forked from zaproxy/action-full-scan
-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.js
81 lines (68 loc) · 3.37 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
const core = require('@actions/core');
const exec = require('@actions/exec');
const common = require('@zaproxy/actions-common-scans');
const _ = require('lodash');
// Default file names
let jsonReportName = 'report_json.json';
let mdReportName = 'report_md.md';
let htmlReportName = 'report_html.html';
async function run() {
try {
let workspace = process.env.GITHUB_WORKSPACE;
let currentRunnerID = process.env.GITHUB_RUN_ID;
let repoName = process.env.GITHUB_REPOSITORY;
let token = core.getInput('token');
let docker_name = core.getInput('docker_name');
let target = core.getInput('target');
let rulesFileLocation = core.getInput('rules_file_name');
let cmdOptions = core.getInput('cmd_options');
let issueTitle = core.getInput('issue_title');
let failAction = core.getInput('fail_action');
let allowIssueWriting = core.getInput('allow_issue_writing');
let artifactName = core.getInput('artifact_name');
let createIssue = true;
if (!(String(failAction).toLowerCase() === 'true' || String(failAction).toLowerCase() === 'false')) {
console.log('[WARNING]: \'fail_action\' action input should be either \'true\' or \'false\'');
}
if (String(allowIssueWriting).toLowerCase() === 'false') {
createIssue = false;
}
if (!artifactName) {
console.log('[WARNING]: \'artifact_name\' action input should not be empty. Setting it back to the default name.');
artifactName = 'zap_scan';
}
console.log('starting the program');
console.log('github run id :' + currentRunnerID);
let plugins = [];
if (rulesFileLocation) {
plugins = await common.helper.processLineByLine(`${workspace}/${rulesFileLocation}`);
}
// Allow writing files from the Docker container.
await exec.exec(`chmod a+w ${workspace}`);
await exec.exec(`docker pull ${docker_name} -q`);
let command = (`docker run -v ${workspace}:/zap/wrk/:rw --network="host" -e ZAP_AUTH_HEADER -e ZAP_AUTH_HEADER_VALUE -e ZAP_AUTH_HEADER_SITE ` +
`-t ${docker_name} zap-full-scan.py -t ${target} -J ${jsonReportName} -w ${mdReportName} -r ${htmlReportName} ${cmdOptions}`);
if (plugins.length !== 0) {
command = command + ` -c ${rulesFileLocation}`
}
try {
await exec.exec(command);
} catch (err) {
if (err.toString().includes('exit code 3')) {
core.setFailed('failed to scan the target: ' + err.toString());
return
}
if ((err.toString().includes('exit code 2') || err.toString().includes('exit code 1'))
&& String(failAction).toLowerCase() === 'true') {
console.log(`[info] By default ZAP Docker container will fail if it identifies any alerts during the scan!`);
core.setFailed('Scan action failed as ZAP has identified alerts, starting to analyze the results. ' + err.toString());
}else {
console.log('Scanning process completed, starting to analyze the results!')
}
}
await common.main.processReport(token, workspace, plugins, currentRunnerID, issueTitle, repoName, createIssue, artifactName);
} catch (error) {
core.setFailed(error.message);
}
}
run();