From a13025193396126722b84e1d7e3fbf071592559d Mon Sep 17 00:00:00 2001
From: insider-automation
 <117348511+insider-automation@users.noreply.github.com>
Date: Tue, 19 Nov 2024 10:55:24 +0300
Subject: [PATCH 1/5] Security | Remove old workflow files!

---
 .github/workflows/git-leak.yml | 15 ---------------
 1 file changed, 15 deletions(-)
 delete mode 100644 .github/workflows/git-leak.yml

diff --git a/.github/workflows/git-leak.yml b/.github/workflows/git-leak.yml
deleted file mode 100644
index a1d7a07..0000000
--- a/.github/workflows/git-leak.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-name: Gitleaks-Action
-on: [push]
-jobs:
-  build:
-    runs-on: self-runner-node
-    steps:
-    - name: Trigger to Gitleak
-      run: |
-        python -c '
-        import json,sys,requests;
-        github = {"repository": "'${{ github.event.repository.name }}'", "ref": "'${{ github.ref_name }}'"};
-        github_request = {"insider_gitleak": github};
-        requests.post("'$LambdaWebHook'", json=github_request);'
-      env:
-        LambdaWebHook: ${{ secrets.INSECPROXY_HOOK }}
\ No newline at end of file

From c473e16640f486f0fbff23f6aa67444072ef9040 Mon Sep 17 00:00:00 2001
From: insider-automation
 <117348511+insider-automation@users.noreply.github.com>
Date: Tue, 19 Nov 2024 11:13:27 +0300
Subject: [PATCH 2/5] Security | Remove old workflow files!

---
 .github/workflows/cxflow.yml | 17 -----------------
 1 file changed, 17 deletions(-)
 delete mode 100644 .github/workflows/cxflow.yml

diff --git a/.github/workflows/cxflow.yml b/.github/workflows/cxflow.yml
deleted file mode 100644
index 412cf9c..0000000
--- a/.github/workflows/cxflow.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-name: CxFlow-GitHub-Pull-Request
-on:
-  pull_request:
-    types: [ready_for_review]
-jobs:
-  build:
-    runs-on: self-runner-node
-    steps:
-    - name: Trigger to Scanner Lambda
-      run: |
-        python -c '
-        import json,sys,requests;
-        github = {"repository": "'${{ github.event.repository.name }}'", "ref": "'${{ github.head_ref }}'"};
-        github_request = {"checkmarx_gitaction": github};
-        requests.post("'$LambdaWebHook'", json=github_request);'
-      env:
-        LambdaWebHook: ${{ secrets.INSECPROXY_HOOK }}
\ No newline at end of file

From 0683c8a902693533a0e76df62d906bc3ce10008a Mon Sep 17 00:00:00 2001
From: insider-automation
 <117348511+insider-automation@users.noreply.github.com>
Date: Tue, 19 Nov 2024 11:30:43 +0300
Subject: [PATCH 3/5] Security | Remove old workflow files!

---
 .github/workflows/trivy.yml | 52 -------------------------------------
 1 file changed, 52 deletions(-)
 delete mode 100644 .github/workflows/trivy.yml

