From d4f142af873bd52178a545eb20869f121c88ec13 Mon Sep 17 00:00:00 2001
From: Shahar Septon <shahar.septon@checkmarx.com>
Date: Tue, 17 Sep 2024 15:55:45 +0300
Subject: [PATCH] Add support for Authentication Agent and authentication
 recording

---
 Dockerfile    |  2 +-
 README.md     | 25 +++++++++++++++++++++++++
 action.yaml   |  4 ++++
 entrypoint.sh |  5 +++--
 4 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index d99a40a..3912ef3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM checkmarx/dast:2.2.0
+FROM checkmarx/dast:2.3.0
 
 USER zap
 
diff --git a/README.md b/README.md
index 459101e..87eb91a 100644
--- a/README.md
+++ b/README.md
@@ -68,6 +68,7 @@ steps:
 | fail_on           | high                                    | The minimum severity in which the action should fail                           | false                     |
 | retry             | 3                                       | Retry requests to AST on connection failure (default: 3)                       | false                     |
 | retry_delay       | 20                                      | Time between retries in seconds, use with retry (default: 20)                  | false                     |
+| recording-path    | ./recording.js                          | The path to the recording of the authentication process                        | false                     |
 | proxy-url         | http://myproxy.com                      | Override the proxy used by the ZAP Engine                                      | false                     |
 | proxy-port        | 8088                                    | The port number for the proxy                                                  | false                     |
 | poll-timeout      | 600                                     | Poll timeout in seconds, for uploading results (default: 600)                  | false                     |
@@ -117,3 +118,27 @@ steps:
         fail_on: "HIGH"
         verbose: true
 ```
+
+### API Scan with recording
+
+```yaml
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+    - uses: actions/checkout@v3
+    # Scan Iac with kics
+    - name: Checkmarx DAST Github Action
+      uses: Checkmarx/dast-github-action@v1.0.0-beta
+      env:
+        CX_APIKEY: ${{ secrets.CX_ONE_API_KEY }}
+      with:
+        command: "api"
+        config: 'zap_api_config.yaml'
+        base_url: "localhost.cxast.net"
+        environment_id: "c608a51a-ec4e-4eef-81c4-a0241737efd7"
+        openapi: "swagger.yaml"
+        project_id: "fd093dde-b64a-466f-b2cd-8bf141b4db94"
+        recording-path: "recording_10_09_24.js"
+        fail_on: "HIGH"
+        verbose: true
+```
diff --git a/action.yaml b/action.yaml
index 1be8f3d..80ebdd1 100644
--- a/action.yaml
+++ b/action.yaml
@@ -68,6 +68,9 @@ inputs:
   poll-ticker:
     required: false
     description: "Time interval between sending poll requests"
+  recording-path:
+    required: false
+    description: "The path to the recording of the authentication process"
 runs:
   using: docker
   image: Dockerfile
@@ -94,3 +97,4 @@ runs:
     - ${{ inputs.port }}
     - ${{ inputs.poll-timeout }}
     - ${{ inputs.poll-ticker }}
+    - ${{ inputs.recording-path }}
diff --git a/entrypoint.sh b/entrypoint.sh
index d1075dd..53a455c 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -58,12 +58,13 @@ fi
 [[ -n "$INPUT_PROXY_PORT" ]] && PROXY_PORT_PARAM="--proxy-port=$INPUT_PROXY_PORT"
 [[ -n "$INPUT_POLL_TIMEOUT" ]] && POLL_TIMEOUT_PARAM="--poll-timeout=$INPUT_POLL_TIMEOUT"
 [[ -n "$INPUT_POLL_INTERVAL" ]] && POLL_DELAY_PARAM="--poll-ticker=$INPUT_POLL_INTERVAL"
+[[ -n "$INPUT_RECORDING_PATH" ]] && RECORDING_PATH="--recording-path=$INPUT_RECORDING_PATH"
 
 
 ####################
 # Run DAST Scan    #
 ####################
 cd "$GITHUB_WORKSPACE" || exit
-echo "${DATETIME} - INF : DAST command - dast $INPUT_COMMAND $ENVIRONMENT_ID_PARAM $INPUT_PARAM $BASE_URL_PARAM $OUTPUT_PARAM $TIMEOUT_PARAM $UPDATE_INTERVAL_PARAM $JVM_PROPERTIES_PARAM $LOG_LEVEL_PARAM $VERBOSE_PARAM $FAIL_ON_PARAM $OPENAPI_PARAM $POSTMAN_PARAM $RETRY_PARAM $RETRY_DELAY_PARAM $PROXY_URL_PARAM $PROXY_PORT_PARAM $POLL_TIMEOUT_PARAM $POLL_DELAY_PARAM"
+echo "${DATETIME} - INF : DAST command - dast $INPUT_COMMAND $ENVIRONMENT_ID_PARAM $INPUT_PARAM $BASE_URL_PARAM $OUTPUT_PARAM $TIMEOUT_PARAM $UPDATE_INTERVAL_PARAM $JVM_PROPERTIES_PARAM $LOG_LEVEL_PARAM $VERBOSE_PARAM $FAIL_ON_PARAM $OPENAPI_PARAM $POSTMAN_PARAM $RETRY_PARAM $RETRY_DELAY_PARAM $PROXY_URL_PARAM $PROXY_PORT_PARAM $POLL_TIMEOUT_PARAM $POLL_DELAY_PARAM $RECORDING_PATH"
 
-/app/bin "$INPUT_COMMAND" "$ENVIRONMENT_ID_PARAM" "$INPUT_PARAM" "$BASE_URL_PARAM" "$OUTPUT_PARAM" "$TIMEOUT_PARAM" "$UPDATE_INTERVAL_PARAM" "$JVM_PROPERTIES_PARAM" "$LOG_LEVEL_PARAM" "$VERBOSE_PARAM" "$FAIL_ON_PARAM" "$OPENAPI_PARAM" "$POSTMAN_PARAM" "$RETRY_PARAM" "$RETRY_DELAY_PARAM" "$PROXY_URL_PARAM" "$PROXY_PORT_PARAM" "$POLL_TIMEOUT_PARAM" "$POLL_DELAY_PARAM"
+/app/bin "$INPUT_COMMAND" "$ENVIRONMENT_ID_PARAM" "$INPUT_PARAM" "$BASE_URL_PARAM" "$OUTPUT_PARAM" "$TIMEOUT_PARAM" "$UPDATE_INTERVAL_PARAM" "$JVM_PROPERTIES_PARAM" "$LOG_LEVEL_PARAM" "$VERBOSE_PARAM" "$FAIL_ON_PARAM" "$OPENAPI_PARAM" "$POSTMAN_PARAM" "$RETRY_PARAM" "$RETRY_DELAY_PARAM" "$PROXY_URL_PARAM" "$PROXY_PORT_PARAM" "$POLL_TIMEOUT_PARAM" "$POLL_DELAY_PARAM" "$RECORDING_PATH"