From 620bfbfdbf9ad30e623d45bcba522b3a57bd378c Mon Sep 17 00:00:00 2001
From: Ivo Dias <igd753@gmail.com>
Date: Mon, 4 Nov 2024 12:02:27 -0300
Subject: [PATCH] New Action

---
 .github/workflows/Veracode-Set-Policy.yml | 30 +++++++++++++++++++++++
 .vscode/settings.json                     |  2 +-
 app/routes/session.js                     |  2 +-
 3 files changed, 32 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/Veracode-Set-Policy.yml

diff --git a/.github/workflows/Veracode-Set-Policy.yml b/.github/workflows/Veracode-Set-Policy.yml
new file mode 100644
index 0000000..2bb0119
--- /dev/null
+++ b/.github/workflows/Veracode-Set-Policy.yml
@@ -0,0 +1,30 @@
+name: Veracode_Set_Policy
+on:
+  workflow_dispatch:
+
+jobs:
+  Veracode:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download Veracode Wrapper
+        run: |
+          curl -o veracode-wrapper.jar https://repo1.maven.org/maven2/com/veracode/vosp/api/wrappers/vosp-api-wrappers-java/23.4.11.2/vosp-api-wrappers-java-23.4.11.2.jar
+      - name: Veracode - Set Policy
+        env:
+          VID: ${{ secrets.VeracodeID }} # Lembrar de criar as credenciais no Secrets
+          VKEY: ${{ secrets.VeracodeKey }}
+          veracodeAppProfile: Github - ${{ github.repository }}
+          veracodePolicy: ${{ secrets.veracodePolicy }}
+        run: |
+          # Obtem as informacoes do projeto
+          INFO=$(java -jar veracode-wrapper.jar -vid $VID -vkey $VKEY -action GetAppList)
+          appID=$(echo "$INFO" | grep -oP '(?<=app_id=")[^"]+(?=" app_name="'$veracodeAppProfile'")')
+
+          # Verifica se o appID foi extraido corretamente
+          if [ -n "$appID" ]; then
+            # Faz a edicao
+            java -jar veracode-wrapper.jar -vid $VID -vkey $VKEY -action updateapp -appid $appID -policy "$veracodePolicy"
+            echo "Add $veracodeAppProfile (ID: $appID) in Policy $veracodePolicy"
+          else
+            echo "App ID não encontrado para o perfil $veracodeAppProfile"
+          fi
\ No newline at end of file
diff --git a/.vscode/settings.json b/.vscode/settings.json
index f82dc7d..8e69e67 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1,3 +1,3 @@
 {
-    "veracode-scan.SCA Features.policy": true
+    "veracode-scan.SCA Features.policy": false
 }
\ No newline at end of file
diff --git a/app/routes/session.js b/app/routes/session.js
index 90119c9..0697255 100644
--- a/app/routes/session.js
+++ b/app/routes/session.js
@@ -59,7 +59,7 @@ function SessionHandler(db) {
             const invalidPasswordErrorMessage = "Invalid password";
             if (err) {
                 if (err.noSuchUser) {
-                    console.log('Error: attempt to login with invalid user: ', userName);
+                    console.log('Error: attempt to login with invalid user: ', userName.replace(/[\n]/g, '\\n').replace(/[\r]/g, '\\r'));
 
                     // Fix for A1 - 3 Log Injection - encode/sanitize input for CRLF Injection
                     // that could result in log forging: