From f1eb1af9d8b9c5e2233a524481d4d6ff87c635f6 Mon Sep 17 00:00:00 2001 From: iliyan-kostov Date: Sat, 20 Sep 2025 23:41:38 +0200 Subject: [PATCH 01/18] fix: sample M android/app/build.gradle.kts --- android/app/build.gradle.kts | 1 + 1 file changed, 1 insertion(+) diff --git a/android/app/build.gradle.kts b/android/app/build.gradle.kts index 946e057..7ed6fce 100644 --- a/android/app/build.gradle.kts +++ b/android/app/build.gradle.kts @@ -34,6 +34,7 @@ sonar { android { namespace = "com.example.zprofile" compileSdk = flutter.compileSdkVersion + // ndkVersion = flutter.ndkVersion ndkVersion = "26.1.10909125" From face6a68cb09b0c9ffcfb51961f46baa9a50d9d1 Mon Sep 17 00:00:00 2001 From: iliyan-kostov Date: Sun, 21 Sep 2025 14:19:27 +0200 Subject: [PATCH 02/18] fix: sonar M .github/workflows/security-scan.yaml --- .github/workflows/security-scan.yaml | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/.github/workflows/security-scan.yaml b/.github/workflows/security-scan.yaml index ea381d6..f7ee1d9 100644 --- a/.github/workflows/security-scan.yaml +++ b/.github/workflows/security-scan.yaml @@ -36,8 +36,6 @@ jobs: if: ${{ github.actor != 'dependabot[bot]' }} strategy: fail-fast: false - matrix: - java_version: [21] steps: - name: Download repo artifact @@ -46,12 +44,6 @@ jobs: name: android-client path: . - - name: Set up JDK ${{ matrix.java_version }} - uses: actions/setup-java@v5 - with: - java-version: ${{ matrix.java_version }} - distribution: "zulu" - - name: GitGuardian scan uses: GitGuardian/ggshield-action@v1.43.0 env: @@ -76,11 +68,11 @@ jobs: restore-keys: ${{ runner.os }}-gradle - name: Make gradlew executable - run: chmod +x ./gradlew + run: chmod +x ./android/gradlew - name: Build run: | - ./gradlew build sonar --info + ./android/gradlew build sonar --info - name: SonarQube Scan uses: SonarSource/sonarqube-scan-action@v5 env: From be224a7fc0fc71a7155b1c7ce46ab9bf50ca3d77 Mon Sep 17 00:00:00 2001 From: iliyan-kostov Date: Sun, 21 Sep 2025 14:21:39 +0200 Subject: [PATCH 03/18] fix: sonar M .github/workflows/security-scan.yaml --- .github/workflows/security-scan.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/security-scan.yaml b/.github/workflows/security-scan.yaml index f7ee1d9..1269584 100644 --- a/.github/workflows/security-scan.yaml +++ b/.github/workflows/security-scan.yaml @@ -23,7 +23,7 @@ jobs: - name: Save repo to artifact uses: actions/upload-artifact@v4 with: - name: android-client + name: flutter-client path: . overwrite: true if-no-files-found: error @@ -41,7 +41,7 @@ jobs: - name: Download repo artifact uses: actions/download-artifact@v5 with: - name: android-client + name: flutter-client path: . - name: GitGuardian scan @@ -68,7 +68,9 @@ jobs: restore-keys: ${{ runner.os }}-gradle - name: Make gradlew executable - run: chmod +x ./android/gradlew + run: | + ls + chmod +x ./android/gradlew - name: Build run: | From 9279c4341e9a93a31f6223051630633e25c3b1ab Mon Sep 17 00:00:00 2001 From: iliyan-kostov Date: Sun, 21 Sep 2025 14:24:39 +0200 Subject: [PATCH 04/18] fix: sonar M .gitignore D android/.gitignore A android/gradlew A android/gradlew.bat --- .gitignore | 6 ++ android/.gitignore | 14 ---- android/gradlew | 160 ++++++++++++++++++++++++++++++++++++++++++++ android/gradlew.bat | 90 +++++++++++++++++++++++++ 4 files changed, 256 insertions(+), 14 deletions(-) delete mode 100644 android/.gitignore create mode 100755 android/gradlew create mode 100644 android/gradlew.bat diff --git a/.gitignore b/.gitignore index 3d00ec0..47af937 100644 --- a/.gitignore +++ b/.gitignore @@ -7,6 +7,12 @@ local.properties app/build kls_database.db build/reports +GeneratedPluginRegistrant.java +.cxx/ +key.properties +**/*.keystore +**/*.jks +gradle-wrapper.jar # Miscellaneous *.class diff --git a/android/.gitignore b/android/.gitignore deleted file mode 100644 index be3943c..0000000 --- a/android/.gitignore +++ /dev/null @@ -1,14 +0,0 @@ -gradle-wrapper.jar -/.gradle -/captures/ -/gradlew -/gradlew.bat -/local.properties -GeneratedPluginRegistrant.java -.cxx/ - -# Remember to never publicly share your keystore. -# See https://flutter.dev/to/reference-keystore -key.properties -**/*.keystore -**/*.jks diff --git a/android/gradlew b/android/gradlew new file mode 100755 index 0000000..a00a148 --- /dev/null +++ b/android/gradlew @@ -0,0 +1,160 @@ +#!