker-compose.owaspzap.ci.yml b/docker-compose.owaspzap.ci.yml new file mode 100644 index 00000000000..de5f6f36090 --- /dev/null +++ b/docker-compose.owaspzap.ci.yml @@ -0,0 +1,20 @@ +version: "3" + +services: + zap: + image: kiy0taka/zap2docker-eccube + command: bash -c "zap.sh -cmd -configfile /zap/wrk/options.properties -certpubdump /zap/wrk/owasp_zap_root_ca.cer && sleep infinity" + volumes: + - ./zap/policies:/home/zap/.ZAP/policies/ + - ./zap:/zap/wrk/ + depends_on: + - ec-cube + networks: + - backend + - default + tty: true + healthcheck: + test: echo 'zap' + interval: 3s + timeout: 3s + retries: 3 \ No newline at end of file diff --git a/zap/automation/template.yml b/zap/automation/template.yml new file mode 100644 index 00000000000..bae590315f5 --- /dev/null +++ b/zap/automation/template.yml @@ -0,0 +1,120 @@ +env: + + contexts : + + - name: admin + urls: + - 'https://ec-cube/admin' + includePaths: + - '\Qhttps://ec-cube/admin\E.*' + excludePaths: + authentication: + method: 'form' + parameters: + loginPageUrl: https://ec-cube/admin/login + loginRequestUrl: https://ec-cube/admin/login + loginRequestBody: _csrf_token=xxx&login_id={%username%}&password={%password%} + verification: + method: 'poll' + loggedOutRegex: '\Q\E' + pollFrequency: 1000 + pollUnits: 'requests' + pollUrl: 'https://ec-cube/admin/login' + users: + - name: admin + credentials: + username: admin + password: password + + - name: default + urls: + - https://ec-cube + - http://mailcatcher:1080 + + parameters: + failOnError: true + failOnWarning: false + progressToStdout: true + +jobs: + + - type: script + parameters: + action: add + type: standalone + name: configure_tech + file: /zap/wrk/scripts/configure_tech.js + + - type: script + parameters: + action: run + type: standalone + name: configure_tech + +# - type: script +# parameters: +# action: add +# type: sequence +# name: before_script +# file: /zap/wrk/scripts/__BEFORE_SCRIPT__ +# - type: script +# parameters: +# action: run +# type: sequence +# name: before_script + + - type: script + parameters: + action: add + type: sequence + name: target + file: /zap/wrk/scripts/__TARGET__.zst + + - type: sequence + parameters: + action: activeScan + name: target + user: __USER__ + context: __CONTEXT__ + threadPerHost: __THREAD_PER_HOST__ + + - type: passiveScan-wait + + - type: report + parameters: + reportDir: /tmp/report + reportFile: ZAP-Report-__TARGET__ + reportTitle: __TARGET__ + + - type: script + parameters: + action: add + type: standalone + name: dump_alerts + file: /zap/wrk/scripts/dump_alerts.js + + - type: script + parameters: + action: run + type: standalone + name: dump_alerts + + - type: script + parameters: + action: add + type: standalone + name: assert_no_high_risks + file: /zap/wrk/scripts/assert_no_high_risks.js + + - type: script + parameters: + action: run + type: standalone + name: assert_no_high_risks + tests: + - name: 'High risk alert count' + type: stats + statistic: stats.scan.high.alerts + operator: '==' + value: 0 + onFail: 'error' diff --git a/zap/delete_data.sh b/zap/delete_data.sh new file mode 100755 index 00000000000..1746555bf2c --- /dev/null +++ b/zap/delete_data.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +MAX_MEMBER_ID=$(psql -t -c 'select max(id) from dtb_member;') +MAX_TAG_ID=$(psql -t -c 'select max(id) from dtb_tag;') + +while true +do + psql -c " +delete from dtb_page_layout where page_id in (select id from dtb_page where create_date between now() - interval '24:00' and now() - interval '00:00:05'); +delete from dtb_page where create_date between now() - interval '24:00' and now() - interval '00:00:06'; +delete from dtb_delivery_fee where delivery_id in (select id from dtb_delivery where create_date between now() - interval '24:00' and now() - interval '00:00:05'); +delete from dtb_payment_option where delivery_id in (select id from dtb_delivery where create_date between now() - interval '24:00' and now() - interval '00:00:05'); +delete from dtb_delivery where create_date between now() - interval '24:00' and now() - interval '00:00:06'; +delete from dtb_payment where create_date between now() - interval '24:00' and now() - interval '00:00:06'; +delete from dtb_block_position where layout_id in (select id from dtb_layout where create_date between now() - interval '24:00' and now() - interval '00:00:05'); +delete from dtb_block where create_date between now() - interval '24:00' and now() - interval '00:00:06'; +delete from dtb_layout where create_date between now() - interval '24:00' and now() - interval '00:00:06'; +delete from dtb_category where create_date between now() - interval '24:00' and now() - interval '00:00:06'; +delete from dtb_class_category where class_name_id in (select id from dtb_class_name where create_date between now() - interval '24:00' and now() - interval '00:00:05'); +delete from dtb_class_name where create_date between now() - interval '24:00' and now() - interval '00:00:06'; +delete from dtb_member where create_date between now() - interval '24:00' and now() - interval '00:00:06' and id > ${MAX_MEMBER_ID}; +delete from dtb_template where create_date between now() - interval '24:00' and now() - interval '00:00:06'; +delete from dtb_tag where id > ${MAX_TAG_ID};"; + sleep 5 +done \ No newline at end of file diff --git a/zap/delete_files.sh b/zap/delete_files.sh new file mode 100755 index 00000000000..d989de4fd63 --- /dev/null +++ b/zap/delete_files.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +LATEST_FILE=$(find /var/www/html/html/ -printf '%T+ %p\n' | sort -r | head -n 1 | cut -d' ' -f 2) + +while true +do + find /var/www/html/html/ -newer $LATEST_FILE -mmin +0.1 -type f -exec rm {} + + sleep 10 +done \ No newline at end of file diff --git a/zap/generate_automation_config.sh b/zap/generate_automation_config.sh new file mode 100755 index 00000000000..1c10ded6359 --- /dev/null +++ b/zap/generate_automation_config.sh @@ -0,0 +1,50 @@ +#!/bin/bash + +cd $(dirname $0) + +while getopts "t:c:b:n:" OPT +do + case $OPT in + t) TARGET=${OPTARG} ;; + c) CONTEXT=${OPTARG} ;; + b) BEFORE_SCRIPT=${OPTARG} ;; + n) THREAD_PER_HOST=${OPTARG} ;; + esac +done + +THREAD_PER_HOST=${THREAD_PER_HOST:-10} + +if [[ -z "${CONTEXT}" ]]; then + if [[ ${TARGET} =~ 'admin' ]]; then + CONTEXT=admin + CONTEXT_USER=admin + else + CONTEXT=default + fi +fi + +BEFORE_SCRIPT=$(echo ${BEFORE_SCRIPT} | sed 's/ //g') + +echo " +CONTEXT: ${CONTEXT} +CONTEXT_USER: ${CONTEXT_USER} +THREAD_PER_HOST: ${THREAD_PER_HOST} +TARGET: ${TARGET} +BEFORE_SCRIPT: ${BEFORE_SCRIPT} +" + + +if [[ -n ${BEFORE_SCRIPT} ]]; then + REPLACE_COMMENT="s/#//g" +else + REPLACE_COMMENT="s/^#.*$//g" +fi + +cat automation/template.yml | \ + sed "s/__TARGET__/${TARGET}/g" | \ + sed "s/__BEFORE_SCRIPT__/${BEFORE_SCRIPT}/g" | \ + sed "s/__THREAD_PER_HOST__/${THREAD_PER_HOST}/g" | \ + sed "s/__CONTEXT__/${CONTEXT}/g" | \ + sed "s/__USER__/${CONTEXT_USER}/" | \ + sed ${REPLACE_COMMENT} \ + > automation/${TARGET}.yml \ No newline at end of file diff --git a/zap/options.properties b/zap/options.properties index 388803dd54f..7f0334ea8ff 100644 --- a/zap/options.properties +++ b/zap/options.properties @@ -122,55 +122,58 @@ httpsessions.tokens.token\(1\).name=ecsessid httpsessions.tokens.token\(1\).enabled=true httpsessions.tokens.token\(2\).name=phpsessid httpsessions.tokens.token\(2\).enabled=true -## Filtering out false positives in PATH Traversal to add_cart + +################################################ +# Alert Filters +################################################ globalalertfilter.filters.filter\(0\).ruleid=6 globalalertfilter.filters.filter\(0\).newrisk=-1 -globalalertfilter.filters.filter\(0\).url=https://ec-cube/products/add_cart/[0-9]+ +globalalertfilter.filters.filter\(0\).url=https://ec-cube/.* globalalertfilter.filters.filter\(0\).urlregex=true -globalalertfilter.filters.filter\(0\).param= -globalalertfilter.filters.filter\(0\).paramregex=false -globalalertfilter.filters.filter\(0\).attack= -globalalertfilter.filters.filter\(0\).attackregex=false -globalalertfilter.filters.filter\(0\).evidence= -globalalertfilter.filters.filter\(0\).evidenceregex=false +globalalertfilter.filters.filter\(0\).param=.*\\[_token\\] +globalalertfilter.filters.filter\(0\).paramregex=true +globalalertfilter.filters.filter\(0\).attack=(?s).* +globalalertfilter.filters.filter\(0\).attackregex=true +globalalertfilter.filters.filter\(0\).evidence=.* +globalalertfilter.filters.filter\(0\).evidenceregex=true globalalertfilter.filters.filter\(0\).enabled=true -## Filtering out false positives in SQL Injection -globalalertfilter.filters.filter\(1\).ruleid=40018 + +globalalertfilter.filters.filter\(1\).ruleid=6 globalalertfilter.filters.filter\(1\).newrisk=-1 -globalalertfilter.filters.filter\(1\).url=https://ec-cube/entry -globalalertfilter.filters.filter\(1\).urlregex=false -globalalertfilter.filters.filter\(1\).param=mode +globalalertfilter.filters.filter\(1\).url=https://ec-cube/.* +globalalertfilter.filters.filter\(1\).urlregex=true +globalalertfilter.filters.filter\(1\).param=_token globalalertfilter.filters.filter\(1\).paramregex=false -globalalertfilter.filters.filter\(1\).attack=confirm OR 1=1 -- -globalalertfilter.filters.filter\(1\).attackregex=false +globalalertfilter.filters.filter\(1\).attack=(?s).* +globalalertfilter.filters.filter\(1\).attackregex=true globalalertfilter.filters.filter\(1\).evidence= globalalertfilter.filters.filter\(1\).evidenceregex=false globalalertfilter.filters.filter\(1\).enabled=true -## Filtering out false positives in anti CSRF token to searchForm -globalalertfilter.filters.filter\(2\).ruleid=10202 + +globalalertfilter.filters.filter\(2\).ruleid=43 globalalertfilter.filters.filter\(2\).newrisk=-1 globalalertfilter.filters.filter\(2\).url=https://ec-cube/.* globalalertfilter.filters.filter\(2\).urlregex=true -globalalertfilter.filters.filter\(2\).param= -globalalertfilter.filters.filter\(2\).paramregex=false -globalalertfilter.filters.filter\(2\).attack=
-globalalertfilter.filters.filter\(2\).attackregex=false +globalalertfilter.filters.filter\(2\).param=.*\\[_token\\] +globalalertfilter.filters.filter\(2\).paramregex=true +globalalertfilter.filters.filter\(2\).attack=(?s).* +globalalertfilter.filters.filter\(2\).attackregex=true globalalertfilter.filters.filter\(2\).evidence= globalalertfilter.filters.filter\(2\).evidenceregex=false globalalertfilter.filters.filter\(2\).enabled=true -## Filtering out false positives in PATH Traversal to method -globalalertfilter.filters.filter\(3\).ruleid=6 + +globalalertfilter.filters.filter\(3\).ruleid=43 globalalertfilter.filters.filter\(3\).newrisk=-1 -globalalertfilter.filters.filter\(3\).url=https://ec-cube/.*/delete -globalalertfilter.filters.filter\(3\).urlregex=true -globalalertfilter.filters.filter\(3\).param=_method +globalalertfilter.filters.filter\(3\).url=https://ec-cube/.* +globalalertfilter.filters.filter\(3\).urlregex=false +globalalertfilter.filters.filter\(3\).param=_token globalalertfilter.filters.filter\(3\).paramregex=false -globalalertfilter.filters.filter\(3\).attack=delete -globalalertfilter.filters.filter\(3\).attackregex=false +globalalertfilter.filters.filter\(3\).attack=(.*/)?\\d +globalalertfilter.filters.filter\(3\).attackregex=true globalalertfilter.filters.filter\(3\).evidence= globalalertfilter.filters.filter\(3\).evidenceregex=false globalalertfilter.filters.filter\(3\).enabled=true -## Filtering out false positives in anti CSRF token to ec-cube.net + globalalertfilter.filters.filter\(4\).ruleid=10202 globalalertfilter.filters.filter\(4\).newrisk=-1 globalalertfilter.filters.filter\(4\).url=https://ec-cube/.* @@ -182,255 +185,927 @@ globalalertfilter.filters.filter\(4\).attackregex=true globalalertfilter.filters.filter\(4\).evidence= globalalertfilter.filters.filter\(4\).evidenceregex=false globalalertfilter.filters.filter\(4\).enabled=true -## Filtering out false positives in anti CSRF token to form_bulk + globalalertfilter.filters.filter\(5\).ruleid=10202 globalalertfilter.filters.filter\(5\).newrisk=-1 -globalalertfilter.filters.filter\(5\).url=https://ec-cube/admin/product -globalalertfilter.filters.filter\(5\).urlregex=false +globalalertfilter.filters.filter\(5\).url=https://ec-cube/.* +globalalertfilter.filters.filter\(5\).urlregex=true globalalertfilter.filters.filter\(5\).param= globalalertfilter.filters.filter\(5\).paramregex=false -globalalertfilter.filters.filter\(5\).attack= +globalalertfilter.filters.filter\(5\).attack= globalalertfilter.filters.filter\(5\).attackregex=false -globalalertfilter.filters.filter\(5\).evidence= +globalalertfilter.filters.filter\(5\).evidence= globalalertfilter.filters.filter\(5\).evidenceregex=false globalalertfilter.filters.filter\(5\).enabled=true -## Filtering out false positives in anti CSRF token to category -globalalertfilter.filters.filter\(6\).ruleid=10202 + +globalalertfilter.filters.filter\(6\).ruleid=40018 globalalertfilter.filters.filter\(6\).newrisk=-1 -globalalertfilter.filters.filter\(6\).url=https://ec-cube/admin/category -globalalertfilter.filters.filter\(6\).urlregex=false -globalalertfilter.filters.filter\(6\).param= -globalalertfilter.filters.filter\(6\).paramregex=false -globalalertfilter.filters.filter\(6\).attack= -globalalertfilter.filters.filter\(6\).attackregex=false -globalalertfilter.filters.filter\(6\).evidence= +globalalertfilter.filters.filter\(6\).url=https://ec-cube/.* +globalalertfilter.filters.filter\(6\).urlregex=true +globalalertfilter.filters.filter\(6\).param=.*\\[_token\\] +globalalertfilter.filters.filter\(6\).paramregex=true +globalalertfilter.filters.filter\(6\).attack=(?s).* +globalalertfilter.filters.filter\(6\).attackregex=true +globalalertfilter.filters.filter\(6\).evidence= globalalertfilter.filters.filter\(6\).evidenceregex=false globalalertfilter.filters.filter\(6\).enabled=true -## Filtering out false positives in anti CSRF token to class_category -globalalertfilter.filters.filter\(7\).ruleid=10202 + +globalalertfilter.filters.filter\(7\).ruleid=40018 globalalertfilter.filters.filter\(7\).newrisk=-1 -globalalertfilter.filters.filter\(7\).url=https://ec-cube/admin/product/class_category/.* +globalalertfilter.filters.filter\(7\).url=https://ec-cube/.* globalalertfilter.filters.filter\(7\).urlregex=true -globalalertfilter.filters.filter\(7\).param= +globalalertfilter.filters.filter\(7\).param=_token globalalertfilter.filters.filter\(7\).paramregex=false -globalalertfilter.filters.filter\(7\).attack= -globalalertfilter.filters.filter\(7\).attackregex=false -globalalertfilter.filters.filter\(7\).evidence= -globalalertfilter.filters.filter\(7\).evidenceregex=true +globalalertfilter.filters.filter\(7\).attack=(?s).* +globalalertfilter.filters.filter\(7\).attackregex=true +globalalertfilter.filters.filter\(7\).evidence= +globalalertfilter.filters.filter\(7\).evidenceregex=false globalalertfilter.filters.filter\(7\).enabled=true -## Filtering out false positives in anti CSRF token to class_name -globalalertfilter.filters.filter\(8\).ruleid=10202 + +globalalertfilter.filters.filter\(8\).ruleid=90018 globalalertfilter.filters.filter\(8\).newrisk=-1 -globalalertfilter.filters.filter\(8\).url=https://ec-cube/admin/product/class_name -globalalertfilter.filters.filter\(8\).urlregex=false -globalalertfilter.filters.filter\(8\).param= -globalalertfilter.filters.filter\(8\).paramregex=false -globalalertfilter.filters.filter\(8\).attack= -globalalertfilter.filters.filter\(8\).attackregex=false -globalalertfilter.filters.filter\(8\).evidence= +globalalertfilter.filters.filter\(8\).url=https://ec-cube/.* +globalalertfilter.filters.filter\(8\).urlregex=true +globalalertfilter.filters.filter\(8\).param=.*\\[_token\\] +globalalertfilter.filters.filter\(8\).paramregex=true +globalalertfilter.filters.filter\(8\).attack=(?s).* +globalalertfilter.filters.filter\(8\).attackregex=true +globalalertfilter.filters.filter\(8\).evidence= globalalertfilter.filters.filter\(8\).evidenceregex=false globalalertfilter.filters.filter\(8\).enabled=true -## Filtering out false positives in anti CSRF token to tag -globalalertfilter.filters.filter\(9\).ruleid=10202 + +globalalertfilter.filters.filter\(9\).ruleid=90018 globalalertfilter.filters.filter\(9\).newrisk=-1 -globalalertfilter.filters.filter\(9\).url=https://ec-cube/admin/product/tag -globalalertfilter.filters.filter\(9\).urlregex=false -globalalertfilter.filters.filter\(9\).param= +globalalertfilter.filters.filter\(9\).url=https://ec-cube/.* +globalalertfilter.filters.filter\(9\).urlregex=true +globalalertfilter.filters.filter\(9\).param=_token globalalertfilter.filters.filter\(9\).paramregex=false -globalalertfilter.filters.filter\(9\).attack= -globalalertfilter.filters.filter\(9\).attackregex=false -globalalertfilter.filters.filter\(9\).evidence= +globalalertfilter.filters.filter\(9\).attack=(?s).* +globalalertfilter.filters.filter\(9\).attackregex=true +globalalertfilter.filters.filter\(9\).evidence= globalalertfilter.filters.filter\(9\).evidenceregex=false globalalertfilter.filters.filter\(9\).enabled=true -## Filtering out false positives in PATH Traversal to edit + globalalertfilter.filters.filter\(10\).ruleid=6 globalalertfilter.filters.filter\(10\).newrisk=-1 -globalalertfilter.filters.filter\(10\).url=https://ec-cube/admin/.*/edit +globalalertfilter.filters.filter\(10\).url=https://ec-cube/.*/delete globalalertfilter.filters.filter\(10\).urlregex=true -globalalertfilter.filters.filter\(10\).param= -globalalertfilter.filters.filter\(10\).paramregex=false -globalalertfilter.filters.filter\(10\).attack=edit -globalalertfilter.filters.filter\(10\).attackregex=false +globalalertfilter.filters.filter\(10\).param=.* +globalalertfilter.filters.filter\(10\).paramregex=true +globalalertfilter.filters.filter\(10\).attack=(?s).