vulnerability initial commit (#1)

* Initial code

* Initial code

* Initial code

* Initial code

Author: pflynn-virtru

.github/workflows/vulnerability.yml

@@ -0,0 +1,32 @@
+name: Vulnerability Tests
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+jobs:
+  test:
+    timeout-minutes: 60
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions/setup-node@v2
+      with:
+        node-version: '16.x'
+    - name: Install dependencies
+      run: |-
+        cd vulnerability
+        npm ci
+    - name: Install Playwright
+      run: |-
+        cd vulnerability
+        npx playwright install --with-deps
+    - name: Run Playwright tests
+      run: |-
+        cd vulnerability
+        npx playwright test
+    - uses: actions/upload-artifact@v2
+      if: always()
+      with:
+        name: playwright-test-results
+        path: vulnerability/test-results/

.gitignore

@@ -0,0 +1,4 @@
+.idea
+vulnerability/node_modules/
+vulnerability/test-results/
+vulnerability/playwright-report/

README.md

@@ -1,2 +1,4 @@
 # tests
 Tests for openTDF
+
+[Vulnerability](vulnerability)  

vulnerability/.env

@@ -0,0 +1 @@
+SERVER_DATA={"attributes":"https://opentdf.us/v2/attributes","entitlements":"https://opentdf.us/v2/entitlements","authority":"https://keycloak.opentdf.us/auth/","clientId":"localhost-abacus","realm":"opentdf-realm"}

vulnerability/README.md

@@ -0,0 +1,20 @@
+# Vulnerability
+
+
+## Overview
+
+Automated checks for vulnerabilities identified during penetration testing
+
+## Resources
+
+[Playwright](https://playwright.dev/)
+
+[OWASP Zed Attack Proxy (ZAP)](https://www.zaproxy.org/)
+
+## Execute
+
+`npx playwright test`
+
+## Debug
+
+`PWDEBUG=console npx playwright test --debug`