Merge branch 'release/0.3.0'

Author: denis-yuen

.circleci/config.yml

@@ -3,7 +3,7 @@ orbs:
   aws-s3: circleci/aws-s3@3.0.0
   node: circleci/node@4.7.0
   sam: circleci/aws-sam-serverless@3.0
-  aws-cli: circleci/aws-cli@3.1.1 # perform openid connect  
+  aws-cli: circleci/aws-cli@3.1.1 # perform openid connect
 jobs:
   build:
     docker:
@@ -20,7 +20,7 @@ jobs:
             - aws-cli/setup:
                 profile-name: WEB IDENTITY PROFILE
                 role-arn: $AWS_ROLE_ARN
-                role-session-name: "CircleCI-${CIRCLE_WORKFLOW_ID}-${CIRCLE_JOB}"          
+                role-session-name: "CircleCI-${CIRCLE_WORKFLOW_ID}-${CIRCLE_JOB}"
             - checkout
             - node/install:
                 install-yarn: false
@@ -32,9 +32,6 @@ jobs:
             - create_zip_upload_to_s3:
                 lambdaFolder: "edge-lambda-for-s3/deployment"
                 s3BucketFolder: "edgeLambdaForS3404s"
-            - create_zip_upload_to_s3:
-                lambdaFolder: "upsertGitHubTag/deployment"
-                s3BucketFolder: "upsertGitHubTag"
             - create_zip_upload_to_s3:
                 lambdaFolder: "webhook-testing/deployment"
                 s3BucketFolder: "webhookTesting"
@@ -62,7 +59,7 @@ jobs:
             - aws-cli/setup:
                 profile-name: WEB IDENTITY PROFILE
                 role-arn: $AWS_ROLE_ARN
-                role-session-name: "CircleCI-${CIRCLE_WORKFLOW_ID}-${CIRCLE_JOB}"          
+                role-session-name: "CircleCI-${CIRCLE_WORKFLOW_ID}-${CIRCLE_JOB}"
             - checkout
             - run:
                 name: Validate index.js

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,12 @@
+**Description**
+A description of the PR, should include a decent explanation as to why this change was needed and a decent explanation as to what this change does
+
+**Issue**
+A link to a github issue or SEAB- ticket (using that as a prefix)
+
+**Security**
+If there are any concerns that require extra attention from the security team, highlight them here.
+
+Please make sure that you've checked the following before submitting your pull request. Thanks!
+
+- [ ] Ensure that the PR targets the correct branch. Check the milestone or fix version of the ticket.

.github/workflows/codeql.yml

@@ -0,0 +1,39 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "develop", "master", "hotfix/*", "release/*", "feature/**" ]
+  pull_request:
+    branches: [ "develop", "master", "hotfix/*", "release/*" ]
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ javascript ]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          queries: +security-and-quality
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: "/language:${{ matrix.language }}"

.github/workflows/maven.yml

@@ -27,17 +27,12 @@ jobs:
        run: |
          python -m pip install --upgrade pip
          pip install aws-sam-cli
-     - name: Test with SAM CLI
-       working-directory: ./upsertGitHubTag
-       run: | 
-         sam local invoke HelloWorldFunction -e events/event.json -n env.json &> output.txt
-         grep "Valid push event" output.txt
      - name: Test wdl parsing with SAM CLI build and invoke
        working-directory: ./wdl-parsing
        run: | 
          sam build --use-container
          sam local invoke WDLParsingFunction -e events/event.json &> output.txt
-         grep "statusCode\":200" output.txt
+         grep "statusCode\": 200" output.txt
      - name: Test Nextflow parsing with SAM CLI build (no invoke)
        working-directory: ./nextflow-parsing
        # SAM build also runs the Java tests

checkUrlExists/lambda/index.js

@@ -1,22 +1,12 @@
-const fs = require("fs");
-const tls = require("tls");
+const Url = require("url");
+const ftp = require("basic-ftp");
+const { http, https } = require("follow-redirects");
 
-const { curly } = require("node-libcurl");
-
-// important steps to get validation of https (as opposed to http) urls
-// Get root certificates so https will work
-//
-// Write the certificates to a file
-// https://stackoverflow.com/questions/63052127/protractor-node-libcurl-failed-ssl-peer-certificate-or-ssh-remote-key-was-not-o
-// When doing sam build the file must be in /tmp because other wise it cannot be read
-// due to ro file system in container
-// https://stackoverflow.com/questions/53810516/getting-error-aws-lambda-erofs-read-only-file-system-open-var-task-assets
-const certFilePath = "/tmp/cacert.pem";
-// https://nodejs.org/api/tls.html#tls_tls_rootcertificates
-// An immutable array of strings representing the root certificates (in PEM format) from the bundled Mozilla CA store as supplied by current Node.js version.
-// The bundled CA store, as supplied by Node.js, is a snapshot of Mozilla CA store that is fixed at release time. It is identical on all supported platforms.
-const tlsData = tls.rootCertificates.join("\n");
-fs.writeFileSync(certFilePath, tlsData);
+// The Node url.parse returns an object where the protocol is lower case and contains the colon at the end
+const SECURE_FTP_PROTOCOL = "sftp:";
+const FTP_PROTOCOL = "ftp:";
+const HTTP_PROTOCOL = "http:";
+const HTTPS_PROTOCOL = "https:";
 
 /**
  * TODO: Change to array of URLs to parse
@@ -50,10 +40,48 @@ async function checkUrl(url) {
 }
 
 async function run(url) {
-  const curlOpts = {
-    caInfo: certFilePath,
-  };
-  return curly.head(url, curlOpts);
+  const parsedUrl = Url.parse(url);
+  const protocol = parsedUrl.protocol; // Url.parse() lower cases the protocol
+  if (FTP_PROTOCOL === protocol || SECURE_FTP_PROTOCOL === protocol) {
+    const secure = SECURE_FTP_PROTOCOL === protocol;
+    const ftpClient = new ftp.Client();
+    try {
+      let options = {
+        host: parsedUrl.host,
+        secure: secure,
+        ...(parsedUrl.port && { port: parsedUrl.port }),
+      };
+      await ftpClient.access(options);
+      const size = await ftpClient.size(parsedUrl.path);
+      return size > 0
+        ? Promise.resolve()
+        : Promise.reject("Could not get size for " + url);
+    } finally {
+      ftpClient.close();
+    }
+  } else if (HTTP_PROTOCOL === protocol) {
+    return httpOrHttpsRequest(url, http);
+  } else if (HTTPS_PROTOCOL === protocol) {
+    return httpOrHttpsRequest(url, https);
+  }
+  return Promise.reject("Unsupported protocol: " + protocol);
+}
+
+function httpOrHttpsRequest(url, httpOrHttps) {
+  return new Promise((resolve, reject) => {
+    const req = httpOrHttps.request(url, {
+      method: "HEAD",
+      headers: { "user-agent": "Dockstore/1.0" }, // User-agent must be set for tests to pass, AWS (WAF?) blocks requests with no user-agent
+    });
+    req.on("response", (res) => {
+      if (res.statusCode < 300) {
+        resolve(res.statusCode);
+      }
+      reject(res.statusCode);
+    });
+    req.on("error", (err) => reject(err));
+    req.end();
+  });
 }
 
 function returnResponse(fileFound) {