*delete +globalalertfilter.filters.filter\(10\).attackregex=true globalalertfilter.filters.filter\(10\).evidence= globalalertfilter.filters.filter\(10\).evidenceregex=false globalalertfilter.filters.filter\(10\).enabled=true -## Filtering out false positives in PATH Traversal to new -globalalertfilter.filters.filter\(11\).ruleid=6 + +globalalertfilter.filters.filter\(11\).ruleid=43 globalalertfilter.filters.filter\(11\).newrisk=-1 -globalalertfilter.filters.filter\(11\).url=https://ec-cube/admin/.*/new +globalalertfilter.filters.filter\(11\).url=https://ec-cube/.*/delete globalalertfilter.filters.filter\(11\).urlregex=true -globalalertfilter.filters.filter\(11\).param= -globalalertfilter.filters.filter\(11\).paramregex=false -globalalertfilter.filters.filter\(11\).attack=new -globalalertfilter.filters.filter\(11\).attackregex=false +globalalertfilter.filters.filter\(11\).param=.* +globalalertfilter.filters.filter\(11\).paramregex=true +globalalertfilter.filters.filter\(11\).attack=(?s).*delete +globalalertfilter.filters.filter\(11\).attackregex=true globalalertfilter.filters.filter\(11\).evidence= globalalertfilter.filters.filter\(11\).evidenceregex=false globalalertfilter.filters.filter\(11\).enabled=true -## Filtering out false positives in anti CSRF token to order_item_type -globalalertfilter.filters.filter\(12\).ruleid=10202 + +globalalertfilter.filters.filter\(12\).ruleid=6 globalalertfilter.filters.filter\(12\).newrisk=-1 -globalalertfilter.filters.filter\(12\).url=https://ec-cube/admin/order/search/order_item_type -globalalertfilter.filters.filter\(12\).urlregex=false +globalalertfilter.filters.filter\(12\).url=https://ec-cube/admin/.*/edit +globalalertfilter.filters.filter\(12\).urlregex=true globalalertfilter.filters.filter\(12\).param= globalalertfilter.filters.filter\(12\).paramregex=false -globalalertfilter.filters.filter\(12\).attack= -globalalertfilter.filters.filter\(12\).attackregex=false -globalalertfilter.filters.filter\(12\).evidence= -globalalertfilter.filters.filter\(12\).evidenceregex=true +globalalertfilter.filters.filter\(12\).attack=(?s).*edit +globalalertfilter.filters.filter\(12\).attackregex=true +globalalertfilter.filters.filter\(12\).evidence= +globalalertfilter.filters.filter\(12\).evidenceregex=false globalalertfilter.filters.filter\(12\).enabled=true -## Filtering out false positives in anti CSRF token to search product -globalalertfilter.filters.filter\(13\).ruleid=10202 + +globalalertfilter.filters.filter\(13\).ruleid=6 globalalertfilter.filters.filter\(13\).newrisk=-1 -globalalertfilter.filters.filter\(13\).url=https://ec-cube/admin/.*/search/product +globalalertfilter.filters.filter\(13\).url=https://ec-cube/admin/.*/new globalalertfilter.filters.filter\(13\).urlregex=true -globalalertfilter.filters.filter\(13\).param= -globalalertfilter.filters.filter\(13\).paramregex=false -globalalertfilter.filters.filter\(13\).attack= -globalalertfilter.filters.filter\(13\).attackregex=false -globalalertfilter.filters.filter\(13\).evidence= -globalalertfilter.filters.filter\(13\).evidenceregex=true +globalalertfilter.filters.filter\(13\).param=.* +globalalertfilter.filters.filter\(13\).paramregex=true +globalalertfilter.filters.filter\(13\).attack=(?s).*new +globalalertfilter.filters.filter\(13\).attackregex=true +globalalertfilter.filters.filter\(13\).evidence= +globalalertfilter.filters.filter\(13\).evidenceregex=false globalalertfilter.filters.filter\(13\).enabled=true -## Filtering out false positives in XSS(Persistent) to file_manager -globalalertfilter.filters.filter\(14\).ruleid=40014 + +globalalertfilter.filters.filter\(14\).ruleid=43 globalalertfilter.filters.filter\(14\).newrisk=-1 -globalalertfilter.filters.filter\(14\).url=https://ec-cube/admin/content/file_manager -globalalertfilter.filters.filter\(14\).urlregex=false -globalalertfilter.filters.filter\(14\).param=form[file][] -globalalertfilter.filters.filter\(14\).paramregex=false -globalalertfilter.filters.filter\(14\).attack=;alert(1) -globalalertfilter.filters.filter\(14\).attackregex=false +globalalertfilter.filters.filter\(14\).url=https://ec-cube/admin/.*/new +globalalertfilter.filters.filter\(14\).urlregex=true +globalalertfilter.filters.filter\(14\).param=.* +globalalertfilter.filters.filter\(14\).paramregex=true +globalalertfilter.filters.filter\(14\).attack=(?s).*new +globalalertfilter.filters.filter\(14\).attackregex=true globalalertfilter.filters.filter\(14\).evidence= globalalertfilter.filters.filter\(14\).evidenceregex=false globalalertfilter.filters.filter\(14\).enabled=true -## Filtering out false positives in XSS(Reflected) to file_manager -globalalertfilter.filters.filter\(15\).ruleid=40012 + +globalalertfilter.filters.filter\(15\).ruleid=10202 globalalertfilter.filters.filter\(15\).newrisk=-1 -globalalertfilter.filters.filter\(15\).url=https://ec-cube/admin/content/file_manager -globalalertfilter.filters.filter\(15\).urlregex=false +globalalertfilter.filters.filter\(15\).url=https://ec-cube/admin/.*/search/product +globalalertfilter.filters.filter\(15\).urlregex=true globalalertfilter.filters.filter\(15\).param= globalalertfilter.filters.filter\(15\).paramregex=false -globalalertfilter.filters.filter\(15\).attack=;alert(1) +globalalertfilter.filters.filter\(15\).attack= globalalertfilter.filters.filter\(15\).attackregex=false -globalalertfilter.filters.filter\(15\).evidence=;alert(1) -globalalertfilter.filters.filter\(15\).evidenceregex=false +globalalertfilter.filters.filter\(15\).evidence= +globalalertfilter.filters.filter\(15\).evidenceregex=true globalalertfilter.filters.filter\(15\).enabled=true -## Filtering out false positives in XSS(Reflected) to recommend -globalalertfilter.filters.filter\(16\).ruleid=40012 + +globalalertfilter.filters.filter\(16\).ruleid=10202 globalalertfilter.filters.filter\(16\).newrisk=-1 -globalalertfilter.filters.filter\(16\).url=https://ec-cube/admin/plugin/recommend/.* -globalalertfilter.filters.filter\(16\).urlregex=true -globalalertfilter.filters.filter\(16\).param=recommend_product[comment] +globalalertfilter.filters.filter\(16\).url=https://ec-cube/admin/category +globalalertfilter.filters.filter\(16\).urlregex=false +globalalertfilter.filters.filter\(16\).param= globalalertfilter.filters.filter\(16\).paramregex=false globalalertfilter.filters.filter\(16\).attack= globalalertfilter.filters.filter\(16\).attackregex=false -globalalertfilter.filters.filter\(16\).evidence= +globalalertfilter.filters.filter\(16\).evidence= globalalertfilter.filters.filter\(16\).evidenceregex=false globalalertfilter.filters.filter\(16\).enabled=true -## Filtering out false positives in SQL Injection to file_manager -globalalertfilter.filters.filter\(17\).ruleid=40018 + +globalalertfilter.filters.filter\(17\).ruleid=6 globalalertfilter.filters.filter\(17\).newrisk=-1 -globalalertfilter.filters.filter\(17\).url=https://ec-cube/admin/content/file_manager +globalalertfilter.filters.filter\(17\).url=https://ec-cube/admin/change_password globalalertfilter.filters.filter\(17\).urlregex=false -globalalertfilter.filters.filter\(17\).param= -globalalertfilter.filters.filter\(17\).paramregex=false -globalalertfilter.filters.filter\(17\).attack= -globalalertfilter.filters.filter\(17\).attackregex=false +globalalertfilter.filters.filter\(17\).param=.* +globalalertfilter.filters.filter\(17\).paramregex=true +globalalertfilter.filters.filter\(17\).attack=(?s).*change_password +globalalertfilter.filters.filter\(17\).attackregex=true globalalertfilter.filters.filter\(17\).evidence= globalalertfilter.filters.filter\(17\).evidenceregex=false globalalertfilter.filters.filter\(17\).enabled=true -## Filtering out false positives in XSS(Reflected) to mail_magazine -globalalertfilter.filters.filter\(18\).ruleid=40012 + +globalalertfilter.filters.filter\(18\).ruleid=43 globalalertfilter.filters.filter\(18\).newrisk=-1 -globalalertfilter.filters.filter\(18\).url=https://ec-cube/admin/plugin/mail_magazine/select/.* -globalalertfilter.filters.filter\(18\).urlregex=true -globalalertfilter.filters.filter\(18\).param=mail_magazine[htmlBody] -globalalertfilter.filters.filter\(18\).paramregex=false -globalalertfilter.filters.filter\(18\).attack= -globalalertfilter.filters.filter\(18\).attackregex=false +globalalertfilter.filters.filter\(18\).url=https://ec-cube/admin/change_password +globalalertfilter.filters.filter\(18\).urlregex=false +globalalertfilter.filters.filter\(18\).param=.* +globalalertfilter.filters.filter\(18\).paramregex=true +globalalertfilter.filters.filter\(18\).attack=(?s).*change_password +globalalertfilter.filters.filter\(18\).attackregex=true globalalertfilter.filters.filter\(18\).evidence= globalalertfilter.filters.filter\(18\).evidenceregex=false globalalertfilter.filters.filter\(18\).enabled=true -## Filtering out false positives in XSS(Reflected) to mail preview -globalalertfilter.filters.filter\(19\).ruleid=40012 + +globalalertfilter.filters.filter\(19\).ruleid=40018 globalalertfilter.filters.filter\(19\).newrisk=-1 -globalalertfilter.filters.filter\(19\).url=https://ec-cube/admin/setting/shop/mail/preview +globalalertfilter.filters.filter\(19\).url=https://ec-cube/admin/change_password globalalertfilter.filters.filter\(19\).urlregex=false -globalalertfilter.filters.filter\(19\).param=html_body -globalalertfilter.filters.filter\(19\).paramregex=false -globalalertfilter.filters.filter\(19\).attack= -globalalertfilter.filters.filter\(19\).attackregex=false +globalalertfilter.filters.filter\(19\).param=admin_change_password\\[(current_password|change_password\\]\\[(first|second))\\] +globalalertfilter.filters.filter\(19\).paramregex=true +globalalertfilter.filters.filter\(19\).attack=(?s).* +globalalertfilter.filters.filter\(19\).attackregex=true globalalertfilter.filters.filter\(19\).evidence= globalalertfilter.filters.filter\(19\).evidenceregex=false globalalertfilter.filters.filter\(19\).enabled=true -## Filtering out false positives in PATH Traversal to csv -globalalertfilter.filters.filter\(20\).ruleid=6 + +globalalertfilter.filters.filter\(20\).ruleid=40012 globalalertfilter.filters.filter\(20\).newrisk=-1 -globalalertfilter.filters.filter\(20\).url=https://ec-cube/admin/setting/shop/csv/.* -globalalertfilter.filters.filter\(20\).urlregex=true +globalalertfilter.filters.filter\(20\).url=https://ec-cube/admin/content/file_manager +globalalertfilter.filters.filter\(20\).urlregex=false globalalertfilter.filters.filter\(20\).param= globalalertfilter.filters.filter\(20\).paramregex=false -globalalertfilter.filters.filter\(20\).attack=[0-9]+ -globalalertfilter.filters.filter\(20\).attackregex=true -globalalertfilter.filters.filter\(20\).evidence= +globalalertfilter.filters.filter\(20\).attack=;alert(1) +globalalertfilter.filters.filter\(20\).attackregex=false +globalalertfilter.filters.filter\(20\).evidence=;alert(1) globalalertfilter.filters.filter\(20\).evidenceregex=false globalalertfilter.filters.filter\(20\).enabled=true -## Filtering out false positives in PATH Traversal to security -globalalertfilter.filters.filter\(21\).ruleid=6 + +globalalertfilter.filters.filter\(21\).ruleid=40014 globalalertfilter.filters.filter\(21\).newrisk=-1 -globalalertfilter.filters.filter\(21\).url=https://ec-cube/admin/setting/system/security +globalalertfilter.filters.filter\(21\).url=https://ec-cube/admin/content/file_manager globalalertfilter.filters.filter\(21\).urlregex=false -globalalertfilter.filters.filter\(21\).param=admin_security[admin_route_dir] +globalalertfilter.filters.filter\(21\).param=form[file][] globalalertfilter.filters.filter\(21\).paramregex=false -globalalertfilter.filters.filter\(21\).attack=security +globalalertfilter.filters.filter\(21\).attack=;alert(1) globalalertfilter.filters.filter\(21\).attackregex=false globalalertfilter.filters.filter\(21\).evidence= globalalertfilter.filters.filter\(21\).evidenceregex=false globalalertfilter.filters.filter\(21\).enabled=true -## Filtering out false positives in anti CSRF token to authentication_setting -globalalertfilter.filters.filter\(22\).ruleid=10202 + +globalalertfilter.filters.filter\(22\).ruleid=40018 globalalertfilter.filters.filter\(22\).newrisk=-1 -globalalertfilter.filters.filter\(22\).url=https://ec-cube/admin/store/plugin/authentication_setting +globalalertfilter.filters.filter\(22\).url=https://ec-cube/admin/content/file_manager globalalertfilter.filters.filter\(22\).urlregex=false globalalertfilter.filters.filter\(22\).param= globalalertfilter.filters.filter\(22\).paramregex=false globalalertfilter.filters.filter\(22\).attack= globalalertfilter.filters.filter\(22\).attackregex=false -globalalertfilter.filters.filter\(22\).evidence= +globalalertfilter.filters.filter\(22\).evidence= globalalertfilter.filters.filter\(22\).evidenceregex=false globalalertfilter.filters.filter\(22\).enabled=true -## Filtering out false positives in anti CSRF token to memeber -globalalertfilter.filters.filter\(22\).ruleid=10202 -globalalertfilter.filters.filter\(22\).newrisk=-1 -globalalertfilter.filters.filter\(22\).url=https://ec-cube/admin/setting/system/member -globalalertfilter.filters.filter\(22\).urlregex=false -globalalertfilter.filters.filter\(22\).param= -globalalertfilter.filters.filter\(22\).paramregex=false -globalalertfilter.filters.filter\(22\).attack= -globalalertfilter.filters.filter\(22\).attackregex=false -globalalertfilter.filters.filter\(22\).evidence= -globalalertfilter.filters.filter\(22\).evidenceregex=false -globalalertfilter.filters.filter\(22\).enabled=true -## Filtering out false positives in PATH Traversal to customer -globalalertfilter.filters.filter\(23\).ruleid=6 + +globalalertfilter.filters.filter\(23\).ruleid=90018 globalalertfilter.filters.filter\(23\).newrisk=-1 -globalalertfilter.filters.filter\(23\).url=https://ec-cube/shopping/customer +globalalertfilter.filters.filter\(23\).url=https://ec-cube/admin/content/file_manager globalalertfilter.filters.filter\(23\).urlregex=false -globalalertfilter.filters.filter\(23\).param= -globalalertfilter.filters.filter\(23\).paramregex=false -globalalertfilter.filters.filter\(23\).attack=customer -globalalertfilter.filters.filter\(23\).attackregex=false +globalalertfilter.filters.filter\(23\).param=(tree_select_file|tree_status|select_file|form\\[file\\]\\[\\]) +globalalertfilter.filters.filter\(23\).paramregex=true +globalalertfilter.filters.filter\(23\).attack=(?s).* +globalalertfilter.filters.filter\(23\).attackregex=true globalalertfilter.filters.filter\(23\).evidence= globalalertfilter.filters.filter\(23\).evidenceregex=false globalalertfilter.filters.filter\(23\).enabled=true -## Filtering out false positives in anti CSRF token to favorite -globalalertfilter.filters.filter\(24\).ruleid=10202 + +globalalertfilter.filters.filter\(24\).ruleid=43 globalalertfilter.filters.filter\(24\).newrisk=-1 -globalalertfilter.filters.filter\(24\).url=https://ec-cube/products/detail/.* +globalalertfilter.filters.filter\(24\).url=https://ec-cube/admin/content/file_manager.* globalalertfilter.filters.filter\(24\).urlregex=true -globalalertfilter.filters.filter\(24\).param= -globalalertfilter.filters.filter\(24\).paramregex=false -globalalertfilter.filters.filter\(24\).attack= -globalalertfilter.filters.filter\(24\).attackregex=false -globalalertfilter.filters.filter\(24\).evidence= -globalalertfilter.filters.filter\(24\).evidenceregex=true -globalalertfilter.filters.filter\(24\).enabled=true \ No newline at end of file +globalalertfilter.filters.filter\(24\).param=.* +globalalertfilter.filters.filter\(24\).paramregex=true +globalalertfilter.filters.filter\(24\).attack=(?s).*file_manager +globalalertfilter.filters.filter\(24\).attackregex=true +globalalertfilter.filters.filter\(24\).evidence= +globalalertfilter.filters.filter\(24\).evidenceregex=false +globalalertfilter.filters.filter\(24\).enabled=true + +globalalertfilter.filters.filter\(25\).ruleid=40018 +globalalertfilter.filters.filter\(25\).newrisk=-1 +globalalertfilter.filters.filter\(25\).url=https://ec-cube/admin/content/layout/new +globalalertfilter.filters.filter\(25\).urlregex=false +globalalertfilter.filters.filter\(25\).param=block_id_1 +globalalertfilter.filters.filter\(25\).paramregex=false +globalalertfilter.filters.filter\(25\).attack=(?s).* +globalalertfilter.filters.filter\(25\).attackregex=true +globalalertfilter.filters.filter\(25\).evidence= +globalalertfilter.filters.filter\(25\).evidenceregex=false +globalalertfilter.filters.filter\(25\).enabled=true + +globalalertfilter.filters.filter\(26\).ruleid=90018 +globalalertfilter.filters.filter\(26\).newrisk=-1 +globalalertfilter.filters.filter\(26\).url=https://ec-cube/admin/customer/.*/edit +globalalertfilter.filters.filter\(26\).urlregex=true +globalalertfilter.filters.filter\(26\).param=admin_customer[note] +globalalertfilter.filters.filter\(26\).paramregex=false +globalalertfilter.filters.filter\(26\).attack=(?s).* +globalalertfilter.filters.filter\(26\).attackregex=true +globalalertfilter.filters.filter\(26\).evidence= +globalalertfilter.filters.filter\(26\).evidenceregex=false +globalalertfilter.filters.filter\(26\).enabled=true + +globalalertfilter.filters.filter\(27\).ruleid=90018 +globalalertfilter.filters.filter\(27\).newrisk=-1 +globalalertfilter.filters.filter\(27\).url=https://ec-cube/admin/customer/new +globalalertfilter.filters.filter\(27\).urlregex=false +globalalertfilter.filters.filter\(27\).param=admin_customer\\[(birth|note)\\] +globalalertfilter.filters.filter\(27\).paramregex=true +globalalertfilter.filters.filter\(27\).attack=(?s).* +globalalertfilter.filters.filter\(27\).attackregex=true +globalalertfilter.filters.filter\(27\).evidence= +globalalertfilter.filters.filter\(27\).evidenceregex=false +globalalertfilter.filters.filter\(27\).enabled=true + +globalalertfilter.filters.filter\(28\).ruleid=40022 +globalalertfilter.filters.filter\(28\).newrisk=-1 +globalalertfilter.filters.filter\(28\).url=https://ec-cube/admin/order/.