Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions backend/src/main/java/share/fare/backend/entity/Group.java
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,12 @@ public class Group extends BaseEntity {
@OneToMany(mappedBy = "group", cascade = CascadeType.ALL, orphanRemoval = true)
private List<GroupInvitation> invitations = new ArrayList<>();

@OneToMany(mappedBy = "group", cascade = CascadeType.ALL, orphanRemoval = true)
private List<Expense> expenses = new ArrayList<>();

@OneToMany(mappedBy = "group", cascade = CascadeType.ALL, orphanRemoval = true)
private List<GroupBalance> balances = new ArrayList<>();

public void addMember(User user, GroupRole role) {
GroupMembership membership = GroupMembership.builder()
.user(user)
Expand Down
101 changes: 80 additions & 21 deletions backend/src/main/resources/fare share.postman_collection.json
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
"header": [],
"body": {
"mode": "raw",
"raw": "{\n \"email\": \"user@example.com\",\n \"password\": \"password\"\n}",
"raw": "{\n \"email\": \"user2@example.com\",\n \"password\": \"password2\"\n}",
"options": {
"raw": {
"language": "json"
Expand Down Expand Up @@ -77,19 +77,20 @@
"bearer": [
{
"key": "token",
"value": "{{jwt-token-user}}",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQzOTc0NTU5LCJleHAiOjE3NDQwMTA1NTl9.nzMCC4NCBhN6zJ5rMM6jjFKYlILzJwjhvEESaKM74n8",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (jwt): Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

Source: gitleaks

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (opengrep-rules.generic.secrets.security.detected-jwt-token): JWT token detected

Source: opengrep

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

It's good to see a specific JWT token being used. However, ensure that this token is regularly refreshed or updated to prevent it from becoming stale or invalid during testing.

value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQzOTc0NTU5LCJleHAiOjE3NDQwMTA1NTl9.nzMCC4NCBhN6zJ5rMM6jjFKYlILzJwjhvEESaKM74n8",

"type": "string"
}
]
},
"method": "GET",
"header": [],
"url": {
"raw": "/api/v1/users",
"raw": "/api/v1/users/admin",
"path": [
"api",
"v1",
"users"
"users",
"admin"
Comment on lines +88 to +93

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Changing the endpoint to /api/v1/users/admin is a good security practice, as it restricts access to admin-related information. Ensure that proper authorization checks are in place on the backend to verify the user's admin role before serving this data.

raw": "/api/v1/users/admin",
							"path": [
								"api",
								"v1",
								"users",
								"admin"

]
}
},
Expand Down Expand Up @@ -145,6 +146,16 @@
{
"name": "remove group member",
"request": {
"auth": {
"type": "bearer",
"bearer": [
{
"key": "token",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ5NjQwMzA4LCJleHAiOjE3NDk2NzYzMDh9.7E75A_zmXgZWIyCypTRi1O2aQEFbUbWkPPEuI3x2ne0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (jwt): Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

Source: gitleaks

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (opengrep-rules.generic.secrets.security.detected-jwt-token): JWT token detected

Source: opengrep

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Using a specific JWT token is good for testing purposes. However, it's crucial to ensure that this token is valid and corresponds to a user with the necessary permissions to remove group members.

value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ5NjQwMzA4LCJleHAiOjE3NDk2NzYzMDh9.7E75A_zmXgZWIyCypTRi1O2aQEFbUbWkPPEuI3x2ne0",

"type": "string"
}
]
},
"method": "DELETE",
"header": [],
"url": {
Expand All @@ -164,17 +175,27 @@
{
"name": "change role",
"request": {
"auth": {
"type": "bearer",
"bearer": [
{
"key": "token",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNzQ5NjM5OTY1LCJleHAiOjE3NDk2NzU5NjV9.P3t30hQTB8k4NHI_eDhDtfcv-em3MiegUCyXBUbNpYs",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (jwt): Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

Source: gitleaks

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (opengrep-rules.generic.secrets.security.detected-jwt-token): JWT token detected

Source: opengrep

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Using a specific JWT token is good for testing purposes. Ensure that this token belongs to a user with the authority to change roles within the group.

value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNzQ5NjM5OTY1LCJleHAiOjE3NDk2NzU5NjV9.P3t30hQTB8k4NHI_eDhDtfcv-em3MiegUCyXBUbNpYs",