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
deleted file mode 100644
index 1553b7a..0000000
--- a/.github/workflows/trivy.yml
+++ /dev/null
@@ -1,52 +0,0 @@
-name: Trivy Vulnerability Scanner
-on:
-  pull_request:
-    types: [ready_for_review]
-jobs:
-  build:
-    name: Build
-    runs-on: self-hosted
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-      - name: Install Trivy
-        run: |
-          sudo apt-get install wget apt-transport-https gnupg lsb-release
-          wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
-          echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
-          sudo apt-get update
-          sudo apt-get install trivy
-      - name: Trivy Scanner
-        run: |
-          python -c '
-          import glob, os;
-          files = glob.glob("**/Dockerfile", recursive=True);
-          count = 0;
-          for file in files:
-            diff_command1 =  f"git diff origin/main -- {file} > diff1.txt";
-            diff_command2 =  f"git diff origin/master -- {file} > diff2.txt";
-            os.system(diff_command1);
-            os.system(diff_command2);
-            main_lenght = len(open("./diff1.txt", "r").read());
-            master_lenght = len(open("./diff2.txt", "r").read());
-            if len(open("./diff1.txt", "r").read()) + len(open("./diff2.txt", "r").read()) > 0:
-              build_command = f"docker build -f {file} -t image{count} "+("/".join(file.split("/")[0:-1]) or ".");
-              os.system(build_command);
-              os.system(f"trivy image image{count} -f json -o trivy-result{count}.json --severity=CRITICAL,HIGH,MEDIUM");
-              count+=1; 
-          print("Build Finished")'
-      - name: Trivy Response Send to Lambda
-        run: |
-          python -c '
-          import json,sys,requests,glob;
-          files = glob.glob("trivy-result*");
-          for file in files:
-            output=open(f"./{file}");
-            json_result=json.loads(output.read());
-            github_result = {"repository": "'${{ github.repository }}'", "server_url": "'${{ github.server_url }}'", "run_id": "'${{ github.run_id }}'"};
-            request = {"trivy_result": json_result, "github": github_result};
-            requests.post("'$LambdaWebHook'", json=request);'
-        env:
-          LambdaWebHook: ${{ secrets.CHECKMARX_LAMBDA_WEBHOOK }}
\ No newline at end of file

From 059e0ac5e39497e39fc414fed4e9c90ae5552829 Mon Sep 17 00:00:00 2001
From: insider-automation
 <117348511+insider-automation@users.noreply.github.com>
Date: Tue, 26 Nov 2024 02:51:12 +0300
Subject: [PATCH 4/5] new workflow added

---
 .github/workflows/security_allinone.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/security_allinone.yml b/.github/workflows/security_allinone.yml
index b611631..dbd1a27 100644
--- a/.github/workflows/security_allinone.yml
+++ b/.github/workflows/security_allinone.yml
@@ -1,7 +1,8 @@
 name: Security AllInOne
 on: 
   push:
-    branches: '**'
+    branches:
+      - feature/*
   pull_request:
     types:
       - opened

From 2597b7d1b24cb965138901c9a0b69d548562bc00 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Erhan=20T=C3=B6lek?=
 <99921206+ErhanTolek@users.noreply.github.com>
Date: Thu, 19 Dec 2024 13:03:38 +0300
Subject: [PATCH 5/5] PA-29417 | Escaping singleton while creating sql client
 (#40)

---
 inssql/sql.go | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/inssql/sql.go b/inssql/sql.go
index 3010848..b9ccc17 100644
--- a/inssql/sql.go
+++ b/inssql/sql.go
@@ -20,6 +20,14 @@ func Init(Driver, DBUser, DBPassword, DBHost, DBName string) (*sql.DB, error) {
 		return sqlClient, nil
 	}
 
+	var err error
+	sqlClient, err = New(Driver, DBUser, DBPassword, DBHost, DBName)
+
+	return sqlClient, err
+}
+
+// New creates brand new sql client
+func New(Driver string, DBUser string, DBPassword string, DBHost string, DBName string) (*sql.DB, error) {
 	dsn := fmt.Sprintf(
 		"%v:%v@%v/%v?charset=utf8mb4&collation=utf8mb4_unicode_ci&parseTime=true",
 		DBUser,
@@ -33,8 +41,6 @@ func Init(Driver, DBUser, DBPassword, DBHost, DBName string) (*sql.DB, error) {
 		return nil, err
 	}
 
-	sqlClient = db
-
 	return db, err
 }
 
@@ -49,12 +55,18 @@ func WrapWithGorm(sqlDB *sql.DB) (*gorm.DB, error) {
 		return gormClient, nil
 	}
 
+	var err error
+	gormClient, err = NewGorm(sqlDB)
+
+	return gormClient, err
+}
+
+// NewGorm wrap new sql client
+func NewGorm(sqlDB *sql.DB) (*gorm.DB, error) {
 	gormDB, err := gorm.Open(mysql.New(mysql.Config{
 		Conn: sqlDB,
 	}), &gorm.Config{})
 
-	gormClient = gormDB
-
 	return gormDB, err
 }