Merge pull request #11 from WebFuzzing/runtime-validation-file-copy

Runtime validation file copy

Author: arcuri82

web-report/index.html

@@ -4,6 +4,7 @@
     <meta charset="UTF-8" />
     <link rel="icon" type="image/svg+xml" href="/src/assets/icon.svg" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta name="description" content="Web Fuzzing Commons" />
     <title>WFC Reports</title>
   </head>
   <body>

web-report/package.json

@@ -5,12 +5,13 @@
   "type": "module",
   "scripts": {
     "dev": "vite",
-    "generate": "json2ts ../src/main/resources/wfc/schemas/report.yaml src/types/GeneratedTypes.tsx",
+    "generate": "json2ts ../src/main/resources/wfc/schemas/report.yaml src/types/GeneratedTypes.tsx && ts-to-zod src/types/GeneratedTypes.tsx src/types/GeneratedTypesZod.ts",
     "build": "tsc -b && vite build",
-    "installAndBuild": "yarn install && yarn generate && vitest --no-watch && tsc -b && vite build",
+    "installAndBuild": "yarn install && yarn generate && vitest --no-watch && tsc -b && vite build && yarn copyRunFiles",
+    "copyRunFiles": "cpx webreport.bat ../target/classes/webreport && cpx webreport.command ../target/classes/webreport && cpx webreport.py ../target/classes/webreport && cpx src-e2e/static/robots.txt ../target/classes/webreport",
     "lint": "eslint .",
     "preview": "vite preview",
-    "debug": "vite build && cpx \"src-e2e/static/*\" ../target/classes/webreport && vite preview",
+    "debug": "vite build && cpx src-e2e/static/* ../target/classes/webreport && vite preview",
     "test": "vitest"
   },
   "dependencies": {
@@ -31,7 +32,8 @@
     "recharts": "^2.15.1",
     "tailwind-merge": "^3.0.2",
     "tailwindcss": "^4.0.14",
-    "tailwindcss-animate": "^1.0.7"
+    "tailwindcss-animate": "^1.0.7",
+    "zod": "^3.25.67"
   },
   "devDependencies": {
     "@eslint/js": "^9.21.0",
@@ -51,6 +53,7 @@
     "eslint-plugin-react-refresh": "^0.4.19",
     "globals": "^15.15.0",
     "happy-dom": "^17.4.7",
+    "ts-to-zod": "^3.15.0",
     "typescript": "^5.8.3",
     "typescript-eslint": "^8.24.1",
     "vite": "^6.2.0",

web-report/src-e2e/App.test.tsx

@@ -4,7 +4,7 @@ import {resolve} from "path";
 import {readFileSync} from "fs";
 import {vi} from "vitest";
 import App from "../src/App";
-import {fetchFileContent, getFaultCounts} from "@/lib/utils";
+import {fetchFileContent, getFaultCounts} from "../src/lib/utils";
 
 // Read the report.json file
 const reportJsonPath = resolve(__dirname, './static/report.json');

web-report/src-e2e/static/robots.txt

@@ -0,0 +1,2 @@
+User-agent: *
+Disallow:

web-report/src/App.css

@@ -1,5 +1,6 @@
 #root {
   min-width: 100%;
+  min-height: 100vh;
   margin: 0 auto;
   padding: 2rem;
   text-align: center;

web-report/src/AppProvider.tsx

@@ -2,6 +2,7 @@ import {createContext, useContext, useState, ReactNode, useEffect} from 'react';
 import {WebFuzzingCommonsReport} from "@/types/GeneratedTypes.tsx";
 import {ITestFiles} from "@/types/General.tsx";
 import {fetchFileContent, ITransformedReport, transformWebFuzzingReport} from "@/lib/utils.tsx";
+import {webFuzzingCommonsReportSchema} from "@/types/GeneratedTypesZod.ts";
 
 type AppContextType = {
     data: WebFuzzingCommonsReport | null;
@@ -31,10 +32,17 @@ export const AppProvider = ({ children }: AppProviderProps) => {
         const fetchData = async () => {
             try {
                 const jsonData = await fetchFileContent('./report.json') as WebFuzzingCommonsReport;
+
+                // Validate the JSON data against the schema
+                const report = webFuzzingCommonsReportSchema.safeParse(jsonData);
+                if (!report.success) {
+                    setError("Invalid report format. Please ensure the report is generated correctly.");
+                    return;
+                }
                 setData(jsonData);
             } catch (error: Error | unknown) {
                 if (error instanceof Error) {
-                    setError("Could not load the report file. Please check if the file exists and is accessible in /public folder.");
+                    setError("Could not load the report file. Please check if the file exists and is accessible in main folder.");
                 } else {
                     console.error(error);
                 }

