jakuta-tech · pull · Jun 18, 2024 · Jun 18, 2024 · Jul 14, 2024 · Jul 31, 2024
diff --git a/.github/release.yml b/.github/release.yml
@@ -0,0 +1,8 @@
+changelog:
+  categories:
+    - title: 🎉 🚀 Upgrades 🎉 🚀
+      labels:
+        - enhancement
+    - title: 🐛 Bugfixes 🐛
+      labels:
+        - bug
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
@@ -0,0 +1,24 @@
+on:
+  workflow_dispatch: {}
+  pull_request: {}
+  push:
+    branches:
+    - main
+    - master
+    paths:
+    - .github/workflows/semgrep.yml
+  schedule:
+  # random HH:MM to avoid a load spike on GitHub Actions at 00:00
+  - cron: 33 8 * * *
+name: Semgrep
+jobs:
+  semgrep:
+    name: semgrep/ci
+    runs-on: ubuntu-20.04
+    env:
+      SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
+    container:
+      image: returntocorp/semgrep
+    steps:
+    - uses: actions/checkout@v3
+    - run: semgrep ci
diff --git a/.gitignore b/.gitignore
@@ -11,6 +11,7 @@ vtrack-os/\.settings/org\.eclipse\.wst\.common\.project\.facet\.core\.xml
 workspace
 node_modules
 target
+target_test-classes
 bin
 vtrack-os/WebContent/WEB-INF/lib
 vtrack-os/WebContent/WEB-INF/classes
@@ -54,3 +55,4 @@ vtrack-os/.project
 