/nix/store/gkwbw9nzbkbz298njbn3577zmrnglbbi-bash-5.3p0/bin/bash + +############################################################################## +## +## Gradle start up script for UN*X +## +############################################################################## + +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS="" + +APP_NAME="Gradle" +APP_BASE_NAME=`basename "$0"` + +# Use the maximum available, or set MAX_FD != -1 to use that value. +MAX_FD="maximum" + +warn ( ) { + echo "$*" +} + +die ( ) { + echo + echo "$*" + echo + exit 1 +} + +# OS specific support (must be 'true' or 'false'). +cygwin=false +msys=false +darwin=false +case "`uname`" in + CYGWIN* ) + cygwin=true + ;; + Darwin* ) + darwin=true + ;; + MINGW* ) + msys=true + ;; +esac + +# Attempt to set APP_HOME +# Resolve links: $0 may be a link +PRG="$0" +# Need this for relative symlinks. +while [ -h "$PRG" ] ; do + ls=`ls -ld "$PRG"` + link=`expr "$ls" : '.*-> \(.*\)$'` + if expr "$link" : '/.*' > /dev/null; then + PRG="$link" + else + PRG=`dirname "$PRG"`"/$link" + fi +done +SAVED="`pwd`" +cd "`dirname \"$PRG\"`/" >/dev/null +APP_HOME="`pwd -P`" +cd "$SAVED" >/dev/null + +CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + +# Determine the Java command to use to start the JVM. +if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD="$JAVA_HOME/jre/sh/java" + else + JAVACMD="$JAVA_HOME/bin/java" + fi + if [ ! -x "$JAVACMD" ] ; then + die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +else + JAVACMD="java" + which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." +fi + +# Increase the maximum file descriptors if we can. +if [ "$cygwin" = "false" -a "$darwin" = "false" ] ; then + MAX_FD_LIMIT=`ulimit -H -n` + if [ $? -eq 0 ] ; then + if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then + MAX_FD="$MAX_FD_LIMIT" + fi + ulimit -n $MAX_FD + if [ $? -ne 0 ] ; then + warn "Could not set maximum file descriptor limit: $MAX_FD" + fi + else + warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" + fi +fi + +# For Darwin, add options to specify how the application appears in the dock +if $darwin; then + GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" +fi + +# For Cygwin, switch paths to Windows format before running java +if $cygwin ; then + APP_HOME=`cygpath --path --mixed "$APP_HOME"` + CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` + JAVACMD=`cygpath --unix "$JAVACMD"` + + # We build the pattern for arguments to be converted via cygpath + ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` + SEP="" + for dir in $ROOTDIRSRAW ; do + ROOTDIRS="$ROOTDIRS$SEP$dir" + SEP="|" + done + OURCYGPATTERN="(^($ROOTDIRS))" + # Add a user-defined pattern to the cygpath arguments + if [ "$GRADLE_CYGPATTERN" != "" ] ; then + OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" + fi + # Now convert the arguments - kludge to limit ourselves to /bin/sh + i=0 + for arg in "$@" ; do + CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` + CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option + + if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition + eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` + else + eval `echo args$i`="\"$arg\"" + fi + i=$((i+1)) + done + case $i in + (0) set -- ;; + (1) set -- "$args0" ;; + (2) set -- "$args0" "$args1" ;; + (3) set -- "$args0" "$args1" "$args2" ;; + (4) set -- "$args0" "$args1" "$args2" "$args3" ;; + (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; + (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; + (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; + (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; + (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; + esac +fi + +# Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules +function splitJvmOpts() { + JVM_OPTS=("$@") +} +eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS +JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME" + +exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@" diff --git a/android/gradlew.bat b/android/gradlew.bat new file mode 100644 index 0000000..aec9973 --- /dev/null +++ b/android/gradlew.bat @@ -0,0 +1,90 @@ +@if "%DEBUG%" == "" @echo off +@rem ########################################################################## +@rem +@rem Gradle startup script for Windows +@rem +@rem ########################################################################## + +@rem Set local scope for the variables with windows NT shell +if "%OS%"=="Windows_NT" setlocal + +@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +set DEFAULT_JVM_OPTS= + +set DIRNAME=%~dp0 +if "%DIRNAME%" == "" set DIRNAME=. +set APP_BASE_NAME=%~n0 +set APP_HOME=%DIRNAME% + +@rem Find java.exe +if defined JAVA_HOME goto findJavaFromJavaHome + +set JAVA_EXE=java.exe +%JAVA_EXE% -version >NUL 2>&1 +if "%ERRORLEVEL%" == "0" goto init + +echo. +echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:findJavaFromJavaHome +set JAVA_HOME=%JAVA_HOME:"=% +set JAVA_EXE=%JAVA_HOME%/bin/java.exe + +if exist "%JAVA_EXE%" goto init + +echo. +echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:init +@rem Get command-line arguments, handling Windowz variants + +if not "%OS%" == "Windows_NT" goto win9xME_args +if "%@eval[2+2]" == "4" goto 4NT_args + +:win9xME_args +@rem Slurp the command line arguments. +set CMD_LINE_ARGS= +set _SKIP=2 + +:win9xME_args_slurp +if "x%~1" == "x" goto execute + +set CMD_LINE_ARGS=%* +goto execute + +:4NT_args +@rem Get arguments from the 4NT Shell from JP Software +set CMD_LINE_ARGS=%$ + +:execute +@rem Setup the command line + +set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + +@rem Execute Gradle +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% + +:end +@rem End local scope for the variables with windows NT shell +if "%ERRORLEVEL%"=="0" goto mainEnd + +:fail +rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of +rem the _cmd.exe /c_ return code! +if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 +exit /b 1 + +:mainEnd +if "%OS%"=="Windows_NT" endlocal + +:omega From 034540406e17b3f75b4ef72894e3d82fcda7811c Mon Sep 17 00:00:00 2001 From: iliyan-kostov Date: Sun, 21 Sep 2025 14:33:20 +0200 Subject: [PATCH 05/18] fix: sonar M .github/workflows/security-scan.yaml --- .github/workflows/security-scan.yaml | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/.github/workflows/security-scan.yaml b/.github/workflows/security-scan.yaml index 1269584..e2ba497 100644 --- a/.github/workflows/security-scan.yaml +++ b/.github/workflows/security-scan.yaml @@ -60,21 +60,15 @@ jobs: key: ${{ runner.os }}-sonar restore-keys: ${{ runner.os }}-sonar - - name: Cache Gradle packages - uses: actions/cache@v4 + - name: Set up Flutter + uses: subosito/flutter-action@v2 with: - path: ~/.gradle/caches - key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} - restore-keys: ${{ runner.os }}-gradle - - - name: Make gradlew executable - run: | - ls - chmod +x ./android/gradlew + channel: stable + flutter-version: 3.19.0 - name: Build run: | - ./android/gradlew build sonar --info + flutter build appbundle - name: SonarQube Scan uses: SonarSource/sonarqube-scan-action@v5 env: From f784737f4be52600d4287b56397a4d9b925bfa1d Mon Sep 17 00:00:00 2001 From: iliyan-kostov Date: Sun, 21 Sep 2025 14:43:08 +0200 Subject: [PATCH 06/18] fix: sonar M .github/workflows/security-scan.yaml M flake.nix --- .github/workflows/security-scan.yaml | 2 +- flake.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/security-scan.yaml b/.github/workflows/security-scan.yaml index e2ba497..a97503e 100644 --- a/.github/workflows/security-scan.yaml +++ b/.github/workflows/security-scan.yaml @@ -64,7 +64,7 @@ jobs: uses: subosito/flutter-action@v2 with: channel: stable - flutter-version: 3.19.0 + flutter-version: 3.32.8 - name: Build run: | diff --git a/flake.nix b/flake.nix index b22bdf1..3c9c291 100644 --- a/flake.nix +++ b/flake.nix @@ -88,7 +88,7 @@ "mips-android-sysimage-license" ]; android-studio = { - enable = true; + enable = false; package = pkgs.android-studio; }; }; From a136ea741d492a47172522e7dfa0e536e7e902d6 Mon Sep 17 00:00:00 