*/mail +globalalertfilter.filters.filter\(28\).urlregex=true +globalalertfilter.filters.filter\(28\).param=mode +globalalertfilter.filters.filter\(28\).paramregex=false +globalalertfilter.filters.filter\(28\).attack=(?s).* +globalalertfilter.filters.filter\(28\).attackregex=true +globalalertfilter.filters.filter\(28\).evidence= +globalalertfilter.filters.filter\(28\).evidenceregex=false +globalalertfilter.filters.filter\(28\).enabled=true + +globalalertfilter.filters.filter\(29\).ruleid=40018 +globalalertfilter.filters.filter\(29\).newrisk=-1 +globalalertfilter.filters.filter\(29\).url=https://ec-cube/admin/order/new +globalalertfilter.filters.filter\(29\).urlregex=false +globalalertfilter.filters.filter\(29\).param=(admin_search_customer\\[multi\\]|admin_search_product\\[(category_id|id)\\]|classcategory_id[12]|modal|mode|order\\[Shipping\\]\\[address\\]\\[addr0[12]\\]|order\\[Shipping\\]\\[phone_number\\]|order\\[OrderItems\\]\\[.*\\]\\[product_name\\]) +globalalertfilter.filters.filter\(29\).paramregex=true +globalalertfilter.filters.filter\(29\).attack=(?s).* +globalalertfilter.filters.filter\(29\).attackregex=true +globalalertfilter.filters.filter\(29\).evidence= +globalalertfilter.filters.filter\(29\).evidenceregex=false +globalalertfilter.filters.filter\(29\).enabled=true + +globalalertfilter.filters.filter\(30\).ruleid=10202 +globalalertfilter.filters.filter\(30\).newrisk=-1 +globalalertfilter.filters.filter\(30\).url=https://ec-cube/admin/order/search/order_item_type +globalalertfilter.filters.filter\(30\).urlregex=false +globalalertfilter.filters.filter\(30\).param= +globalalertfilter.filters.filter\(30\).paramregex=false +globalalertfilter.filters.filter\(30\).attack= +globalalertfilter.filters.filter\(30\).attackregex=false +globalalertfilter.filters.filter\(30\).evidence= +globalalertfilter.filters.filter\(30\).evidenceregex=true +globalalertfilter.filters.filter\(30\).enabled=true + +globalalertfilter.filters.filter\(31\).ruleid=40012 +globalalertfilter.filters.filter\(31\).newrisk=-1 +globalalertfilter.filters.filter\(31\).url=https://ec-cube/admin/plugin/mail_magazine/select/.* +globalalertfilter.filters.filter\(31\).urlregex=true +globalalertfilter.filters.filter\(31\).param=mail_magazine[htmlBody] +globalalertfilter.filters.filter\(31\).paramregex=false +globalalertfilter.filters.filter\(31\).attack= +globalalertfilter.filters.filter\(31\).attackregex=false +globalalertfilter.filters.filter\(31\).evidence= +globalalertfilter.filters.filter\(31\).evidenceregex=false +globalalertfilter.filters.filter\(31\).enabled=true + +globalalertfilter.filters.filter\(32\).ruleid=40012 +globalalertfilter.filters.filter\(32\).newrisk=-1 +globalalertfilter.filters.filter\(32\).url=https://ec-cube/admin/plugin/recommend/.* +globalalertfilter.filters.filter\(32\).urlregex=true +globalalertfilter.filters.filter\(32\).param=recommend_product[comment] +globalalertfilter.filters.filter\(32\).paramregex=false +globalalertfilter.filters.filter\(32\).attack= +globalalertfilter.filters.filter\(32\).attackregex=false +globalalertfilter.filters.filter\(32\).evidence= +globalalertfilter.filters.filter\(32\).evidenceregex=false +globalalertfilter.filters.filter\(32\).enabled=true + +globalalertfilter.filters.filter\(33\).ruleid=10202 +globalalertfilter.filters.filter\(33\).newrisk=-1 +globalalertfilter.filters.filter\(33\).url=https://ec-cube/admin/product +globalalertfilter.filters.filter\(33\).urlregex=false +globalalertfilter.filters.filter\(33\).param= +globalalertfilter.filters.filter\(33\).paramregex=false +globalalertfilter.filters.filter\(33\).attack= +globalalertfilter.filters.filter\(33\).attackregex=false +globalalertfilter.filters.filter\(33\).evidence= +globalalertfilter.filters.filter\(33\).evidenceregex=false +globalalertfilter.filters.filter\(33\).enabled=true + +globalalertfilter.filters.filter\(34\).ruleid=43 +globalalertfilter.filters.filter\(34\).newrisk=-1 +globalalertfilter.filters.filter\(34\).url=https://ec-cube/admin/product/bulk/product-status/\\d+ +globalalertfilter.filters.filter\(34\).urlregex=true +globalalertfilter.filters.filter\(34\).param=ids\\[\\d+\\] +globalalertfilter.filters.filter\(34\).paramregex=true +globalalertfilter.filters.filter\(34\).attack=\\d+ +globalalertfilter.filters.filter\(34\).attackregex=true +globalalertfilter.filters.filter\(34\).evidence= +globalalertfilter.filters.filter\(34\).evidenceregex=false +globalalertfilter.filters.filter\(34\).enabled=true + +globalalertfilter.filters.filter\(35\).ruleid=6 +globalalertfilter.filters.filter\(35\).newrisk=-1 +globalalertfilter.filters.filter\(35\).url=https://ec-cube/admin/product/category/1 +globalalertfilter.filters.filter\(35\).urlregex=false +globalalertfilter.filters.filter\(35\).param=.* +globalalertfilter.filters.filter\(35\).paramregex=true +globalalertfilter.filters.filter\(35\).attack=.* +globalalertfilter.filters.filter\(35\).attackregex=true +globalalertfilter.filters.filter\(35\).evidence=etc +globalalertfilter.filters.filter\(35\).evidenceregex=false +globalalertfilter.filters.filter\(35\).enabled=true + +globalalertfilter.filters.filter\(36\).ruleid=90018 +globalalertfilter.filters.filter\(36\).newrisk=-1 +globalalertfilter.filters.filter\(36\).url=https://ec-cube/admin/product/category/1 +globalalertfilter.filters.filter\(36\).urlregex=false +globalalertfilter.filters.filter\(36\).param=(admin_category\\[name\\]|category_.*\\[name\\]) +globalalertfilter.filters.filter\(36\).paramregex=true +globalalertfilter.filters.filter\(36\).attack=(?s).* +globalalertfilter.filters.filter\(36\).attackregex=true +globalalertfilter.filters.filter\(36\).evidence= +globalalertfilter.filters.filter\(36\).evidenceregex=false +globalalertfilter.filters.filter\(36\).enabled=true + +globalalertfilter.filters.filter\(37\).ruleid=10202 +globalalertfilter.filters.filter\(37\).newrisk=-1 +globalalertfilter.filters.filter\(37\).url=https://ec-cube/admin/product/class_category/.* +globalalertfilter.filters.filter\(37\).urlregex=true +globalalertfilter.filters.filter\(37\).param= +globalalertfilter.filters.filter\(37\).paramregex=false +globalalertfilter.filters.filter\(37\).attack= +globalalertfilter.filters.filter\(37\).attackregex=false +globalalertfilter.filters.filter\(37\).evidence= +globalalertfilter.filters.filter\(37\).evidenceregex=true +globalalertfilter.filters.filter\(37\).enabled=true + +globalalertfilter.filters.filter\(38\).ruleid=6 +globalalertfilter.filters.filter\(38\).newrisk=-1 +globalalertfilter.filters.filter\(38\).url=https://ec-cube/admin/product/class_name +globalalertfilter.filters.filter\(38\).urlregex=false +globalalertfilter.filters.filter\(38\).param=(admin_class_name\\[backend_name\\]|admin_class_name\\[name\\]|class_name_.*\\[backend_name\\]|class_name_.*\\[name\\]) +globalalertfilter.filters.filter\(38\).paramregex=true +globalalertfilter.filters.filter\(38\).attack=(?s).* +globalalertfilter.filters.filter\(38\).attackregex=true +globalalertfilter.filters.filter\(38\).evidence=etc +globalalertfilter.filters.filter\(38\).evidenceregex=false +globalalertfilter.filters.filter\(38\).enabled=true + +globalalertfilter.filters.filter\(39\).ruleid=10202 +globalalertfilter.filters.filter\(39\).newrisk=-1 +globalalertfilter.filters.filter\(39\).url=https://ec-cube/admin/product/class_name +globalalertfilter.filters.filter\(39\).urlregex=false +globalalertfilter.filters.filter\(39\).param= +globalalertfilter.filters.filter\(39\).paramregex=false +globalalertfilter.filters.filter\(39\).attack= +globalalertfilter.filters.filter\(39\).attackregex=false +globalalertfilter.filters.filter\(39\).evidence= +globalalertfilter.filters.filter\(39\).evidenceregex=false +globalalertfilter.filters.filter\(39\).enabled=true + +globalalertfilter.filters.filter\(40\).ruleid=90018 +globalalertfilter.filters.filter\(40\).newrisk=-1 +globalalertfilter.filters.filter\(40\).url=https://ec-cube/admin/product/class_name +globalalertfilter.filters.filter\(40\).urlregex=false +globalalertfilter.filters.filter\(40\).param=(admin_)?class_name_.*\\[(name|backend_name)\\] +globalalertfilter.filters.filter\(40\).paramregex=true +globalalertfilter.filters.filter\(40\).attack=(?s).* +globalalertfilter.filters.filter\(40\).attackregex=true +globalalertfilter.filters.filter\(40\).evidence= +globalalertfilter.filters.filter\(40\).evidenceregex=false +globalalertfilter.filters.filter\(40\).enabled=true + +globalalertfilter.filters.filter\(41\).ruleid=43 +globalalertfilter.filters.filter\(41\).newrisk=-1 +globalalertfilter.filters.filter\(41\).url=https://ec-cube/admin/product/product/image/add +globalalertfilter.filters.filter\(41\).urlregex=false +globalalertfilter.filters.filter\(41\).param=admin_product\\[.*\\] +globalalertfilter.filters.filter\(41\).paramregex=true +globalalertfilter.filters.filter\(41\).attack=(?s).* +globalalertfilter.filters.filter\(41\).attackregex=true +globalalertfilter.filters.filter\(41\).evidence= +globalalertfilter.filters.filter\(41\).evidenceregex=false +globalalertfilter.filters.filter\(41\).enabled=true + +globalalertfilter.filters.filter\(42\).ruleid=90018 +globalalertfilter.filters.filter\(42\).newrisk=-1 +globalalertfilter.filters.filter\(42\).url=https://ec-cube/admin/product/product/image/add +globalalertfilter.filters.filter\(42\).urlregex=false +globalalertfilter.filters.filter\(42\).param=(admin_product\\[(description_detail|description_list|name|note|return_link|search_word|Status)\\]|admin_product\\[class\\]\\[(price0[12]|code|sale_type|stock_unlimited)\\]|admin_product\\[product_image\\]\\[\\]) +globalalertfilter.filters.filter\(42\).paramregex=true +globalalertfilter.filters.filter\(42\).attack=(?s).* +globalalertfilter.filters.filter\(42\).attackregex=true +globalalertfilter.filters.filter\(42\).evidence= +globalalertfilter.filters.filter\(42\).evidenceregex=false +globalalertfilter.filters.filter\(42\).enabled=true + +globalalertfilter.filters.filter\(43\).ruleid=40018 +globalalertfilter.filters.filter\(43\).newrisk=-1 +globalalertfilter.filters.filter\(43\).url=https://ec-cube/admin/product/product/new +globalalertfilter.filters.filter\(43\).urlregex=false +globalalertfilter.filters.filter\(43\).param=admin_product[Category][] +globalalertfilter.filters.filter\(43\).paramregex=false +globalalertfilter.filters.filter\(43\).attack=(?s).* +globalalertfilter.filters.filter\(43\).attackregex=true +globalalertfilter.filters.filter\(43\).evidence= +globalalertfilter.filters.filter\(43\).evidenceregex=false +globalalertfilter.filters.filter\(43\).enabled=true + +globalalertfilter.filters.filter\(44\).ruleid=6 +globalalertfilter.filters.filter\(44\).newrisk=-1 +globalalertfilter.filters.filter\(44\).url=https://ec-cube/admin/product/tag +globalalertfilter.filters.filter\(44\).urlregex=false +globalalertfilter.filters.filter\(44\).param=(admin_product_tag\\[name\\]|tag_.*\\[name\\]) +globalalertfilter.filters.filter\(44\).paramregex=true +globalalertfilter.filters.filter\(44\).attack=(?s).* +globalalertfilter.filters.filter\(44\).attackregex=true +globalalertfilter.filters.filter\(44\).evidence=etc +globalalertfilter.filters.filter\(44\).evidenceregex=false +globalalertfilter.filters.filter\(44\).enabled=true + +globalalertfilter.filters.filter\(45\).ruleid=10202 +globalalertfilter.filters.filter\(45\).newrisk=-1 +globalalertfilter.filters.filter\(45\).url=https://ec-cube/admin/product/tag +globalalertfilter.filters.filter\(45\).urlregex=false +globalalertfilter.filters.filter\(45\).param= +globalalertfilter.filters.filter\(45\).paramregex=false +globalalertfilter.filters.filter\(45\).attack= +globalalertfilter.filters.filter\(45\).attackregex=false +globalalertfilter.filters.filter\(45\).evidence= +globalalertfilter.filters.filter\(45\).evidenceregex=false +globalalertfilter.filters.filter\(45\).enabled=true + +globalalertfilter.filters.filter\(46\).ruleid=40018 +globalalertfilter.filters.filter\(46\).newrisk=-1 +globalalertfilter.filters.filter\(46\).url=https://ec-cube/admin/product\\?resume=.* +globalalertfilter.filters.filter\(46\).urlregex=true +globalalertfilter.filters.filter\(46\).param=resume +globalalertfilter.filters.filter\(46\).paramregex=false +globalalertfilter.filters.filter\(46\).attack=(?s).* +globalalertfilter.filters.filter\(46\).attackregex=true +globalalertfilter.filters.filter\(46\).evidence= +globalalertfilter.filters.filter\(46\).evidenceregex=false +globalalertfilter.filters.filter\(46\).enabled=true + +globalalertfilter.filters.filter\(47\).ruleid=90018 +globalalertfilter.filters.filter\(47\).newrisk=-1 +globalalertfilter.filters.filter\(47\).url=https://ec-cube/admin/product\\?resume=.* +globalalertfilter.filters.filter\(47\).urlregex=true +globalalertfilter.filters.filter\(47\).param=resume +globalalertfilter.filters.filter\(47\).paramregex=false +globalalertfilter.filters.filter\(47\).attack=(?s).* +globalalertfilter.filters.filter\(47\).attackregex=true +globalalertfilter.filters.filter\(47\).evidence= +globalalertfilter.filters.filter\(47\).evidenceregex=false +globalalertfilter.filters.filter\(47\).enabled=true + +globalalertfilter.filters.filter\(48\).ruleid=6 +globalalertfilter.filters.filter\(48\).newrisk=-1 +globalalertfilter.filters.filter\(48\).url=https://ec-cube/admin/setting/shop +globalalertfilter.filters.filter\(48\).urlregex=false +globalalertfilter.filters.filter\(48\).param=.* +globalalertfilter.filters.filter\(48\).paramregex=true +globalalertfilter.filters.filter\(48\).attack=shop +globalalertfilter.filters.filter\(48\).attackregex=false +globalalertfilter.filters.filter\(48\).evidence= +globalalertfilter.filters.filter\(48\).evidenceregex=false +globalalertfilter.filters.filter\(48\).enabled=true + +globalalertfilter.filters.filter\(49\).ruleid=40018 +globalalertfilter.filters.filter\(49\).newrisk=-1 +globalalertfilter.filters.filter\(49\).url=https://ec-cube/admin/setting/shop +globalalertfilter.filters.filter\(49\).urlregex=false +globalalertfilter.filters.filter\(49\).param=shop_master\\[(option_customer_activate|option_favorite_product|option_mypage_order_status_display|option_remember_me|option_point)\\] +globalalertfilter.filters.filter\(49\).paramregex=true +globalalertfilter.filters.filter\(49\).attack=.* +globalalertfilter.filters.filter\(49\).attackregex=true +globalalertfilter.filters.filter\(49\).evidence= +globalalertfilter.filters.filter\(49\).evidenceregex=false +globalalertfilter.filters.filter\(49\).enabled=true + +globalalertfilter.filters.filter\(50\).ruleid=6 +globalalertfilter.filters.filter\(50\).newrisk=-1 +globalalertfilter.filters.filter\(50\).url=https://ec-cube/admin/setting/shop/csv/.* +globalalertfilter.filters.filter\(50\).urlregex=true +globalalertfilter.filters.filter\(50\).param= +globalalertfilter.filters.filter\(50\).paramregex=false +globalalertfilter.filters.filter\(50\).attack=[0-9]+ +globalalertfilter.filters.filter\(50\).attackregex=true +globalalertfilter.filters.filter\(50\).evidence= +globalalertfilter.filters.filter\(50\).evidenceregex=false +globalalertfilter.filters.filter\(50\).enabled=true + +globalalertfilter.filters.filter\(51\).ruleid=40026 +globalalertfilter.filters.filter\(51\).newrisk=-1 +globalalertfilter.filters.filter\(51\).url=https://ec-cube/admin/setting/shop/delivery/new\\?name=.* +globalalertfilter.filters.filter\(51\).urlregex=true +globalalertfilter.filters.filter\(51\).param= +globalalertfilter.filters.filter\(51\).paramregex=false +globalalertfilter.filters.filter\(51\).attack=\\?name=.* +globalalertfilter.filters.filter\(51\).attackregex=true +globalalertfilter.filters.filter\(51\).evidence= +globalalertfilter.filters.filter\(51\).evidenceregex=false +globalalertfilter.filters.filter\(51\).enabled=true + +globalalertfilter.filters.filter\(52\).ruleid=43 +globalalertfilter.filters.filter\(52\).newrisk=-1 +globalalertfilter.filters.filter\(52\).url=https://ec-cube/admin/setting/shop/mail/\\d+ +globalalertfilter.filters.filter\(52\).urlregex=true +globalalertfilter.filters.filter\(52\).param=mail[template] +globalalertfilter.filters.filter\(52\).paramregex=false +globalalertfilter.filters.filter\(52\).attack=\\d+ +globalalertfilter.filters.filter\(52\).attackregex=true +globalalertfilter.filters.filter\(52\).evidence= +globalalertfilter.filters.filter\(52\).evidenceregex=false +globalalertfilter.filters.filter\(52\).enabled=true + +globalalertfilter.filters.filter\(53\).ruleid=40012 +globalalertfilter.filters.filter\(53\).newrisk=-1 +globalalertfilter.filters.filter\(53\).url=https://ec-cube/admin/setting/shop/mail/preview +globalalertfilter.filters.filter\(53\).urlregex=false +globalalertfilter.filters.filter\(53\).param=html_body +globalalertfilter.filters.filter\(53\).paramregex=false +globalalertfilter.filters.filter\(53\).attack=(?s).* +globalalertfilter.filters.filter\(53\).attackregex=true +globalalertfilter.filters.filter\(53\).evidence= +globalalertfilter.filters.filter\(53\).evidenceregex=false +globalalertfilter.filters.filter\(53\).enabled=true + +globalalertfilter.filters.filter\(54\).ruleid=90018 +globalalertfilter.filters.filter\(54\).newrisk=-1 +globalalertfilter.filters.filter\(54\).url=https://ec-cube/admin/setting/shop/order_status +globalalertfilter.filters.filter\(54\).urlregex=false +globalalertfilter.filters.filter\(54\).param=form\\[OrderStatuses\\]\\[\\d+\\]\\[(color|display_order_count)\\] +globalalertfilter.filters.filter\(54\).paramregex=true +globalalertfilter.filters.filter\(54\).attack=(?s).* +globalalertfilter.filters.filter\(54\).attackregex=true +globalalertfilter.filters.filter\(54\).evidence= +globalalertfilter.filters.filter\(54\).evidenceregex=false +globalalertfilter.filters.filter\(54\).enabled=true + +globalalertfilter.filters.filter\(55\).ruleid=90018 +globalalertfilter.filters.filter\(55\).newrisk=-1 +globalalertfilter.filters.filter\(55\).url=https://ec-cube/admin/setting/shop/payment/image/add +globalalertfilter.filters.filter\(55\).urlregex=false +globalalertfilter.filters.filter\(55\).param=payment_register\\[(charge|fixed|method|payment_image|payment_image_file|rule_max|rule_min|visible)\\] +globalalertfilter.filters.filter\(55\).paramregex=true +globalalertfilter.filters.filter\(55\).attack=(?s).