Skip to content

Commit 7f3e8cd

Browse files
harrim91harrim91
authored
CCM-8572: template security scan (#357)
1 parent 2912239 commit 7f3e8cd

File tree

99 files changed

+5070
-10537
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

99 files changed

+5070
-10537
lines changed

.github/workflows/stage-4-acceptance.yaml

Lines changed: 43 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ jobs:
5454
uses: aws-actions/configure-aws-credentials@v4
5555
with:
5656
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ASSUME_ROLE_NAME }}
57-
role-session-name: deployInfra
57+
role-session-name: templates-ci-sandbox-setup
5858
aws-region: ${{ env.AWS_REGION }}
5959
- name: "Get normalized branch name"
6060
id: normalize_branch_name
@@ -108,7 +108,7 @@ jobs:
108108
uses: aws-actions/configure-aws-credentials@v4
109109
with:
110110
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ASSUME_ROLE_NAME }}
111-
role-session-name: deployInfra
111+
role-session-name: templates-ci-accessibility-tests
112112
aws-region: eu-west-2
113113
- name: "Run accessibility test"
114114
run: make test-accessibility
@@ -143,7 +143,7 @@ jobs:
143143
uses: aws-actions/configure-aws-credentials@v4
144144
with:
145145
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ASSUME_ROLE_NAME }}
146-
role-session-name: deployInfra
146+
role-session-name: templates-ci-component-tests
147147
aws-region: eu-west-2
148148
- name: "Run ui component test"
149149
run: |
@@ -179,7 +179,7 @@ jobs:
179179
uses: aws-actions/configure-aws-credentials@v4
180180
with:
181181
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ASSUME_ROLE_NAME }}
182-
role-session-name: deployInfra
182+
role-session-name: templates-ci-api-tests
183183
aws-region: eu-west-2
184184
- name: "Run API test"
185185
run: |
@@ -190,7 +190,43 @@ jobs:
190190
with:
191191
name: API test report
192192
path: "tests/test-team/playwright-report"
193-
193+
test-e2e:
194+
name: "E2E test"
195+
runs-on: ubuntu-latest
196+
needs: [sandbox-set-up]
197+
environment: dev
198+
timeout-minutes: 10
199+
steps:
200+
- name: "Checkout code"
201+
uses: actions/checkout@v4
202+
- uses: actions/download-artifact@v4
203+
with:
204+
name: sandbox_tf_outputs.json
205+
path: ./
206+
- uses: actions/download-artifact@v4
207+
with:
208+
name: amplify_outputs.json
209+
path: ./frontend
210+
- name: "Repo setup"
211+
run: |
212+
npm ci
213+
- name: Install Playwright Browsers
214+
run: npx playwright install --with-deps
215+
- name: Configure AWS credentials
216+
uses: aws-actions/configure-aws-credentials@v4
217+
with:
218+
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ASSUME_ROLE_NAME }}
219+
role-session-name: templates-ci-e2e-tests
220+
aws-region: eu-west-2
221+
- name: "Run E2E test"
222+
run:
223+
npm -w tests/test-team run test:e2e
224+
- name: Archive e2e test results
225+
if: success() || failure()
226+
uses: actions/upload-artifact@v4
227+
with:
228+
name: e2e test report
229+
path: "tests/test-team/playwright-report"
194230
sandbox-tear-down:
195231
name: "Sandbox tear down"
196232
if: success() || failure()
@@ -199,6 +235,7 @@ jobs:
199235
- test-accessibility
200236
- test-ui-component
201237
- test-api
238+
- test-e2e
202239
environment: dev
203240
steps:
204241
- uses: hashicorp/setup-terraform@v3
@@ -209,7 +246,7 @@ jobs:
209246
uses: aws-actions/configure-aws-credentials@v4
210247
with:
211248
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ASSUME_ROLE_NAME }}
212-
role-session-name: deployInfra
249+
role-session-name: templates-ci-sandbox-teardown
213250
aws-region: eu-west-2
214251
- name: "Get normalized branch name"
215252
id: normalize_branch_name

frontend/src/__tests__/components/forms/PreviewLetterTemplate/PreviewLetterTemplate.test.tsx

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,31 @@ describe('Preview letter form renders', () => {
5757
expect(container.asFragment()).toMatchSnapshot();
5858
});
5959