"type": "string"
}
]
},
"method": "PUT",
"header": [],
"url": {
"raw": "/api/v1/groups/1/members/3/role?role=OWNER",
"raw": "/api/v1/groups/1/members/2/role?role=OWNER",
"path": [
"api",
"v1",
"groups",
"1",
"members",
"3",
"2",
"role"
Comment on lines +191 to 199

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Ensure that the member ID being changed (from 3 to 2) is a valid member ID within the group. This prevents accidental role changes for non-existent members.

raw": "/api/v1/groups/1/members/2/role?role=OWNER",
							"path": [
								"api",
								"v1",
								"groups",
								"1",
								"members",
								"2",
								"role"

],
"query": [
Expand Down Expand Up @@ -233,6 +254,16 @@
{
"name": "delete user",
"request": {
"auth": {
"type": "bearer",
"bearer": [
{
"key": "token",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4ODAwNjE5LCJleHAiOjE3NDg4MzY2MTl9.kgsr2MAa1mabpfXYRxzCQRWyGhHrjTegjfdaWloAbBw",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (jwt): Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

Source: gitleaks

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (opengrep-rules.generic.secrets.security.detected-jwt-token): JWT token detected

Source: opengrep

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Using a specific JWT token is good for testing purposes. Ensure that this token belongs to a user with the necessary permissions to delete users.

value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4ODAwNjE5LCJleHAiOjE3NDg4MzY2MTl9.kgsr2MAa1mabpfXYRxzCQRWyGhHrjTegjfdaWloAbBw",

"type": "string"
}
]
},
"method": "DELETE",
"header": [],
"url": {
Expand All @@ -253,7 +284,7 @@
"header": [],
"body": {
"mode": "raw",
"raw": "{\n \"email\": \"abc@test.com\",\n \"password\": 12345678\n}",
"raw": "{\n \"email\": \"abc@test.com\",\n \"password\": 1238\n}",
"options": {
"raw": {
"language": "json"
Expand Down Expand Up @@ -436,7 +467,7 @@
"bearer": [
{
"key": "token",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ1c2VyQGV4YW1wbGUuY29tIiwiaWF0IjoxNzM4MzIxNzY0LCJleHAiOjE3MzgzNTc3NjR9.GSDwpHhfiM3U-hhTXAduSLO4-xcCOxehbeBIfRVpQyA",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4Nzk5ODQxLCJleHAiOjE3NDg4MzU4NDF9.mI24XxTqb9wFo5vgsVQ-k-XSz_N90K53X1jWPiX1qro",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (jwt): Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

Source: gitleaks

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (opengrep-rules.generic.secrets.security.detected-jwt-token): JWT token detected

Source: opengrep

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Using a specific JWT token is good for testing purposes. Ensure that this token belongs to a user with the necessary permissions to delete groups.

value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4Nzk5ODQxLCJleHAiOjE3NDg4MzU4NDF9.mI24XxTqb9wFo5vgsVQ-k-XSz_N90K53X1jWPiX1qro",

"type": "string"
}
]
Expand All @@ -463,7 +494,7 @@
"bearer": [
{
"key": "token",
"value": "{{jwt-token-user}}",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzUwNzcwNTc4LCJleHAiOjE3NTA4MDY1Nzh9.9pmpbYBPCmCf9btClUOt1udjJU5JLyetOURkjbouDEw",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (jwt): Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

Source: gitleaks

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (opengrep-rules.generic.secrets.security.detected-jwt-token): JWT token detected

Source: opengrep

"type": "string"
}
]
Expand Down Expand Up @@ -665,7 +696,7 @@
"bearer": [
{
"key": "token",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQyODQwNjkzLCJleHAiOjE3NDI4NzY2OTN9.1hmvABeAUOfbGb24kmysdYGvDdnlZGYykrTo6VrRsLA",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4Nzk5ODc0LCJleHAiOjE3NDg4MzU4NzR9.bGGYBUbGTV1WFm-sh3v-R7FlQpA_9LHgOkPbe78Opx8",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (jwt): Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

Source: gitleaks

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (opengrep-rules.generic.secrets.security.detected-jwt-token): JWT token detected