* +globalalertfilter.filters.filter\(55\).attackregex=true +globalalertfilter.filters.filter\(55\).evidence= +globalalertfilter.filters.filter\(55\).evidenceregex=false +globalalertfilter.filters.filter\(55\).enabled=true + +globalalertfilter.filters.filter\(56\).ruleid=6 +globalalertfilter.filters.filter\(56\).newrisk=-1 +globalalertfilter.filters.filter\(56\).url=https://ec-cube/admin/setting/system/authority +globalalertfilter.filters.filter\(56\).urlregex=false +globalalertfilter.filters.filter\(56\).param=.* +globalalertfilter.filters.filter\(56\).paramregex=true +globalalertfilter.filters.filter\(56\).attack=.*authority +globalalertfilter.filters.filter\(56\).attackregex=true +globalalertfilter.filters.filter\(56\).evidence= +globalalertfilter.filters.filter\(56\).evidenceregex=false +globalalertfilter.filters.filter\(56\).enabled=true + +globalalertfilter.filters.filter\(57\).ruleid=43 +globalalertfilter.filters.filter\(57\).newrisk=-1 +globalalertfilter.filters.filter\(57\).url=https://ec-cube/admin/setting/system/authority +globalalertfilter.filters.filter\(57\).urlregex=false +globalalertfilter.filters.filter\(57\).param=.* +globalalertfilter.filters.filter\(57\).paramregex=true +globalalertfilter.filters.filter\(57\).attack=.*authority +globalalertfilter.filters.filter\(57\).attackregex=true +globalalertfilter.filters.filter\(57\).evidence= +globalalertfilter.filters.filter\(57\).evidenceregex=false +globalalertfilter.filters.filter\(57\).enabled=true + +globalalertfilter.filters.filter\(58\).ruleid=43 +globalalertfilter.filters.filter\(58\).newrisk=-1 +globalalertfilter.filters.filter\(58\).url=https://ec-cube/admin/setting/system/log +globalalertfilter.filters.filter\(58\).urlregex=false +globalalertfilter.filters.filter\(58\).param=admin_system_log[download] +globalalertfilter.filters.filter\(58\).paramregex=false +globalalertfilter.filters.filter\(58\).attack=(?s).*/?log +globalalertfilter.filters.filter\(58\).attackregex=true +globalalertfilter.filters.filter\(58\).evidence= +globalalertfilter.filters.filter\(58\).evidenceregex=false +globalalertfilter.filters.filter\(58\).enabled=true + +globalalertfilter.filters.filter\(59\).ruleid=10202 +globalalertfilter.filters.filter\(59\).newrisk=-1 +globalalertfilter.filters.filter\(59\).url=https://ec-cube/admin/setting/system/member +globalalertfilter.filters.filter\(59\).urlregex=false +globalalertfilter.filters.filter\(59\).param= +globalalertfilter.filters.filter\(59\).paramregex=false +globalalertfilter.filters.filter\(59\).attack= +globalalertfilter.filters.filter\(59\).attackregex=false +globalalertfilter.filters.filter\(59\).evidence= +globalalertfilter.filters.filter\(59\).evidenceregex=false +globalalertfilter.filters.filter\(59\).enabled=true + +globalalertfilter.filters.filter\(60\).ruleid=40018 +globalalertfilter.filters.filter\(60\).newrisk=-1 +globalalertfilter.filters.filter\(60\).url=https://ec-cube/admin/setting/system/member/new +globalalertfilter.filters.filter\(60\).urlregex=false +globalalertfilter.filters.filter\(60\).param=admin_member\\[(Authority|Work|department|login_id|name|plain_password\\]\\[(first|second))\\] +globalalertfilter.filters.filter\(60\).paramregex=true +globalalertfilter.filters.filter\(60\).attack=(?s).* +globalalertfilter.filters.filter\(60\).attackregex=true +globalalertfilter.filters.filter\(60\).evidence= +globalalertfilter.filters.filter\(60\).evidenceregex=false +globalalertfilter.filters.filter\(60\).enabled=true + +globalalertfilter.filters.filter\(61\).ruleid=90018 +globalalertfilter.filters.filter\(61\).newrisk=-1 +globalalertfilter.filters.filter\(61\).url=https://ec-cube/admin/setting/system/member/new +globalalertfilter.filters.filter\(61\).urlregex=false +globalalertfilter.filters.filter\(61\).param=admin_member\\[(Authority|Work|department|login_id|name|plain_password\\]\\[(first|second))\\] +globalalertfilter.filters.filter\(61\).paramregex=true +globalalertfilter.filters.filter\(61\).attack=(?s).* +globalalertfilter.filters.filter\(61\).attackregex=true +globalalertfilter.filters.filter\(61\).evidence= +globalalertfilter.filters.filter\(61\).evidenceregex=false +globalalertfilter.filters.filter\(61\).enabled=true + +globalalertfilter.filters.filter\(62\).ruleid=6 +globalalertfilter.filters.filter\(62\).newrisk=-1 +globalalertfilter.filters.filter\(62\).url=https://ec-cube/admin/setting/system/security +globalalertfilter.filters.filter\(62\).urlregex=false +globalalertfilter.filters.filter\(62\).param=admin_security[admin_route_dir] +globalalertfilter.filters.filter\(62\).paramregex=false +globalalertfilter.filters.filter\(62\).attack=security +globalalertfilter.filters.filter\(62\).attackregex=false +globalalertfilter.filters.filter\(62\).evidence= +globalalertfilter.filters.filter\(62\).evidenceregex=false +globalalertfilter.filters.filter\(62\).enabled=true + +globalalertfilter.filters.filter\(63\).ruleid=6 +globalalertfilter.filters.filter\(63\).newrisk=-1 +globalalertfilter.filters.filter\(63\).url=https://ec-cube/admin/two_factor_auth/set +globalalertfilter.filters.filter\(63\).urlregex=false +globalalertfilter.filters.filter\(63\).param=admin_two_factor_auth[device_token] +globalalertfilter.filters.filter\(63\).paramregex=false +globalalertfilter.filters.filter\(63\).attack=.*set +globalalertfilter.filters.filter\(63\).attackregex=true +globalalertfilter.filters.filter\(63\).evidence= +globalalertfilter.filters.filter\(63\).evidenceregex=false +globalalertfilter.filters.filter\(63\).enabled=true + +globalalertfilter.filters.filter\(64\).ruleid=43 +globalalertfilter.filters.filter\(64\).newrisk=-1 +globalalertfilter.filters.filter\(64\).url=https://ec-cube/admin/two_factor_auth/set +globalalertfilter.filters.filter\(64\).urlregex=false +globalalertfilter.filters.filter\(64\).param=.* +globalalertfilter.filters.filter\(64\).paramregex=true +globalalertfilter.filters.filter\(64\).attack=(?s).*set +globalalertfilter.filters.filter\(64\).attackregex=true +globalalertfilter.filters.filter\(64\).evidence= +globalalertfilter.filters.filter\(64\).evidenceregex=false +globalalertfilter.filters.filter\(64\).enabled=true + +globalalertfilter.filters.filter\(65\).ruleid=40018 +globalalertfilter.filters.filter\(65\).newrisk=-1 +globalalertfilter.filters.filter\(65\).url=https://ec-cube/admin/two_factor_auth/set +globalalertfilter.filters.filter\(65\).urlregex=false +globalalertfilter.filters.filter\(65\).param=admin_two_factor_auth\\[(auth_key|device_token)\\] +globalalertfilter.filters.filter\(65\).paramregex=true +globalalertfilter.filters.filter\(65\).attack=(?s).* +globalalertfilter.filters.filter\(65\).attackregex=true +globalalertfilter.filters.filter\(65\).evidence= +globalalertfilter.filters.filter\(65\).evidenceregex=false +globalalertfilter.filters.filter\(65\).enabled=true + +globalalertfilter.filters.filter\(66\).ruleid=40018 +globalalertfilter.filters.filter\(66\).newrisk=-1 +globalalertfilter.filters.filter\(66\).url=https://ec-cube/entry +globalalertfilter.filters.filter\(66\).urlregex=false +globalalertfilter.filters.filter\(66\).param=mode +globalalertfilter.filters.filter\(66\).paramregex=false +globalalertfilter.filters.filter\(66\).attack=confirm OR 1=1 -- +globalalertfilter.filters.filter\(66\).attackregex=false +globalalertfilter.filters.filter\(66\).evidence= +globalalertfilter.filters.filter\(66\).evidenceregex=false +globalalertfilter.filters.filter\(66\).enabled=true + +globalalertfilter.filters.filter\(67\).ruleid=40018 +globalalertfilter.filters.filter\(67\).newrisk=-1 +globalalertfilter.filters.filter\(67\).url=https://ec-cube/forgot +globalalertfilter.filters.filter\(67\).urlregex=false +globalalertfilter.filters.filter\(67\).param=login_email +globalalertfilter.filters.filter\(67\).paramregex=false +globalalertfilter.filters.filter\(67\).attack=(?s).* +globalalertfilter.filters.filter\(67\).attackregex=true +globalalertfilter.filters.filter\(67\).evidence= +globalalertfilter.filters.filter\(67\).evidenceregex=false +globalalertfilter.filters.filter\(67\).enabled=true + +globalalertfilter.filters.filter\(68\).ruleid=43 +globalalertfilter.filters.filter\(68\).newrisk=-1 +globalalertfilter.filters.filter\(68\).url=https://ec-cube/mypage/.*/\\d+ +globalalertfilter.filters.filter\(68\).urlregex=true +globalalertfilter.filters.filter\(68\).param=.* +globalalertfilter.filters.filter\(68\).paramregex=false +globalalertfilter.filters.filter\(68\).attack=\\d+ +globalalertfilter.filters.filter\(68\).attackregex=true +globalalertfilter.filters.filter\(68\).evidence= +globalalertfilter.filters.filter\(68\).evidenceregex=false +globalalertfilter.filters.filter\(68\).enabled=true + +globalalertfilter.filters.filter\(69\).ruleid=6 +globalalertfilter.filters.filter\(69\).newrisk=-1 +globalalertfilter.filters.filter\(69\).url=https://ec-cube/mypage/.*/new +globalalertfilter.filters.filter\(69\).urlregex=true +globalalertfilter.filters.filter\(69\).param=.* +globalalertfilter.filters.filter\(69\).paramregex=true +globalalertfilter.filters.filter\(69\).attack=(?s).*new +globalalertfilter.filters.filter\(69\).attackregex=true +globalalertfilter.filters.filter\(69\).evidence= +globalalertfilter.filters.filter\(69\).evidenceregex=false +globalalertfilter.filters.filter\(69\).enabled=true + +globalalertfilter.filters.filter\(70\).ruleid=43 +globalalertfilter.filters.filter\(70\).newrisk=-1 +globalalertfilter.filters.filter\(70\).url=https://ec-cube/mypage/.*/new +globalalertfilter.filters.filter\(70\).urlregex=true +globalalertfilter.filters.filter\(70\).param=.* +globalalertfilter.filters.filter\(70\).paramregex=true +globalalertfilter.filters.filter\(70\).attack=(?s).*new +globalalertfilter.filters.filter\(70\).attackregex=true +globalalertfilter.filters.filter\(70\).evidence= +globalalertfilter.filters.filter\(70\).evidenceregex=false +globalalertfilter.filters.filter\(70\).enabled=true + +globalalertfilter.filters.filter\(71\).ruleid=90018 +globalalertfilter.filters.filter\(71\).newrisk=-1 +globalalertfilter.filters.filter\(71\).url=https://ec-cube/mypage/change +globalalertfilter.filters.filter\(71\).urlregex=false +globalalertfilter.filters.filter\(71\).param=entry\\[birth\\]\\[(year|month)\\] +globalalertfilter.filters.filter\(71\).paramregex=true +globalalertfilter.filters.filter\(71\).attack=.* +globalalertfilter.filters.filter\(71\).attackregex=true +globalalertfilter.filters.filter\(71\).evidence= +globalalertfilter.filters.filter\(71\).evidenceregex=false +globalalertfilter.filters.filter\(71\).enabled=true + +globalalertfilter.filters.filter\(72\).ruleid=40018 +globalalertfilter.filters.filter\(72\).newrisk=-1 +globalalertfilter.filters.filter\(72\).url=https://ec-cube/mypage/delivery/new +globalalertfilter.filters.filter\(72\).urlregex=false +globalalertfilter.filters.filter\(72\).param=customer_address(\\[(company_name|phone_number|postal_code)\\]|\\[address\\]\\[(addr0[12]|pref)\\]|\\[name\\]\\[name0[12]\\]|\\[kana\\]\\[kana0[12]\\]) +globalalertfilter.filters.filter\(72\).paramregex=true +globalalertfilter.filters.filter\(72\).attack=(?s).* +globalalertfilter.filters.filter\(72\).attackregex=true +globalalertfilter.filters.filter\(72\).evidence= +globalalertfilter.filters.filter\(72\).evidenceregex=false +globalalertfilter.filters.filter\(72\).enabled=true + +globalalertfilter.filters.filter\(73\).ruleid=6 +globalalertfilter.filters.filter\(73\).newrisk=-1 +globalalertfilter.filters.filter\(73\).url=https://ec-cube/mypage/login +globalalertfilter.filters.filter\(73\).urlregex=false +globalalertfilter.filters.filter\(73\).param=.* +globalalertfilter.filters.filter\(73\).paramregex=true +globalalertfilter.filters.filter\(73\).attack=.?login +globalalertfilter.filters.filter\(73\).attackregex=true +globalalertfilter.filters.filter\(73\).evidence= +globalalertfilter.filters.filter\(73\).evidenceregex=false +globalalertfilter.filters.filter\(73\).enabled=true + +globalalertfilter.filters.filter\(74\).ruleid=43 +globalalertfilter.filters.filter\(74\).newrisk=-1 +globalalertfilter.filters.filter\(74\).url=https://ec-cube/mypage/order/\\d+ +globalalertfilter.filters.filter\(74\).urlregex=true +globalalertfilter.filters.filter\(74\).param=_token +globalalertfilter.filters.filter\(74\).paramregex=false +globalalertfilter.filters.filter\(74\).attack=(?s)(.*/)?\\d+ +globalalertfilter.filters.filter\(74\).attackregex=true +globalalertfilter.filters.filter\(74\).evidence= +globalalertfilter.filters.filter\(74\).evidenceregex=false +globalalertfilter.filters.filter\(74\).enabled=true + +globalalertfilter.filters.filter\(75\).ruleid=6 +globalalertfilter.filters.filter\(75\).newrisk=-1 +globalalertfilter.filters.filter\(75\).url=https://ec-cube/mypage/withdraw +globalalertfilter.filters.filter\(75\).urlregex=false +globalalertfilter.filters.filter\(75\).param=mode +globalalertfilter.filters.filter\(75\).paramregex=false +globalalertfilter.filters.filter\(75\).attack=(?s).*withdraw +globalalertfilter.filters.filter\(75\).attackregex=true +globalalertfilter.filters.filter\(75\).evidence= +globalalertfilter.filters.filter\(75\).evidenceregex=false +globalalertfilter.filters.filter\(75\).enabled=true + +globalalertfilter.filters.filter\(76\).ruleid=6 +globalalertfilter.filters.filter\(76\).newrisk=-1 +globalalertfilter.filters.filter\(76\).url=https://ec-cube/products/add_cart/\\d+ +globalalertfilter.filters.filter\(76\).urlregex=true +globalalertfilter.filters.filter\(76\).param=.* +globalalertfilter.filters.filter\(76\).paramregex=true +globalalertfilter.filters.filter\(76\).attack=\\d+ +globalalertfilter.filters.filter\(76\).attackregex=true +globalalertfilter.filters.filter\(76\).evidence= +globalalertfilter.filters.filter\(76\).evidenceregex=false +globalalertfilter.filters.filter\(76\).enabled=true + +globalalertfilter.filters.filter\(77\).ruleid=43 +globalalertfilter.filters.filter\(77\).newrisk=-1 +globalalertfilter.filters.filter\(77\).url=https://ec-cube/products/add_cart/\\d+ +globalalertfilter.filters.filter\(77\).urlregex=true +globalalertfilter.filters.filter\(77\).param=.* +globalalertfilter.filters.filter\(77\).paramregex=true +globalalertfilter.filters.filter\(77\).attack=\\d+ +globalalertfilter.filters.filter\(77\).attackregex=true +globalalertfilter.filters.filter\(77\).evidence= +globalalertfilter.filters.filter\(77\).evidenceregex=false +globalalertfilter.filters.filter\(77\).enabled=true + +globalalertfilter.filters.filter\(78\).ruleid=6 +globalalertfilter.filters.filter\(78\).newrisk=-1 +globalalertfilter.filters.filter\(78\).url=https://ec-cube/products/add_favorite/\\d+ +globalalertfilter.filters.filter\(78\).urlregex=true +globalalertfilter.filters.filter\(78\).param= +globalalertfilter.filters.filter\(78\).paramregex=false +globalalertfilter.filters.filter\(78\).attack=\\d+ +globalalertfilter.filters.filter\(78\).attackregex=true +globalalertfilter.filters.filter\(78\).evidence= +globalalertfilter.filters.filter\(78\).evidenceregex=false +globalalertfilter.filters.filter\(78\).enabled=true + +globalalertfilter.filters.filter\(79\).ruleid=10202 +globalalertfilter.filters.filter\(79\).newrisk=-1 +globalalertfilter.filters.filter\(79\).url=https://ec-cube/products/detail/.* +globalalertfilter.filters.filter\(79\).urlregex=true +globalalertfilter.filters.filter\(79\).param= +globalalertfilter.filters.filter\(79\).paramregex=false +globalalertfilter.filters.filter\(79\).attack= +globalalertfilter.filters.filter\(79\).attackregex=false +globalalertfilter.filters.filter\(79\).evidence= +globalalertfilter.filters.filter\(79\).evidenceregex=true +globalalertfilter.filters.filter\(79\).enabled=true + +globalalertfilter.filters.filter\(80\).ruleid=6 +globalalertfilter.filters.filter\(80\).newrisk=-1 +globalalertfilter.filters.filter\(80\).url=https://ec-cube/shopping/customer +globalalertfilter.filters.filter\(80\).urlregex=false +globalalertfilter.filters.filter\(80\).param= +globalalertfilter.filters.filter\(80\).paramregex=false +globalalertfilter.filters.filter\(80\).attack=customer +globalalertfilter.filters.filter\(80\).attackregex=false +globalalertfilter.filters.filter\(80\).evidence= +globalalertfilter.filters.filter\(80\).evidenceregex=false +globalalertfilter.filters.filter\(80\).enabled=true + +globalalertfilter.filters.filter\(81\).ruleid=90018 +globalalertfilter.filters.filter\(81\).newrisk=-1 +globalalertfilter.filters.filter\(81\).url=https://ec-cube/shopping/shipping_multiple_edit +globalalertfilter.filters.filter\(81\).urlregex=false +globalalertfilter.filters.filter\(81\).param=shopping_shipping[phone_number] +globalalertfilter.filters.filter\(81\).paramregex=false +globalalertfilter.filters.filter\(81\).attack=(?s).