From 9a5ea5e37f47aaf1b2e70ceb22302be3c0dfa420 Mon Sep 17 00:00:00 2001
From: Jeroen Willemsen <jeroenwillemsen2001@gmail.com>
Date: Tue, 16 Apr 2024 06:35:58 +0200
Subject: [PATCH 1/6] add cypress testing to docker test and for docker and
 heroku in workflows

---
 .github/scripts/.bash_history         |  2 +-
 .github/scripts/docker-create.sh      |  9 +++++++++
 .github/workflows/heroku_tests.yml    | 26 ++++++++++++++++++++++++++
 js/index.js                           |  2 +-
 src/test/e2e/cypress.config.arcane.js | 16 ++++++++++++++++
 src/test/e2e/cypress.config.heroku.js | 16 ++++++++++++++++
 src/test/e2e/cypress/README.md        |  8 ++++++++
 7 files changed, 77 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/heroku_tests.yml
 create mode 100644 src/test/e2e/cypress.config.arcane.js
 create mode 100644 src/test/e2e/cypress.config.heroku.js

diff --git a/.github/scripts/.bash_history b/.github/scripts/.bash_history
index e63cf903e..cf109b4be 100644
--- a/.github/scripts/.bash_history
+++ b/.github/scripts/.bash_history
@@ -347,7 +347,7 @@ rm -rf jdk-18_linux-x64_bin.deb
 git rebase -i main
 git rebase -i master
 git stash
-export tempPassword="nwRjz2BWCWEnDOzaNpZl/p6OEewJiEGfd0/gBoBKLbo="
+export tempPassword="xw1nQ/d3x3jpCLwVS9QHZTHKcXh4z5Enuk2v70QRmq0="
 mvn run tempPassword
 k6
 npx k6
diff --git a/.github/scripts/docker-create.sh b/.github/scripts/docker-create.sh
index ca300cdc8..554a91685 100755
--- a/.github/scripts/docker-create.sh
+++ b/.github/scripts/docker-create.sh
@@ -73,6 +73,9 @@ Heroku_publish_demo() {
     export TEST_DATA=$(echo -n $RAW_TEST)
     curl --fail 'https://arcane-scrubland-42646.herokuapp.com/token'  --data-raw "grant_type=client_credentials&client_id=WRONGSECRET_CLIENT_ID&client_secret=$TEST_DATA"
     echo $?
+    echo "testing arcane with cypress"
+    cd ../../src/test/e2e
+    npx cypress run --config-file cypress.config.arcane.js
     exit
 }
 
@@ -90,6 +93,9 @@ Heroku_publish_prod(){
     export TEST_DATA=$(echo -n $RAW_TEST)
     curl --fail 'https://wrongsecrets.herokuapp.com/token'  --data-raw "grant_type=client_credentials&client_id=WRONGSECRET_CLIENT_ID&client_secret=$TEST_DATA"
     echo $?
+    echo "testing heroku with cypress"
+    cd ../../src/test/e2e
+    npx cypress run --config-file cypress.config.heroku.js
     exit
 }
 