Source: opengrep

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Using a specific JWT token is good for testing purposes. Ensure that this token belongs to a user with the necessary permissions to send friend invitations.

value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4Nzk5ODc0LCJleHAiOjE3NDg4MzU4NzR9.bGGYBUbGTV1WFm-sh3v-R7FlQpA_9LHgOkPbe78Opx8",

"type": "string"
}
]
Expand Down Expand Up @@ -693,7 +724,7 @@
"bearer": [
{
"key": "token",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNzQyODQwNzMzLCJleHAiOjE3NDI4NzY3MzN9.mkdLUtuVV4bQ_Ug3LjtIqyEHjw1ML4iJQ-H6YAh1vUc",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4MjYzMjM5LCJleHAiOjE3NDgyOTkyMzl9.dIRH2z9rLGG2f2vP1XNvt98N8u0PddKHlg4n5YSO2HE",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (jwt): Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

Source: gitleaks

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (opengrep-rules.generic.secrets.security.detected-jwt-token): JWT token detected

Source: opengrep

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Using a specific JWT token is good for testing purposes. Ensure that this token belongs to a user with the necessary permissions to accept friend invitations.

value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4MjYzMjM5LCJleHAiOjE3NDgyOTkyMzl9.dIRH2z9rLGG2f2vP1XNvt98N8u0PddKHlg4n5YSO2HE",

"type": "string"
}
]
Expand Down Expand Up @@ -749,7 +780,7 @@
"bearer": [
{
"key": "token",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQyODQwNjkzLCJleHAiOjE3NDI4NzY2OTN9.1hmvABeAUOfbGb24kmysdYGvDdnlZGYykrTo6VrRsLA",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4ODAwNjE5LCJleHAiOjE3NDg4MzY2MTl9.kgsr2MAa1mabpfXYRxzCQRWyGhHrjTegjfdaWloAbBw",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (jwt): Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

Source: gitleaks

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (opengrep-rules.generic.secrets.security.detected-jwt-token): JWT token detected

Source: opengrep

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Using a specific JWT token is good for testing purposes. Ensure that this token belongs to a user with the necessary permissions to get sent friend invitations.

value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4ODAwNjE5LCJleHAiOjE3NDg4MzY2MTl9.kgsr2MAa1mabpfXYRxzCQRWyGhHrjTegjfdaWloAbBw",

"type": "string"
}
]
Expand All @@ -776,7 +807,7 @@
"bearer": [
{
"key": "token",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQyODQwNjkzLCJleHAiOjE3NDI4NzY2OTN9.1hmvABeAUOfbGb24kmysdYGvDdnlZGYykrTo6VrRsLA",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4ODAwNjE5LCJleHAiOjE3NDg4MzY2MTl9.kgsr2MAa1mabpfXYRxzCQRWyGhHrjTegjfdaWloAbBw",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (jwt): Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

Source: gitleaks

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (opengrep-rules.generic.secrets.security.detected-jwt-token): JWT token detected

Source: opengrep

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Using a specific JWT token is good for testing purposes. Ensure that this token belongs to a user with the necessary permissions to get received friend invitations.

value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4ODAwNjE5LCJleHAiOjE3NDg4MzY2MTl9.kgsr2MAa1mabpfXYRxzCQRWyGhHrjTegjfdaWloAbBw",

"type": "string"
}
]
Expand Down Expand Up @@ -873,21 +904,21 @@
"bearer": [
{
"key": "token",
"value": "{{jwt-token-user2}}",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4ODAwNjE5LCJleHAiOjE3NDg4MzY2MTl9.kgsr2MAa1mabpfXYRxzCQRWyGhHrjTegjfdaWloAbBw",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (jwt): Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

Source: gitleaks

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (opengrep-rules.generic.secrets.security.detected-jwt-token): JWT token detected

Source: opengrep

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Using a specific JWT token is good for testing purposes. Ensure that this token belongs to a user with the necessary permissions to accept group invitations.

value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4ODAwNjE5LCJleHAiOjE3NDg4MzY2MTl9.kgsr2MAa1mabpfXYRxzCQRWyGhHrjTegjfdaWloAbBw",

"type": "string"
}
]
},
"method": "POST",
"header": [],
"url": {
"raw": "/api/v1/group-invitations/accept/2",
"raw": "/api/v1/group-invitations/accept/1",
"path": [
"api",
"v1",
"group-invitations",
"accept",
"2"
"1"
]
Comment on lines +915 to 922