60+
it('matches snapshot when template status is VIRUS_SCAN_FAILED', () => {
61+
const container = render(
62+
<PreviewLetterTemplate
63+
initialState={mockDeep<TemplateFormState<LetterTemplate>>({
64+
validationError: undefined,
65+
name: 'test-template-letter',
66+
id: 'template-id',
67+
templateStatus: 'VIRUS_SCAN_FAILED',
68+
language: 'en',
69+
letterType: 'q1',
70+
files: {
71+
pdfTemplate: {
72+
fileName: 'file.pdf',
73+
currentVersion: '4C728B7D-A028-4BA2-B180-A63CDD2AE1E9',
74+
virusScanStatus: 'FAILED',
75+
},
76+
testDataCsv: undefined,
77+
},
78+
})}
79+
/>
80+
);
81+
82+
expect(container.asFragment()).toMatchSnapshot();
83+
});
84+
6085
it('matches snapshot when navigating from edit screen', () => {
6186
const mockSearchParams = new Map([['from', 'edit']]);
6287
(useSearchParams as jest.Mock).mockImplementation(() => ({

frontend/src/__tests__/components/forms/PreviewLetterTemplate/__snapshots__/PreviewLetterTemplate.test.tsx.snap

Lines changed: 246 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -856,3 +856,249 @@ exports[`Preview letter form renders matches snapshot when navigating from manag
856856
</main>
857857
</DocumentFragment>
858858
`;
859+
860+
exports[`Preview letter form renders matches snapshot when template status is VIRUS_SCAN_FAILED 1`] = `
861+
<DocumentFragment>
862+
<div
863+
class="nhsuk-back-link"
864+
>
865+
<a
866+
class="nhsuk-back-link__link"
867+
href="/templates/manage-templates"
868+
id="back-link"
869+
>
870+
<svg
871+
aria-hidden="true"
872+
class="nhsuk-icon nhsuk-icon__chevron-left"
873+
height="24"
874+
viewBox="0 0 24 24"
875+
width="24"
876+
xmlns="http://www.w3.org/2000/svg"
877+
>
878+
<path
879+
d="M8.5 12c0-.3.1-.5.3-.7l5-5c.4-.4 1-.4 1.4 0s.4 1 0 1.4L10.9 12l4.3 4.3c.4.4.4 1 0 1.4s-1 .4-1.4 0l-5-5c-.2-.2-.3-.4-.3-.7z"
880+
/>
881+
</svg>
882+
Back to all templates
883+
</a>
884+
</div>
885+
<main
886+
class="nhsuk-main-wrapper"
887+
id="maincontent"
888+
role="main"
889+
>
890+
<div
891+
class="nhsuk-grid-row"
892+
>
893+
<div
894+
class="nhsuk-grid-column-full"
895+
>
896+
<h1
897+
class="preview__heading"
898+
data-testid="preview-message__heading"
899+
>
900+
test-template-letter
901+
</h1>
902+
<div
903+
class="nhsuk-width-container nhsuk-u-margin-bottom-6 nhsuk-body-m"
904+
>
905+
<div
906+
class="preview"
907+
>
908+
<div
909+
class="nhsuk-grid-row preview__row"
910+
>
911+
<div
912+
class="nhsuk-grid-column-one-third preview__col"
913+
>
914+
<div
915+
class="preview__col_heading"
916+
>
917+
Template ID
918+
</div>
919+
</div>
920+
<div
921+
class="nhsuk-grid-column-two-thirds col"
922+
>
923+
template-id
924+
</div>
925+
</div>
926+
<div
927+
class="nhsuk-grid-row preview__row"
928+
>
929+
<div
930+
class="nhsuk-grid-column-one-third preview__col"
931+
>
932+
<div
933+
class="preview__col_heading"
934+
>
935+
Type
936+
</div>
937+
</div>
938+
<div
939+
class="nhsuk-grid-column-two-thirds col"
940+
>
941+
Braille letter
942+
</div>
943+
</div>
944+
<div
945+
class="nhsuk-grid-row preview__row"
946+
>
947+
<div
948+
class="nhsuk-grid-column-one-third preview__col"
949+
>
950+
<div
951+
class="preview__col_heading"
952+
>
953+
Status
954+
</div>
955+
</div>
956+
<div
957+
class="nhsuk-grid-column-two-thirds col"
958+
>
959+
<strong
960+
class="nhsuk-tag"
961+
>
962+
Virus Scan Failed
963+
</strong>
964+
