initial commit

Author: miklpotter

controller.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<databaseChangeLog
+    xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:ext="http://www.liquibase.org/xml/ns/dbchangelog-ext"
+    xmlns:pro="http://www.liquibase.org/xml/ns/pro"
+    xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
+        http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-latest.xsd
+        http://www.liquibase.org/xml/ns/dbchangelog-ext http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-ext.xsd
+        http://www.liquibase.org/xml/ns/pro http://www.liquibase.org/xml/ns/pro/liquibase-pro-latest.xsd">
+
+    <!-- SERT property file with parameters -->
+    <property  file="sert.properties" contextFilter="standalone" />
+
+    <include
+        file="product/sertController.xml"
+        relativeToChangelogFile="true"/>
+
+</databaseChangeLog>

development/.DS_Store

@@ -0,0 +1,5 @@
+-------------------------------------------------------------------------------
+-- Copyright (c) 2024 Oracle and/or its affiliates.
+-- Licensed under the Universal Permissive License v 1.0 as shown
+-- at https://oss.oracle.com/licenses/upl/
+--------------------------------------------------------------------------------

development/licence_snip.txt

@@ -0,0 +1,11 @@
+# Scripts Directory
+
+Place ad-hoc type scripts in here. 
+
+Examples:
+
+- reset
+- debugging
+- load testing
+- etc
+

development/scripts/README.md

@@ -0,0 +1,13 @@
+#!/bin/bash
+for file in $(find ./product/sert/apex -type file -iname '*.sql'  -exec  grep  -H -E -o -c  "\-\-liquibase formatted sql"  {} \; | sed 's/..$//')
+do
+  if [ 0 -eq $(grep  -c  "Universal Permissive License"  ${file} ) ]
+  then
+    ed -s ${file} <<<$'1r development/licence_snip.txt\nw'
+  else
+   echo "****** found license for ${file}"
+  fi
+done
+# fix format trick
+#'
+#  ed -s ${file} <<<$'0r development/licence_snip.txt\nw'

development/scripts/add_apex_sql_license.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+for file in $(find . -type file -iname '*.sql'  -exec  grep  -H -E -o -c  "\-\-liquibase formatted sql"  {} \; | grep :1$| sed 's/..$//')
+do
+  if [ 0 -eq $(grep  -c  "Universal Permissive License"  ${file} ) ]
+  then
+    ed -s ${file} <<<$'1r development/licence_snip.txt\nw'
+  else
+   echo "****** found license for ${file}"
+  fi
+done
+# fix format trick
+#'
+#  ed -s ${file} <<<$'0r development/licence_snip.txt\nw'

development/scripts/add_sql_license.sh

@@ -0,0 +1,38 @@
+--liquibase formatted sql
+-------------------------------------------------------------------------------
+-- Copyright (c) 2024 Oracle and/or its affiliates.
+-- Licensed under the Universal Permissive License v 1.0 as shown
+-- at https://oss.oracle.com/licenses/upl/
+--------------------------------------------------------------------------------
+
+--changeset mipotter:tst_set_workspace_parameter_ALLOW_HOSTING_EXTENSIONS endDelimiter:/ runOnChange:true runAlways:true rollbackEndDelimiter:/
+begin
+  sert_core.extension_xapi.allow_hosting( '${sert_apex_workspace}');
+end;
+/
+--changeset mipotter:tst_setup_builder_extension_add_menu_entry endDelimiter:/ runOnChange:true runAlways:true rollbackEndDelimiter:/
+begin
+  sert_core.extension_xapi.add_menu_entry (
+    p_url => 'r/${sert_apex_workspace}/apex_sert/home?session='||chr(38)||'APP_SESSION_ID.'||chr(38)||'P1_BUILDER_SESSION_ID='||chr(38)||'APP_SESSION_ID.',
+    p_workspace =>'${sert_apex_workspace}',
+    p_label => 'SERT 2.0'
+  );
+end;
+/
+--rollback not required
+-- begin
+--   sert_core.extension_xapi.add_menu_entry (
+--     p_url => 'r/SERT/apex_sert/home?session='||chr(38)||'APP_SESSION_ID.'||chr(38)||'P1_BUILDER_SESSION_ID='||chr(38)||'APP_SESSION_ID.',
+--     p_workspace =>'SERT',
+--     p_label => 'SERT 2.0'
+--   );
+-- end;
+-- /
+
+--changeset mipotter:tst_setup_builder_extension_grants endDelimiter:/ runOnChange:true runAlways:true rollbackEndDelimiter:/
+-- this can be enabled AFTER workspace parameter ALLOW_HOSTING_EXTENSIONS is set ( no automated until patch 24.1.2)
+BEGIN
+  sert_core.extension_xapi.grant_extension_workspace ( p_to_workspace =>'${sert_apex_workspace}' );
+end;
+/
+--rollback not required

