Merge branch 'master' into enhancement/6959-extract-common-services-f…

…rontend-server-security

.eslintrc.js

@@ -171,6 +171,8 @@ module.exports = {
         /* -------------------------------------------------------------------------- */
         'unicorn/prefer-module': 'off',
         'unicorn/prefer-ternary': 'off',
+        'unicorn/numeric-separators-style': 'off',
+        'unicorn/prefer-node-protocol': 'off',
         // https://github.com/sindresorhus/eslint-plugin-unicorn/blob/main/docs/rules/custom-error-definition.md
         'unicorn/custom-error-definition': 'error',
         // https://github.com/sindresorhus/eslint-plugin-unicorn/blob/main/docs/rules/better-regex.md

.github/actions/comment-test-coverage/README.md

@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v1
+        uses: actions/checkout@v4
 
       - name: Run Jasmine tests
         run: npm run test -- --no-watch --no-progress --browsers=ChromeHeadlessCI

.github/workflows/codeql.yml

@@ -9,11 +9,11 @@
 # the `language` matrix defined below to confirm you have the correct set of
 # supported CodeQL languages.
 #
-name: "CodeQL"
+name: 'CodeQL'
 
 on:
   schedule:
-   - cron: '0 8 * * *'
+    - cron: '0 8 * * *'
   workflow_dispatch:
 
 jobs:
@@ -28,45 +28,44 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'javascript' ]
+        language: ['javascript']
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
         # Use only 'java' to analyze code written in Java, Kotlin or both
         # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
         # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
+      - name: Checkout repository
+        uses: actions/checkout@v4
 
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
 
-        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-        # queries: security-extended,security-and-quality
+          # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+          # queries: security-extended,security-and-quality
 
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
+      # If this step fails, then you should remove it and run the build manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
 
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
 
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+      #   If the Autobuild fails above, remove it and uncomment the following three lines.
+      #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
 
-    #   If the Autobuild fails above, remove it and uncomment the following three lines.
-    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+      # - run: |
+      #   echo "Run, Build Application using script"
+      #   ./location_of_script_within_repo/buildscript.sh
 
-    # - run: |
-    #   echo "Run, Build Application using script"
-    #   ./location_of_script_within_repo/buildscript.sh
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
-      with:
-        category: "/language:${{matrix.language}}"
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: '/language:${{matrix.language}}'

.github/workflows/cypress-basic.yml

@@ -12,102 +12,104 @@ on:
         description: 'Wazuh Version'
         default: 'v4.3.4'
         required: true
-      elastic-version: 
+      elastic-version:
         description: 'Elastic Version'
         default: '7.16.3'
         required: true
-      ubuntu-cypress-version: 
+      ubuntu-cypress-version:
         description: 'Ubuntu Cypress Version'
         default: '3.0.0'
         required: true
       url-package:
         description: 'Package Download Url'
-        required: false 
-        default: 'https://packages-dev.wazuh.com/pre-release/ui/kibana/wazuh_kibana-4.3.4_7.16.3-1.zip'       
+        required: false
+        default: 'https://packages-dev.wazuh.com/pre-release/ui/kibana/wazuh_kibana-4.3.4_7.16.3-1.zip'
 
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
   setup-wazuh-kibana-app:
     name: Run setup environment wazuh kibana app
     runs-on: ubuntu-latest
     steps:
-     - name: Step 01 - Set up environment variables
-       run: |
-        echo "PATH_TEMPLATE=$GITHUB_WORKSPACE/wazuh-app-environments/templates_elastic_prod/es_basic-wz_cluster-agent/" >> $GITHUB_ENV
+      - name: Step 01 - Set up environment variables
+        run: |
+          echo "PATH_TEMPLATE=$GITHUB_WORKSPACE/wazuh-app-environments/templates_elastic_prod/es_basic-wz_cluster-agent/" >> $GITHUB_ENV
 
