7.1.317

Author: Jenkins

.github/CODEOWNERS

@@ -0,0 +1,49 @@
+stages:
+  - test
+  - reports
+
+include:
+  - template: Jobs/SAST.gitlab-ci.yml
+  - template: Jobs/Secret-Detection.gitlab-ci.yml
+  - template: Jobs/Dependency-Scanning.gitlab-ci.yml
+  - local: .gitlab/report.yaml
+    rules:
+      - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    inputs:
+      stage: reports
+      image: ubuntu:22.04
+      ignore_vulnerabilities: "false"
+      sast_report_file: gl-sast-report.json
+      secret_detection_report_file: gl-secret-detection-report.json
+      dependency_scanning_report_file: gl-dependency-scanning-report.json
+
+trivy scan:
+  stage: test
+  image: aquasec/trivy
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+  script:
+    - trivy fs --severity CRITICAL,HIGH,MEDIUM,LOW --ignore-unfixed --db-repository container-registry.regula.local:80/aquasecurity/trivy-db:2 --exit-code 1 .
+
+semgrep-sast:
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+  artifacts:
+    paths:
+      - gl-sast-report.json
+
+secret_detection:
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+  artifacts:
+    paths:
+      - gl-secret-detection-report.json
+
+gemnasium-dependency_scanning:
+  variables:
+    DS_MAX_DEPTH: -1
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+  artifacts:
+    paths:
+      - gl-dependency-scanning-report.json

.github/actions/verify-linked-issue/action.yaml

@@ -0,0 +1,75 @@
+spec:
+  inputs:
+    stage:
+      default: reports
+    image:
+      default: ubuntu:22.04
+    ignore_vulnerabilities:
+      default: "false"
+    sast_report_file:
+      default: gl-sast-report.json
+    secret_detection_report_file:
+      default: gl-secret-detection-report.json
+    dependency_scanning_report_file:
+      default: gl-dependency-scanning-report.json
+---
+
+view reports:
+  image: $[[ inputs.image ]]
+  stage: $[[ inputs.stage ]]
+  variables:
+    IGNORE_VULNERABILITIES: $[[ inputs.ignore_vulnerabilities ]]
+    SAST_REPORT_FILE: $[[ inputs.sast_report_file ]]
+    SECRET_DETECTION_REPORT_FILE: $[[ inputs.secret_detection_report_file ]]
+    DEPENDENCY_SCANNING_REPORT_FILE: $[[ inputs.dependency_scanning_report_file ]]
+    RED: \033[0;31m
+    YELLOW: \033[1;33m
+    GREEN: \033[0;32m
+    NC: \033[0m
+  needs:
+    - job: semgrep-sast
+      artifacts: true
+    - job: secret_detection
+      artifacts: true
+    - job: gemnasium-dependency_scanning
+      artifacts: true
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+  script:
+    - ls -la
+    - apt update && apt install -y jq
+    - |
+      for f in SAST_REPORT_FILE SECRET_DETECTION_REPORT_FILE DEPENDENCY_SCANNING_REPORT_FILE
+      do
+        if [[ -f "${!f}" ]]
+        then
+          echo -e "${GREEN}File ${!f} exists, adding report${NC}"
+          r=${f/%_FILE}
+          declare $r="$(cat ${!f} | jq 'select(.vulnerabilities != []).vulnerabilities')"
+          if [[ ! -z "${!r}" ]]
+          then
+            VULNERABILITIES_FOUND=true
+            echo -e "${RED}Found $r vulnerabilities${NC}"
+            echo "${!r}"
+            echo
+          fi
+        else
+          echo -e "${YELLOW}File ${!f} doesn't exist, skipping${NC}"
+        fi
+      done
+
+      if [[ "$VULNERABILITIES_FOUND" == true ]]
+      then
+        if [[ "$IGNORE_VULNERABILITIES" == true ]]
+        then
+          echo -e "${GREEN}All found vulnerabilities were ignored due to IGNORE_VULNERABILITIES=true${NC}"
+          exit 0
+        else
+          echo -e "${RED}Vulnerabilities found, please see reports above${NC}"
+          exit 1
+        fi
+      fi
+
+      echo -e "${GREEN}No vulnerabilities found${NC}"
+
+      exit 0

