Implement real-time CSRF detection feature

Okka Riswanarequested to merge
mutagen/secure-gen:feat-csrf_implementation into main

Introduce the implementation for the Cross-Site Request Forgery (CSRF) detection feature. It provides a real-time, event-driven interface for users to analyze Git repositories for potential CSRF vulnerabilities.

Key Changes:

  • Backend (/apps/api):

    • Added a detect_csrf WebSocket event handler in SocketGateway.
    • Implemented CsrfService to act as a proxy, which connects to an external analysis engine via WebSockets. It forwards analysis requests and streams status, reports, and errors back to the client.

  • Frontend (/apps/web):

    • Overhauled the CSRF detection page (/product/csrf) with a new UI built from modular React components (CsrfInputForm, LogsSection, ResultsSection, AnalysisStats, etc.).
    • Created a SocketProvider context to manage the WebSocket connection throughout the application.
    • Added a new useCsrfDetection custom hook to encapsulate all state management and business logic for the CSRF feature, including handling real-time events.

  • Testing (/apps/web/cypress):

    • Rewrote and expanded the E2E tests for the CSRF detection page.
    • Introduced WebSocket mocking for Cypress using custom commands (cy.mockSocket, cy.triggerSocketEvent) to allow for robust testing of the real-time functionality without a live backend.

CSRF Page UI

image

Test Results

image

Merge request reports