javavulny openapi and more stackhawk examples

Author: kcberg

openapi.json

@@ -1 +1 @@
-{"openapi":"3.0.1","info":{"title":"OpenAPI definition","version":"v0"},"servers":[{"url":"https://localhost:9000","description":"Generated server url"}],"paths":{"/api/jwt/items/search/":{"get":{"tags":["jwt-item-controller"],"operationId":"searchAll","responses":{"200":{"description":"default response","content":{"*/*":{"schema":{"type":"string"}}}}}}},"/api/jwt/items/search/{text}":{"get":{"tags":["jwt-item-controller"],"operationId":"search","parameters":[{"name":"text","in":"path","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"default response","content":{"*/*":{"schema":{"type":"string"}}}}}}},"/api/jwt/auth/signin":{"post":{"tags":["jwt-auth-controller"],"operationId":"signin","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationRequest"}}}},"responses":{"200":{"description":"default response","content":{"*/*":{"schema":{"type":"string"}}}}}}},"/api/token/items/search/":{"get":{"tags":["token-item-controller"],"operationId":"search_1","responses":{"200":{"description":"default response","content":{"*/*":{"schema":{"type":"string"}}}}}}},"/api/token/items/search/{text}":{"get":{"tags":["token-item-controller"],"operationId":"search_2","parameters":[{"name":"text","in":"path","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"default response","content":{"*/*":{"schema":{"type":"string"}}}}}}},"/api/basic/items/search/":{"get":{"tags":["basic-auth-item-controller"],"operationId":"search_3","responses":{"200":{"description":"default response","content":{"*/*":{"schema":{"type":"string"}}}}}}},"/api/basic/items/search/{text}":{"get":{"tags":["basic-auth-item-controller"],"operationId":"search_4","parameters":[{"name":"text","in":"path","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"default response","content":{"*/*":{"schema":{"type":"string"}}}}}}}},"components":{"schemas":{"AuthenticationRequest":{"type":"object","properties":{"username":{"type":"string"},"password":{"type":"string"}}}}}}
+{"openapi":"3.0.1","info":{"title":"OpenAPI definition","version":"v0"},"servers":[{"url":"https://localhost:9000","description":"Generated server url"}],"paths":{"/api/jwt/auth/signin":{"post":{"tags":["jwt-auth-controller"],"operationId":"signin","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationRequest"}}}},"responses":{"200":{"description":"default response","content":{"*/*":{"schema":{"type":"string"}}}}}}},"/api/jwt/users/search/{text}":{"get":{"tags":["jwt-user-controller"],"operationId":"search","parameters":[{"name":"text","in":"path","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"default response","content":{"*/*":{"schema":{"type":"string"}}}}}}},"/api/jwt/users/search/":{"get":{"tags":["jwt-user-controller"],"operationId":"searchAll","responses":{"200":{"description":"default response","content":{"*/*":{"schema":{"type":"string"}}}}}}},"/api/jwt/items/search":{"post":{"tags":["jwt-item-controller"],"operationId":"search_1","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Search"}}}},"responses":{"200":{"description":"default response","content":{"*/*":{"schema":{"type":"string"}}}}}}},"/api/jwt/items/search/{text}":{"get":{"tags":["jwt-item-controller"],"operationId":"search_2","parameters":[{"name":"text","in":"path","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"default response","content":{"*/*":{"schema":{"type":"string"}}}}}}},"/api/jwt/items/search/":{"get":{"tags":["jwt-item-controller"],"operationId":"searchAll_1","responses":{"200":{"description":"default response","content":{"*/*":{"schema":{"type":"string"}}}}}}},"/api/basic/items/search/":{"get":{"tags":["basic-auth-item-controller"],"operationId":"search_3","responses":{"200":{"description":"default response","content":{"*/*":{"schema":{"type":"string"}}}}}}},"/api/basic/items/search/{text}":{"get":{"tags":["basic-auth-item-controller"],"operationId":"search_4","parameters":[{"name":"text","in":"path","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"default response","content":{"*/*":{"schema":{"type":"string"}}}}}}},"/api/token/items/search/":{"get":{"tags":["token-item-controller"],"operationId":"search_5","responses":{"200":{"description":"default response","content":{"*/*":{"schema":{"type":"string"}}}}}}},"/api/token/items/search/{text}":{"get":{"tags":["token-item-controller"],"operationId":"search_6","parameters":[{"name":"text","in":"path","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"default response","content":{"*/*":{"schema":{"type":"string"}}}}}}}},"components":{"schemas":{"AuthenticationRequest":{"type":"object","properties":{"username":{"type":"string"},"password":{"type":"string"}}},"Search":{"type":"object","properties":{"searchText":{"type":"string"}}}}}}