development/scripts/ext.sql

@@ -0,0 +1,87 @@
+
+-- instance admin allow hosting extensions
+-- requires patch on ADB for bug 36753968
+--https://bug.oraclecorp.com/pls/bug/webbug_edit.edit_info_top?rptno=36753968&report_title=&rptno_count=19&pos=5&query_id=453900
+begin
+  apex_instance_admin.set_workspace_parameter('SERT', 'ALLOW_HOSTING_EXTENSIONS', 'Y');
+end;
+/
+
+-- https://docs.oracle.com/en/database/oracle/apex/24.1/aeapi/APEX_EXTENSION.ADD_MENU_ENTRY-Procedure.html#GUID-3F5696AC-5BCE-4915-9169-8F45D60ED28C
+BEGIN
+  APEX_EXTENSION.ADD_MENU_ENTRY (
+    p_label            =>'APEX SERT',
+    p_url              => 'r/sert/sert/home?session=&APP_SESSION_ID.&P1_BUILDER_SESSION_ID=&APP_SESSION_ID.',
+    p_display_sequence => 10,
+    p_description      => 'APEX SERT Security and standards scanner',
+    p_is_public        => true,
+    p_workspace        =>'SERT' )
+END;
+/
+
+-- https://docs.oracle.com/en/database/oracle/apex/24.1/aeapi/GRANT_EXTENSION_WORKSPACE-Procedure.html#GUID-170786CB-23FF-43FB-BED6-F41E28029C1B
+BEGIN
+dbms_output.put_line('APEX version '||apex_application.g_flow_schema_owner);
+    for rec in
+      (select workspace from apex_workspaces aw
+        where aw.workspace <> 'SERT'
+        and   not exists ( select workspace_name from apex_workspace_schemas ws
+                            where ws.workspace_name = aw.workspace and schema = apex_application.g_flow_schema_owner)
+        minus
+        select grantor_workspace workspace
+        from apex_workspace_extension_grant
+        where grantee_workspace = 'SERT' )
+    loop
+      dbms_output.put_line(rec.workspace);
+      apex_instance_admin.grant_extension_workspace(
+          p_from_workspace      => rec.workspace,
+          p_to_workspace        => 'SERT',
+          p_read_access         => true
+      );
+    end loop;
+end;
+/
+
+/*******************************************
+** statements in the workspace export.
+******************************************/
+
+begin
+-- public API is APEX_EXTENSION.ADD_MENU_ENTRY
+wwv_imp_workspace.create_extension_link(
+ p_id=>wwv_flow_imp.id(10395017022757818)
+,p_name=>'SERT Next' -- p_label
+,p_url=>'r/sert/sert/home?session=&APP_SESSION_ID.&P1_BUILDER_SESSION_ID=&APP_SESSION_ID.'
+,p_description=>'SERT Next'
+,p_display_sequence=>10
+,p_is_public=>true
+);
+end;
+/
+
+prompt ... Extension Grants
+
+begin
+wwv_flow_imp.import_end(p_auto_install_sup_obj => nvl(wwv_flow_application_install.get_auto_install_sup_obj, false)
+);
+commit;
+end;
+/
+
+
+prompt ... Extension Grants
+
+begin
+wwv_imp_workspace.create_extension_grant(
+ p_id=>wwv_flow_imp.id(10482516654792036)
+,p_extension_workspace=>'SERT'
+,p_has_read_access=>true
+);
+end;
+/
+begin
+wwv_flow_imp.import_end(p_auto_install_sup_obj => nvl(wwv_flow_application_install.get_auto_install_sup_obj, false)
+);
+commit;
+end;
+/

