Skip to content
This repository was archived by the owner on Feb 18, 2026. It is now read-only.

Secure Prometheus Endpoint and Add Dependency Check #552

Open
yacosta738 wants to merge 1 commit into
base: main
Choose a base branch
from
+1 −10
Open

Secure Prometheus Endpoint and Add Dependency Check #552

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 0 additions & 9 deletions client/apps/webapp/components.d.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@
// ------
// Generated by unplugin-vue-components
// Read more: https://github.com/vuejs/core/pull/3399
import { GlobalComponents } from 'vue'

export {}

Expand All @@ -18,11 +17,3 @@ declare module 'vue' {
UserNav: typeof import('./src/components/UserNav.vue')['default']
}
}

// For TSX support
declare global {
const RouterLink: typeof import('vue-router')['RouterLink']
const RouterView: typeof import('vue-router')['RouterView']
const ThemeSwitcher: typeof import('./src/components/ThemeSwitcher.vue')['default']
const UserNav: typeof import('./src/components/UserNav.vue')['default']
}
1 change: 1 addition & 0 deletions server/engine/build.gradle.kts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ import com.cvix.buildlogic.common.AppConfiguration

plugins {
id("app.spring.boot.convention")
id("app.owasp.dependency.check")
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai bot Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Find the build-logic directory and explore its structure
echo "=== Repository structure ==="
fd -t d -name 'build-logic' . | head -20

echo -e "\n=== Contents of build-logic ==="
if [ -d "build-logic" ]; then
  find build-logic -type f -name "*.gradle.kts" | head -30
fi

echo -e "\n=== Searching for owasp plugin definition ==="
fd -t f \( -name "*.gradle.kts" -o -name "*.kt" \) build-logic 2>/dev/null | xargs grep -l 'owasp\|dependency.check' 2>/dev/null | head -20

echo -e "\n=== Checking for plugin convention files ==="
fd -t f -path '*/build-logic/*' -name '*Owasp*' -o -path '*/build-logic/*' -name '*owasp*'

echo -e "\n=== Looking at settings.gradle.kts in build-logic ==="
if [ -f "build-logic/settings.gradle.kts" ]; then
  cat -n build-logic/settings.gradle.kts
fi

Repository: dallay/cvix

Length of output: 1795

🏁 Script executed:

#!/bin/bash
# Broader search for owasp references
echo "=== Searching entire repo for owasp references ==="
rg -i 'owasp|dependency.check' --type gradle --type kotlin 2>/dev/null | head -30

echo -e "\n=== Checking root settings.gradle.kts for plugin registration ==="
if [ -f "settings.gradle.kts" ]; then
  cat -n settings.gradle.kts | head -50
fi

echo -e "\n=== Looking for how convention plugins are registered ==="
rg -i 'pluginManagement|includeBuild.*build-logic' --type gradle | head -20

echo -e "\n=== Checking if owasp-dependency-check-convention directory exists ==="
find . -type d -name '*owasp*' 2>/dev/null

echo -e "\n=== Verifying the server/engine/build.gradle.kts file ==="
cat -n server/engine/build.gradle.kts | head -15

Repository: dallay/cvix

Length of output: 5881

🏁 Script executed:

#!/bin/bash
echo "=== AppOwaspPlugin implementation ==="
cat -n build-logic/analysis-convention/src/main/kotlin/com/cvix/buildlogic/analysis/AppOwaspPlugin.kt

echo -e "\n=== analysis-convention build.gradle.kts ==="
cat -n build-logic/analysis-convention/build.gradle.kts | head -40

Repository: dallay/cvix

Length of output: 7858

Fix the custom task: refactor purgeDependencyCheckDatabase to use @TaskAction instead of doFirst/doLast.

The purgeDependencyCheckDatabase task in AppOwaspPlugin.kt uses a generic Delete task with doFirst/doLast blocks (lines 26–47). Per the coding guidelines, never use generic tasks with manual lifecycle blocks—create a custom task class with proper @TaskAction annotation for build cache support and deterministic caching:

abstract class PurgeDependencyCheckDatabaseTask : DefaultTask() {
    `@TaskAction`
    fun purge() {
        println("Purging dependency check database...")
        fileTree(layout.buildDirectory.dir("dependency-check-data").get().asFile) {
            include("*.h2.db")
            include("*.mv.db")
            include("*.trace.db")
            include("*.lock.db")
        }.forEach { it.delete() }
        println("Dependency check database purged successfully.")
    }
}

Then register it as tasks.register<PurgeDependencyCheckDatabaseTask>("purgeDependencyCheckDatabase"). This ensures proper input/output tracking and respects the build cache.

The plugin otherwise follows best practices—uses public APIs, lazy task registration, and centralizes OWASP configuration cleanly.

🤖 Prompt for AI Agents 
In `@server/engine/build.gradle.kts` at line 5, The current
purgeDependencyCheckDatabase task uses a generic Delete task with doFirst/doLast
lifecycle blocks which breaks deterministic caching; replace it by adding a
custom task class PurgeDependencyCheckDatabaseTask (subclass DefaultTask) with a
`@TaskAction` method (e.g., purge) that performs the fileTree search and deletes
matching files, and then register it via
tasks.register<PurgeDependencyCheckDatabaseTask>("purgeDependencyCheckDatabase")
in AppOwaspPlugin.kt so Gradle can track inputs/outputs and support the build
cache.

kotlin("jvm").version(libs.versions.kotlin)
kotlin("plugin.spring").version(libs.versions.kotlin)
alias(libs.plugins.gradle.git.properties)
Expand Down
1 change: 0 additions & 1 deletion ...er/engine/src/main/kotlin/com/cvix/authentication/infrastructure/SecurityConfiguration.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -211,7 +211,6 @@ class SecurityConfiguration(
.pathMatchers("/api/**").authenticated()
.pathMatchers("/management/health").permitAll()
.pathMatchers("/management/info").permitAll()
.pathMatchers("/management/prometheus").permitAll()
.pathMatchers("/management/**").hasAuthority(Role.ADMIN.key())
}

Expand Down
Loading