-        echo "Information about the workflow (basic):
-        wazuh-version: ${{ github.event.inputs.wazuh-version }}
-        elastic-version: ${{ github.event.inputs.elastic-version }}
-        ubuntu-cypress-version: ${{ github.event.inputs.ubuntu-cypress-version }}
-        url-package: ${{ github.event.inputs.url-package }}"
-        
-     - name: Step 02 - Download Project wazuh-app-environments 
-       uses: actions/checkout@v2
-       with:
-        repository: matiasmoreno876/wazuh-app-environments
-        ref: 'master'
-        path: wazuh-app-environments
-        token: ${{ secrets.FE_SECRET_TOKEN }}
-     - name: Step 03 - Configuring templates docker environment
-       run: |
-        cd $GITHUB_WORKSPACE/wazuh-app-environments/
-        mkdir packages
-        cd ${{ env.PATH_TEMPLATE }}
-        sed -i -e 's|WAZUH_VERSION=.*|WAZUH_VERSION=${{ github.event.inputs.wazuh-version }}|g' ./.env
-        sed -i -e 's|ELASTIC_VERSION=.*|ELASTIC_VERSION=${{ github.event.inputs.elastic-version }}|g' ./.env
-        sed -i -e 's|UBUNTU_CYPRESS_VERSION=.*|UBUNTU_CYPRESS_VERSION=${{ github.event.inputs.ubuntu-cypress-version }}|g' ./.env
-        cat .env
-     - name: Step 04 - Starting containers
-       run: |
-        cd ${{ env.PATH_TEMPLATE }}
-        docker-compose up -d
-        echo CONTINUES AFTER 15 SECONDS ...
-        sleep 15s 
-     - name: Step 05 - Installing package from url
-       run: |
-        cd ${{ env.PATH_TEMPLATE }}
-        docker exec $(docker-compose ps -q kibana) bin/kibana-plugin install ${{ github.event.inputs.url-package }}
-        docker-compose restart kibana
-        echo CONTINUES AFTER 60 SECONDS ...
-        sleep 60s
-        docker-compose ps
-     - name: Step 06 - Configuring ip container into wazuh.yml
-       run: |
-        cd ${{ env.PATH_TEMPLATE }}
-        docker exec $(docker-compose ps -q kibana) sed -i -e "s/url: https:\/\/localhost/url: https:\/\/wazuh-manager-master/g" /usr/share/kibana/data/wazuh/config/wazuh.yml
-        docker exec $(docker-compose ps -q kibana) cat /usr/share/kibana/data/wazuh/config/wazuh.yml
-     - name: Step 07 - Run Cypress tests
-       id: run-cypress-test
-       run: |
-         cd ${{ env.PATH_TEMPLATE }}
-         docker exec $(docker-compose ps -q cypress) bash -c " . /home/automation/nvm/nvm.sh && nvm use && npm run cypress:run-headless:github-actions:basic" | tee cypress.log
-       continue-on-error: true 
-     - name: Step 08 - Run Cypress reports
-       run: |
-         cd ${{ env.PATH_TEMPLATE }}
-         docker exec $(docker-compose ps -q cypress) bash -c " . /home/automation/nvm/nvm.sh && nvm use && npm run cypress:report"        
-     - name: Step 09 - Archive reports
-       uses: actions/upload-artifact@v2
-       with:
-        name: cypress-reports_BASIC_${{ github.event.inputs.wazuh-version }}-${{ github.event.inputs.elastic-version }}
-        path: ${{ env.PATH_TEMPLATE }}/report/*
-     - name: Step 10 - Log parsing
-       run: |
-        cd ${{ env.PATH_TEMPLATE }}
-        echo "TEST_SKIPPED=$(grep -E "failed \(|passed" cypress.log | awk ' { print $(NF)}')" >> $GITHUB_ENV
