From 2a23248363a91c9204abd74d3b9ea162a28abce2 Mon Sep 17 00:00:00 2001
From: thc202 <thc202@gmail.com>
Date: Thu, 6 Jun 2024 14:30:04 +0100
Subject: [PATCH] Allow to write any file to the workspace

Support any file not just the default reports.

Fix #22.

Signed-off-by: thc202 <thc202@gmail.com>
---
 CHANGELOG.md  | 3 +++
 dist/index.js | 5 ++---
 index.js      | 5 ++---
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7bea9b3..62dab79 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ### Changed
 - Update dependencies.
 
+### Fixed
+- Allow to write any file from the Docker container. [#22](https://github.com/zaproxy/action-api-scan/issues/22)
+
 ## [0.7.0] - 2024-04-02
 ### Changed
 - Update dependencies.
diff --git a/dist/index.js b/dist/index.js
index c534812..7d4d70f 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -59638,9 +59638,8 @@ async function run() {
             plugins = await common.helper.processLineByLine(`${workspace}/${rulesFileLocation}`);
         }
 
-        // Create the files so we can change the perms and allow the docker non root user to update them
-        await exec.exec(`touch ${jsonReportName} ${mdReportName} ${htmlReportName}`);
-        await exec.exec(`chmod a+w ${jsonReportName} ${mdReportName} ${htmlReportName}`);
+        // Allow writing files from the Docker container.
+        await exec.exec(`chmod a+w ${workspace}`);
 
         await exec.exec(`docker pull ${docker_name} -q`);
         let command = (`docker run -v ${workspace}:/zap/wrk/:rw --network="host" -e ZAP_AUTH_HEADER -e ZAP_AUTH_HEADER_VALUE -e ZAP_AUTH_HEADER_SITE ` +
diff --git a/index.js b/index.js
index f142bfb..c973860 100644
--- a/index.js
+++ b/index.js
@@ -47,9 +47,8 @@ async function run() {
             plugins = await common.helper.processLineByLine(`${workspace}/${rulesFileLocation}`);
         }
 
-        // Create the files so we can change the perms and allow the docker non root user to update them
-        await exec.exec(`touch ${jsonReportName} ${mdReportName} ${htmlReportName}`);
-        await exec.exec(`chmod a+w ${jsonReportName} ${mdReportName} ${htmlReportName}`);
+        // Allow writing files from the Docker container.
+        await exec.exec(`chmod a+w ${workspace}`);
 
         await exec.exec(`docker pull ${docker_name} -q`);
         let command = (`docker run -v ${workspace}:/zap/wrk/:rw --network="host" -e ZAP_AUTH_HEADER -e ZAP_AUTH_HEADER_VALUE -e ZAP_AUTH_HEADER_SITE ` +