From bf5849add1d09333f8fd1c2223f83b4ec6adbab1 Mon Sep 17 00:00:00 2001 From: Gunasekar-K Date: Thu, 4 May 2023 15:16:34 +0530 Subject: [PATCH 01/10] Security fix for root file system access --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 5e41ee80..509981e7 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -13,7 +13,7 @@ install_dependency: &install_dependency install_deploysuite: &install_deploysuite name: Installation of install_deploysuite. command: | - git clone --branch v1.4.14 https://github.com/topcoder-platform/tc-deploy-scripts ../buildscript + git clone --branch dev https://github.com/topcoder-platform/tc-deploy-scripts ../buildscript cp ./../buildscript/master_deploy.sh . cp ./../buildscript/buildenv.sh . cp ./../buildscript/awsconfiguration.sh . From 5dfc970107334edb7842f157b8701ec7803f26b1 Mon Sep 17 00:00:00 2001 From: Gunasekar-K Date: Thu, 4 May 2023 15:56:34 +0530 Subject: [PATCH 02/10] Yarn cache issue due to root file system security Yarn cache issue due to root file system security --- docker/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 89879a2c..35566b0b 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -8,6 +8,6 @@ COPY . /challenge-api WORKDIR /challenge-api # Install the dependencies from package.json -RUN yarn install +RUN HOME=$(pwd) yarn install -CMD yarn start \ No newline at end of file +CMD yarn start From 80879fe73d0f5a903d0a8f20eb445e79c431e8f0 Mon Sep 17 00:00:00 2001 From: eisbilir Date: Thu, 4 May 2023 13:39:10 +0300 Subject: [PATCH 03/10] Revert "Yarn cache issue due to root file system security" This reverts commit 5dfc970107334edb7842f157b8701ec7803f26b1. --- docker/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 35566b0b..89879a2c 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -8,6 +8,6 @@ COPY . /challenge-api WORKDIR /challenge-api # Install the dependencies from package.json -RUN HOME=$(pwd) yarn install +RUN yarn install -CMD yarn start +CMD yarn start \ No newline at end of file From 9960278cdbe7a730cc13fb4b72f29c5fa95df656 Mon Sep 17 00:00:00 2001 From: eisbilir Date: Thu, 4 May 2023 13:39:17 +0300 Subject: [PATCH 04/10] Revert "Security fix for root file system access" This reverts commit bf5849add1d09333f8fd1c2223f83b4ec6adbab1. --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 509981e7..5e41ee80 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -13,7 +13,7 @@ install_dependency: &install_dependency install_deploysuite: &install_deploysuite name: Installation of install_deploysuite. command: | - git clone --branch dev https://github.com/topcoder-platform/tc-deploy-scripts ../buildscript + git clone --branch v1.4.14 https://github.com/topcoder-platform/tc-deploy-scripts ../buildscript cp ./../buildscript/master_deploy.sh . cp ./../buildscript/buildenv.sh . cp ./../buildscript/awsconfiguration.sh . From 23ab1139eaecdd1284b9ddfb46b9f3351a0ab9d4 Mon Sep 17 00:00:00 2001 From: Gunasekar-K Date: Thu, 4 May 2023 16:11:58 +0530 Subject: [PATCH 05/10] root file fix --- docker/Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 89879a2c..698a2c71 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -8,6 +8,8 @@ COPY . /challenge-api WORKDIR /challenge-api # Install the dependencies from package.json +RUN mkdir -p /yarncache +ENV YARN_CACHE_FOLDER=/yarncache RUN yarn install -CMD yarn start \ No newline at end of file +CMD yarn start From 838f096105a53403b44ead4d6ab54b37ea012842 Mon Sep 17 00:00:00 2001 From: Gunasekar-K Date: Thu, 4 May 2023 16:12:24 +0530 Subject: [PATCH 06/10] Update config.yml --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 5e41ee80..509981e7 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -13,7 +13,7 @@ install_dependency: &install_dependency install_deploysuite: &install_deploysuite name: