Merge remote-tracking branch 'origin/master' into release/current

Author: guillaumejparis

.drone.yml

@@ -16,9 +16,9 @@ steps:
       MINIO_PORT: 9000
       ENGINE_URL: http://elastic:9200
     commands:
+      - mvn spotless:check
       - sleep 60
       - mvn clean install -q -DskipTests
-      - mvn spotless:check
       - cd openaev-api
       - mvn test
       - cd ../openaev-framework

.github/workflows/validate-pr-title.yml

@@ -0,0 +1,32 @@
+name: "Validate PR Title"
+
+on:
+  pull_request:
+    types: [ opened, edited, reopened, ready_for_review, synchronize ]
+
+jobs:
+  validate-pr-title:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+
+    steps:
+      - name: Check PR title format
+        shell: bash
+        run: |
+          TITLE="${{ github.event.pull_request.title }}"
+          echo "PR title: $TITLE"
+          
+          # Regex for:
+          # [category/subcategory] type(scope?): description (#123?)
+          PATTERN='^\[([a-z]+(/[a-z]+)*)\] (feat|fix|chore|docs|style|refactor|perf|test|build|ci|revert)(\([a-z]+\))?: [a-z].*( \(#[0-9]+\))$'
+          
+          if [[ ! "$TITLE" =~ $PATTERN ]]; then
+            echo "❌ Invalid PR title."
+            echo "Required format:"
+            echo "[category] type(scope?): description (#123)"
+            exit 1
+          fi
+          
+          echo "✅ PR title is valid."

openaev-api/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>io.openaev</groupId>
         <artifactId>openaev-platform</artifactId>
-        <version>2.0.2</version>
+        <version>2.0.3</version>
     </parent>
 
     <artifactId>openaev-api</artifactId>
@@ -49,7 +49,7 @@
         <dependency>
             <groupId>io.openaev</groupId>
             <artifactId>openaev-framework</artifactId>
-            <version>2.0.2</version>
+            <version>2.0.3</version>
         </dependency>
         <dependency>
             <groupId>co.elastic.clients</groupId>

openaev-api/src/main/java/io/openaev/migration/V4_46__Rename_platform_title_openaev.java

@@ -0,0 +1,40 @@
+package io.openaev.migration;
+
+import java.sql.Statement;
+import org.flywaydb.core.api.migration.BaseJavaMigration;
+import org.flywaydb.core.api.migration.Context;
+import org.springframework.stereotype.Component;
+
+@Component
+public class V4_46__Rename_platform_title_openaev extends BaseJavaMigration {
+
+  @Override
+  public void migrate(Context context) throws Exception {
+    try (Statement statement = context.getConnection().createStatement()) {
+      String[][] patterns = {
+        {"OPENBAS", "OPENAEV"},
+        {"OpenBAS", "OpenAEV"},
+        {"openbas", "openaev"},
+        {"Openbas", "Openaev"},
+        {"Breach & Attack Simulation", "Adversarial Exposure Validation"}
+      };
+
+      // Build nested REGEXP_REPLACE calls
+      StringBuilder sql = new StringBuilder("UPDATE parameters SET parameter_value = ");
+
+      // Start with the innermost value
+      String current = "parameter_value";
+
+      // Wrap each pattern in a REGEXP_REPLACE
+      for (String[] pattern : patterns) {
+        current =
+            String.format("REGEXP_REPLACE(%s, '%s', '%s', 'g')", current, pattern[0], pattern[1]);
+      }
+
+      sql.append(current);
+      sql.append(" WHERE parameter_key = 'platform_name' AND parameter_value ~* 'openbas'");
+
+      statement.executeUpdate(sql.toString());
+    }
+  }
+}

openaev-api/src/main/java/io/openaev/migration/V4_47__Force_es_reindex_all.java

@@ -0,0 +1,20 @@
+package io.openaev.migration;
+
+import java.sql.Statement;
+import org.flywaydb.core.api.migration.BaseJavaMigration;
+import org.flywaydb.core.api.migration.Context;
+import org.springframework.stereotype.Component;
+
+@Component
+public class V4_47__Force_es_reindex_all extends BaseJavaMigration {
+
+  @Override
+  public void migrate(Context context) throws Exception {
+    try (Statement statement = context.getConnection().createStatement()) {
+      statement.execute(
+          """
+              DELETE FROM indexing_status;
+              """);
+    }
+  }
+}

openaev-api/src/main/java/io/openaev/migration/V4_46__Create_Dependencies_instead_of_fromStarterPack_Column.java renamed to openaev-api/src/main/java/io/openaev/migration/V4_48__Create_Dependencies_instead_of_fromStarterPack_Column.java

@@ -6,7 +6,7 @@
 import org.springframework.stereotype.Component;
 
 @Component
-public class V4_46__Create_Dependencies_instead_of_fromStarterPack_Column
+public class V4_48__Create_Dependencies_instead_of_fromStarterPack_Column
     extends BaseJavaMigration {
 
   @Override

openaev-api/src/main/java/io/openaev/migration/V4_47__Add_catalog_connector.java renamed to openaev-api/src/main/java/io/openaev/migration/V4_49__Add_catalog_connector.java