@@ -404,6 +410,9 @@ test() {
         fi
         echo "testing curl for webjar caching"
         curl -I  'http://localhost:8080/webjars/bootstrap/5.3.3/css/bootstrap.min.css'
+        echo "testing with cypress (requires node20)"
+        cd ../../src/test/e2e
+        npx cypress run
         echo "Testing complete"
     else
         return
diff --git a/.github/workflows/heroku_tests.yml b/.github/workflows/heroku_tests.yml
new file mode 100644
index 000000000..15ee8ae68
--- /dev/null
+++ b/.github/workflows/heroku_tests.yml
@@ -0,0 +1,26 @@
+# This is a basic workflow to help you get started with Actions
+
+name: Test minikube script (k8s&vault)
+
+# Controls when the workflow will run
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches: [master]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  test-heroku:
+    name: Test heroku with cypress
+    runs-on: ubuntu-latest
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run Tests
+        run: |
+          cd src/test/e2e && npx cypress run --config-file src/test/K8s-tests/cypress.config.js && minikube delete
diff --git a/js/index.js b/js/index.js
index 0da72f085..ca7b0ab39 100644
--- a/js/index.js
+++ b/js/index.js
@@ -1,5 +1,5 @@
 // eslint-disable-next-line no-unused-vars
 function secret () {
-  const password = 'JqJJ/Mg=' + 9 + 'n/OE' + 6 + 'knA=' + 2 + 'Tv8v' + 7
+  const password = 'TV5mQAM=' + 9 + 'Fcek' + 6 + 'atA=' + 2 + 'O7ad' + 7
   return password
 }
diff --git a/src/test/e2e/cypress.config.arcane.js b/src/test/e2e/cypress.config.arcane.js
new file mode 100644
index 000000000..a9cb1c262
--- /dev/null
+++ b/src/test/e2e/cypress.config.arcane.js
@@ -0,0 +1,16 @@
+const { defineConfig } = require('cypress')
+
+module.exports = defineConfig({
+  video: false,
+  e2e: {
+    baseUrl: 'https://arcane-scrubland-42646.herokuapp.com/',
+    specPattern: 'cypress/integration/*.cy.js',
+    reporter: 'cypress-multi-reporters',
+    reporterOptions: {
+      configFile: 'reporter-config.json'
+    },
+    setupNodeEvents (on, config) {
+      // implement node event listeners here
+    }
+  }
+})
diff --git a/src/test/e2e/cypress.config.heroku.js b/src/test/e2e/cypress.config.heroku.js
new file mode 100644
index 000000000..e38fb7519
--- /dev/null
+++ b/src/test/e2e/cypress.config.heroku.js
@@ -0,0 +1,16 @@
+const { defineConfig } = require('cypress')
+
+module.exports = defineConfig({
+  video: false,
+  e2e: {
+    baseUrl: 'https://wrongsecrets.herokuapp.com/',
+    specPattern: 'cypress/integration/*.cy.js',
+    reporter: 'cypress-multi-reporters',
+    reporterOptions: {
+      configFile: 'reporter-config.json'
+    },
+    setupNodeEvents (on, config) {
+      // implement node event listeners here
+    }
+  }
+})
diff --git a/src/test/e2e/cypress/README.md b/src/test/e2e/cypress/README.md
index 6f01c4ac4..c7610a591 100644
--- a/src/test/e2e/cypress/README.md
+++ b/src/test/e2e/cypress/README.md
@@ -12,6 +12,14 @@ The reporting of the tests themselves will be located in `target/test-classes/e2
 
 Please note that cypress requires the templates to have been build first.
 
+### Run outside of maven
+Want to run them outside of maven? Make sure you have node20 installed and the application running and listening to `http://localhost:8080` . Then do:
+
+```shell
+cd src/test/e2e/cypress
+npx cypress run
+```
+
 ## How to interact with elements
 
 - To select an element in the UI, add a `data-cy` attribute to the HTML element and give it a unique value.

From 7132c1b30b48eb793eb6a2d096aad3440d509425 Mon Sep 17 00:00:00 2001
From: Jeroen Willemsen <jeroenwillemsen2001@gmail.com>
Date: Tue, 16 Apr 2024 06:38:58 +0200
Subject: [PATCH 2/6] rename workflow

---
 .github/workflows/heroku_tests.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/heroku_tests.yml b/.github/workflows/heroku_tests.yml
index 15ee8ae68..8e96988dc 100644
--- a/.github/workflows/heroku_tests.yml
+++ b/.github/workflows/heroku_tests.yml
@@ -1,6 +1,6 @@
 # This is a basic workflow to help you get started with Actions
 