Installation of install_deploysuite. command: | - git clone --branch v1.4.14 https://github.com/topcoder-platform/tc-deploy-scripts ../buildscript + git clone --branch dev https://github.com/topcoder-platform/tc-deploy-scripts ../buildscript cp ./../buildscript/master_deploy.sh . cp ./../buildscript/buildenv.sh . cp ./../buildscript/awsconfiguration.sh . From 2bd5842fcf4a7774c77974fd4b6656eda2f6c460 Mon Sep 17 00:00:00 2001 From: eisbilir Date: Thu, 4 May 2023 13:54:42 +0300 Subject: [PATCH 07/10] Revert "Update config.yml" This reverts commit 838f096105a53403b44ead4d6ab54b37ea012842. --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 509981e7..5e41ee80 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -13,7 +13,7 @@ install_dependency: &install_dependency install_deploysuite: &install_deploysuite name: Installation of install_deploysuite. command: | - git clone --branch dev https://github.com/topcoder-platform/tc-deploy-scripts ../buildscript + git clone --branch v1.4.14 https://github.com/topcoder-platform/tc-deploy-scripts ../buildscript cp ./../buildscript/master_deploy.sh . cp ./../buildscript/buildenv.sh . cp ./../buildscript/awsconfiguration.sh . From b852c5bc34b3567461f7b26c9d59056c8711bbb4 Mon Sep 17 00:00:00 2001 From: eisbilir Date: Thu, 4 May 2023 13:54:47 +0300 Subject: [PATCH 08/10] Revert "root file fix" This reverts commit 23ab1139eaecdd1284b9ddfb46b9f3351a0ab9d4. --- docker/Dockerfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 698a2c71..89879a2c 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -8,8 +8,6 @@ COPY . /challenge-api WORKDIR /challenge-api # Install the dependencies from package.json -RUN mkdir -p /yarncache -ENV YARN_CACHE_FOLDER=/yarncache RUN yarn install -CMD yarn start +CMD yarn start \ No newline at end of file From 18cd0b898ae1f5aff33969935a6dfc6d76c3ade4 Mon Sep 17 00:00:00 2001 From: Rakib Ansary Date: Fri, 5 May 2023 13:41:20 +0600 Subject: [PATCH 09/10] fix: Enable ecs-containers-readonly-access and update Docker CMD - Update tc-deploy-scripts to v1.4.15 to set environment variables for enabling ecs-containers-readonly-access - Modify Dockerfile to replace 'yarn start' with 'node /challenge-api/app.js' to ensure compatibility with read-only file systems Enabling ecs-containers-readonly-access ensures that the container file system is read-only, reducing the risk of unauthorized modifications to the application files during runtime. Replacing 'yarn start' with 'node /challenge-api/app.js' addresses potential issues with Yarn requiring a writable file system for certain operations, ensuring a smooth deployment on a read-only environment. Signed-off-by: Rakib Ansary --- .circleci/config.yml | 2 +- docker/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 5e41ee80..92df7673 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -13,7 +13,7 @@ install_dependency: &install_dependency install_deploysuite: &install_deploysuite name: Installation of install_deploysuite. command: | - git clone --branch v1.4.14 https://github.com/topcoder-platform/tc-deploy-scripts ../buildscript + git clone --branch v1.4.15 https://github.com/topcoder-platform/tc-deploy-scripts ../buildscript cp ./../buildscript/master_deploy.sh . cp ./../buildscript/buildenv.sh . cp ./../buildscript/awsconfiguration.sh . diff --git a/docker/Dockerfile b/docker/Dockerfile index 89879a2c..7edc492e 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -10,4 +10,4 @@ WORKDIR /challenge-api # Install the dependencies from package.json RUN yarn install -CMD yarn start \ No newline at end of file +CMD node /challenge-api/app.js From c5084dd4811ffe866ab33b1e1fc26bbe19adc0a9 Mon Sep 17 00:00:00 2001 From: Rakib Ansary Date: Fri, 19 May 2023 03:21:10 +0600 Subject: [PATCH 10/10] fix: user with topcoder user role