 
 .externalToolBuilders/
+
diff --git a/.tool-versions b/.tool-versions
@@ -0,0 +1 @@
+nodejs 16.20.0
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -0,0 +1,168 @@
+# Contributing to Faction
+
+We support and encourage contributions to Faction. This project was built out of our love for open source tools and we feel its our way to give back to a community that we have benifeted from so much durring our carrers. 
+
+## Community
+
+* Get in touch via the [OWASP Slack Community](https://owasp.org/slack/invite) (#project-faction)
+* Follow and get the latests updates on [BlueSky](https://bsky.app/profile/factionsecurity.com)
+* Follow our [Blog](https://medium.com/@we-are-faction) for more information and tutorials 
+
+
+## Table of Contents
+
+- [Code of Conduct](#code-of-conduct)
+- [How Can I Contribute?](#how-can-i-contribute)
+  - [Reporting Bugs](#reporting-bugs)
+  - [Suggesting Enhancements](#suggesting-enhancements)
+  - [Submitting Extensions](#submitting-extensions)
+  - [Pull Requests](#pull-requests)
+  - [Submitting Security Issues](#submitting-security-issues)
+- [Contact](#contact)
+
+## Code of Conduct
+
+By participating in this project, you agree to maintain a respectful and collaborative environment. We expect all contributors to be professional and considerate in their interactions.
+
+## How Can I Contribute?
+
+### Reporting Bugs
+
+Before submitting a bug report, please check the [existing issues](https://github.com/factionsecurity/faction/issues) to avoid duplicates.
+
+When reporting a bug, please include:
+
+- **Clear title and description** - Summarize the issue concisely
+- **Steps to reproduce** - Detailed steps to recreate the bug
+- **Expected behavior** - What you expected to happen
+- **Actual behavior** - What actually happened
+- **Environment details**:
+  - Faction version
+  - Operating system and version
+  - Docker version (if applicable)
+  - Browser and version (for UI issues)
+  - MongoDB version
+- **Screenshots or logs** - If applicable, include error messages or visual evidence
+- **Possible solution** - If you have an idea of what might be causing the issue
+
+**To submit a bug report:**
+
+1. Go to the [Issues page](https://github.com/factionsecurity/faction/issues)
+2. Click "New Issue"
+3. Select the bug report template (if available) or create a blank issue
+4. Fill in all relevant information
+5. Add appropriate labels (e.g., `bug`, `needs-triage`)
+
+### Suggesting Enhancements
+
+We welcome suggestions for new features and improvements! Before submitting an enhancement:
+
+- Check existing issues to see if someone has already suggested it
+- Consider whether the feature fits Faction's core mission of pen testing collaboration
+- Think about how the feature would benefit the broader user base
+
+When suggesting an enhancement, please include:
+
+- **Clear title and description** - What feature you'd like to see
+- **Use case** - Why this feature would be valuable
+- **Proposed solution** - How you envision it working
+- **Alternatives considered** - Other approaches you've thought about
+- **Additional context** - Screenshots, mockups, or examples from other tools
+
+**To submit an enhancement:**
+
+1. Go to the [Issues page](https://github.com/factionsecurity/faction/issues)
+2. Click "New Issue"
+3. Use the title prefix `[Enhancement]` or `[Feature Request]`
+4. Fill in the details
+5. Add appropriate labels (e.g., `enhancement`, `feature-request`)
+
+### Submitting Extensions
+
+Faction supports custom extensions to expand functionality, similar to Burp Extender. If you've developed an extension that you'd like to be officially recognized and listed on our site:
+
+**Extension Submission Process:**
+
+1. **Complete your extension** - Ensure it's fully functional and well-tested
+2. **Host on GitHub** - Your extension should be publicly available in a GitHub repository
+3. **Create documentation** - Include a clear README with:
+   - Description of what the extension does
+   - Installation instructions
+   - Usage examples
+   - Screenshots (if applicable)
+   - Requirements and dependencies
+4. **Email us** - Send an email to **[email protected]** with:
+   - Link to your GitHub repository
+   - Brief description of what the extension does (2-3 sentences)
+   - Your contact information
+
+**After Submission:**
+
+- Our team will review your extension for functionality, security, and code quality
+- If accepted, we will fork your repository to maintain a stable version
+- Your extension will be listed on the official Faction website and documentation
+- You'll be credited as the author
+
+**Extension Requirements:**
+
+- Must use the [FactionExtender](https://github.com/factionsecurity/FactionExtender) library
+- Should follow Java best practices
+- Must not contain malicious code or vulnerabilities
+- Should include appropriate error handling
+- Must have clear documentation
+
+For technical guidance on building extensions, see the [Extension Development](#extension-development) section below.
+
+### Pull Requests
+
+We actively welcome pull requests for bug fixes, enhancements, and documentation improvements.
+
+**Before submitting a pull request:**
+
+1. **Search existing PRs** - Check if someone is already working on something similar
+2. **Create an issue first** - For significant changes, open an issue to discuss your approach
+3. **Fork the repository** - Create your own fork to work in
+4. **Create a feature branch** - Use a descriptive branch name (e.g., `fix-authentication-bypass`, `add-report-export`)
+
+**Pull request process:**
+
+1. **Make your changes** - Follow the [Coding Guidelines](#coding-guidelines)
+2. **Test thoroughly** - Ensure your changes work and don't break existing functionality
+3. **Update documentation** - Add or update docs if needed
+4. **Write a clear PR description**:
+   - Reference any related issues (e.g., "Fixes #123")
+   - Describe what changed and why
+   - Note any breaking changes
+   - Include screenshots for UI changes
+5. **Submit the PR** - Push to your fork and create a pull request to the `main` branch
+6. **Respond to feedback** - Be prepared to make changes based on code review
+
+**PR Guidelines:**
+
+- Keep changes focused - One PR should address one issue or feature
+- Write meaningful commit messages
+- Ensure your code compiles and runs without errors
+- Be patient - Reviews may take time depending on complexity
+
+### Submitting Security Issues
+Please submit security issues to us privately via [email protected]. When submitting a security issue be sure to provide clear reproducible steps and a suggested severity for the finding. 
+
+## Contact
+
+- **General inquiries:** [OWASP Slack Community](https://owasp.org/slack/invite) (#project-faction)
+- **Extension submissions:** [email protected]
+- **Security issues:** Please report security vulnerabilities privately to [email protected]
+
+## Sponsorship
+
+Love Faction? Consider becoming a sponsor! Sponsors get:
+
+- Prioritized bug reports
+- Direct support from the team
+- Your company placement on the repo and website
+
+Click the sponsor links at the top of the repository or contact us at [email protected].
+
+---
+
+Thank you for contributing to Faction! Your efforts help make penetration testing collaboration better for everyone.
diff --git a/Dockerfile b/Dockerfile
@@ -1,10 +1,13 @@
 from tomcat:9-jre11 as base_app
 RUN apt-get update
 RUN apt-get upgrade -y
+RUN apt-get install curl
 RUN mkdir /opt/faction
 #Fix issue with sending emails
 RUN sed -i 's/^jdk.tls.disabledAlgorithms/# jdk.tls.disabledAlgorithms/' /opt/java/openjdk/conf/security/java.security
 
+
+
 #Remove this kruft
 RUN rm -rf /usr/local/tomcat/webapps/manager
 RUN rm -rf /usr/local/tomcat/webapps/host-manager

diff --git a/README.md b/README.md
@@ -1,14 +1,46 @@
-# FACTION PenTesting Report Generation and Collaboration Framework
+# OWASP - FACTION PenTesting Report Generation and Collaboration Framework
 
