Test for failure and more complex vulnapi arguments #145
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuous Integration | |
on: | |
pull_request: | |
branches: | |
- main | |
push: | |
branches: | |
- main | |
permissions: | |
contents: read | |
jobs: | |
test-javascript: | |
name: JavaScript Tests | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
id: checkout | |
uses: actions/checkout@v4 | |
- name: Setup Node.js | |
id: setup-node | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: .nvmrc | |
cache: npm | |
- name: Install Dependencies | |
id: npm-ci | |
run: npm ci | |
- name: Check Format | |
id: npm-format-check | |
run: npm run format:check | |
- name: Lint | |
id: npm-lint | |
run: npm run lint | |
- name: Test | |
id: npm-ci-test | |
run: npm run ci-test | |
test-failed-scans: | |
name: GitHub Actions Test Failed Scans | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: read | |
env: | |
DOCKER_IMAGE: ghcr.io/cerberauth/api-vulns-challenges/jwt-alg-none-bypass:latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Get JWT | |
id: get-jwt | |
run: | | |
echo "jwt=$(docker run --rm ${{ env.DOCKER_IMAGE }} jwt)" >> $GITHUB_OUTPUT | |
- name: Run Server | |
run: | | |
docker run -d -p 8080:8080 ${{ env.DOCKER_IMAGE }} | |
sleep 5 | |
curl --verbose http://localhost:8080 -H "Authorization: Bearer ${{ steps.get-jwt.outputs.jwt }}" | |
- name: Test CURL Local Action | |
uses: ./ | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
scans: jwt.* | |
curl: | | |
curl http://localhost:8080 -H "Authorization: Bearer ${{ steps.get-jwt.outputs.jwt }}" | |
- name: Check for vulnerabilities | |
if: ${{ success() }} | |
run: | | |
echo "No vulnerabilities found" | |
exit 1 | |
# - name: Test OpenAPI Local Action | |
# uses: ./ | |
# env: | |
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# with: | |
# scans: jwt.* | |
# openapi: ./__tests__/openapi.yaml | |
- name: Stop Server | |
if: ${{ always() }} | |
run: | |
docker stop $(docker ps -q --filter ancestor=${{ env.DOCKER_IMAGE }}) | |
test-scans: | |
name: GitHub Actions Test Scans | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: read | |
env: | |
DOCKER_IMAGE: ghcr.io/cerberauth/api-vulns-challenges/jwt-strong-eddsa-key:latest | |
DOCKER_JWT_NONE_IMAGE: ghcr.io/cerberauth/api-vulns-challenges/jwt-alg-none-bypass:latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Get JWT | |
id: get-jwt | |
run: | | |
echo "jwt=$(docker run --rm ${{ env.DOCKER_IMAGE }} jwt)" >> $GITHUB_OUTPUT | |
- name: Run Server | |
run: | | |
docker run -d -p 8080:8080 ${{ env.DOCKER_IMAGE }} | |
sleep 5 | |
curl --verbose http://localhost:8080 -H "Authorization: Bearer ${{ steps.get-jwt.outputs.jwt }}" | |
- name: Test cURL Local Action with rate limit and excluded scans | |
uses: ./ | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
rateLimit: 1000/s | |
excludeScans: discover.* | |
curl: | | |
curl http://localhost:8080 -H "Authorization: Bearer ${{ steps.get-jwt.outputs.jwt }}" | |
- name: Test cURL Local Action with selected scans | |
uses: ./ | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
scans: jwt.* | |
curl: | | |
curl http://localhost:8080 -H "Authorization: Bearer ${{ steps.get-jwt.outputs.jwt }}" | |
- name: Test cURL Local Action without Telemetry | |
uses: ./ | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
scans: jwt.* | |
curl: | | |
curl http://localhost:8080 -H "Authorization: Bearer ${{ steps.get-jwt.outputs.jwt }}" | |
telemetry: false | |
# - name: Test OpenAPI Local Action | |
# uses: ./ | |
# env: | |
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# with: | |
# scans: jwt.* | |
# openapi: ./__tests__/openapi.yaml | |
# telemetry: false | |
- name: Stop Server | |
if: ${{ always() }} | |
run: | |
docker stop $(docker ps -q --filter ancestor=${{ env.DOCKER_IMAGE }}) |