should not be allowed to create challenges --- .gitignore | 1 + src/routes.js | 5 +---- src/services/ChallengeService.js | 20 ++++++++++++++++---- 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/.gitignore b/.gitignore index 9d35fdf0..4a2329e0 100644 --- a/.gitignore +++ b/.gitignore @@ -63,3 +63,4 @@ typings/ .next ecr-login.sh .npmrc +test.js diff --git a/src/routes.js b/src/routes.js index 407b7a41..ad8779ac 100644 --- a/src/routes.js +++ b/src/routes.js @@ -30,7 +30,6 @@ module.exports = { constants.UserRoles.SelfServiceCustomer, constants.UserRoles.Copilot, constants.UserRoles.Manager, - constants.UserRoles.User, ], scopes: [CREATE, ALL], }, @@ -53,6 +52,7 @@ module.exports = { method: "getChallenge", scopes: [READ, ALL], }, + // @deprecated put: { controller: "ChallengeController", method: "updateChallenge", @@ -62,7 +62,6 @@ module.exports = { constants.UserRoles.SelfServiceCustomer, constants.UserRoles.Copilot, constants.UserRoles.Manager, - constants.UserRoles.User, ], scopes: [UPDATE, ALL], }, @@ -75,7 +74,6 @@ module.exports = { constants.UserRoles.SelfServiceCustomer, constants.UserRoles.Copilot, constants.UserRoles.Manager, - constants.UserRoles.User, ], scopes: [UPDATE, ALL], }, @@ -88,7 +86,6 @@ module.exports = { constants.UserRoles.Copilot, constants.UserRoles.SelfServiceCustomer, constants.UserRoles.Manager, - constants.UserRoles.User, ], scopes: [DELETE, ALL], }, diff --git a/src/services/ChallengeService.js b/src/services/ChallengeService.js index c36def76..a0e19823 100644 --- a/src/services/ChallengeService.js +++ b/src/services/ChallengeService.js @@ -1182,7 +1182,12 @@ createChallenge.schema = { projectId: Joi.number().integer().positive(), legacyId: Joi.number().integer().positive(), startDate: Joi.date().iso(), - status: Joi.string().valid([constants.challengeStatuses.Active, constants.challengeStatuses.New, constants.challengeStatuses.Draft, constants.challengeStatuses.Approved]), + status: Joi.string().valid([ + constants.challengeStatuses.Active, + constants.challengeStatuses.New, + constants.challengeStatuses.Draft, + constants.challengeStatuses.Approved, + ]), groups: Joi.array().items(Joi.optionalId()).unique(), // gitRepoURLs: Joi.array().items(Joi.string().uri()), terms: Joi.array().items( @@ -1428,7 +1433,7 @@ async function updateChallenge(currentUser, challengeId, data) { data = sanitizeData(sanitizeChallenge(data), challenge); console.debug("Sanitized Data:", data); - validateChallengeUpdateRequest(currentUser, challenge, data); + await validateChallengeUpdateRequest(currentUser, challenge, data); let sendActivationEmail = false; let sendSubmittedEmail = false; @@ -1615,7 +1620,12 @@ async function updateChallenge(currentUser, challengeId, data) { const finalStatus = data.status || challenge.status; const finalTimelineTemplateId = data.timelineTemplateId || challenge.timelineTemplateId; let timelineTemplateChanged = false; - if (!currentUser.isMachine && !hasAdminRole(currentUser) && !_.get(data, "legacy.pureV5") && !_.get(challenge, "legacy.pureV5")) { + if ( + !currentUser.isMachine && + !hasAdminRole(currentUser) && + !_.get(data, "legacy.pureV5") && + !_.get(challenge, "legacy.pureV5") + ) { if ( finalStatus !== constants.challengeStatuses.New && finalTimelineTemplateId !== challenge.timelineTemplateId @@ -1748,7 +1758,9 @@ async function updateChallenge(currentUser, challengeId, data) { const { track, type } = await challengeHelper.validateAndGetChallengeTypeAndTrack({ typeId: challenge.typeId, trackId: challenge.trackId, - timelineTemplateId: timelineTemplateChanged ? finalTimelineTemplateId : challenge.timelineTemplateId, + timelineTemplateId: timelineTemplateChanged + ? finalTimelineTemplateId + : challenge.timelineTemplateId, }); if (_.get(type, "isTask")) {