-        echo "TEST_PENDING=$(grep -E "failed \(|passed" cypress.log | awk ' { print $(NF-1)}')" >> $GITHUB_ENV
-        echo "TEST_FAILING=$(grep -E "failed \(|passed" cypress.log | awk ' { print $(NF-2)}')" >> $GITHUB_ENV
-        echo "TEST_PASSING=$(grep -E "failed \(|passed" cypress.log | awk ' { print $(NF-3)}')" >> $GITHUB_ENV
-        echo "TEST_TOTAL=$(grep -E "failed \(|passed" cypress.log | awk ' { print $(NF-4)}')" >> $GITHUB_ENV
-        echo "TEST_TIME=$(grep -E "failed \(|passed" cypress.log | awk ' { print $(NF-5)}')" >> $GITHUB_ENV
-     - name: Step 11 - Post to a Slack channel
-       id: slack
-       uses: slackapi/slack-github-action@v1.19.0
-       with:
+          echo "Information about the workflow (basic):
+          wazuh-version: ${{ github.event.inputs.wazuh-version }}
+          elastic-version: ${{ github.event.inputs.elastic-version }}
+          ubuntu-cypress-version: ${{ github.event.inputs.ubuntu-cypress-version }}
+          url-package: ${{ github.event.inputs.url-package }}"
+
+      - name: Step 02 - Download Project wazuh-app-environments
+        uses: actions/checkout@v4
+        with:
+          repository: matiasmoreno876/wazuh-app-environments
+          ref: 'master'
+          path: wazuh-app-environments
+          token: ${{ secrets.FE_SECRET_TOKEN }}
+      - name: Step 03 - Configuring templates docker environment
+        run: |
+          cd $GITHUB_WORKSPACE/wazuh-app-environments/
+          mkdir packages
+          cd ${{ env.PATH_TEMPLATE }}
+          sed -i -e 's|WAZUH_VERSION=.*|WAZUH_VERSION=${{ github.event.inputs.wazuh-version }}|g' ./.env
+          sed -i -e 's|ELASTIC_VERSION=.*|ELASTIC_VERSION=${{ github.event.inputs.elastic-version }}|g' ./.env
+          sed -i -e 's|UBUNTU_CYPRESS_VERSION=.*|UBUNTU_CYPRESS_VERSION=${{ github.event.inputs.ubuntu-cypress-version }}|g' ./.env
+          cat .env
+      - name: Step 04 - Starting containers
+        run: |
+          cd ${{ env.PATH_TEMPLATE }}
+          docker-compose up -d
+          echo CONTINUES AFTER 15 SECONDS ...
+          sleep 15s
+      - name: Step 05 - Installing package from url
+        run: |
+          cd ${{ env.PATH_TEMPLATE }}
+          docker exec $(docker-compose ps -q kibana) bin/kibana-plugin install ${{ github.event.inputs.url-package }}
+          docker-compose restart kibana
+          echo CONTINUES AFTER 60 SECONDS ...
+          sleep 60s
+          docker-compose ps
+      - name: Step 06 - Configuring ip container into wazuh.yml
+        run: |
+          cd ${{ env.PATH_TEMPLATE }}
+          docker exec $(docker-compose ps -q kibana) sed -i -e "s/url: https:\/\/localhost/url: https:\/\/wazuh-manager-master/g" /usr/share/kibana/data/wazuh/config/wazuh.yml
+          docker exec $(docker-compose ps -q kibana) cat /usr/share/kibana/data/wazuh/config/wazuh.yml
+      - name: Step 07 - Run Cypress tests
+        id: run-cypress-test
+        run: |
+          cd ${{ env.PATH_TEMPLATE }}
+          docker exec $(docker-compose ps -q cypress) bash -c " . /home/automation/nvm/nvm.sh && nvm use && npm run cypress:run-headless:github-actions:basic" | tee cypress.log
+        continue-on-error: true
+      - name: Step 08 - Run Cypress reports