* +globalalertfilter.filters.filter\(81\).attackregex=true +globalalertfilter.filters.filter\(81\).evidence= +globalalertfilter.filters.filter\(81\).evidenceregex=false +globalalertfilter.filters.filter\(81\).enabled=true diff --git a/zap/scripts/admin_authority.zst b/zap/scripts/admin_authority.zst new file mode 100644 index 00000000000..3f02ff95f6c --- /dev/null +++ b/zap/scripts/admin_authority.zst @@ -0,0 +1,98 @@ +{ + "about": "This is a Zest script. For more details about Zest visit https://developer.mozilla.org/en-US/docs/Zest", + "zestVersion": "0.6", + "generatedBy": "Sequence Script Template", + "title": "admin_authority", + "description": "An example empty sequence script. Add requests to populate the sequence.", + "prefix": "", + "type": "Active", + "parameters": { + "tokenStart": "{{", + "tokenEnd": "}}", + "tokens": {}, + "elementType": "ZestVariables" + }, + "statements": [ + { + "url": "https://ec-cube/admin/setting/system/authority", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656670494113, + "cookies": [], + "index": 1, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "form__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf1", + "index": 2, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "url": "https://ec-cube/admin/setting/system/authority", + "data": "form%5B_token%5D={{csrf1}}&form%5BAuthorityRoles%5D%5B62bec91e21aa2%5D%5BAuthority%5D=1&form%5BAuthorityRoles%5D%5B62bec91e21aa2%5D%5Bdeny_url%5D=%2Ftest", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 187\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656670507818, + "cookies": [], + "index": 3, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "url": "https://ec-cube/admin/setting/system/authority", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656670507863, + "cookies": [], + "index": 4, + "enabled": true, + "elementType": "ZestRequest" + } + ], + "authentication": [], + "index": 0, + "enabled": true, + "elementType": "ZestScript" +} diff --git a/zap/scripts/admin_content_block.zst b/zap/scripts/admin_content_block.zst new file mode 100644 index 00000000000..ede82c643a0 --- /dev/null +++ b/zap/scripts/admin_content_block.zst @@ -0,0 +1,245 @@ +{ + "about": "This is a Zest script. For more details about Zest visit https://developer.mozilla.org/en-US/docs/Zest", + "zestVersion": "0.6", + "generatedBy": "Sequence Script Template", + "title": "admin_content_block", + "description": "An example empty sequence script. Add requests to populate the sequence.", + "prefix": "", + "type": "Active", + "parameters": { + "tokenStart": "{{", + "tokenEnd": "}}", + "tokens": {}, + "elementType": "ZestVariables" + }, + "statements": [ + { + "url": "https://ec-cube/admin/content/block/new", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656657036311, + "cookies": [], + "index": 1, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "prefix": "", + "location": "BODY", + "variableName": "eccube-csrf-token", + "index": 2, + "enabled": true, + "elementType": "ZestAssignStringDelimiters" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "block__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf1", + "index": 3, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "minInt": 0, + "maxInt": 2147483647, + "variableName": "block-suffix", + "index": 4, + "enabled": true, + "elementType": "ZestAssignRandomInteger" + }, + { + "url": "https://ec-cube/admin/content/block/new", + "data": "block%5B_token%5D={{csrf1}}&block%5Bid%5D=&block%5BDeviceType%5D=10&block%5Bname%5D=block_{{block-suffix}}&block%5Bfile_name%5D=block_{{block-suffix}}&block%5Bblock_html%5D=block_{{block-suffix}}", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 180\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656657064395, + "cookies": [], + "index": 5, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "prefix": "Location: /admin/content/block/", + "postfix": "/edit", + "location": "HEAD", + "variableName": "block-id", + "index": 6, + "enabled": true, + "elementType": "ZestAssignStringDelimiters" + }, + { + "urlToken": "https://ec-cube/admin/content/block/{{block-id}}/edit", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656657064441, + "cookies": [], + "index": 7, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "block__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf3", + "index": 8, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "urlToken": "https://ec-cube/admin/content/block/{{block-id}}/edit", + "data": "block%5B_token%5D={{csrf3}}&block%5Bid%5D={{block-id}}&block%5BDeviceType%5D=10&block%5Bname%5D=block_{{block-suffix}}&block%5Bfile_name%5D=block_{{block-suffix}}&block%5Bblock_html%5D=block_{{block-suffix}}", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 182\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656657073614, + "cookies": [], + "index": 9, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "urlToken": "https://ec-cube/admin/content/block/{{block-id}}/edit", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656657073656, + "cookies": [], + "index": 10, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "url": "https://ec-cube/admin/content/block", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656657076212, + "cookies": [], + "index": 11, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "urlToken": "https://ec-cube/admin/content/block/{{block-id}}/delete", + "data": "_token={{eccube-csrf-token}}&_method=delete", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 65\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656657080937, + "cookies": [], + "index": 12, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "url": "https://ec-cube/admin/content/block", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656657080986, + "cookies": [], + "index": 13, + "enabled": true, + "elementType": "ZestRequest" + } + ], + "authentication": [], + "index": 0, + "enabled": true, + "elementType": "ZestScript" +} diff --git a/zap/scripts/admin_content_cache.zst b/zap/scripts/admin_content_cache.zst new file mode 100644 index 00000000000..65545a51c7c --- /dev/null +++ b/zap/scripts/admin_content_cache.zst @@ -0,0 +1,140 @@ +{ + "about": "This is a Zest script. For more details about Zest visit https://developer.mozilla.org/en-US/docs/Zest", + "zestVersion": "0.6", + "generatedBy": "Sequence Script Template", + "title": "admin_content_cache", + "description": "An example empty sequence script. Add requests to populate the sequence.", + "prefix": "", + "type": "Active", + "parameters": { + "tokenStart": "{{", + "tokenEnd": "}}", + "tokens": {}, + "elementType": "ZestVariables" + }, + "statements": [ + { + "url": "https://ec-cube/admin/content/cache", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656658666539, + "cookies": [], + "index": 1, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "prefix": "", + "location": "BODY", + "variableName": "eccube-csrf-token", + "index": 2, + "enabled": true, + "elementType": "ZestAssignStringDelimiters" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "form__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf1", + "index": 3, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "url": "https://ec-cube/admin/content/cache", + "data": "form%5B_token%5D={{csrf1}}", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 60\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656658668779, + "cookies": [], + "index": 4, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "form__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf2", + "index": 5, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "url": "https://ec-cube/admin/disable_maintenance/auto_maintenance", + "data": "", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 0\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nX-Requested-With: XMLHttpRequest\r\nsec-ch-ua-mobile: ?0\r\nECCUBE-CSRF-TOKEN: {{eccube-csrf-token}}\r\nsec-ch-ua-platform: \"Linux\"\r\nOrigin: https://ec-cube\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Dest: empty\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656658668974, + "cookies": [], + "index": 6, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "url": "https://ec-cube/admin/content/cache", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656658666539, + "cookies": [], + "index": 7, + "enabled": true, + "elementType": "ZestRequest" + } + ], + "authentication": [], + "index": 0, + "enabled": true, + "elementType": "ZestScript" +} diff --git a/zap/scripts/admin_content_file.zst b/zap/scripts/admin_content_file.zst new file mode 100644 index 00000000000..c12cee82d4f --- /dev/null +++ b/zap/scripts/admin_content_file.zst @@ -0,0 +1,355 @@ +{ + "about": "This is a Zest script. For more details about Zest visit https://developer.mozilla.org/en-US/docs/Zest", + "zestVersion": "0.6", + "generatedBy": "Sequence Script Template", + "title": "admin_content_file", + "description": "An example empty sequence script. Add requests to populate the sequence.", + "prefix": "", + "type": "Active", + "parameters": { + "tokenStart": "{{", + "tokenEnd": "}}", + "tokens": {}, + "elementType": "ZestVariables" + }, + "statements": [ + { + "comment": "ファイルアップロード", + "index": 1, + "enabled": true, + "elementType": "ZestComment" + }, + { + "url": "https://ec-cube/admin/content/file_manager", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656641448897, + "cookies": [], + "index": 2, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "prefix": "", + "location": "BODY", + "variableName": "eccube-csrf-token", + "index": 3, + "enabled": true, + "elementType": "ZestAssignStringDelimiters" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "form__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf1", + "index": 4, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "minInt": 0, + "maxInt": 2147483647, + "variableName": "file-id", + "index": 5, + "enabled": true, + "elementType": "ZestAssignRandomInteger" + }, + { + "url": "https://ec-cube/admin/content/file_manager", + "data": "------WebKitFormBoundary6fZWHGPQgGgZfhhW\r\nContent-Disposition: form-data; name=\"mode\"\r\n\r\nupload\r\n------WebKitFormBoundary6fZWHGPQgGgZfhhW\r\nContent-Disposition: form-data; name=\"now_file\"\r\n\r\n/\r\n------WebKitFormBoundary6fZWHGPQgGgZfhhW\r\nContent-Disposition: form-data; name=\"now_dir\"\r\n\r\n/\r\n------WebKitFormBoundary6fZWHGPQgGgZfhhW\r\nContent-Disposition: form-data; name=\"tree_select_file\"\r\n\r\n/\r\n------WebKitFormBoundary6fZWHGPQgGgZfhhW\r\nContent-Disposition: form-data; name=\"tree_status\"\r\n\r\n\r\n------WebKitFormBoundary6fZWHGPQgGgZfhhW\r\nContent-Disposition: form-data; name=\"select_file\"\r\n\r\n\r\n------WebKitFormBoundary6fZWHGPQgGgZfhhW\r\nContent-Disposition: form-data; name=\"form[_token]\"\r\n\r\n{{csrf1}}\n------WebKitFormBoundary6fZWHGPQgGgZfhhW\r\nContent-Disposition: form-data; name=\"form[file][]\"; filename=\"file-{{file-id}}.txt\"\r\nContent-Type: text/plain\r\n\r\na\n\r\n------WebKitFormBoundary6fZWHGPQgGgZfhhW\r\nContent-Disposition: form-data; name=\"form[create_file]\"\r\n\r\n\r\n------WebKitFormBoundary6fZWHGPQgGgZfhhW--\r\n", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 1026\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundary6fZWHGPQgGgZfhhW\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656641457587, + "cookies": [], + "index": 6, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "comment": "ファイル表示", + "index": 7, + "enabled": true, + "elementType": "ZestComment" + }, + { + "urlToken": "https://ec-cube/admin/content/file_view?file=%2Ffile-{{file-id}}.txt", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656641470744, + "cookies": [], + "index": 8, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "comment": "ファイルダウンロード", + "index": 9, + "enabled": true, + "elementType": "ZestComment" + }, + { + "urlToken": "https://ec-cube/admin/content/file_download?select_file=%2Ffile-{{file-id}}.txt", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656641477929, + "cookies": [], + "index": 10, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "comment": "ファイル削除", + "index": 11, + "enabled": true, + "elementType": "ZestComment" + }, + { + "urlToken": "https://ec-cube/admin/content/file_delete?select_file=/file-{{file-id}}.txt", + "data": "_token={{eccube-csrf-token}}&_method=delete", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 65\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656641488388, + "cookies": [], + "index": 12, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "url": "https://ec-cube/admin/content/file_manager?tree_select_file=/", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656641488409, + "cookies": [], + "index": 13, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "form__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf3", + "index": 14, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "comment": "ディレクトリ作成", + "index": 15, + "enabled": true, + "elementType": "ZestComment" + }, + { + "url": "https://ec-cube/admin/content/file_manager", + "data": "------WebKitFormBoundary9Aj2Zxq4Yh7OUCCL\r\nContent-Disposition: form-data; name=\"mode\"\r\n\r\ncreate\r\n------WebKitFormBoundary9Aj2Zxq4Yh7OUCCL\r\nContent-Disposition: form-data; name=\"now_file\"\r\n\r\n/\r\n------WebKitFormBoundary9Aj2Zxq4Yh7OUCCL\r\nContent-Disposition: form-data; name=\"now_dir\"\r\n\r\n/\r\n------WebKitFormBoundary9Aj2Zxq4Yh7OUCCL\r\nContent-Disposition: form-data; name=\"tree_select_file\"\r\n\r\n/\r\n------WebKitFormBoundary9Aj2Zxq4Yh7OUCCL\r\nContent-Disposition: form-data; name=\"tree_status\"\r\n\r\n\r\n------WebKitFormBoundary9Aj2Zxq4Yh7OUCCL\r\nContent-Disposition: form-data; name=\"select_file\"\r\n\r\n\r\n------WebKitFormBoundary9Aj2Zxq4Yh7OUCCL\r\nContent-Disposition: form-data; name=\"form[_token]\"\r\n\r\n{{csrf3}}\n------WebKitFormBoundary9Aj2Zxq4Yh7OUCCL\r\nContent-Disposition: form-data; name=\"form[file][]\"; filename=\"\"\r\nContent-Type: application/octet-stream\r\n\r\n\r\n------WebKitFormBoundary9Aj2Zxq4Yh7OUCCL\r\nContent-Disposition: form-data; name=\"form[create_file]\"\r\n\r\ndir\r-{{file-id}}\n------WebKitFormBoundary9Aj2Zxq4Yh7OUCCL--\r\n", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 1034\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundary9Aj2Zxq4Yh7OUCCL\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656641497148, + "cookies": [], + "index": 16, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "form__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf4", + "index": 17, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "comment": "ディレクトリ移動", + "index": 18, + "enabled": true, + "elementType": "ZestComment" + }, + { + "url": "https://ec-cube/admin/content/file_manager", + "data": "------WebKitFormBoundaryveHc6yQ9oBhRdRi5\r\nContent-Disposition: form-data; name=\"mode\"\r\n\r\nmove\r\n------WebKitFormBoundaryveHc6yQ9oBhRdRi5\r\nContent-Disposition: form-data; name=\"now_file\"\r\n\r\n/\r\n------WebKitFormBoundaryveHc6yQ9oBhRdRi5\r\nContent-Disposition: form-data; name=\"now_dir\"\r\n\r\n/\r\n------WebKitFormBoundaryveHc6yQ9oBhRdRi5\r\nContent-Disposition: form-data; name=\"tree_select_file\"\r\n\r\n/dir-{{file-id}}\n------WebKitFormBoundaryveHc6yQ9oBhRdRi5\r\nContent-Disposition: form-data; name=\"tree_status\"\r\n\r\n\r\n------WebKitFormBoundaryveHc6yQ9oBhRdRi5\r\nContent-Disposition: form-data; name=\"select_file\"\r\n\r\n\r\n------WebKitFormBoundaryveHc6yQ9oBhRdRi5\r\nContent-Disposition: form-data; name=\"form[_token]\"\r\n\r\n{{csrf4}}\n------WebKitFormBoundaryveHc6yQ9oBhRdRi5\r\nContent-Disposition: form-data; name=\"form[file][]\"; filename=\"\"\r\nContent-Type: application/octet-stream\r\n\r\n\r\n------WebKitFormBoundaryveHc6yQ9oBhRdRi5\r\nContent-Disposition: form-data; name=\"form[create_file]\"\r\n\r\n\r\n------WebKitFormBoundaryveHc6yQ9oBhRdRi5--\r\n", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 1032\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryveHc6yQ9oBhRdRi5\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656641501158, + "cookies": [], + "index": 19, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "form__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf5", + "index": 20, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "comment": "ディレクトリ削除", + "index": 21, + "enabled": true, + "elementType": "ZestComment" + }, + { + "urlToken": "https://ec-cube/admin/content/file_delete?select_file=/dir-{{file-id}}", + "data": "_token={{eccube-csrf-token}}&_method=delete", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 65\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656641513454, + "cookies": [], + "index": 22, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "url": "https://ec-cube/admin/content/file_manager?tree_select_file=/", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656641513476, + "cookies": [], + "index": 23, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "form__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf7", + "index": 24, + "enabled": true, + "elementType": "ZestAssignFieldValue" + } + ], + "authentication": [], + "index": 0, + "enabled": true, + "elementType": "ZestScript" +} diff --git a/zap/scripts/admin_content_layout.zst b/zap/scripts/admin_content_layout.zst new file mode 100644 index 00000000000..d7342c9f43c --- /dev/null +++ b/zap/scripts/admin_content_layout.zst @@ -0,0 +1,237 @@ +{ + "about": "This is a Zest script. For more details about Zest visit https://developer.mozilla.org/en-US/docs/Zest", + "zestVersion": "0.6", + "generatedBy": "Sequence Script Template", + "title": "admin_content_layout", + "description": "An example empty sequence script. Add requests to populate the sequence.", + "prefix": "", + "type": "Active", + "parameters": { + "tokenStart": "{{", + "tokenEnd": "}}", + "tokens": {}, + "elementType": "ZestVariables" + }, + "statements": [ + { + "url": "https://ec-cube/admin/content/layout/new", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656643863964, + "cookies": [], + "index": 1, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "prefix": "", + "location": "BODY", + "variableName": "eccube-csrf-token", + "index": 2, + "enabled": true, + "elementType": "ZestAssignStringDelimiters" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "admin_layout__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf1", + "index": 3, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "url": "https://ec-cube/admin/content/layout/new", + "data": "admin_layout%5B_token%5D={{csrf1}}&admin_layout%5Bname%5D=layout&admin_layout%5BDeviceType%5D=10&name_7=%E3%83%AD%E3%82%B0%E3%82%A4%E3%83%B3%E3%83%8A%E3%83%93%28%E5%85%B1%E9%80%9A%29&block_id_7=8§ion_7=4&block_row_7=0&name_0=%E3%82%AB%E3%83%BC%E3%83%88&block_id_0=1§ion_0=0&block_row_0=0&name_1=%E3%82%AB%E3%83%86%E3%82%B4%E3%83%AA&block_id_1=2§ion_1=0&block_row_1=1&name_2=%E3%82%AB%E3%83%86%E3%82%B4%E3%83%AA%E3%83%8A%E3%83%93%28PC%29&block_id_2=3§ion_2=0&block_row_2=2&name_3=%E3%82%AB%E3%83%86%E3%82%B4%E3%83%AA%E3%83%8A%E3%83%93%28SP%29&block_id_3=4§ion_3=0&block_row_3=3&name_4=%E6%96%B0%E5%85%A5%E8%8D%B7%E5%95%86%E5%93%81%E7%89%B9%E9%9B%86&block_id_4=5§ion_4=0&block_row_4=4&name_5=%E3%83%95%E3%83%83%E3%82%BF%E3%83%BC&block_id_5=6§ion_5=0&block_row_5=5&name_6=%E3%83%98%E3%83%83%E3%83%80%E3%83%BC%28%E5%95%86%E5%93%81%E6%A4%9C%E7%B4%A2%E3%83%BB%E3%83%AD%E3%82%B0%E3%82%A4%E3%83%B3%E3%83%8A%E3%83%93%E3%83%BB%E3%82%AB%E3%83%BC%E3%83%88%29&block_id_6=7§ion_6=0&block_row_6=6&name_8=%E3%83%AD%E3%82%B0%E3%82%A4%E3%83%B3%E3%83%8A%E3%83%93%28SP%29&block_id_8=9§ion_8=0&block_row_8=7&name_9=%E3%83%AD%E3%82%B4&block_id_9=10§ion_9=0&block_row_9=8&name_10=%E6%96%B0%E7%9D%80%E5%95%86%E5%93%81&block_id_10=11§ion_10=0&block_row_10=9&name_11=%E6%96%B0%E7%9D%80%E6%83%85%E5%A0%B1&block_id_11=12§ion_11=0&block_row_11=10&name_12=%E5%95%86%E5%93%81%E6%A4%9C%E7%B4%A2&block_id_12=13§ion_12=0&block_row_12=11&name_13=%E3%83%88%E3%83%94%E3%83%83%E3%82%AF&block_id_13=14§ion_13=0&block_row_13=12&name_14=%E3%82%AB%E3%83%AC%E3%83%B3%E3%83%80%E3%83%BC&block_id_14=17§ion_14=0&block_row_14=13", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 1675\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656643892440, + "cookies": [], + "index": 4, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "prefix": "Location: /admin/content/layout/", + "postfix": "/edit", + "location": "HEAD", + "variableName": "layout-id", + "index": 5, + "enabled": true, + "elementType": "ZestAssignStringDelimiters" + }, + { + "urlToken": "https://ec-cube/admin/content/layout/{{layout-id}}/edit", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656643892506, + "cookies": [], + "index": 6, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "admin_layout__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf2", + "index": 7, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "urlToken": "https://ec-cube/admin/content/layout/{{layout-id}}/edit", + "data": "admin_layout%5B_token%5D={{csrf2}}&admin_layout%5Bname%5D=layout&admin_layout%5BDeviceType%5D=10&name_0=%E3%83%AD%E3%82%B0%E3%82%A4%E3%83%B3%E3%83%8A%E3%83%93%28%E5%85%B1%E9%80%9A%29&block_id_0=8§ion_0=4&block_row_0=0&name_1=%E3%82%AB%E3%83%BC%E3%83%88&block_id_1=1§ion_1=0&block_row_1=0&name_2=%E3%82%AB%E3%83%86%E3%82%B4%E3%83%AA&block_id_2=2§ion_2=0&block_row_2=1&name_3=%E3%82%AB%E3%83%86%E3%82%B4%E3%83%AA%E3%83%8A%E3%83%93%28PC%29&block_id_3=3§ion_3=0&block_row_3=2&name_4=%E3%82%AB%E3%83%86%E3%82%B4%E3%83%AA%E3%83%8A%E3%83%93%28SP%29&block_id_4=4§ion_4=0&block_row_4=3&name_5=%E6%96%B0%E5%85%A5%E8%8D%B7%E5%95%86%E5%93%81%E7%89%B9%E9%9B%86&block_id_5=5§ion_5=0&block_row_5=4&name_6=%E3%83%95%E3%83%83%E3%82%BF%E3%83%BC&block_id_6=6§ion_6=0&block_row_6=5&name_7=%E3%83%98%E3%83%83%E3%83%80%E3%83%BC%28%E5%95%86%E5%93%81%E6%A4%9C%E7%B4%A2%E3%83%BB%E3%83%AD%E3%82%B0%E3%82%A4%E3%83%B3%E3%83%8A%E3%83%93%E3%83%BB%E3%82%AB%E3%83%BC%E3%83%88%29&block_id_7=7§ion_7=0&block_row_7=6&name_8=%E3%83%AD%E3%82%B0%E3%82%A4%E3%83%B3%E3%83%8A%E3%83%93%28SP%29&block_id_8=9§ion_8=0&block_row_8=7&name_9=%E3%83%AD%E3%82%B4&block_id_9=10§ion_9=0&block_row_9=8&name_10=%E6%96%B0%E7%9D%80%E5%95%86%E5%93%81&block_id_10=11§ion_10=0&block_row_10=9&name_11=%E6%96%B0%E7%9D%80%E6%83%85%E5%A0%B1&block_id_11=12§ion_11=0&block_row_11=10&name_12=%E5%95%86%E5%93%81%E6%A4%9C%E7%B4%A2&block_id_12=13§ion_12=0&block_row_12=11&name_13=%E3%83%88%E3%83%94%E3%83%83%E3%82%AF&block_id_13=14§ion_13=0&block_row_13=12&name_14=%E3%82%AB%E3%83%AC%E3%83%B3%E3%83%80%E3%83%BC&block_id_14=17§ion_14=0&block_row_14=13", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 1675\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656643906320, + "cookies": [], + "index": 8, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "urlToken": "https://ec-cube/admin/content/layout/{{layout-id}}/edit", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656643906371, + "cookies": [], + "index": 9, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "url": "https://ec-cube/admin/content/layout/view_block?id=8", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nX-Requested-With: XMLHttpRequest\r\nsec-ch-ua-mobile: ?0\r\nECCUBE-CSRF-TOKEN: XaDCYWuVuRnL0SLNrVYOOhDcZpmlhav_W1KB-F6nGZ0\r\nsec-ch-ua-platform: \"Linux\"\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Dest: empty\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656643927697, + "cookies": [], + "index": 10, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "urlToken": "https://ec-cube/admin/content/layout/{{layout-id}}/delete", + "data": "_token={{eccube-csrf-token}}&_method=delete", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 65\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656643968112, + "cookies": [], + "index": 11, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "url": "https://ec-cube/admin/content/layout", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656643968164, + "cookies": [], + "index": 12, + "enabled": true, + "elementType": "ZestRequest" + } + ], + "authentication": [], + "index": 0, + "enabled": true, + "elementType": "ZestScript" +} diff --git a/zap/scripts/admin_create_customer.zst b/zap/scripts/admin_create_customer.zst new file mode 100644 index 00000000000..c55f55c4bb5 --- /dev/null +++ b/zap/scripts/admin_create_customer.zst @@ -0,0 +1,463 @@ +{ + "about": "This is a Zest script. For more details about Zest visit https://developer.mozilla.org/en-US/docs/Zest", + "zestVersion": "0.6", + "generatedBy": "Sequence Script Template", + "title": "admin_create_customer", + "description": "An example empty sequence script. Add requests to populate the sequence.", + "prefix": "", + "type": "Active", + "parameters": { + "tokenStart": "{{", + "tokenEnd": "}}", + "tokens": {}, + "elementType": "ZestVariables" + }, + "statements": [ + { + "url": "https://ec-cube/admin/login", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: none\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nsec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"102\", \"Google Chrome\";v=\"102\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1655292281770, + "cookies": [], + "index": 1, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "_csrf_token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf1", + "index": 2, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "url": "https://ec-cube/admin/login", + "urlToken": "https://ec-cube/admin/login", + "data": "_csrf_token={{csrf1}}&login_id=admin&password=password", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 88\r\nsec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"102\", \"Google Chrome\";v=\"102\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1655292289492, + "cookies": [], + "index": 3, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "url": "https://ec-cube/admin/customer/new", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"102\", \"Google Chrome\";v=\"102\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1655292294336, + "cookies": [], + "index": 4, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "admin_customer__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf2", + "index": 5, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "url": "https://ec-cube/admin/customer/new", + "data": "admin_customer%5B_token%5D={{csrf2}}&admin_customer%5Bname%5D%5Bname01%5D=%E5%A7%93&admin_customer%5Bname%5D%5Bname02%5D=%E5%90%8D&admin_customer%5Bkana%5D%5Bkana01%5D=%E3%82%BB%E3%82%A4&admin_customer%5Bkana%5D%5Bkana02%5D=%E3%83%A1%E3%82%A4&admin_customer%5Bcompany_name%5D=&admin_customer%5Bpostal_code%5D=5300001&admin_customer%5Baddress%5D%5Bpref%5D=27&admin_customer%5Baddress%5D%5Baddr01%5D=%E5%A4%A7%E9%98%AA%E5%B8%82%E5%8C%97%E5%8C%BA%E6%A2%85%E7%94%B0&admin_customer%5Baddress%5D%5Baddr02%5D=1-2-3&admin_customer%5Bemail%5D=user%40example.com&admin_customer%5Bphone_number%5D=08012345678&admin_customer%5Bplain_password%5D%5Bfirst%5D=password1234&admin_customer%5Bplain_password%5D%5Bsecond%5D=password1234&admin_customer%5Bsex%5D=1&admin_customer%5Bjob%5D=&admin_customer%5Bbirth%5D=&admin_customer%5Bpoint%5D=0&admin_customer%5Bnote%5D=&admin_customer%5Bstatus%5D=2", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 891\r\nsec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"102\", \"Google Chrome\";v=\"102\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1655292348003, + "cookies": [], + "index": 6, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 1, + "fieldName": "_csrf_token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf4", + "index": 7, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "url": "https://ec-cube/products/detail/1", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"102\", \"Google Chrome\";v=\"102\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: none\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1655292827696, + "cookies": [], + "index": 8, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 1, + "fieldName": "_token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf3", + "index": 9, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "url": "https://ec-cube/products/add_cart/1", + "urlToken": "https://ec-cube/products/add_cart/1", + "data": "classcategory_id1=1&classcategory_id2=4&quantity=1&product_id=1&ProductClass=10&_token={{csrf3}}", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 130\r\nsec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"102\", \"Google Chrome\";v=\"102\"\r\nsec-ch-ua-mobile: ?0\r\nECCUBE-CSRF-TOKEN: FGJmL1gn-JpOEpsDHU7NVBdcbsP9VvR99-28Lek47NA\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nsec-ch-ua-platform: \"Linux\"\r\nOrigin: https://ec-cube\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Dest: empty\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1655292834165, + "cookies": [], + "index": 10, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "url": "https://ec-cube/block/cart", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"102\", \"Google Chrome\";v=\"102\"\r\nX-Requested-With: XMLHttpRequest\r\nsec-ch-ua-mobile: ?0\r\nECCUBE-CSRF-TOKEN: FGJmL1gn-JpOEpsDHU7NVBdcbsP9VvR99-28Lek47NA\r\nsec-ch-ua-platform: \"Linux\"\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Dest: empty\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1655292834230, + "cookies": [], + "index": 11, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "url": "https://ec-cube/cart", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"102\", \"Google Chrome\";v=\"102\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1655292835773, + "cookies": [], + "index": 12, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "prefix": "href=\"/cart/buystep/", + "postfix": "\">レジに進む", + "location": "BODY", + "variableName": "cart-id", + "index": 13, + "enabled": true, + "elementType": "ZestAssignStringDelimiters" + }, + { + "urlToken": "https://ec-cube/cart/buystep/{{cart-id}}", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"102\", \"Google Chrome\";v=\"102\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1655292837943, + "cookies": [], + "index": 14, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "url": "https://ec-cube/shopping", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nsec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"102\", \"Google Chrome\";v=\"102\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1655292837977, + "cookies": [], + "index": 15, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "url": "https://ec-cube/shopping/login", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nsec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"102\", \"Google Chrome\";v=\"102\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1655292838003, + "cookies": [], + "index": 16, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 1, + "fieldName": "_csrf_token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf5", + "index": 17, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "url": "https://ec-cube/mypage/login", + "data": "_target_path=shopping&_failure_path=shopping_login&_csrf_token={{csrf5}}&login_email=user%40example.com&login_pass=password1234", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 157\r\nsec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"102\", \"Google Chrome\";v=\"102\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1655292848088, + "cookies": [], + "index": 18, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "url": "https://ec-cube/shopping", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nsec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"102\", \"Google Chrome\";v=\"102\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1655292848126, + "cookies": [], + "index": 19, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 1, + "fieldName": "shopping_order__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf6", + "index": 20, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "url": "https://ec-cube/shopping/confirm", + "urlToken": "https://ec-cube/shopping/confirm", + "data": "_shopping_order%5B_token%5D={{csrf6}}&_shopping_order%5Bredirect_to%5D=&_shopping_order%5BShippings%5D%5B0%5D%5BDelivery%5D=1&_shopping_order%5BShippings%5D%5B0%5D%5Bshipping_delivery_date%5D=&_shopping_order%5BShippings%5D%5B0%5D%5BDeliveryTime%5D=&_shopping_order%5BPayment%5D=1&_shopping_order%5Buse_point%5D=0&_shopping_order%5Bmessage%5D=", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 377\r\nsec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"102\", \"Google Chrome\";v=\"102\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1655292852169, + "cookies": [], + "index": 21, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 1, + "fieldName": "shopping_order__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf7", + "index": 22, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "url": "https://ec-cube/shopping/checkout", + "urlToken": "https://ec-cube/shopping/checkout", + "data": "_shopping_order%5B_token%5D={{csrf7}}", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 71\r\nsec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"102\", \"Google Chrome\";v=\"102\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1655292854223, + "cookies": [], + "index": 23, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "url": "https://ec-cube/shopping/complete", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nsec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"102\", \"Google Chrome\";v=\"102\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1655292854439, + "cookies": [], + "index": 24, + "enabled": true, + "elementType": "ZestRequest" + } + ], + "authentication": [], + "index": 0, + "enabled": true, + "elementType": "ZestScript" +} diff --git a/zap/scripts/admin_create_customers.zst b/zap/scripts/admin_create_customers.zst new file mode 100644 index 00000000000..b0d083f6f8c --- /dev/null +++ b/zap/scripts/admin_create_customers.zst @@ -0,0 +1,106 @@ +{ + "about": "This is a Zest script. For more details about Zest visit https://developer.mozilla.org/en-US/docs/Zest", + "zestVersion": "0.6", + "generatedBy": "Sequence Script Template", + "title": "admin_create_customers", + "description": "An example empty sequence script. Add requests to populate the sequence.", + "prefix": "", + "type": "Active", + "parameters": { + "tokenStart": "{{", + "tokenEnd": "}}", + "tokens": {}, + "elementType": "ZestVariables" + }, + "statements": [ + { + "set": { + "start": 0, + "end": 100, + "step": 1, + "elementType": "ZestLoopTokenIntegerSet" + }, + "statements": [ + { + "url": "https://ec-cube/admin/customer/new", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"102\", \"Google Chrome\";v=\"102\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "response": { + "url": "https://ec-cube/admin/customer/new", + "headers": "HTTP/1.1 200 OK\r\nDate: Wed, 15 Jun 2022 11:24:54 GMT\r\nServer: Apache/2.4.53 (Debian)\r\nX-Frame-Options: SAMEORIGIN\r\nX-Powered-By: PHP/7.4.29\r\nCache-Control: max-age=0, must-revalidate, private\r\nExpires: Wed, 15 Jun 2022 11:24:54 GMT\r\nSet-Cookie: maintenance_token=deleted; expires=Tue, 15-Jun-2021 11:24:53 GMT; Max-Age=0; path=/; httponly\r\nVary: Accept-Encoding\r\nX-XSS-Protection: 1; mode=block\r\nX-Content-Type-Options: nosniff\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n", + "body": "\n\n\n \n \n \n 会員管理 会員登録 - EC-CUBE SHOP\n \n \n \n \n \n \n \n \n \n \n\n
\n
\n
\n

\n
\n \n EC-CUBE SHOP\n 管理者 様\n
\n
\n
\n
\n \n\n
\n
\n
\n
\n
\n

会員登録

会員管理\n
\n
\n\n \n\n\n\n\n\n \n Japan\n \n
\n
\n
\n
\n
\n
\n
会員情報\n
\n
\n \n \n \n
\n
\n
\n
\n
\n
\n
\n お名前\n 必須\n
\n
\n
\n
\n \n
\n
\n \n
\n
\n
\n
\n \n
\n
\n \n
\n
\n
\n
\n
\n
\n お名前(カナ)\n 必須\n
\n
\n
\n
\n \n
\n
\n \n
\n
\n
\n
\n \n
\n
\n \n
\n
\n
\n
\n
\n
\n 会社名\n
\n
\n \n \n
\n
\n
\n
住所必須\n
\n
\n
\n
\n
\n
\n \n\n
\n
\n
\n
\n \n
\n
\n
\n
\n
\n
\n \n \n \n
\n
\n
\n
\n \n \n
\n
\n \n \n
\n
\n
\n
\n
\n メールアドレス\n 必須\n
\n
\n \n \n
\n
\n
\n
\n 電話番号\n 必須\n
\n
\n \n \n
\n
\n
\n
\n パスワード\n 必須\n
\n
\n \n \n
\n
\n
\n
\n パスワード(確認用)\n 必須\n
\n
\n \n \n
\n
\n
\n
\n 性別\n
\n
\n
\n
\n
\n \n \n
\n
\n
\n
\n 職業\n
\n
\n \n \n \n
\n
\n
\n
\n 誕生日\n
\n
\n \n \n
\n
\n
\n
\n ポイント\n
\n
\n \n \n
\n
\n\n \n
\n
\n
\n\n \n \n
\n
\n
\n
\n
\n ショップ用メモ欄\n \n
\n
\n
\n \n \n \n
\n
\n
\n
\n
\n \n \n
\n
\n
\n
\n
\n
\n\n
\n
\n
\n
\n
\n \n \n 会員一覧\n \n
\n
\n
\n
\n
\n \n \n \n
\n
\n \n
\n
\n
\n
\n
\n
\n \n\n
\n