openapi.yaml

@@ -6,22 +6,27 @@ servers:
 - url: https://localhost:9000
   description: Generated server url
 paths:
-  /api/jwt/items/search/:
-    get:
+  /api/jwt/auth/signin:
+    post:
       tags:
-      - jwt-item-controller
-      operationId: searchAll
+      - jwt-auth-controller
+      operationId: signin
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AuthenticationRequest'
       responses:
         200:
           description: default response
           content:
             '*/*':
               schema:
                 type: string
-  /api/jwt/items/search/{text}:
+  /api/jwt/users/search/{text}:
     get:
       tags:
-      - jwt-item-controller
+      - jwt-user-controller
       operationId: search
       parameters:
       - name: text
@@ -36,39 +41,39 @@ paths:
             '*/*':
               schema:
                 type: string
-  /api/jwt/auth/signin:
-    post:
+  /api/jwt/users/search/:
+    get:
       tags:
-      - jwt-auth-controller
-      operationId: signin
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/AuthenticationRequest'
+      - jwt-user-controller
+      operationId: searchAll
       responses:
         200:
           description: default response
           content:
             '*/*':
               schema:
                 type: string
-  /api/token/items/search/:
-    get:
+  /api/jwt/items/search:
+    post:
       tags:
-      - token-item-controller
+      - jwt-item-controller
       operationId: search_1
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/Search'
       responses:
         200:
           description: default response
           content:
             '*/*':
               schema:
                 type: string
-  /api/token/items/search/{text}:
+  /api/jwt/items/search/{text}:
     get:
       tags:
-      - token-item-controller
+      - jwt-item-controller
       operationId: search_2
       parameters:
       - name: text
@@ -83,6 +88,18 @@ paths:
             '*/*':
               schema:
                 type: string
+  /api/jwt/items/search/:
+    get:
+      tags:
+      - jwt-item-controller
+      operationId: searchAll_1
+      responses:
+        200:
+          description: default response
+          content:
+            '*/*':
+              schema:
+                type: string
   /api/basic/items/search/:
     get:
       tags:
@@ -113,19 +130,32 @@ paths:
             '*/*':
               schema:
                 type: string
-  /log4j:
+  /api/token/items/search/:
     get:
       tags:
-        - jwt-auth-controller
-      operationId: log4j,
-      requestBody:
-        content:
-          '*/*':
-            schema:
-              type: string
+      - token-item-controller
+      operationId: search_5
+      responses:
+        200:
+          description: default response
+          content:
+            '*/*':
+              schema:
+                type: string
+  /api/token/items/search/{text}:
+    get:
+      tags:
+      - token-item-controller
+      operationId: search_6
+      parameters:
+      - name: text
+        in: path
+        required: true
+        schema:
+          type: string
       responses:
         200:
-          description: default response,
+          description: default response
           content:
             '*/*':
               schema:
@@ -139,3 +169,8 @@ components:
           type: string
         password:
           type: string
+    Search:
+      type: object
+      properties:
+        searchText:
+          type: string

src/main/java/hawk/api/jwt/JwtItemController.java

@@ -1,11 +1,16 @@
 package hawk.api.jwt;
 
+import hawk.api.SearchResult;
 import hawk.form.Search;
 import hawk.service.SearchService;
+import lombok.val;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.Mapping;
 import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -31,4 +36,10 @@ public ResponseEntity search(@PathVariable("text") String text) {
         Search search = new Search(text);
         return ResponseEntity.ok(searchService.search(search));
     }
+
+    @PostMapping("/search")
+    public ResponseEntity search(@RequestBody Search search) {
+        SearchResult result = new SearchResult(search.getSearchText(), searchService.search(search));
+        return ResponseEntity.ok(result);
+    }
 }

stackhawk-ajax.yml

@@ -0,0 +1,9 @@
+hawk:
+  spider:
+    ajax: true
+    ajaxBrowser: FIREFOX
+  config:
+    - "ajaxSpider.eventWait=20"
+    - "ajaxSpider.reloadWait=70"
+
+

stackhawk-openapi.yml

@@ -0,0 +1,30 @@
+app:
+  applicationId: ${APP_ID:dacc7d3e-babc-47d2-b040-ab117ab04526}
+  env: ${APP_ENV:dev-api}
+  host: ${APP_HOST:https://localhost:9000}
+  excludePaths:
+    - "/logout"
+  antiCsrfParam: "_csrf"
+  authentication:
+    loggedInIndicator: "HTTP.*200.*"
+    loggedOutIndicator: ".*Location:.*/login.*"
+    usernamePassword:
+      type: JSON
+      loginPath: /api/jwt/auth/signin
+      usernameField: username
+      passwordField: password
+      scanUsername: "user"
+      scanPassword: "password"
+    tokenAuthorization:
+      type: HEADER
+      value: Authorization
+      tokenType: Bearer
+    tokenExtraction:
+      type: TOKEN_PATH
+      value: "token"
+    testPath:
+      path: /api/jwt/items/search/i
+      success: "HTTP.*200.*"
+  openApiConf:
+    # path: /openapi
+    filePath: openapi.yaml

stackhawk.yml

@@ -1,11 +1,11 @@
 app:
-  applicationId: ${APP_ID:dacc7d3e-babc-47d2-b040-ab117ab04526}
+  applicationId: ${APP_ID:30a44281-c5a7-46c9-912d-0f5c6a0f3c69}
   env: ${APP_ENV:dev}
   host: ${APP_HOST:https://localhost:9000}
   excludePaths:
     - "/logout"
-    #- "/login-form-multi"
-    #- "/login-code"
+#    - "/login-form-multi"
+#    - "/login-code"
   antiCsrfParam: "_csrf"
   authentication:
     loggedInIndicator: "\\QSign Out\\E"
@@ -31,4 +31,3 @@ hawk:
 #    - "scanner.analyser.redirectEqualsNotFound=false"
 #    - "scanner.analyser.followRedirect=true"
 
-