- ![GitHub last commit](https://img.shields.io/github/last-commit/factionsecurity/faction) ![GitHub Release Date - Published_At](https://img.shields.io/github/release-date/factionsecurity/faction)
+ ![GitHub last commit](https://img.shields.io/github/last-commit/factionsecurity/faction) ![GitHub Release Date - Published_At](https://img.shields.io/github/release-date/factionsecurity/faction) [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/10120/badge)](https://www.bestpractices.dev/projects/10120)
 
 [![](https://img.shields.io/badge/null0perat0r-it?style=flat-square&logo=mastodon&labelColor=white&color=white&link=https%3A%2F%2Finfosec.exchange%2F%40null0perat0r)](https://infosec.exchange/@null0perat0r)
- [![](https://img.shields.io/twitter/follow/we_are_faction)](https://twitter.com/intent/follow?screen_name=we_are_faction)
+[![Bluesky](https://img.shields.io/badge/Bluesky-0285FF?logo=bluesky&logoColor=fff)](https://bsky.app/profile/factionsecurity.com)
 
+___Faction is now an OWASP Project! You can find more information [here](https://owasp.org/www-project-faction/)___
 
 ![image](https://github.com/factionsecurity/faction/assets/2343831/d9237bed-302f-4e6a-9716-22ae88d0dc36)
 
-___News: Faction 1.2 Release in March: [More Info](https://github.com/orgs/factionsecurity/discussions/40)___
+## Sponsors
+### Premium Sponsors 
+
+<table style="background:white">
+ <tr>
+ <td align="center">
+ <a href="https://www.otto-js.com"><img style="width:100px; margin-right:30%; margin-left: 30%" src="https://www.otto-js.com/assets/otto-blue-logo.jpg"/></a><br/><a href="https://www.otto-js.com">otto-js - PCI and Client Side Security</a> 
+ </td>
+ <td align="center">
+ <a href="https://secninjaz.com/">
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="backers/white-horizontal.svg">
+  <source media="(prefers-color-scheme: light)" srcset="backers/black-horizontal.svg">
+  <img alt="SecNinjaz Technologies LLP" src="backers/Secninjaz+Logo+with+outline+01.svg" style="padding-bottom:25px; margin-top:30px">
+</picture>
+ </a><br/><a href="https://secninjaz.com/">Secninjaz Technologies LLP</a> 
+ </td>
+ </td>
+ </tr>
+</table>
+
+### Become a Sponsor ❤️
+If you like the project and would like to see it advance then consider being a sponsor. All sponsors get access to the Faction discord server and will have bug reports prioritized. Just click the sponsor links at the top of this repo or contact us at info[at]factionsecurity.com
+
+### Community, Getting Involved, and Updates
+[Join the OWASP Slack Community](https://owasp.org/slack/invite) and and follow #project-faction! Be sure to follow us on [BlueSky](https://bsky.app/profile/factionsecurity.com) and our [Blog](https://medium.com/@we-are-faction) to get the latest updates.
+
+
+### Contributing
+Please see our [contributing guidelines](CONTRIBUTING.md) for details and standards on contributing before considering or submitting a pull request.
+
+# Introduction
 
 FACTION is your entire assessment workflow in a box. With FACTION you can:
 1. Automate pen testing and security assessment Reports
@@ -62,8 +94,6 @@ You can find out more information about creating your own custom report template
 ## Don't want to host it yourself?
 We can provide hosting for your instance. All instances are single tenants so you don't have to worry about sharing infrastructure with untrusted parties. Navigate to [https://www.factionsecurity.com to learn more](https://www.factionsecurity.com). 
 
-## Become a Sponsor ❤️
-If you like the project and would like to see it advance then consider being a sponser. All sponsers get access to the Faction discord server and will have bug reports priotirized. Just click the sponsor links at the top of this repo. 
 
 ## Screenshots
 __Vulnerability Templates__

diff --git a/WebContent/.tool-versions b/WebContent/.tool-versions
@@ -0,0 +1 @@
+nodejs 16.20.0
diff --git a/WebContent/WEB-INF/UtilHandlers.tld b/WebContent/WEB-INF/UtilHandlers.tld
@@ -18,5 +18,14 @@
       <rtexprvalue>true</rtexprvalue>
   	</attribute>
 </tag>
+<tag>
+    <name>AssessmentStatus</name>
+    <tagclass>com.fuse.taglib.AssessmentStatus</tagclass>
+    <attribute>
+      <name>asmt</name>
+      <required>true</required>
+      <rtexprvalue>true</rtexprvalue>
+  	</attribute>
+</tag>
 
 </taglib> 
diff --git a/WebContent/WEB-INF/applicationContext.xml b/WebContent/WEB-INF/applicationContext.xml