development/scripts/extension_workup.sql

@@ -0,0 +1,38 @@
+set serverout on
+
+DECLARE
+    TYPE t_tab IS TABLE OF all_objects%ROWTYPE;
+    l_tab t_tab;
+    l_set CLOB;
+    l_chr_lf VARCHAR2(1) := CHR(10);
+    l_invalid_object VARCHAR2(255);
+    l_sep VARCHAR2(50) := '--------------------------------------------------';
+BEGIN
+    SELECT ao.*
+        BULK COLLECT INTO l_tab
+    FROM all_objects ao
+    JOIN (SELECT trim(column_value) as schema_name
+            FROM TABLE(APEX_STRING.SPLIT(property('PROJECT.PROJECT_SCHEMAS'), ':'))) ps
+            ON ps.schema_name = ao.owner
+    WHERE ao.status != 'VALID'
+        AND ao.owner != 'INT_SUPPORT_PUB'
+    ORDER BY ao.owner, object_name;
+
+    IF l_tab.exists(1) THEN
+        DBMS_LOB.CREATETEMPORARY(lob_loc => l_set, cache => FALSE);
+        FOR idx IN 1 .. l_tab.count
+        LOOP
+            l_invalid_object := l_tab(idx).object_type || ' : ' || l_tab(idx).owner || '.' || l_tab(idx).object_name;
+            DBMS_OUTPUT.PUT_LINE('Invalid Object: ' || l_invalid_object);
+            DBMS_LOB.WRITEAPPEND(lob_loc => l_set, amount => LENGTH(l_invalid_object || l_chr_lf), buffer => l_invalid_object || l_chr_lf);
+        END LOOP;
+        RAISE_APPLICATION_ERROR(
+            -20001,
+            'Invalid objects exist'
+                || l_chr_lf || l_sep
+                || l_chr_lf || SUBSTR(l_set, 1, 32767)
+                || l_chr_lf || l_sep
+        );
+    END IF;
+END;
+/

development/scripts/invalid_object_check.sql

@@ -0,0 +1,21 @@
+--liquibase formatted sql
+-------------------------------------------------------------------------------
+-- Copyright (c) 2024 Oracle and/or its affiliates.
+-- Licensed under the Universal Permissive License v 1.0 as shown
+-- at https://oss.oracle.com/licenses/upl/
+--------------------------------------------------------------------------------
+--changeset mzimon:oci_grants endDelimiter:/ runOnChange:true runAlways:false rollbackEndDelimiter:/
+--preconditions onFail:MARK_RAN onError:HALT
+-------------------------------------------------------------------------------
+-- this file should live in product/sert/sert_pub/grant/oci_grants.sql
+-- 06-jan-2025 moving to a development space to disable
+-------------------------------------------------------------------------------
+grant DWROLE to SERT_PUB
+/
+
+begin
+    dbms_cloud_admin.enable_resource_principal();
+    dbms_cloud_admin.enable_resource_principal(username => 'SERT_PUB');
+end;
+/
+--rollback not required

development/scripts/oci_grants.sql

@@ -0,0 +1,74 @@
+#!/usr/bin/env bash
+set -o pipefail
+set -e
+
+# There are cases where you want to build artifact in any given branch. In that
+# scenario - we use date string, but primarily this should always be driven from
+# the tag name.
+if [[ "${CI_COMMIT_TAG}" != "" ]]
+then
+  buildVersion="${CI_COMMIT_TAG}"
+  echo "Publishing artifacts for tag: ${CI_COMMIT_TAG}"
+else
+  buildVersion=$(printf "%s_%s" "$(date -u +%y.%m.%d)" "${CI_PIPELINE_ID}")
+  echo "Building artifacts for tag: ${buildVersion}"
+fi
+
+targetFile="sert_${buildVersion}.zip"
+publishBaseUrl="${P_ARTIFACTORY_BASE_URL}/artifactory/xgbu-ace-dev/sert"
+apiBaseUrl="${P_ARTIFACTORY_BASE_URL}/api/storage/xgbu-ace-dev/sert"
+
+# URL's for the version release (e.g. sert_23.11.01.zip)
+publishUrl="${publishBaseUrl}/${targetFile}"
+
+# URL's for teh latest release (e.g. sert_latest.zip). Whenever doing a new build
+# we always duplicate the release file into a file ending in latest. This is so
+# people taking it up can always just grab the latest release, but we still have
+# a version history if anyone wanted to grab a specific version.
+publishUrlLatest="${publishBaseUrl}/sert_latest.zip"
+
+# Create a temporary folder to copy files into that we want to form the zip/release
+# This file-set may evolve over time.
+tmpDir=$(mktemp -d -p .)
+
+# Disable SC2086 because we want the product files to be read directly so it can
+# be sed to copy all the specified files, rather than being treated as a single
+# value.
+# shellcheck disable=SC2086
+cp -r ${PRODUCT_FILES} "${tmpDir}/"
+
+# Substitute the version string in our release file
+sed -i "s|#DEVELOPMENT_BUILD#|${buildVersion}|g" "${tmpDir}/product/sert/sert_core/seed_data/055_prefs_internal_merge.sql"
+
+(cd "${tmpDir}" && zip -r "../${targetFile}" ./*)
+
+# We have no need for the temp folder now we have zipped up all the files
+rm -rf "${tmpDir}"
+
+# Only publish the artifact to artifactory on tag pipeline
+if [[ "${CI_COMMIT_TAG}" != "" ]]
+then
+  # Publishing process can include two files - the version bound to the tag name
+  # and a separate version (which is the same file with a different name) using
+  # -latest, so consumers can just always pull the latest.
+  #
+  # Additionally, the published file we will attach properties with the version
+  # so consumers can do things programatically - and the short SHA of the reference
+  # commit. This is helpful to go to the point in time in the git history.
+  # More info on the properties API here: https://jfrog.com/help/r/jfrog-rest-apis/set-item-properties
+
+  # First publish the versioned file
+  curl -H "Authorization:Bearer ${ARTIFACTORY_ACCESS_TOKEN}" -T "${targetFile}" "${publishUrl}"
+  propertiesUrl="${apiBaseUrl}/${targetFile}?properties=version=${buildVersion};ci_commit_short_sha=${CI_COMMIT_SHORT_SHA}"
+  curl -X PUT --fail -H "Authorization:Bearer ${ARTIFACTORY_ACCESS_TOKEN}" "${propertiesUrl}"
+
+  # Then create a latest version. BUT we don't want to do this on beta tags. A
+  # pattern to adapt is to use `beta.` prefix on the tag when doing some testing.
+  # In that scenario, we don't want to affect the latest version that gets published.
+  if [[ ! "${CI_COMMIT_TAG}" =~ ^beta\..+ ]]
+  then
+    curl -H "Authorization:Bearer ${ARTIFACTORY_ACCESS_TOKEN}" -T "${targetFile}" "${publishUrlLatest}"
+    propertiesUrlLatest="${apiBaseUrl}/sert_latest.zip?properties=version=${buildVersion};ci_commit_short_sha=${CI_COMMIT_SHORT_SHA}"
+    curl -X PUT --fail -H "Authorization:Bearer ${ARTIFACTORY_ACCESS_TOKEN}" "${propertiesUrlLatest}"
+  fi
+fi