@@ -6,7 +6,7 @@
 import org.springframework.stereotype.Component;
 
 @Component
-public class V4_47__Add_catalog_connector extends BaseJavaMigration {
+public class V4_49__Add_catalog_connector extends BaseJavaMigration {
 
   @Override
   public void migrate(Context context) throws Exception {

openaev-api/src/main/java/io/openaev/migration/V4_48__Update_catalog_connector_configuration.java renamed to openaev-api/src/main/java/io/openaev/migration/V4_50__Update_catalog_connector_configuration.java

@@ -6,7 +6,7 @@
 import org.springframework.stereotype.Component;
 
 @Component
-public class V4_48__Update_catalog_connector_configuration extends BaseJavaMigration {
+public class V4_50__Update_catalog_connector_configuration extends BaseJavaMigration {
   @Override
   public void migrate(Context context) throws Exception {
     try (Statement select = context.getConnection().createStatement()) {

openaev-api/src/main/java/io/openaev/rest/scenario/ScenarioApi.java

@@ -12,6 +12,7 @@
 import io.openaev.aop.RBAC;
 import io.openaev.database.model.*;
 import io.openaev.database.raw.RawPaginationScenario;
+import io.openaev.database.raw.RawPlayer;
 import io.openaev.database.repository.*;
 import io.openaev.healthcheck.dto.HealthCheck;
 import io.openaev.rest.asset.endpoint.form.EndpointOutput;
@@ -251,6 +252,15 @@ public List<TeamOutput> replaceScenarioTeams(
     return this.scenarioService.replaceTeams(scenarioId, input.getTeamIds());
   }
 
+  @GetMapping(SCENARIO_URI + "/{scenarioId}/players")
+  @RBAC(
+      resourceId = "#scenarioId",
+      actionPerformed = Action.READ,
+      resourceType = ResourceType.SCENARIO)
+  public Iterable<RawPlayer> getPlayersByScenario(@PathVariable String scenarioId) {
+    return userRepository.rawPlayersByScenarioId(scenarioId);
+  }
+
   @Transactional(rollbackOn = Exception.class)
   @PutMapping(SCENARIO_URI + "/{scenarioId}/teams/{teamId}/players/enable")
   @RBAC(

openaev-api/src/main/java/io/openaev/service/PermissionService.java

@@ -2,6 +2,8 @@
 
 import io.openaev.aop.RBACAspect;
 import io.openaev.database.model.*;
+import io.openaev.database.repository.EvaluationRepository;
+import io.openaev.database.repository.ObjectiveRepository;
 import io.openaev.rest.exception.ElementNotFoundException;
 import io.openaev.rest.inject.service.InjectService;
 import io.openaev.rest.injector_contract.InjectorContractService;
@@ -46,12 +48,18 @@ public class PermissionService {
 
   private static final EnumSet<ResourceType> RESOURCES_USING_PARENT_PERMISSION =
       EnumSet.of(
-          ResourceType.INJECT, ResourceType.NOTIFICATION_RULE, ResourceType.INJECTOR_CONTRACT);
+          ResourceType.INJECT,
+          ResourceType.NOTIFICATION_RULE,
+          ResourceType.INJECTOR_CONTRACT,
+          ResourceType.OBJECTIVE,
+          ResourceType.EVALUATION);
 
   private final GrantService grantService;
   private final InjectService injectService;
   private final NotificationRuleService notificationRuleService;
   private final InjectorContractService injectorContractService;
+  private final ObjectiveRepository objectiveRepository;
+  private final EvaluationRepository evaluationRepository;
 
   @Transactional
   public boolean hasPermission(
@@ -190,6 +198,27 @@ private Target resolveTarget(
         return new Target(ic.getPayload().getId(), ResourceType.PAYLOAD, action);
       }
       return new Target(ic.getId(), ResourceType.INJECTOR_CONTRACT, action);
+    } else if (resourceType == ResourceType.OBJECTIVE) {
+      Objective objective =
+          objectiveRepository
+              .findById(resourceId)
+              .orElseThrow(
+                  () -> new ElementNotFoundException("Objective not found with id: " + resourceId));
+      // parent action rule: anything non-READ becomes WRITE on the parent
+      Action parentAction = (action == Action.READ) ? Action.READ : Action.WRITE;
+      return new Target(
+          objective.getParentResourceId(), objective.getParentResourceType(), parentAction);
+    } else if (resourceType == ResourceType.EVALUATION) {
+      Evaluation evaluation =
+          evaluationRepository
+              .findById(resourceId)
+              .orElseThrow(
+                  () ->
+                      new ElementNotFoundException("Evaluation not found with id: " + resourceId));
+      // parent action rule: anything non-READ becomes WRITE on the parent
+      Action parentAction = (action == Action.READ) ? Action.READ : Action.WRITE;
+      return new Target(
+          evaluation.getParentResourceId(), evaluation.getParentResourceType(), parentAction);
     }
     return new Target(resourceId, resourceType, action);
   }