2001 From: iliyan-kostov Date: Sun, 21 Sep 2025 14:55:59 +0200 Subject: [PATCH 07/18] fix: sonar M .github/workflows/security-scan.yaml M flake.lock M pubspec.lock M pubspec.yaml --- .github/workflows/security-scan.yaml | 1 + flake.lock | 6 +++--- pubspec.lock | 8 ++++---- pubspec.yaml | 5 ++--- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/security-scan.yaml b/.github/workflows/security-scan.yaml index a97503e..def3f3a 100644 --- a/.github/workflows/security-scan.yaml +++ b/.github/workflows/security-scan.yaml @@ -68,6 +68,7 @@ jobs: - name: Build run: | + chmod +x android/gradlew flutter build appbundle - name: SonarQube Scan uses: SonarSource/sonarqube-scan-action@v5 diff --git a/flake.lock b/flake.lock index 7ccb6a8..94411dd 100644 --- a/flake.lock +++ b/flake.lock @@ -42,11 +42,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1757928168, - "narHash": "sha256-smFckXZeYHoS6330QBZf0K7JrmN+1hsHmIesKqTzU6U=", + "lastModified": 1758457165, + "narHash": "sha256-tw0uiW10Ezu7eVY6qY5qJcIRvatO4AUqvUqzUqXwDtM=", "owner": "cachix", "repo": "devenv", - "rev": "d9019631e0e965b78f94a63246863fa7d8315d17", + "rev": "0a1a32c2b68be15676304a489e86a2445815d93e", "type": "github" }, "original": { diff --git a/pubspec.lock b/pubspec.lock index eaa659f..55f7035 100644 --- a/pubspec.lock +++ b/pubspec.lock @@ -66,10 +66,10 @@ packages: dependency: "direct dev" description: name: flutter_lints - sha256: "5398f14efa795ffb7a33e9b6a08798b26a180edac4ad7db3f231e40f82ce11e1" + sha256: "3105dc8492f6183fb076ccf1f351ac3d60564bff92e20bfc4af9cc1651f4e7e1" url: "https://pub.dev" source: hosted - version: "5.0.0" + version: "6.0.0" flutter_test: dependency: "direct dev" description: flutter @@ -103,10 +103,10 @@ packages: dependency: transitive description: name: lints - sha256: c35bb79562d980e9a453fc715854e1ed39e24e7d0297a880ef54e17f9874a9d7 + sha256: a5e2b223cb7c9c8efdc663ef484fdd95bb243bff242ef5b13e26883547fce9a0 url: "https://pub.dev" source: hosted - version: "5.1.1" + version: "6.0.0" matcher: dependency: transitive description: diff --git a/pubspec.yaml b/pubspec.yaml index fd6a86c..b863136 100644 --- a/pubspec.yaml +++ b/pubspec.yaml @@ -2,7 +2,7 @@ name: zprofile description: "A new Flutter project." # The following line prevents the package from being accidentally published to # pub.dev using `flutter pub publish`. This is preferred for private packages. -publish_to: 'none' # Remove this line if you wish to publish to pub.dev +publish_to: "none" # Remove this line if you wish to publish to pub.dev # The following defines the version and build number for your application. # A version number is three numbers separated by dots, like 1.2.43 @@ -44,14 +44,13 @@ dev_dependencies: # activated in the `analysis_options.yaml` file located at the root of your # package. See that file for information about deactivating specific lint # rules and activating additional ones. - flutter_lints: ^5.0.0 + flutter_lints: ^6.0.0 # For information on the generic Dart part of this file, see the # following page: https://dart.dev/tools/pub/pubspec # The following section is specific to Flutter packages. flutter: - # The following line ensures that the Material Icons font is # included with your application, so that you can use the icons in # the material Icons class. From 932ed8a0ea7c2f2676accf7892bc19383a6f75cb Mon Sep 17 00:00:00 2001 From: iliyan-kostov Date: Sun, 21 Sep 2025 14:58:21 +0200 Subject: [PATCH 08/18] fix: sonar M .github/workflows/security-scan.yaml --- .github/workflows/security-scan.