.github/pull_request_template.md

@@ -1 +1,19 @@
-# npm-face-sdk
+# Regula Face SDK plugin
+Face SDK is a framework that is used for face matching, recognition and liveness detection.
+This plugin makes possible to use it with react-native, cordova and ionic applications.
+
+## Demo applications
+In the [examples](examples/) folder you can find 4 demo applications:
+* [React-native](examples/react_native)
+* [Cordova](examples/cordova)
+* [Ionic(ionic app with cordova, angular)](examples/ionic)
+* [Capacitor(ionic app with capacitor, react)](examples/capacitor)
+
+Each demo app has its own readme file with instructions on building and installation.
+
+## Documentation
+* [Documentation](https://docs.regulaforensics.com/develop/face-sdk/mobile)
+* [API Reference](https://dev.regulaforensics.com/npm-face-sdk)
+
+## Support
+If you have any technical questions, feel free to [contact](mailto:support@regulaforensics.com) us or create issues [here](https://github.com/regulaforensics/npm-face-sdk/issues).

.github/workflows/sast.yaml

@@ -0,0 +1,21 @@
+require 'json'
+
+package = JSON.parse(File.read(File.join(__dir__, 'package.json')))
+source = File.join(__dir__, 'ios')
+
+Pod::Spec.new do |s|
+  s.name         = 'RNFaceSDK'
+  s.version      = '7.1.317'
+  s.summary      = package['description']
+  s.license      = package['license']
+
+  s.authors      = { 'RegulaForensics' => 'support@regulaforensics.com' }
+  s.homepage     = 'https://regulaforensics.com'
+
+  s.source       = { http: "file:#{source}" }
+  s.ios.deployment_target = '13.0'
+  s.source_files = 'ios/**/*.{h,m}'
+  s.exclude_files = [ 'ios/CVDFaceSDK.h', 'ios/CVDFaceSDK.m' ]
+  s.dependency 'FaceSDK', '7.1.2736'
+  s.dependency 'React'
+end

.github/workflows/trivy-scan.yaml

@@ -0,0 +1,48 @@
+package com.regula.plugin.facesdk
+
+import android.content.Context
+import android.util.Log
+import org.apache.cordova.CallbackContext
+import org.apache.cordova.CordovaPlugin
+import org.apache.cordova.PluginResult
+import org.json.JSONArray
+
+val eventCallbackIds = mutableMapOf<String, String>()
+
+lateinit var args: JSONArray
+lateinit var binding: CordovaPlugin
+val context: Context
+    get() = binding.cordova.context
+
+fun sendEvent(callbackId: String, data: Any? = "") {
+    val pluginResult = when (data) {
+        is Int -> PluginResult(PluginResult.Status.OK, data)
+        is Boolean -> PluginResult(PluginResult.Status.OK, data)
+        else -> PluginResult(PluginResult.Status.OK, data.toSendable() as String?)
+    }
+    pluginResult.keepCallback = true
+    binding.webView.sendPluginResult(pluginResult, eventCallbackIds[callbackId] ?: callbackId)
+}
+
+@Suppress("UNCHECKED_CAST")
+fun <T> argsNullable(index: Int): T? = if (args.get(index).toString() != "null") {
+    args.get(index) as T
+} else null
+
+class CVDFaceSDK : CordovaPlugin() {
+    init {
+        binding = this
+    }
+
+    override fun execute(action: String, arguments: JSONArray, callbackContext: CallbackContext): Boolean {
+        args = arguments
+        val method = args.remove(0) as String
+        if (method == "setEvent") eventCallbackIds[args(0)] = callbackContext.callbackId
+        try {
+            methodCall(method) { data: Any? -> sendEvent(callbackContext.callbackId, data) }
+        } catch (error: Exception) {
+            Log.e("REGULA", "Caught exception in \"$method\" function:", error)
+        }
+        return true
+    }
+}