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Ensure that the group invitation ID being accepted (from 2 to 1) is a valid invitation ID. This prevents accepting non-existent invitations.

raw": "/api/v1/group-invitations/accept/1",
							"path": [
								"api",
								"v1",
								"group-invitations",
								"accept",
								"1"

}
},
Expand Down Expand Up @@ -928,7 +959,7 @@
"bearer": [
{
"key": "token",
"value": "{{jwt-token-user2}}",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ5NjM5ODU3LCJleHAiOjE3NDk2NzU4NTd9.Ipyg15fqFGxc-4hJWgYaNLHTOsrxjGxIqiiyl_pEb9A",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (jwt): Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

Source: gitleaks

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (opengrep-rules.generic.secrets.security.detected-jwt-token): JWT token detected

Source: opengrep

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Using a specific JWT token is good for testing purposes. Ensure that this token belongs to a user with the necessary permissions to get received group invitations.

value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ5NjM5ODU3LCJleHAiOjE3NDk2NzU4NTd9.Ipyg15fqFGxc-4hJWgYaNLHTOsrxjGxIqiiyl_pEb9A",

"type": "string"
}
]
Expand Down Expand Up @@ -1115,7 +1146,7 @@
"bearer": [
{
"key": "token",
"value": "{{jwt-token-user}}",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4ODAwNjE5LCJleHAiOjE3NDg4MzY2MTl9.kgsr2MAa1mabpfXYRxzCQRWyGhHrjTegjfdaWloAbBw",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (jwt): Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

Source: gitleaks

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (opengrep-rules.generic.secrets.security.detected-jwt-token): JWT token detected

Source: opengrep

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Using a specific JWT token is good for testing purposes. Ensure that this token belongs to a user with the necessary permissions to get friends.

value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4ODAwNjE5LCJleHAiOjE3NDg4MzY2MTl9.kgsr2MAa1mabpfXYRxzCQRWyGhHrjTegjfdaWloAbBw",

"type": "string"
}
]
Expand Down Expand Up @@ -1287,7 +1318,7 @@
"bearer": [
{
"key": "token",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQyNzU4NTc4LCJleHAiOjE3NDI3OTQ1Nzh9.PhCg8TqNQ8zg55a4p8ECBOsjKpOfTgkXvaDCLeHbH7M",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI2IiwiaWF0IjoxNzQzMTUxMjIyLCJleHAiOjE3NDMxODcyMjJ9.Rr7QxrPaNuFHK7Hh8nSUugTX8hVoBuB4ufSgp0B5MvI",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (jwt): Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

Source: gitleaks

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (opengrep-rules.generic.secrets.security.detected-jwt-token): JWT token detected

Source: opengrep

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Using a specific JWT token is good for testing purposes. Ensure that this token belongs to a user with the necessary permissions to add expense.

value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI2IiwiaWF0IjoxNzQzMTUxMjIyLCJleHAiOjE3NDMxODcyMjJ9.Rr7QxrPaNuFHK7Hh8nSUugTX8hVoBuB4ufSgp0B5MvI",

"type": "string"
}
]
Expand All @@ -1304,12 +1335,12 @@
}
},
"url": {
"raw": "/api/v1/groups/1/expenses",
"raw": "/api/v1/groups/2/expenses",
"path": [
"api",
"v1",
"groups",
"1",
"2",
"expenses"
]
Comment on lines +1338 to 1345

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Ensure that the group ID being used (from 1 to 2) is a valid group ID. This prevents adding expenses to non-existent groups.

raw": "/api/v1/groups/2/expenses",
							"path": [
								"api",
								"v1",
								"groups",
								"2",
								"expenses"

}
Expand Down Expand Up @@ -1712,6 +1743,34 @@
"response": []
}
]
},
{
"name": "chat-messages",
"item": [
{
"name": "Get chat messages",
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://localhost:8080/api/v1/group/1/chat",
"protocol": "http",
"host": [
"localhost"
],
"port": "8080",
"path": [
"api",
"v1",
"group",
"1",
"chat"
]
}
},
"response": []
}
]
}
],
"auth": {
Expand Down
Loading