</div>
965+
</div>
966+
<div
967+
class="nhsuk-grid-row preview__row"
968+
>
969+
<div
970+
class="nhsuk-grid-column-one-third preview__col"
971+
>
972+
<div
973+
class="preview__col_heading"
974+
>
975+
Template file
976+
</div>
977+
</div>
978+
<div
979+
class="nhsuk-grid-column-two-thirds col"
980+
>
981+
<div
982+
class="container"
983+
>
984+
<svg
985+
class="icon"
986+
fill="none"
987+
height="26"
988+
viewBox="0 0 20 26"
989+
width="20"
990+
xmlns="http://www.w3.org/2000/svg"
991+
>
992+
<path
993+
d="M0 0V26H20V6.59375L19.7188 6.28125L13.7188 0.28125L13.4062 0H0ZM2 2H12V8H18V24H2V2ZM14 3.4375L16.5625 6H14V3.4375Z"
994+
fill="#4C6272"
995+
/>
996+
</svg>
997+
<p
998+
class="text"
999+
>
1000+
file.pdf
1001+
</p>
1002+
</div>
1003+
</div>
1004+
</div>
1005+
</div>
1006+
</div>
1007+
<form
1008+
action="/action"
1009+
>
1010+
<input
1011+
name="form-id"
1012+
readonly=""
1013+
type="hidden"
1014+
value="preview-letter-template"
1015+
/>
1016+
<input
1017+
name="csrf_token"
1018+
readonly=""
1019+
type="hidden"
1020+
value="no_token"
1021+
/>
1022+
<div
1023+
class="nhsuk-form-group"
1024+
>
1025+
<fieldset
1026+
class="nhsuk-fieldset"
1027+
>
1028+
<legend
1029+
class="nhsuk-fieldset__legend nhsuk-fieldset__legend--m"
1030+
data-testid="previewLetterTemplateAction-form__legend"
1031+
>
1032+
What would you like to do next?
1033+
</legend>
1034+
<div
1035+
class="nhsuk-form-group"
1036+
>
1037+
<div
1038+
class="nhsuk-radios"
1039+
id="previewLetterTemplateAction"
1040+
>
1041+
<div
1042+
class="nhsuk-radios__item"
1043+
>
1044+
<input
1045+
class="nhsuk-radios__input"
1046+
data-testid="letter-edit-radio"
1047+
id="previewLetterTemplateAction-letter-edit"
1048+
name="previewLetterTemplateAction"
1049+
type="radio"
1050+
value="letter-edit"
1051+
/>
1052+
<label
1053+
class="nhsuk-label nhsuk-radios__label"
1054+
for="previewLetterTemplateAction-letter-edit"
1055+
id="previewLetterTemplateAction-letter-edit--label"
1056+
>
1057+
Edit template
1058+
</label>
1059+
</div>
1060+
<div
1061+
class="nhsuk-radios__item"
1062+
>
1063+
<input
1064+
class="nhsuk-radios__input"
1065+
data-testid="letter-submit-radio"
1066+
id="previewLetterTemplateAction-letter-submit"
1067+
name="previewLetterTemplateAction"
1068+
type="radio"
1069+
value="letter-submit"
1070+
/>
1071+
<label
1072+
class="nhsuk-label nhsuk-radios__label"
1073+
for="previewLetterTemplateAction-letter-submit"
1074+
id="previewLetterTemplateAction-letter-submit--label"
1075+
>
1076+
Submit template
1077+
</label>
1078+
</div>
1079+
</div>
1080+
</div>
1081+
</fieldset>
1082+
</div>
1083+
<button
1084+
aria-disabled="false"
1085+
class="nhsuk-button"
1086+
data-testid="submit-button"
1087+
id="preview-letter-template-submit-button"
1088+
type="submit"
1089+
>
1090+
Continue
1091+
</button>
1092+
</form>
1093+
<p>
1094+
<a
1095+
href="/manage-templates"
1096+
>
1097+
Back to all templates
1098+
</a>
1099+
</p>
1100+
</div>
1101+
</div>
1102+
</main>
1103+
</DocumentFragment>
1104+
`;

infrastructure/terraform/components/acct/module_sandbox_kms.tf

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,4 +12,6 @@ module "kms_sandbox" {
1212
name = "sandbox"
1313
deletion_window = var.kms_deletion_window
1414
alias = "alias/${local.csi}-sandbox"
15+
iam_delegation = true
1516
}
17+

0 commit comments

Comments
 (0)