+        run: |
+          cd ${{ env.PATH_TEMPLATE }}
+          docker exec $(docker-compose ps -q cypress) bash -c " . /home/automation/nvm/nvm.sh && nvm use && npm run cypress:report"
+      - name: Step 09 - Archive reports
+        uses: actions/upload-artifact@v4
+        with:
+          name: cypress-reports_BASIC_${{ github.event.inputs.wazuh-version }}-${{ github.event.inputs.elastic-version }}
+          path: ${{ env.PATH_TEMPLATE }}/report/*
+          overwrite: true
+      - name: Step 10 - Log parsing
+        run: |
+          cd ${{ env.PATH_TEMPLATE }}
+          echo "TEST_SKIPPED=$(grep -E "failed \(|passed" cypress.log | awk ' { print $(NF)}')" >> $GITHUB_ENV
+          echo "TEST_PENDING=$(grep -E "failed \(|passed" cypress.log | awk ' { print $(NF-1)}')" >> $GITHUB_ENV
+          echo "TEST_FAILING=$(grep -E "failed \(|passed" cypress.log | awk ' { print $(NF-2)}')" >> $GITHUB_ENV
+          echo "TEST_PASSING=$(grep -E "failed \(|passed" cypress.log | awk ' { print $(NF-3)}')" >> $GITHUB_ENV
+          echo "TEST_TOTAL=$(grep -E "failed \(|passed" cypress.log | awk ' { print $(NF-4)}')" >> $GITHUB_ENV
+          echo "TEST_TIME=$(grep -E "failed \(|passed" cypress.log | awk ' { print $(NF-5)}')" >> $GITHUB_ENV
+      - name: Step 11 - Post to a Slack channel
+        id: slack
+        uses: slackapi/slack-github-action@v1.19.0
+        with:
           # Slack channel id, channel name, or user id to post message.
           # See also: https://api.slack.com/methods/chat.postMessage#channels
-        channel-id: ${{ secrets.SLACK_CHANNEL_ID }}
-          # For posting a simple plain text message
-        slack-message: "The following workflow was executed: ${{ github.workflow }}\nWazuh version: ${{ github.event.inputs.wazuh-version }}\nElastic version: ${{ github.event.inputs.elastic-version }}\nUbuntu Cypress version: ${{ github.event.inputs.ubuntu-cypress-version }}\nPackage used: ${{ github.event.inputs.url-package }}\n\nTest summary:\n\tTotal Test: ${{ env.TEST_TOTAL }}\n\tPassing: ${{ env.TEST_PASSING }}\n\tFailing: ${{ env.TEST_FAILING }}\n\tPending: ${{ env.TEST_PENDING }}\n\tSkipped: ${{ env.TEST_SKIPPED }}\n\tTotal Time: ${{ env.TEST_TIME }}\n\nFor more information visit: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
-       env:
-          SLACK_BOT_TOKEN: ${{ secrets.ACTIONS_SLACK_TOKEN }}
+          channel-id:
+            ${{ secrets.SLACK_CHANNEL_ID }}
+            # For posting a simple plain text message
+          slack-message: "The following workflow was executed: ${{ github.workflow }}\nWazuh version: ${{ github.event.inputs.wazuh-version }}\nElastic version: ${{ github.event.inputs.elastic-version }}\nUbuntu Cypress version: ${{ github.event.inputs.ubuntu-cypress-version }}\nPackage used: ${{ github.event.inputs.url-package }}\n\nTest summary:\n\tTotal Test: ${{ env.TEST_TOTAL }}\n\tPassing: ${{ env.TEST_PASSING }}\n\tFailing: ${{ env.TEST_FAILING }}\n\tPending: ${{ env.TEST_PENDING }}\n\tSkipped: ${{ env.TEST_SKIPPED }}\n\tTotal Time: ${{ env.TEST_TIME }}\n\nFor more information visit: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.ACTIONS_SLACK_TOKEN }}