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/security-scan.yaml b/.github/workflows/security-scan.yaml index def3f3a..5cb02e3 100644 --- a/.github/workflows/security-scan.yaml +++ b/.github/workflows/security-scan.yaml @@ -68,7 +68,8 @@ jobs: - name: Build run: | - chmod +x android/gradlew + chmod +x ./android/gradlew + ll ./android/ flutter build appbundle - name: SonarQube Scan uses: SonarSource/sonarqube-scan-action@v5 From 54c5c0e7637fa4460562e069f3919c46c3b2e8ac Mon Sep 17 00:00:00 2001 From: iliyan-kostov Date: Sun, 21 Sep 2025 15:00:03 +0200 Subject: [PATCH 09/18] fix: sonar M .github/workflows/security-scan.yaml --- .github/workflows/security-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/security-scan.yaml b/.github/workflows/security-scan.yaml index 5cb02e3..b470dd5 100644 --- a/.github/workflows/security-scan.yaml +++ b/.github/workflows/security-scan.yaml @@ -69,7 +69,7 @@ jobs: - name: Build run: | chmod +x ./android/gradlew - ll ./android/ + ls ./android/ flutter build appbundle - name: SonarQube Scan uses: SonarSource/sonarqube-scan-action@v5 From 61b81b819325b52ee78fd33ccd1ef24213c68049 Mon Sep 17 00:00:00 2001 From: iliyan-kostov Date: Sun, 21 Sep 2025 15:04:08 +0200 Subject: [PATCH 10/18] fix: sonar M .github/workflows/security-scan.yaml M android/gradlew --- .github/workflows/security-scan.yaml | 10 ---------- android/gradlew | 3 ++- 2 files changed, 2 insertions(+), 11 deletions(-) diff --git a/.github/workflows/security-scan.yaml b/.github/workflows/security-scan.yaml index b470dd5..44a99af 100644 --- a/.github/workflows/security-scan.yaml +++ b/.github/workflows/security-scan.yaml @@ -20,16 +20,6 @@ jobs: with: fetch-depth: 0 - - name: Save repo to artifact - uses: actions/upload-artifact@v4 - with: - name: flutter-client - path: . - overwrite: true - if-no-files-found: error - retention-days: 1 - include-hidden-files: true - scanning: name: Scan for security checks runs-on: ubuntu-latest diff --git a/android/gradlew b/android/gradlew index a00a148..d78f631 100755 --- a/android/gradlew +++ b/android/gradlew @@ -1,4 +1,5 @@ -#!/nix/store/gkwbw9nzbkbz298njbn3577zmrnglbbi-bash-5.3p0/bin/bash +#!/usr/bin/env sh +# !/nix/store/gkwbw9nzbkbz298njbn3577zmrnglbbi-bash-5.3p0/bin/bash ############################################################################## ## From d8cc0f28f28309bb97a6a116a8409d328e7ff67c Mon Sep 17 00:00:00 2001 From: iliyan-kostov Date: Sun, 21 Sep 2025 15:05:02 +0200 Subject: [PATCH 11/18] fix: sonar M .github/workflows/security-scan.yaml --- .github/workflows/security-scan.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/security-scan.yaml b/.github/workflows/security-scan.yaml index 44a99af..b470dd5 100644 --- a/.github/workflows/security-scan.yaml +++ b/.github/workflows/security-scan.yaml @@ -20,6 +20,16 @@ jobs: with: fetch-depth: 0 + - name: Save repo to artifact + uses: actions/upload-artifact@v4 + with: + name: flutter-client + path: . + overwrite: true + if-no-files-found: error + retention-days: 1 + include-hidden-files: true + scanning: name: Scan for security checks runs-on: ubuntu-latest From b114be640f039d75e4fa37146c07e9394c3d9420 Mon Sep 17 00:00:00 2001 From: iliyan-kostov Date: Sun, 21 Sep 2025 15:09:44 +0200 Subject: [PATCH 12/18] fix: sonar M android/gradlew --- android/gradlew | 110 +++++++++++++++++++++++++++++------------------- 1 file changed, 67 insertions(+), 43 deletions(-) diff --git a/android/gradlew b/android/gradlew index d78f631..4f906e0 100755 --- a/android/gradlew +++ b/android/gradlew @@ -1,5 +1,20 @@ #!/usr/bin/env sh -# !/nix/store/gkwbw9nzbkbz298njbn3577zmrnglbbi-bash-5.3p0/bin/bash + +# +# Copyright 2015 the original author or authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ############################################################################## ## @@ -7,20 +22,38 @@ ## ############################################################################## -# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. -DEFAULT_JVM_OPTS="" +# Attempt to set APP_HOME +# Resolve links: $0 may be a link +PRG="$0" +# Need this for relative symlinks. +while [ -h "$PRG" ] ; do + ls=`ls -ld "$PRG"` + link=`expr "$ls" : '.*-> \(.*\)$'` + if expr "$link" : '/.*' > /dev/null; then + PRG="$link" + else + PRG=`dirname "$PRG"`"/$link" + fi +done +SAVED="`pwd`" +cd "`dirname \"$PRG\"`/" >/dev/null +APP_HOME="`pwd -P`" +cd "$SAVED" >/dev/null APP_NAME="Gradle" APP_BASE_NAME=`basename "$0"` +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' + # Use the maximum available, or set MAX_FD != -1 to use that value. MAX_FD="maximum" -warn ( ) { +warn () { echo "$*" } -die ( ) { +die () { echo echo "$*" echo @@ -31,6 +64,7 @@ die ( ) { cygwin=false msys=false darwin=false +nonstop=false case "`uname`" in CYGWIN* ) cygwin=true @@ -41,28 +75,14 @@ case "`uname`" in MINGW* ) msys=true ;; + NONSTOP* ) + nonstop=true + ;; esac -# Attempt to set APP_HOME -# Resolve links: $0 may be a link -PRG="$0" -# Need this for relative symlinks. -while [ -h "$PRG" ] ; do - ls=`ls -ld "$PRG"` - link=`expr "$ls" : '.