Merge pull request #762 from SSWConsulting/staging

Merge Staging to Main
SSWConsulting · Nov 9, 2023 · a73d7c0 · a73d7c0
2 parents 149bfae + b85c4c1
commit a73d7c0
Show file tree

Hide file tree

Showing 4 changed files with 65 additions and 33 deletions.
diff --git a/api/functions/index.js b/api/functions/index.js
@@ -146,9 +146,24 @@ app.get('/allscans', async (req, res) => {
 });
 
 app.get('/viewsource', async (req, res) => {
-	const resp = await fetch(req.query.url);
-	const source = await resp.text();
-	res.send(source);
+	const target = new URL(req.query.url);
+	const functionHost = '-sswlinkauditor-c1131.cloudfunctions.net';
+
+	// Disallow fetching from same host to prevent request forgery
+	if (target.hostname.includes(functionHost) || target.hostname === 'localhost') {
+		res.send('Cannot fetch from internal host');
+		return;
+	}
+
+	const resp = await fetch(target.href).catch((err) => {
+		res.send(`Failed to load source: ${err.message}`);
+	});
+	if (resp.ok) {
+		const source = await resp.text();
+		res.send(source);
+	} else {
+		res.send(`Failed to load source: ${resp.status} - ${resp.statusText}`);
+	}
 });
 
 app.get('/run/:runId', async (req, res) => {

diff --git a/api/functions/queries.js b/api/functions/queries.js
@@ -73,11 +73,14 @@ exports.getConfig = (api) =>
 exports.getScanDetails = async (runId) => {
 	const scan = await exports.getSummaryById(runId);
 	let filter;
+	const filterDays = 90;
+	const startDate = new Date(scan.buildDate);
+	startDate.setDate(startDate.getDate() - filterDays);
 
 	if (scan.scanResultVersion === 2) {
-		filter = `PartitionKey eq '${scan.apiKey}-${slug(scan.url)}'`;
+		filter = `PartitionKey eq '${scan.apiKey}-${slug(scan.url)}' and buildDate ge datetime'${startDate.toISOString()}' and buildDate le datetime'${scan.buildDate.toISOString()}'`;
 	} else {
-		filter = odata`PartitionKey eq ${scan.partitionKey} and src ge ${scan.url} and src le ${incrementString(scan.url)}`;
+		filter = odata`PartitionKey eq ${scan.partitionKey} and src ge ${scan.url} and src le ${incrementString(scan.url)} and buildDate ge datetime'${startDate.toISOString()}' and buildDate le datetime'${scan.buildDate.toISOString()}'`;
 	}
 
     const entity = new TableClient(azureUrl, TABLE.ScanResults, credential).listEntities({
@@ -166,17 +169,17 @@ exports.getHTMLHintRules = (api, url, isGetAllRecords) =>
 		resolve(isGetAllRecords ? result : result[result.length - 1] || {})
   });
 
-exports.getHTMLHintRulesByRunId = (runId) => 
-	new Promise(async (resolve) => {
-		const entity = new TableClient(azureUrl, TABLE.htmlhintrules, credential).listEntities({
-			queryOptions: { filter: odata`RowKey eq ${runId}` }
-		});
-		let result = []
-		for await (const item of entity) {
-			result.push(item);
-		}
-		resolve(result[0] || {})
+exports.getHTMLHintRulesByRunId = async (runId) => {
+	const doc = await getRun(runId);
+	const entity = new TableClient(azureUrl, TABLE.htmlhintrules, credential).listEntities({
+		queryOptions: { filter: odata`PartitionKey eq ${doc.apikey} and RowKey eq ${runId}` }
 	});
+	let result = []
+	for await (const item of entity) {
+		result.push(item);
+	}
+	return result[0] || {};
+}
 
 exports.getPersonalSummary = (api, showAll) =>
 	new Promise(async (resolve) => {
@@ -216,27 +219,41 @@ exports.getAllPublicSummary = (showAll) =>
 				result.push(item);
 			}
 