web-report/src/types/GeneratedTypesZod.ts

@@ -0,0 +1,94 @@
+// Generated by ts-to-zod
+import { z } from "zod";
+
+export const operationIdSchema = z.string();
+
+export const testCaseIdSchema = z.string();
+
+export const httpStatusSchema = z.number();
+
+export const testFilePathSchema = z.string();
+
+export const testCaseSchema = z.record(z.unknown()).and(
+  z.object({
+    id: testCaseIdSchema.optional(),
+    filePath: testFilePathSchema.optional(),
+    name: z.string().optional(),
+    startLine: z.number().optional(),
+    endLine: z.number().optional(),
+  }),
+);
+
+export const faultCategoryIdSchema = z.record(z.unknown()).and(
+  z.object({
+    code: z.number(),
+    context: z.string().optional(),
+  }),
+);
+
+export const coveredEndpointSchema = z.record(z.unknown()).and(
+  z.object({
+    endpointId: operationIdSchema,
+    testCaseId: testCaseIdSchema,
+    httpStatus: z.tuple([httpStatusSchema]).rest(httpStatusSchema),
+  }),
+);
+
+export const coverageCriterionSchema = z.record(z.unknown()).and(
+  z.object({
+    name: z.string(),
+    covered: z.number(),
+    total: z.number().optional(),
+  }),
+);
+
+export const rESTReportSchema = z.record(z.unknown()).and(
+  z.object({
+    totalHttpCalls: z.number(),
+    endpointIds: z.array(operationIdSchema),
+    coveredHttpStatus: z.array(coveredEndpointSchema),
+  }),
+);
+
+export const coverageSchema = z.record(z.unknown()).and(
+  z.object({
+    toolName: z.string(),
+    criteria: z.array(coverageCriterionSchema),
+  }),
+);
+
+export const foundFaultSchema = z.record(z.unknown()).and(
+  z.object({
+    operationId: operationIdSchema.optional(),
+    testCaseId: testCaseIdSchema,
+    faultCategories: z
+      .tuple([faultCategoryIdSchema])
+      .rest(faultCategoryIdSchema),
+  }),
+);
+
+export const faultsSchema = z.record(z.unknown()).and(
+  z.object({
+    totalNumber: z.number(),
+    foundFaults: z.array(foundFaultSchema),
+  }),
+);
+
+export const webFuzzingCommonsReportSchema = z.record(z.unknown()).and(
+  z.object({
+    schemaVersion: z.string(),
+    toolName: z.string(),
+    toolVersion: z.string(),
+    creationTime: z.string(),
+    faults: faultsSchema,
+    problemDetails: z.record(z.unknown()).and(
+      z.object({
+        rest: rESTReportSchema.optional(),
+      }),
+    ),
+    totalTests: z.number(),
+    testFilePaths: z.array(testFilePathSchema),
+    testCases: z.array(testCaseSchema),
+    extra: z.array(coverageSchema).optional(),
+  }),
+);

web-report/vite.config.ts

@@ -19,8 +19,8 @@ export default defineConfig({
     },
   },
   build: {
-    outDir: '../target/classes/webreport',
-    rollupOptions: {
+      outDir: '../target/classes/webreport',
+      rollupOptions: {
       output: {
         entryFileNames: `assets/report.js`,
         chunkFileNames: `assets/[name].js`,
@@ -33,7 +33,7 @@ export default defineConfig({
                 return `assets/[name].svg`;
             }
             return `assets/[name].[ext]`;
-        },
+        }
       }
     }
   },

web-report/webreport.py

@@ -11,11 +11,17 @@ class Handler(http.server.SimpleHTTPRequestHandler):
     def __init__(self, *args, **kwargs):
         super().__init__(*args, directory=os.getcwd(), **kwargs)
 
+    def end_headers(self):
+        self.send_header("Cache-Control", "no-store, no-cache, must-revalidate, max-age=0")
+        self.send_header("Pragma", "no-cache")
+        self.send_header("Expires", "0")
+        super().end_headers()
+
 def start_server():
     with socketserver.TCPServer((HOST, PORT), Handler) as httpd:
         print(f"Serving at http://{HOST}:{PORT}")
         webbrowser.open_new_tab(f"http://{HOST}:{PORT}")
         httpd.serve_forever()
 
 if __name__ == "__main__":
-    start_server()
+    start_server()