*-> \(.*\)$'` - if expr "$link" : '/.*' > /dev/null; then - PRG="$link" - else - PRG=`dirname "$PRG"`"/$link" - fi -done -SAVED="`pwd`" -cd "`dirname \"$PRG\"`/" >/dev/null -APP_HOME="`pwd -P`" -cd "$SAVED" >/dev/null - CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + # Determine the Java command to use to start the JVM. if [ -n "$JAVA_HOME" ] ; then if [ -x "$JAVA_HOME/jre/sh/java" ] ; then @@ -86,7 +106,7 @@ location of your Java installation." fi # Increase the maximum file descriptors if we can. -if [ "$cygwin" = "false" -a "$darwin" = "false" ] ; then +if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then MAX_FD_LIMIT=`ulimit -H -n` if [ $? -eq 0 ] ; then if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then @@ -106,10 +126,11 @@ if $darwin; then GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" fi -# For Cygwin, switch paths to Windows format before running java -if $cygwin ; then +# For Cygwin or MSYS, switch paths to Windows format before running java +if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then APP_HOME=`cygpath --path --mixed "$APP_HOME"` CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` + JAVACMD=`cygpath --unix "$JAVACMD"` # We build the pattern for arguments to be converted via cygpath @@ -135,27 +156,30 @@ if $cygwin ; then else eval `echo args$i`="\"$arg\"" fi - i=$((i+1)) + i=`expr $i + 1` done case $i in - (0) set -- ;; - (1) set -- "$args0" ;; - (2) set -- "$args0" "$args1" ;; - (3) set -- "$args0" "$args1" "$args2" ;; - (4) set -- "$args0" "$args1" "$args2" "$args3" ;; - (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; - (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; - (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; - (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; - (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; + 0) set -- ;; + 1) set -- "$args0" ;; + 2) set -- "$args0" "$args1" ;; + 3) set -- "$args0" "$args1" "$args2" ;; + 4) set -- "$args0" "$args1" "$args2" "$args3" ;; + 5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; + 6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; + 7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; + 8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; + 9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; esac fi -# Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules -function splitJvmOpts() { - JVM_OPTS=("$@") +# Escape application args +save () { + for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done + echo " " } -eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS -JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME" +APP_ARGS=`save "$@"` + +# Collect all arguments for the java command, following the shell quoting and substitution rules +eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" -exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@" +exec "$JAVACMD" "$@" From ce17f7a94e4b75359937289e790d5b23fbc6266a Mon Sep 17 00:00:00 2001 From: iliyan-kostov Date: Sun, 21 Sep 2025 15:11:27 +0200 Subject: [PATCH 13/18] fix: sonar M android/gradlew --- android/gradlew | 111 +++++++++++++++++++----------------------------- 1 file changed, 43 insertions(+), 68 deletions(-) diff --git a/android/gradlew b/android/gradlew index 4f906e0..9d82f78 100755 --- a/android/gradlew +++ b/android/gradlew @@ -1,20 +1,4 @@ -#!/usr/bin/env sh - -# -# Copyright 2015 the original author or authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# +#!/usr/bin/env bash ############################################################################## ## @@ -22,38 +6,20 @@ ## ############################################################################## -# Attempt to set APP_HOME -# Resolve links: $0 may be a link -PRG="$0" -# Need this for relative symlinks. -while [ -h "$PRG" ] ; do - ls=`ls -ld "$PRG"` - link=`expr "$ls" : '.