development/scripts/push_release.sh

@@ -0,0 +1,63 @@
+set serveroutput on
+
+declare
+  procedure drop_user(p_user in varchar2)
+  as
+    e_user_not_found exception;
+    pragma exception_init(e_user_not_found, -01918);
+  begin
+    dbms_output.put_line('dropping user '||p_user);
+    execute immediate 'drop user ' || p_user || ' cascade';
+    -- if user doesnt exist, just continue without error
+  exception when e_user_not_found then null;
+  end drop_user;
+
+  --
+
+  procedure clear_lb_table(p_table in varchar2)
+  as
+    e_table_not_found exception;
+    pragma exception_init(e_table_not_found, -00942);
+  begin
+    execute immediate 'truncate table acdc.' || p_table;
+  -- if table doesnt exist, just continue without error
+  exception when e_table_not_found then null;
+  end clear_lb_table;
+
+  --
+
+  procedure remove_apex_workspace(p_workspace_name in varchar2)
+  as
+    e_workspace_not_found exception;
+    pragma exception_init(e_workspace_not_found, -20987);
+  begin
+
+    for rec in (select grantor_workspace workspace
+                from apex_workspace_extension_grant
+                where grantee_workspace = upper('SERT' )
+    ) loop
+      apex_instance_admin.revoke_extension_workspace(p_from_workspace => rec.workspace,p_to_workspace => 'SERT');
+    end loop;
+     apex_extension.remove_menu_entry(p_label => 'APEX SERT', p_workspace => 'SERT');
+    commit;
+    --
+    apex_instance_admin.remove_workspace(p_workspace_name);
+  -- if workspace doesnt exist, just continue without error
+    -- apex_extension.remove_menu_entry(p_label => 'APEX SERT', p_workspace => 'SERT');
+  exception when e_workspace_not_found then null;
+  end remove_apex_workspace;
+begin
+
+  dbms_output.put_line('Clear changelog tables');
+  clear_lb_table(p_table => 'SERT_DATABASECHANGELOG');
+  clear_lb_table(p_table => 'SERT_DATABASECHANGELOG_ACTIONS');
+  clear_lb_table(p_table => 'SERT_DATABASECHANGELOGLOCK');
+
+  dbms_output.put_line('Drop APEX workspace');
+  remove_apex_workspace('SERT');
+  -- commit;
+  dbms_output.put_line('Drop sert schemas');
+  drop_user('sert_core');
+  drop_user('sert_pub');
+end;
+/