-name: Test minikube script (k8s&vault)
+name: Test Heroku with cypress
 
 # Controls when the workflow will run
 on:
@@ -16,7 +16,7 @@ permissions:
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
   test-heroku:
-    name: Test heroku with cypress
+    name: run tests
     runs-on: ubuntu-latest
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:

From 5dfc82cfc8bd255588f776f19871865d712c27b6 Mon Sep 17 00:00:00 2001
From: Jeroen Willemsen <jeroenwillemsen2001@gmail.com>
Date: Tue, 16 Apr 2024 06:41:34 +0200
Subject: [PATCH 3/6] add report uploads

---
 .github/workflows/container_test.yml | 5 +++++
 .github/workflows/heroku_tests.yml   | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/.github/workflows/container_test.yml b/.github/workflows/container_test.yml
index 1ad69cfed..d83c6d17b 100644
--- a/.github/workflows/container_test.yml
+++ b/.github/workflows/container_test.yml
@@ -26,3 +26,8 @@ jobs:
       - uses: actions/checkout@v4
       - name: Navigate to test script and run
         run: cd .github/scripts && bash docker-create.sh -t
+      - uses: actions/upload-artifact@v4
+        if: success() || failure()
+        with:
+          name: e2e results
+          path: src/test/e2e/cypress/reports/mochawesome/
diff --git a/.github/workflows/heroku_tests.yml b/.github/workflows/heroku_tests.yml
index 8e96988dc..5f90a9557 100644
--- a/.github/workflows/heroku_tests.yml
+++ b/.github/workflows/heroku_tests.yml
@@ -24,3 +24,8 @@ jobs:
       - name: Run Tests
         run: |
           cd src/test/e2e && npx cypress run --config-file src/test/K8s-tests/cypress.config.js && minikube delete
+      - uses: actions/upload-artifact@v4
+        if: success() || failure()
+        with:
+          name: e2e results
+          path: src/test/e2e/cypress/reports/mochawesome/

From bb2195dbb7d5017603c008607133e79ccfa48756 Mon Sep 17 00:00:00 2001
From: Jeroen Willemsen <jeroenwillemsen2001@gmail.com>
Date: Tue, 16 Apr 2024 06:44:56 +0200
Subject: [PATCH 4/6] fix config file

---
 .github/workflows/heroku_tests.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/heroku_tests.yml b/.github/workflows/heroku_tests.yml
index 5f90a9557..ba86dabf2 100644
--- a/.github/workflows/heroku_tests.yml
+++ b/.github/workflows/heroku_tests.yml
@@ -23,7 +23,7 @@ jobs:
       - uses: actions/checkout@v4
       - name: Run Tests
         run: |
-          cd src/test/e2e && npx cypress run --config-file src/test/K8s-tests/cypress.config.js && minikube delete
+          cd src/test/e2e && npx cypress run --config-file cypress.config.heroku.js
       - uses: actions/upload-artifact@v4
         if: success() || failure()
         with:

From b58911d30671db759fdb9ec12bcdcf28b815a050 Mon Sep 17 00:00:00 2001
From: Jeroen Willemsen <jeroenwillemsen2001@gmail.com>
Date: Tue, 16 Apr 2024 06:47:35 +0200
Subject: [PATCH 5/6] add missing path

---
 .github/workflows/heroku_tests.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/heroku_tests.yml b/.github/workflows/heroku_tests.yml
index ba86dabf2..8dbe0fab5 100644
--- a/.github/workflows/heroku_tests.yml
+++ b/.github/workflows/heroku_tests.yml
@@ -23,7 +23,9 @@ jobs:
       - uses: actions/checkout@v4
       - name: Run Tests
         run: |
-          cd src/test/e2e && npx cypress run --config-file cypress.config.heroku.js
+          cd src/test/e2e
+          npm install cypress
+          npx cypress run --config-file cypress.config.heroku.js
       - uses: actions/upload-artifact@v4
         if: success() || failure()
         with:

From 025d0faf1c414a07f308046df157139c0e8f74ce Mon Sep 17 00:00:00 2001
From: Jeroen Willemsen <jeroenwillemsen2001@gmail.com>
Date: Tue, 16 Apr 2024 07:59:03 +0200
Subject: [PATCH 6/6] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index aea0070f6..7f3741c60 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@
 
 [![Tweet](https://img.shields.io/twitter/url/http/shields.io.svg?style=social)](https://twitter.com/intent/tweet?text=Want%20to%20dive%20into%20secrets%20management%20and%20do%20some%20hunting?%20try%20this&url=https://github.com/OWASP/wrongsecrets&hashtags=secretsmanagement,secrets,hunting,p0wnableapp,OWASP,WrongSecrets) [<img src="https://img.shields.io/badge/-MASTODON-%232B90D9?style=for-the-badge&logo=mastodon&logoColor=white" width=84>](https://tootpick.org/#text=Want%20to%20dive%20into%20secrets%20management%20and%20do%20some%20hunting?%20try%20this%0A%0Ahttps://github.com/OWASP/wrongsecrets%20%23secretsmanagement,%20%23secrets,%20%23hunting,%20%23p0wnableapp,%20%23OWASP,%20%23WrongSecrets) [<img src="https://img.shields.io/badge/LinkedIn-0077B5?style=for-the-badge&logo=linkedin&logoColor=white" width=80>](https://www.linkedin.com/shareArticle/?url=https://www.github.com/OWASP/wrongsecrets&title=OWASP%20WrongSecrets)
 
-[![Java checkstyle and testing](https://github.com/OWASP/wrongsecrets/actions/workflows/main.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/main.yml) [![Pre-commit](https://github.com/OWASP/wrongsecrets/actions/workflows/pre-commit.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/pre-commit.yml) [![Terraform FMT](https://github.com/OWASP/wrongsecrets/actions/workflows/terraform.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/terraform.yml) [![CodeQL](https://github.com/OWASP/wrongsecrets/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/codeql-analysis.yml) [![Dead Link Checker](https://github.com/OWASP/wrongsecrets/actions/workflows/link_checker.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/link_checker.yml)[![Javadoc and Swaggerdoc generator](https://github.com/OWASP/wrongsecrets/actions/workflows/java_swagger_doc.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/java_swagger_doc.yml)
+[![Java checkstyle and testing](https://github.com/OWASP/wrongsecrets/actions/workflows/main.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/main.yml) [![Pre-commit](https://github.com/OWASP/wrongsecrets/actions/workflows/pre-commit.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/pre-commit.yml) [![Terraform FMT](https://github.com/OWASP/wrongsecrets/actions/workflows/terraform.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/terraform.yml) [![CodeQL](https://github.com/OWASP/wrongsecrets/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/codeql-analysis.yml) [![Dead Link Checker](https://github.com/OWASP/wrongsecrets/actions/workflows/link_checker.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/link_checker.yml)[![Javadoc and Swaggerdoc generator](https://github.com/OWASP/wrongsecrets/actions/workflows/java_swagger_doc.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/java_swagger_doc.yml) [![Test Heroku with cypress](https://github.com/OWASP/wrongsecrets/actions/workflows/heroku_tests.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/heroku_tests.yml)
 
 [![Test minikube script (k8s)](https://github.com/OWASP/wrongsecrets/actions/workflows/minikube-k8s-test.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/minikube-k8s-test.yml) [![Test minikube script (k8s&vault)](https://github.com/OWASP/wrongsecrets/actions/workflows/minikube-vault-test.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/minikube-vault-test.yml) [![Docker container test](https://github.com/OWASP/wrongsecrets/actions/workflows/container_test.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/container_test.yml)[![Test container on podman and Colima](https://github.com/OWASP/wrongsecrets/actions/workflows/container-alts-test.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/container-alts-test.yml)
 [![DAST with ZAP](https://github.com/OWASP/wrongsecrets/actions/workflows/dast-zap-test.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/dast-zap-test.yml)