-
-
Notifications
You must be signed in to change notification settings - Fork 673
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
webuipoc: add react based UI #5443
Conversation
Signed-off-by: Najam Ul Saqib <najamulsaqib@tutamail.com>
Signed-off-by: Najam Ul Saqib <najamulsaqib@tutamail.com>
Signed-off-by: Najam Ul Saqib <najamulsaqib@tutamail.com>
CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅ |
Tailwind-CSS integrated in this React App |
Please create a pull request from a personal repo, otherwise we aren't able to push. |
Earlier I have got PRs merged from Tecvity's fork; is this a recent change? |
It's not about merging the PR but pushing to the PR's branch. |
I see, are you guys also willing to contribute to Web GUI? |
Yes not only contribute but maintain too. |
I have made a new fork on personal repository, now should I make another PR from new fork after closing this PR? |
Since this is near ready I'd keep as is and for following PRs use the new fork. |
Should be updated to pick/use #5446. |
Signed-off-by: Najam Ul Saqib <najamulsaqib@tutamail.com>
Done |
Does it still need to disable the CSP, if so, are the errors as before? |
Signed-off-by: Najam Ul Saqib <najamulsaqib@tutamail.com>
Co-authored-by: Akshath Kothari <akshath.kothari@gmail.com> Signed-off-by: Najam Ul Saqib <najamulsaqib@tutamail.com>
Signed-off-by: Najam Ul Saqib <najamulsaqib@tutamail.com>
const [childNode,SetChildNode] = useState(null); | ||
const WebClickZAP = async () => { | ||
try { | ||
const response = await axios.get('http://localhost:1337/JSON/core/view/childNodes/'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldnt need to specify http://localhost:1337/
- the API should be on the same host:port
If its not then it will fail anyway..
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While developing locally, the React development environment runs on http://localhost:8000
so we need to specify the URL. How can it be ruled out during development?
Yes, I agree once build is deployed, specifying the domain isn't required as it will be on same host:port but thats not the case while developing (even we've to disable CORS temporarily for cross communication)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hardcoded URLs must not be used for ZAP API calls, and the CSP must not be disabled.
You can do what you like locally, and run time settings are fine, but the default out-of-the-box experience must be secure.
CSP is not disabled anymore. As for hard-coded URLs so we can use a separate config file that defines the URLs (in-fact there are more code improvements that can be done but thats in my plan in upcoming PRs since this is not the final one) The concern is, how can do development in the local environment with cross-origin i.e. from localhost:8000 (React's default server) if you just want to specify the endpoint and not host and port? |
I dont mind how development is done, as long as when the code is checked in it uses the correct relative paths. |
Signed-off-by: Najam Ul Saqib <najamulsaqib@tutamail.com>
Signed-off-by: Najam Ul Saqib <najamulsaqib@tutamail.com>
Signed-off-by: Najam Ul Saqib <najamulsaqib@tutamail.com>
f276aa0 should handle this |
Why are the React icons being added? They dont appear to be being used, and we wont need them in the future. |
@Moeez905 please remove unused logos |
@@ -0,0 +1,42 @@ | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All JS files (and CSS?) should include the std ZAP header.
e.g. as per https://github.com/zaproxy/zap-extensions/blob/main/addOns/webuipoc/src/main/java/org/zaproxy/addon/webuipoc/ExtensionWebUiPoc.java
</div> | ||
<div className="flex flex-row justify-between text-center"> | ||
<div className="w-1/3 p-4" onClick={WebClickZAP}> | ||
<p className='font-mono'>Click to fetch</p> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For now this is ok, but for future PRs all text should be i18n'ed
@@ -0,0 +1,8 @@ | |||
import { render, screen } from '@testing-library/react'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Whats this file for?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For writing unit tests, actually we've created this boilerplate using https://create-react-app.dev/ so everything comes packaged.
We can/should write unit tests in this file in future PRs
Signed-off-by: Moeez905 <x311099@gmail.com>
Removed. |
addOns/webuipoc/src/main/pocs/reactWebUI/src/reportWebVitals.js
Outdated
Show resolved
Hide resolved
Signed-off-by: Moeez905 <x311099@gmail.com>
Signed-off-by: Moeez905 <x311099@gmail.com>
Signed-off-by: Najam Ul Saqib <najamulsaqib@tutamail.com>
Signed-off-by: Najam Ul Saqib <najamulsaqib@tutamail.com>
PR is ready to be reviewed. |
Signed-off-by: Najam Ul Saqib <najamulsaqib@tutamail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
Thank you both! |
No description provided.