\n\n\n\n\n\n\n \n\n\n", + "statusCode": 200, + "responseTimeInMs": 63, + "elementType": "ZestResponse" + }, + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1655292294336, + "cookies": [], + "index": 1, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "admin_customer__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf2", + "index": 2, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "url": "https://ec-cube/admin/customer/new", + "data": "admin_customer%5B_token%5D={{csrf2}}&admin_customer%5Bname%5D%5Bname01%5D=%E5%A7%93&admin_customer%5Bname%5D%5Bname02%5D=%E5%90%8D&admin_customer%5Bkana%5D%5Bkana01%5D=%E3%82%BB%E3%82%A4&admin_customer%5Bkana%5D%5Bkana02%5D=%E3%83%A1%E3%82%A4&admin_customer%5Bcompany_name%5D=&admin_customer%5Bpostal_code%5D=5300001&admin_customer%5Baddress%5D%5Bpref%5D=27&admin_customer%5Baddress%5D%5Baddr01%5D=%E5%A4%A7%E9%98%AA%E5%B8%82%E5%8C%97%E5%8C%BA%E6%A2%85%E7%94%B0&admin_customer%5Baddress%5D%5Baddr02%5D=1-2-3&admin_customer%5Bemail%5D=user-{{customer-id}}%40example.com&admin_customer%5Bphone_number%5D=08012345678&admin_customer%5Bplain_password%5D%5Bfirst%5D=password1234&admin_customer%5Bplain_password%5D%5Bsecond%5D=password1234&admin_customer%5Bsex%5D=1&admin_customer%5Bjob%5D=&admin_customer%5Bbirth%5D=&admin_customer%5Bpoint%5D=0&admin_customer%5Bnote%5D=&admin_customer%5Bstatus%5D=2", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 891\r\nsec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"102\", \"Google Chrome\";v=\"102\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "response": { + "url": "https://ec-cube/admin/customer/new", + "headers": "HTTP/1.1 302 Found\nDate: Wed, 15 Jun 2022 11:25:48 GMT\nServer: Apache/2.4.53 (Debian)\nX-Frame-Options: SAMEORIGIN\nX-Powered-By: PHP/7.4.29\nCache-Control: max-age=0, must-revalidate, private\nLocation: /admin/customer/11/edit\nExpires: Wed, 15 Jun 2022 11:25:48 GMT\nSet-Cookie: maintenance_token=deleted; expires=Tue, 15-Jun-2021 11:25:47 GMT; Max-Age=0; path=/; httponly\nX-XSS-Protection: 1; mode=block\nX-Content-Type-Options: nosniff\nContent-Length: 338\nContent-Type: text/html; charset=UTF-8\n\n", + "body": "\n\n \n \n \n\n Redirecting to /admin/customer/11/edit\n \n \n Redirecting to /admin/customer/11/edit.\n \n", + "statusCode": 302, + "responseTimeInMs": 38, + "elementType": "ZestResponse" + }, + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1655292348003, + "cookies": [], + "index": 3, + "enabled": true, + "elementType": "ZestRequest" + } + ], + "variableName": "customer-id", + "index": 1, + "enabled": true, + "elementType": "ZestLoopInteger" + } + ], + "authentication": [], + "index": 0, + "enabled": true, + "elementType": "ZestScript" +} diff --git a/zap/scripts/admin_create_orders_100.zst b/zap/scripts/admin_create_orders_100.zst new file mode 100644 index 00000000000..3a4078d9baa --- /dev/null +++ b/zap/scripts/admin_create_orders_100.zst @@ -0,0 +1,90 @@ +{ + "about": "This is a Zest script. For more details about Zest visit https://developer.mozilla.org/en-US/docs/Zest", + "zestVersion": "0.6", + "generatedBy": "Sequence Script Template", + "title": "admin_create_orders_100", + "description": "An example empty sequence script. Add requests to populate the sequence.", + "prefix": "", + "type": "Active", + "parameters": { + "tokenStart": "{{", + "tokenEnd": "}}", + "tokens": {}, + "elementType": "ZestVariables" + }, + "statements": [ + { + "set": { + "start": 0, + "end": 100, + "step": 1, + "elementType": "ZestLoopTokenIntegerSet" + }, + "statements": [ + { + "url": "https://ec-cube/admin/order/new", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"102\", \"Google Chrome\";v=\"102\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1655430332261, + "cookies": [], + "index": 1, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "order__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf1", + "index": 2, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "url": "https://ec-cube/admin/order/new", + "data": "mode=&order%5B_token%5D={{csrf1}}&order%5Breturn_link%5D=&order%5BPayment%5D=4&admin_search_customer%5Bmulti%5D=&order%5BCustomer%5D=&order%5Bname%5D%5Bname01%5D=%E5%A7%93&order%5Bname%5D%5Bname02%5D=%E5%90%8D&order%5Bkana%5D%5Bkana01%5D=%E3%82%BB%E3%82%A4&order%5Bkana%5D%5Bkana02%5D=%E3%83%A1%E3%82%A4&order%5Bpostal_code%5D=5300001&order%5Baddress%5D%5Bpref%5D=27&order%5Baddress%5D%5Baddr01%5D=%E5%A4%A7%E9%98%AA%E5%B8%82%E5%8C%97%E5%8C%BA%E6%A2%85%E7%94%B0&order%5Baddress%5D%5Baddr02%5D=1-2-3&order%5Bemail%5D=test%40example.com&order%5Bphone_number%5D=08012345678&order%5Bcompany_name%5D=&order%5Bmessage%5D=&order%5BShipping%5D%5Bname%5D%5Bname01%5D=%E5%A7%93&order%5BShipping%5D%5Bname%5D%5Bname02%5D=%E5%90%8D&order%5BShipping%5D%5Bkana%5D%5Bkana01%5D=%E3%82%BB%E3%82%A4&order%5BShipping%5D%5Bkana%5D%5Bkana02%5D=%E3%83%A1%E3%82%A4&order%5BShipping%5D%5Bpostal_code%5D=5300001&order%5BShipping%5D%5Baddress%5D%5Bpref%5D=27&order%5BShipping%5D%5Baddress%5D%5Baddr01%5D=%E5%A4%A7%E9%98%AA%E5%B8%82%E5%8C%97%E5%8C%BA%E6%A2%85%E7%94%B0&order%5BShipping%5D%5Baddress%5D%5Baddr02%5D=1-2-3&order%5BShipping%5D%5Bphone_number%5D=08012345678&order%5BShipping%5D%5Bcompany_name%5D=&order%5BShipping%5D%5Btracking_number%5D=&order%5BShipping%5D%5BDelivery%5D=1&order%5BShipping%5D%5Bnote%5D=&order%5BShipping%5D%5Bshipping_delivery_date%5D=&order%5BShipping%5D%5BDeliveryTime%5D=&admin_search_product%5Bid%5D=&admin_search_product%5Bcategory_id%5D=&order%5BOrderItems%5D%5B1%5D%5BProductClass%5D=7&order%5BOrderItems%5D%5B1%5D%5Border_item_type%5D=1&order%5BOrderItems%5D%5B1%5D%5Btax_type%5D=1&order%5BOrderItems%5D%5B1%5D%5Bproduct_name%5D=%E5%BD%A9%E3%81%AE%E3%82%B8%E3%82%A7%E3%83%A9%E3%83%BC%E3%83%88CUBE&order%5BOrderItems%5D%5B1%5D%5Bprice%5D=34%2C500&order%5BOrderItems%5D%5B1%5D%5Bquantity%5D=1&order%5BOrderItems%5D%5B1%5D%5Btax_rate%5D=10&order%5Buse_point%5D=0&order%5Bnote%5D=&mode=register", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 2071\r\nsec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"102\", \"Google Chrome\";v=\"102\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1655430403043, + "cookies": [], + "index": 3, + "enabled": true, + "elementType": "ZestRequest" + } + ], + "variableName": "order-id", + "index": 1, + "enabled": true, + "elementType": "ZestLoopInteger" + } + ], + "authentication": [], + "index": 0, + "enabled": true, + "elementType": "ZestScript" +} diff --git a/zap/scripts/admin_customer_delivery.zst b/zap/scripts/admin_customer_delivery.zst new file mode 100644 index 00000000000..d8ee6666928 --- /dev/null +++ b/zap/scripts/admin_customer_delivery.zst @@ -0,0 +1,255 @@ +{ + "about": "This is a Zest script. For more details about Zest visit https://developer.mozilla.org/en-US/docs/Zest", + "zestVersion": "0.6", + "generatedBy": "Sequence Script Template", + "title": "admin_customer_delivery", + "description": "An example empty sequence script. Add requests to populate the sequence.", + "prefix": "", + "type": "Active", + "parameters": { + "tokenStart": "{{", + "tokenEnd": "}}", + "tokens": {}, + "elementType": "ZestVariables" + }, + "statements": [ + { + "comment": "お届け先追加", + "index": 1, + "enabled": true, + "elementType": "ZestComment" + }, + { + "url": "https://ec-cube/admin/customer/1/delivery/new", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656639172287, + "cookies": [], + "index": 2, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "prefix": "", + "location": "BODY", + "variableName": "eccube-csrf-token", + "index": 3, + "enabled": true, + "elementType": "ZestAssignStringDelimiters" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "customer_address__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf1", + "index": 4, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "url": "https://ec-cube/admin/customer/1/delivery/new", + "data": "customer_address%5B_token%5D={{csrf1}}&customer_address%5Bname%5D%5Bname01%5D=%E5%A7%93&customer_address%5Bname%5D%5Bname02%5D=%E5%90%8D&customer_address%5Bkana%5D%5Bkana01%5D=%E3%82%BB%E3%82%A4&customer_address%5Bkana%5D%5Bkana02%5D=%E3%83%A1%E3%82%A4&customer_address%5Bcompany_name%5D=%E4%BC%9A%E7%A4%BE%E5%90%8D&customer_address%5Bpostal_code%5D=5300001&customer_address%5Baddress%5D%5Bpref%5D=27&customer_address%5Baddress%5D%5Baddr01%5D=%E5%A4%A7%E9%98%AA%E5%B8%82%E5%8C%97%E5%8C%BA%E6%A2%85%E7%94%B0&customer_address%5Baddress%5D%5Baddr02%5D=1-2-3&customer_address%5Bphone_number%5D=08012345678", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 635\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656639195146, + "cookies": [], + "index": 5, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "prefix": "Location: /admin/customer/1/delivery/", + "postfix": "/edit", + "location": "HEAD", + "variableName": "delivery-id", + "index": 6, + "enabled": true, + "elementType": "ZestAssignStringDelimiters" + }, + { + "urlToken": "https://ec-cube/admin/customer/1/delivery/{{delivery-id}}/edit", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656639195194, + "cookies": [], + "index": 7, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "customer_address__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf2", + "index": 8, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "comment": "お届け先編集", + "index": 9, + "enabled": true, + "elementType": "ZestComment" + }, + { + "urlToken": "https://ec-cube/admin/customer/1/delivery/{{delivery-id}}/edit", + "data": "customer_address%5B_token%5D={{csrf2}}&customer_address%5Bname%5D%5Bname01%5D=%E5%A7%93&customer_address%5Bname%5D%5Bname02%5D=%E5%90%8D&customer_address%5Bkana%5D%5Bkana01%5D=%E3%82%BB%E3%82%A4&customer_address%5Bkana%5D%5Bkana02%5D=%E3%83%A1%E3%82%A4&customer_address%5Bcompany_name%5D=%E4%BC%9A%E7%A4%BE%E5%90%8D&customer_address%5Bpostal_code%5D=5300001&customer_address%5Baddress%5D%5Bpref%5D=27&customer_address%5Baddress%5D%5Baddr01%5D=%E5%A4%A7%E9%98%AA%E5%B8%82%E5%8C%97%E5%8C%BA%E6%A2%85%E7%94%B0&customer_address%5Baddress%5D%5Baddr02%5D=1-2-3&customer_address%5Bphone_number%5D=08012345678", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 635\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656639652209, + "cookies": [], + "index": 10, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "url": "https://ec-cube/admin/customer/1/edit", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656639216790, + "cookies": [], + "index": 11, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "admin_customer__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf3", + "index": 12, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "comment": "お届け先削除", + "index": 13, + "enabled": true, + "elementType": "ZestComment" + }, + { + "urlToken": "https://ec-cube/admin/customer/1/delivery/{{delivery-id}}/delete", + "data": "_token={{eccube-csrf-token}}&_method=delete", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 65\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656639236015, + "cookies": [], + "index": 14, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "url": "https://ec-cube/admin/customer/1/edit", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656639236047, + "cookies": [], + "index": 15, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "admin_customer__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf4", + "index": 16, + "enabled": true, + "elementType": "ZestAssignFieldValue" + } + ], + "authentication": [], + "index": 0, + "enabled": true, + "elementType": "ZestScript" +} diff --git a/zap/scripts/admin_customer_edit.zst b/zap/scripts/admin_customer_edit.zst new file mode 100644 index 00000000000..6af0c969bbf --- /dev/null +++ b/zap/scripts/admin_customer_edit.zst @@ -0,0 +1,371 @@ +{ + "about": "This is a Zest script. For more details about Zest visit https://developer.mozilla.org/en-US/docs/Zest", + "zestVersion": "0.6", + "generatedBy": "Sequence Script Template", + "title": "admin_customer_edit", + "description": "An example empty sequence script. Add requests to populate the sequence.", + "prefix": "", + "type": "Active", + "parameters": { + "tokenStart": "{{", + "tokenEnd": "}}", + "tokens": {}, + "elementType": "ZestVariables" + }, + "statements": [ + { + "comment": "会員登録", + "index": 1, + "enabled": true, + "elementType": "ZestComment" + }, + { + "url": "https://ec-cube/admin/customer/new", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656638144304, + "cookies": [], + "index": 2, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "prefix": "", + "location": "BODY", + "variableName": "eccube-csrf-token", + "index": 3, + "enabled": true, + "elementType": "ZestAssignStringDelimiters" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "admin_customer__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf1", + "index": 4, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "url": "https://ec-cube/admin/customer/new", + "data": "admin_customer%5B_token%5D={{csrf1}}&admin_customer%5Bname%5D%5Bname01%5D=%E5%A7%93&admin_customer%5Bname%5D%5Bname02%5D=%E5%90%8D&admin_customer%5Bkana%5D%5Bkana01%5D=%E3%82%BB%E3%82%A4&admin_customer%5Bkana%5D%5Bkana02%5D=%E3%83%A1%E3%82%A4&admin_customer%5Bcompany_name%5D=%E4%BC%9A%E7%A4%BE%E5%90%8D&admin_customer%5Bpostal_code%5D=5300001&admin_customer%5Baddress%5D%5Bpref%5D=27&admin_customer%5Baddress%5D%5Baddr01%5D=%E5%A4%A7%E9%98%AA%E5%B8%82%E5%8C%97%E5%8C%BA%E6%A2%85%E7%94%B0&admin_customer%5Baddress%5D%5Baddr02%5D=1-2-3&admin_customer%5Bemail%5D=user-2%40example.com&admin_customer%5Bphone_number%5D=08012345678&admin_customer%5Bplain_password%5D%5Bfirst%5D=password1234&admin_customer%5Bplain_password%5D%5Bsecond%5D=password1234&admin_customer%5Bsex%5D=1&admin_customer%5Bjob%5D=1&admin_customer%5Bbirth%5D=2000-01-23&admin_customer%5Bpoint%5D=0&admin_customer%5Bnote%5D=&admin_customer%5Bstatus%5D=1", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 931\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656638219631, + "cookies": [], + "index": 5, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "prefix": "Location: /admin/customer/", + "postfix": "/edit", + "location": "HEAD", + "variableName": "customer-id", + "index": 6, + "enabled": true, + "elementType": "ZestAssignStringDelimiters" + }, + { + "url": "https://ec-cube/admin/customer", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656638223262, + "cookies": [], + "index": 7, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "admin_search_customer__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf3", + "index": 8, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "comment": "メール再送", + "index": 9, + "enabled": true, + "elementType": "ZestComment" + }, + { + "urlToken": "https://ec-cube/admin/customer/{{customer-id}}/resend", + "data": "_token={{eccube-csrf-token}}&_method=get", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 62\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656638229151, + "cookies": [], + "index": 10, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "url": "https://ec-cube/admin/customer", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656638229353, + "cookies": [], + "index": 11, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "comment": "会員編集", + "index": 12, + "enabled": true, + "elementType": "ZestComment" + }, + { + "urlToken": "https://ec-cube/admin/customer/{{customer-id}}/edit", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656638241725, + "cookies": [], + "index": 13, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "admin_customer__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf5", + "index": 14, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "urlToken": "https://ec-cube/admin/customer/{{customer-id}}/edit", + "data": "admin_customer%5B_token%5D={{csrf5}}&admin_customer%5Bname%5D%5Bname01%5D=%E5%A7%93&admin_customer%5Bname%5D%5Bname02%5D=%E5%90%8D&admin_customer%5Bkana%5D%5Bkana01%5D=%E3%82%BB%E3%82%A4&admin_customer%5Bkana%5D%5Bkana02%5D=%E3%83%A1%E3%82%A4&admin_customer%5Bcompany_name%5D=%E4%BC%9A%E7%A4%BE%E5%90%8D&admin_customer%5Bpostal_code%5D=5300001&admin_customer%5Baddress%5D%5Bpref%5D=27&admin_customer%5Baddress%5D%5Baddr01%5D=%E5%A4%A7%E9%98%AA%E5%B8%82%E5%8C%97%E5%8C%BA%E6%A2%85%E7%94%B0&admin_customer%5Baddress%5D%5Baddr02%5D=1-2-3&admin_customer%5Bemail%5D=user-2%40example.com&admin_customer%5Bphone_number%5D=08012345678&admin_customer%5Bplain_password%5D%5Bfirst%5D=abc********123&admin_customer%5Bplain_password%5D%5Bsecond%5D=abc********123&admin_customer%5Bsex%5D=1&admin_customer%5Bjob%5D=1&admin_customer%5Bbirth%5D=2000-01-23&admin_customer%5Bpoint%5D=0&admin_customer%5Bnote%5D=&admin_customer%5Bstatus%5D=1", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 935\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656638244558, + "cookies": [], + "index": 15, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "urlToken": "https://ec-cube/admin/customer/{{customer-id}}/edit", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656638244609, + "cookies": [], + "index": 16, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "admin_customer__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf6", + "index": 17, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "url": "https://ec-cube/admin/customer", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656638248924, + "cookies": [], + "index": 18, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "admin_search_customer__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf7", + "index": 19, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "comment": "会員削除", + "index": 20, + "enabled": true, + "elementType": "ZestComment" + }, + { + "urlToken": "https://ec-cube/admin/customer/{{customer-id}}/delete", + "data": "_token={{eccube-csrf-token}}&_method=delete", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 65\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656638252950, + "cookies": [], + "index": 21, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "url": "https://ec-cube/admin/customer/page/1?resume=1", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656638252991, + "cookies": [], + "index": 22, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "admin_search_customer__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf8", + "index": 23, + "enabled": true, + "elementType": "ZestAssignFieldValue" + } + ], + "authentication": [], + "index": 