-			resolve(result.filter((value, index, self) => {
-				return self.findIndex(v => v.runId === value.runId) === index;
-			}))
+			const seen = new Set();
+			const filteredResult = result.filter(value => {
+				if (seen.has(value.runId)) {
+					return false;
+				}
+				seen.add(value.runId);
+				return true;
+			})
+
+			resolve(filteredResult);
 		} else {
-			// Top 500 scans in last 24 months
+			// Top 500 scans in last 12 months
 			var date = new Date();
 			date.setMonth(date.getMonth() - 12);
 
 			const entity = new TableClient(azureUrl, TABLE.Scans, credential).listEntities({
 				queryOptions: { filter: odata`isPrivate eq ${false} and buildDate gt datetime'${date.toISOString()}'` }
 			});
-			const iterator = entity.byPage({ maxPageSize: parseInt(process.env.MAX_SCAN_SIZE) });
-			let result = [];
-			for await (const item of iterator) {
-				result = item;
-				break;
+			let result = []
+			for await (const item of entity) {
+				result.push(item);
 			}
 
-			resolve(result.filter((value, index, self) => {
-				return self.findIndex(v => v.runId === value.runId) === index;
-			}))
+			const seen = new Set();
+			const filteredResult = result.filter(value => {
+				if (seen.has(value.runId)) {
+					return false;
+				}
+				seen.add(value.runId);
+				return true;
+			})
+			.sort((a, b) => (a.rowKey > b.rowKey) ? 1 : -1)
+			.slice(0, parseInt(process.env.MAX_SCAN_SIZE));
+
+			resolve(filteredResult);
 		}
 	});
 
@@ -256,7 +273,7 @@ exports.getSummaryById = (runId) =>
 
 			let summary = await getSummary(`PartitionKey eq '${doc.apikey}-${doc.runId}'`);
 
-			if (!summary) {
+			if (!summary || summary.scanResultVersion !== 2) {
 				summary = await getSummary(odata`PartitionKey eq ${doc.apikey} and runId eq ${doc.runId}`);
 			}
 

diff --git a/ui/src/components/htmlhintcomponents/UpdateHTMLRules.svelte b/ui/src/components/htmlhintcomponents/UpdateHTMLRules.svelte
@@ -358,9 +358,9 @@
                 on:keypress={undefined}
               ><i class="fas fa-pen-to-square"></i> Edit</button>
             </span>
-            <div class="bggrey mt-2">
+            <div class="bggrey ml-4 mr-5">
               {#if customHtmlRuleOptions && customHtmlRuleOptions.length > 0 && customHtmlRuleOptions.find(x => x.ruleId === rule.rule)?.optionValue.length > 0}
-                <div class="ml-5">
+                <div class="p-3">
                   <span class="font-sans font-bold">
                     Applied custom option value: 
                   </span>
@@ -370,7 +370,7 @@
                 </div>
               {/if}
               {#if currSelectedCustomOption === index}
-                <div class="ml-5 mb-3">
+                <div class="p-3">
                   <div>
                     {rule.customOptionsMessage}
                   </div>

diff --git a/ui/src/utils/utils.js b/ui/src/utils/utils.js
@@ -560,7 +560,7 @@ export const customHtmlHintRules = [
     ruleLink: "https://www.ssw.com.au/rules/do-you-know-to-hyperlink-your-phone-numbers",
     type: RuleType.Warning,
     isEnableCustomOptions: true,
-    customOptionsMessage: 'Please choose your country code:',
+    customOptionsMessage: 'Please choose the country code:',
     customOptionInputType: customOptionInputType.dropDown,
     customOptionDropdownValues: countryCodes
   },
@@ -588,7 +588,7 @@ export const customHtmlHintRules = [
     ruleLink: "https://ssw.com.au/rules/avoid-absolute-internal-links/",
     type: RuleType.Warning,
     isEnableCustomOptions: true,
-    customOptionsMessage: 'Please enter your website internal URL:',
+    customOptionsMessage: 'Please enter the website internal URL:',
     customOptionInputType: customOptionInputType.singleTextBox,
     customOptionInputValueType: 'url'
   },