Test for failure and more complex vulnapi arguments #149
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Integration | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| jobs: | |
| test-javascript: | |
| name: JavaScript Tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| id: checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| id: setup-node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: .nvmrc | |
| cache: npm | |
| - name: Install Dependencies | |
| id: npm-ci | |
| run: npm ci | |
| - name: Check Format | |
| id: npm-format-check | |
| run: npm run format:check | |
| - name: Lint | |
| id: npm-lint | |
| run: npm run lint | |
| - name: Test | |
| id: npm-ci-test | |
| run: npm run ci-test | |
| test-failed-scans: | |
| name: GitHub Actions Test Failed Scans | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: read | |
| env: | |
| DOCKER_IMAGE: ghcr.io/cerberauth/api-vulns-challenges/jwt-alg-none-bypass:latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Get JWT | |
| id: get-jwt | |
| run: | | |
| echo "jwt=$(docker run --rm ${{ env.DOCKER_IMAGE }} jwt)" >> $GITHUB_OUTPUT | |
| - name: Run Server | |
| run: | | |
| docker run -d -p 8080:8080 ${{ env.DOCKER_IMAGE }} | |
| sleep 5 | |
| curl --verbose http://localhost:8080 | |
| curl --verbose http://localhost:8080 -H "Authorization: Bearer ${{ steps.get-jwt.outputs.jwt }}" | |
| - name: Test cURL Local Action | |
| uses: ./ | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| scans: jwt.* | |
| curl: | | |
| http://localhost:8080 -H "Authorization: Bearer ${{ steps.get-jwt.outputs.jwt }}" | |
| - name: Check for vulnerabilities | |
| if: ${{ success() }} | |
| run: | | |
| echo "No vulnerabilities found" | |
| exit 1 | |
| # - name: Test OpenAPI Local Action | |
| # uses: ./ | |
| # env: | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # with: | |
| # scans: jwt.* | |
| # openapi: ./__tests__/openapi.yaml | |
| - name: Stop Server | |
| if: ${{ always() }} | |
| run: | |
| docker stop $(docker ps -q --filter ancestor=${{ env.DOCKER_IMAGE }}) | |
| test-scans: | |
| name: GitHub Actions Test Scans | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: read | |
| env: | |
| DOCKER_IMAGE: ghcr.io/cerberauth/api-vulns-challenges/jwt-strong-eddsa-key:latest | |
| DOCKER_JWT_NONE_IMAGE: ghcr.io/cerberauth/api-vulns-challenges/jwt-alg-none-bypass:latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Get JWT | |
| id: get-jwt | |
| run: | | |
| echo "jwt=$(docker run --rm ${{ env.DOCKER_IMAGE }} jwt)" >> $GITHUB_OUTPUT | |
| - name: Run Server | |
| run: | | |
| docker run -d -p 8080:8080 ${{ env.DOCKER_IMAGE }} | |
| sleep 5 | |
| curl --verbose http://localhost:8080 -H "Authorization: Bearer ${{ steps.get-jwt.outputs.jwt }}" | |
| - name: Test cURL Local Action with rate limit and excluded scans | |
| uses: ./ | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| rateLimit: 1000/s | |
| excludeScans: discover.* | |
| curl: | | |
| http://localhost:8080 -H "Authorization: Bearer ${{ steps.get-jwt.outputs.jwt }}" | |
| - name: Test cURL Local Action with selected scans | |
| uses: ./ | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| scans: jwt.* | |
| curl: | | |
| http://localhost:8080 -H "Authorization: Bearer ${{ steps.get-jwt.outputs.jwt }}" | |
| - name: Test cURL Local Action without Telemetry | |
| uses: ./ | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| scans: jwt.* | |
| curl: | | |
| http://localhost:8080 -H "Authorization: Bearer ${{ steps.get-jwt.outputs.jwt }}" | |
| telemetry: false | |
| # - name: Test OpenAPI Local Action | |
| # uses: ./ | |
| # env: | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # with: | |
| # scans: jwt.* | |
| # openapi: ./__tests__/openapi.yaml | |
| # telemetry: false | |
| - name: Stop Server | |
| if: ${{ always() }} | |
| run: | |
| docker stop $(docker ps -q --filter ancestor=${{ env.DOCKER_IMAGE }}) |