*-> \(.*\)$'` - if expr "$link" : '/.*' > /dev/null; then - PRG="$link" - else - PRG=`dirname "$PRG"`"/$link" - fi -done -SAVED="`pwd`" -cd "`dirname \"$PRG\"`/" >/dev/null -APP_HOME="`pwd -P`" -cd "$SAVED" >/dev/null +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS="" APP_NAME="Gradle" APP_BASE_NAME=`basename "$0"` -# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. -DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' - # Use the maximum available, or set MAX_FD != -1 to use that value. MAX_FD="maximum" -warn () { +warn ( ) { echo "$*" } -die () { +die ( ) { echo echo "$*" echo @@ -64,7 +30,6 @@ die () { cygwin=false msys=false darwin=false -nonstop=false case "`uname`" in CYGWIN* ) cygwin=true @@ -75,13 +40,27 @@ case "`uname`" in MINGW* ) msys=true ;; - NONSTOP* ) - nonstop=true - ;; esac -CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar +# Attempt to set APP_HOME +# Resolve links: $0 may be a link +PRG="$0" +# Need this for relative symlinks. +while [ -h "$PRG" ] ; do + ls=`ls -ld "$PRG"` + link=`expr "$ls" : '.*-> \(.*\)$'` + if expr "$link" : '/.*' > /dev/null; then + PRG="$link" + else + PRG=`dirname "$PRG"`"/$link" + fi +done +SAVED="`pwd`" +cd "`dirname \"$PRG\"`/" >/dev/null +APP_HOME="`pwd -P`" +cd "$SAVED" >/dev/null +CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar # Determine the Java command to use to start the JVM. if [ -n "$JAVA_HOME" ] ; then @@ -106,7 +85,7 @@ location of your Java installation." fi # Increase the maximum file descriptors if we can. -if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then +if [ "$cygwin" = "false" -a "$darwin" = "false" ] ; then MAX_FD_LIMIT=`ulimit -H -n` if [ $? -eq 0 ] ; then if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then @@ -126,11 +105,10 @@ if $darwin; then GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" fi -# For Cygwin or MSYS, switch paths to Windows format before running java -if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then +# For Cygwin, switch paths to Windows format before running java +if $cygwin ; then APP_HOME=`cygpath --path --mixed "$APP_HOME"` CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` - JAVACMD=`cygpath --unix "$JAVACMD"` # We build the pattern for arguments to be converted via cygpath @@ -156,30 +134,27 @@ if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then else eval `echo args$i`="\"$arg\"" fi - i=`expr $i + 1` + i=$((i+1)) done case $i in - 0) set -- ;; - 1) set -- "$args0" ;; - 2) set -- "$args0" "$args1" ;; - 3) set -- "$args0" "$args1" "$args2" ;; - 4) set -- "$args0" "$args1" "$args2" "$args3" ;; - 5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; - 6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; - 7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; - 8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; - 9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; + (0) set -- ;; + (1) set -- "$args0" ;; + (2) set -- "$args0" "$args1" ;; + (3) set -- "$args0" "$args1" "$args2" ;; + (4) set -- "$args0" "$args1" "$args2" "$args3" ;; + (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; + (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; + (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; + (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; + (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; esac fi -# Escape application args -save () { - for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done - echo " " +# Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules +function splitJvmOpts() { + JVM_OPTS=("$@") } -APP_ARGS=`save "$@"` - -# Collect all arguments for the java command, following the shell quoting and substitution rules -eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" +eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS +JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME" -exec "$JAVACMD" "$@" +exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@" From b35b54a259bb6f673e95b43bd03edb660a35104c Mon Sep 17 00:00:00 2001 From: iliyan-kostov Date: Sun, 21 Sep 2025 15:18:15 +0200 Subject: [PATCH 14/18] fix: sonar M .github/workflows/security-scan.yaml M android/app/build.gradle.kts A sonar-project.properties --- .github/workflows/security-scan.yaml | 3 +-- android/app/build.gradle.kts | 25 ------------------------- sonar-project.properties | 5 +++++ 3 files changed, 6 insertions(+), 27 deletions(-) create mode 100644 sonar-project.properties diff --git a/.github/workflows/security-scan.yaml b/.github/workflows/security-scan.yaml index b470dd5..587417e 100644 --- a/.github/workflows/security-scan.yaml +++ b/.github/workflows/security-scan.yaml @@ -69,9 +69,8 @@ jobs: - name: Build run: | chmod +x ./android/gradlew - ls ./android/ flutter build appbundle - name: SonarQube Scan - uses: SonarSource/sonarqube-scan-action@v5 + uses: SonarSource/sonarqube-scan-action@v6 env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/android/app/build.gradle.kts b/android/app/build.gradle.kts index 7ed6fce..ee17a42 100644 --- a/android/app/build.gradle.kts +++ b/android/app/build.gradle.kts @@ -6,31 +6,6 @@ plugins { id("dev.flutter.flutter-gradle-plugin") } -sonar { - properties { - property( - "sonar.projectKey", - "ZProfile_flutter-client", - ) - property( - "sonar.organization", - "zprofile01", - ) - property( - "sonar.verbose", - true, - ) - property( - "sonar.flutter.source.version", - "3.8.1", - ) - property( - "sonar.language", - "flutter", - ) - } -} - android { namespace = "com.example.zprofile" compileSdk = flutter.compileSdkVersion diff --git a/sonar-project.properties b/sonar-project.properties new file mode 100644 index 0000000..cb6bf1e --- /dev/null +++ b/sonar-project.properties @@ -0,0 +1,5 @@ +sonar.projectKey=ZProfile_flutter-client +sonar.organization=zprofile01 +sonar.projectName=flutter-client +sonar.projectVersion=1.0 +sonar.sourceEncoding=UTF-8 From 1071d8de1bcfc07eda9c145b2a4022ad02d74ba3 Mon Sep 17 00:00:00 2001 From: iliyan-kostov Date: Sun, 21 Sep 2025 15:28:20 +0200 Subject: [PATCH 15/18] fix: sonar M sonar-project.properties --- sonar-project.properties | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sonar-project.properties b/sonar-project.properties index cb6bf1e..04009be 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -3,3 +3,6 @@ sonar.organization=zprofile01 sonar.projectName=flutter-client sonar.projectVersion=1.0 sonar.sourceEncoding=UTF-8 +sonar.c.file.suffixes=- +sonar.cpp.file.suffixes=- +sonar.objc.file.suffixes=- From 9dea9cce772c24395a6504ce3801acfa3bfe4370 Mon Sep 17 00:00:00 2001 From: iliyan-kostov Date: Sun, 21 Sep 2025 15:40:51 +0200 Subject: [PATCH 16/18] fix: sonar M sonar-project.properties --- sonar-project.properties | 1 + 1 file changed, 1 insertion(+) diff --git a/sonar-project.properties b/sonar-project.properties index 04009be..a8dea4c 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -3,6 +3,7 @@ sonar.organization=zprofile01 sonar.projectName=flutter-client sonar.projectVersion=1.0 sonar.sourceEncoding=UTF-8 +sonar.sources=lib,.github,android sonar.c.file.suffixes=- sonar.cpp.file.suffixes=- sonar.objc.file.suffixes=- From 068588df6132f5e23f9cbcd4e1f64e4a1b4aa730 Mon Sep 17 00:00:00 2001 From: iliyan-kostov Date: Sun, 21 Sep 2025 15:48:48 +0200 Subject: [PATCH 17/18] fix: sonar M sonar-project.properties --- sonar-project.properties | 1 - 1 file changed, 1 deletion(-) diff --git a/sonar-project.properties b/sonar-project.properties index a8dea4c..04009be 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -3,7 +3,6 @@ sonar.organization=zprofile01 sonar.projectName=flutter-client sonar.projectVersion=1.0 sonar.sourceEncoding=UTF-8 -sonar.sources=lib,.github,android sonar.c.file.suffixes=- sonar.cpp.file.suffixes=- sonar.objc.file.suffixes=- From 444575c2200b678a7b595906a55ff7d29629ad1e Mon Sep 17 00:00:00 2001 From: iliyan-kostov Date: Sun, 21 Sep 2025 15:55:14 +0200 Subject: [PATCH 18/18] feat: removed sonar in Makefile M Makefile --- Makefile | 4 ---- 1 file changed, 4 deletions(-) diff --git a/Makefile b/Makefile index 3f472fc..f117efe 100644 --- a/Makefile +++ b/Makefile @@ -30,7 +30,3 @@ emulate: # Start emulator -memory 4096 \ -no-snapshot-load \ -no-snapshot-save & - -.PHONY: sonar -sonar: - ./gradlew build sonar --info