0, + "enabled": true, + "elementType": "ZestScript" +} diff --git a/zap/scripts/admin_customer_list.zst b/zap/scripts/admin_customer_list.zst new file mode 100644 index 00000000000..70ae1fb4630 --- /dev/null +++ b/zap/scripts/admin_customer_list.zst @@ -0,0 +1,176 @@ +{ + "about": "This is a Zest script. For more details about Zest visit https://developer.mozilla.org/en-US/docs/Zest", + "zestVersion": "0.6", + "generatedBy": "Sequence Script Template", + "title": "admin_customer_list", + "description": "An example empty sequence script. Add requests to populate the sequence.", + "prefix": "", + "type": "Active", + "parameters": { + "tokenStart": "{{", + "tokenEnd": "}}", + "tokens": {}, + "elementType": "ZestVariables" + }, + "statements": [ + { + "comment": "会員一覧", + "index": 1, + "enabled": true, + "elementType": "ZestComment" + }, + { + "url": "https://ec-cube/admin/search_customer", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"102\", \"Google Chrome\";v=\"102\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1655698812426, + "cookies": [], + "index": 2, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "url": "https://ec-cube/admin/customer/page/1", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nsec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"102\", \"Google Chrome\";v=\"102\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1655698812463, + "cookies": [], + "index": 3, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "url": "https://ec-cube/admin/customer/", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"102\", \"Google Chrome\";v=\"102\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: none\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 301, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1655698819117, + "cookies": [], + "index": 4, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "url": "https://ec-cube/admin/customer", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: none\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nsec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"102\", \"Google Chrome\";v=\"102\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1655698819143, + "cookies": [], + "index": 5, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "admin_search_customer__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf2", + "index": 6, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "url": "https://ec-cube/admin/customer", + "data": "admin_search_customer%5B_token%5D={{csrf2}}&admin_search_customer%5Bmulti%5D=&admin_search_customer%5Bcustomer_status%5D%5B%5D=1&admin_search_customer%5Bcustomer_status%5D%5B%5D=2&admin_search_customer%5Bbuy_product_name%5D=&admin_search_customer%5Bbuy_total_start%5D=&admin_search_customer%5Bbuy_total_end%5D=&admin_search_customer%5Bbirth_month%5D=&admin_search_customer%5Bbuy_times_start%5D=&admin_search_customer%5Bbuy_times_end%5D=&admin_search_customer%5Bbirth_start%5D=&admin_search_customer%5Bbirth_end%5D=&admin_search_customer%5Bcreate_datetime_start%5D=&admin_search_customer%5Bcreate_datetime_end%5D=&admin_search_customer%5Bpref%5D=&admin_search_customer%5Bupdate_datetime_start%5D=&admin_search_customer%5Bupdate_datetime_end%5D=&admin_search_customer%5Bphone_number%5D=&admin_search_customer%5Blast_buy_start%5D=&admin_search_customer%5Blast_buy_end%5D=&admin_search_customer%5Bsortkey%5D=&admin_search_customer%5Bsorttype%5D=", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 975\r\nsec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"102\", \"Google Chrome\";v=\"102\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1655698821261, + "cookies": [], + "index": 7, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "comment": "会員CSV", + "index": 8, + "enabled": true, + "elementType": "ZestComment" + }, + { + "url": "https://ec-cube/admin/customer/export", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"102\", \"Google Chrome\";v=\"102\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1655698825529, + "cookies": [], + "index": 9, + "enabled": true, + "elementType": "ZestRequest" + } + ], + "authentication": [], + "index": 0, + "enabled": true, + "elementType": "ZestScript" +} diff --git a/zap/scripts/admin_delivery.zst b/zap/scripts/admin_delivery.zst new file mode 100644 index 00000000000..0d7c32f8f11 --- /dev/null +++ b/zap/scripts/admin_delivery.zst @@ -0,0 +1,259 @@ +{ + "about": "This is a Zest script. For more details about Zest visit https://developer.mozilla.org/en-US/docs/Zest", + "zestVersion": "0.6", + "generatedBy": "Sequence Script Template", + "title": "admin_delivery", + "description": "An example empty sequence script. Add requests to populate the sequence.", + "prefix": "", + "type": "Active", + "parameters": { + "tokenStart": "{{", + "tokenEnd": "}}", + "tokens": {}, + "elementType": "ZestVariables" + }, + "statements": [ + { + "url": "https://ec-cube/admin/setting/shop/delivery/new", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656659715222, + "cookies": [], + "index": 1, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "prefix": "", + "location": "BODY", + "variableName": "eccube-csrf-token", + "index": 2, + "enabled": true, + "elementType": "ZestAssignStringDelimiters" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "delivery__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf1", + "index": 3, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "url": "https://ec-cube/admin/setting/shop/delivery/new", + "data": "delivery%5B_token%5D={{csrf1}}&delivery%5Bname%5D=delivery&delivery%5Bservice_name%5D=delivery&delivery%5Bconfirm_url%5D=&delivery%5Bsale_type%5D=1&delivery%5Bpayments%5D%5B%5D=1&delivery%5Bfree_all%5D=100&delivery%5Bdelivery_fees%5D%5B47%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B48%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B49%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B50%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B51%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B52%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B53%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B54%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B55%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B56%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B57%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B58%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B59%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B60%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B61%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B62%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B63%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B64%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B65%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B66%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B67%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B68%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B69%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B70%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B71%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B72%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B73%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B74%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B75%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B76%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B77%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B78%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B79%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B80%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B81%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B82%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B83%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B84%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B85%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B86%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B87%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B88%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B89%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B90%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B91%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B92%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B93%5D%5Bfee%5D=100&delivery%5Bdescription%5D=&delivery%5Bvisible%5D=1", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 2595\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656659748017, + "cookies": [], + "index": 4, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "prefix": "Location: /admin/setting/shop/delivery/", + "postfix": "/edit", + "location": "HEAD", + "variableName": "delivery-id", + "index": 5, + "enabled": true, + "elementType": "ZestAssignStringDelimiters" + }, + { + "urlToken": "https://ec-cube/admin/setting/shop/delivery/{{delivery-id}}/edit", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656659748098, + "cookies": [], + "index": 6, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "delivery__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf2", + "index": 7, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "urlToken": "https://ec-cube/admin/setting/shop/delivery/{{delivery-id}}/edit", + "data": "delivery%5B_token%5D={{csrf2}}&delivery%5Bname%5D=delivery&delivery%5Bservice_name%5D=delivery&delivery%5Bconfirm_url%5D=&delivery%5Bsale_type%5D=1&delivery%5Bpayments%5D%5B%5D=1&delivery%5Bfree_all%5D=&delivery%5Bdelivery_fees%5D%5B47%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B48%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B49%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B50%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B51%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B52%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B53%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B54%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B55%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B56%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B57%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B58%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B59%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B60%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B61%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B62%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B63%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B64%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B65%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B66%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B67%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B68%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B69%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B70%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B71%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B72%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B73%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B74%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B75%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B76%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B77%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B78%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B79%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B80%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B81%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B82%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B83%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B84%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B85%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B86%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B87%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B88%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B89%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B90%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B91%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B92%5D%5Bfee%5D=100&delivery%5Bdelivery_fees%5D%5B93%5D%5Bfee%5D=100&delivery%5Bdescription%5D=&delivery%5Bvisible%5D=1", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 2592\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656659753921, + "cookies": [], + "index": 8, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "url": "https://ec-cube/admin/setting/shop/delivery", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656659758353, + "cookies": [], + "index": 9, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "url": "https://ec-cube/admin/setting/shop/delivery/sort_no/move", + "data": "1=1&2=3&{{delivery-id}}=2", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 11\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nECCUBE-CSRF-TOKEN: {{eccube-csrf-token}}\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nsec-ch-ua-platform: \"Linux\"\r\nOrigin: https://ec-cube\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Dest: empty\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656659789568, + "cookies": [], + "index": 10, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "urlToken": "https://ec-cube/admin/setting/shop/delivery/{{delivery-id}}/visibility", + "data": "_token={{eccube-csrf-token}}&_method=put", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 62\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656659794108, + "cookies": [], + "index": 11, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "urlToken": "https://ec-cube/admin/setting/shop/delivery/{{delivery-id}}/delete", + "data": "_token={{eccube-csrf-token}}&_method=delete", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 65\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656659802363, + "cookies": [], + "index": 12, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "url": "https://ec-cube/admin/setting/shop/delivery", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656659802399, + "cookies": [], + "index": 13, + "enabled": true, + "elementType": "ZestRequest" + } + ], + "authentication": [], + "index": 0, + "enabled": true, + "elementType": "ZestScript" +} diff --git a/zap/scripts/admin_js_css.zst b/zap/scripts/admin_js_css.zst new file mode 100644 index 00000000000..704c5e0ffa3 --- /dev/null +++ b/zap/scripts/admin_js_css.zst @@ -0,0 +1,187 @@ +{ + "about": "This is a Zest script. For more details about Zest visit https://developer.mozilla.org/en-US/docs/Zest", + "zestVersion": "0.6", + "generatedBy": "Sequence Script Template", + "title": "admin_js_css", + "description": "An example empty sequence script. Add requests to populate the sequence.", + "prefix": "", + "type": "Active", + "parameters": { + "tokenStart": "{{", + "tokenEnd": "}}", + "tokens": {}, + "elementType": "ZestVariables" + }, + "statements": [ + { + "comment": "JS管理", + "index": 1, + "enabled": true, + "elementType": "ZestComment" + }, + { + "url": "https://ec-cube/admin/content/js", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656656809661, + "cookies": [], + "index": 2, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "form__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf1", + "index": 3, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "url": "https://ec-cube/admin/content/js", + "data": "form%5B_token%5D={{csrf1}}&form%5Bjs%5D=%2F*+%E3%82%AB%E3%82%B9%E3%82%BF%E3%83%9E%E3%82%A4%E3%82%BA%E7%94%A8Javascript+*%2F", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 157\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656656830385, + "cookies": [], + "index": 4, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "url": "https://ec-cube/admin/content/js", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656656830408, + "cookies": [], + "index": 5, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "comment": "CSS管理", + "index": 6, + "enabled": true, + "elementType": "ZestComment" + }, + { + "url": "https://ec-cube/admin/content/css", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656656833408, + "cookies": [], + "index": 7, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "form__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf3", + "index": 8, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "url": "https://ec-cube/admin/content/css", + "data": "form%5B_token%5D={{csrf3}}&form%5Bcss%5D=%2F*+%E3%82%AB%E3%82%B9%E3%82%BF%E3%83%9E%E3%82%A4%E3%82%BA%E7%94%A8CSS+*%2F%0D%0A", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 157\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656656835225, + "cookies": [], + "index": 9, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "url": "https://ec-cube/admin/content/css", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656656835246, + "cookies": [], + "index": 10, + "enabled": true, + "elementType": "ZestRequest" + } + ], + "authentication": [], + "index": 0, + "enabled": true, + "elementType": "ZestScript" +} diff --git a/zap/scripts/admin_log.zst b/zap/scripts/admin_log.zst new file mode 100644 index 00000000000..e70aad64aba --- /dev/null +++ b/zap/scripts/admin_log.zst @@ -0,0 +1,118 @@ +{ + "about": "This is a Zest script. For more details about Zest visit https://developer.mozilla.org/en-US/docs/Zest", + "zestVersion": "0.6", + "generatedBy": "Sequence Script Template", + "title": "admin_log", + "description": "An example empty sequence script. Add requests to populate the sequence.", + "prefix": "", + "type": "Active", + "parameters": { + "tokenStart": "{{", + "tokenEnd": "}}", + "tokens": {}, + "elementType": "ZestVariables" + }, + "statements": [ + { + "url": "https://ec-cube/admin/setting/system/log", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"Linux\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1656669570864, + "cookies": [], + "index": 1, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "prefix": "