From 8b0f6ec769db203170152f12ba1b61de7601470f Mon Sep 17 00:00:00 2001 From: Dhruv Singhal Date: Mon, 17 Apr 2023 23:48:17 +0530 Subject: [PATCH 01/10] first commit --- .github/workflows/test-e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml index 41e7955..281d8e3 100644 --- a/.github/workflows/test-e2e.yml +++ b/.github/workflows/test-e2e.yml @@ -19,7 +19,7 @@ jobs: client_scan_token: ${{ secrets.CLIENT_SCAN_TOKEN_DEMO }} cli_version: 'latest' traffic_env: 'crapi-demo1' - include_url_regex: '13.58.254.175' + include_url_regex: '.*' traceable_server: ${{ secrets.TRACEABLE_SERVER_DEMO }} - name: Stop Scan if: always() From 27136dd764574730812d9fef59e46949b7e24935 Mon Sep 17 00:00:00 2001 From: Dhruv Singhal Date: Mon, 17 Apr 2023 23:53:04 +0530 Subject: [PATCH 02/10] test-1 --- .github/workflows/test-e2e.yml | 2 +- action.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml index 281d8e3..f93cf03 100644 --- a/.github/workflows/test-e2e.yml +++ b/.github/workflows/test-e2e.yml @@ -13,7 +13,7 @@ jobs: - name: Checkout uses: actions/checkout@v3 - name: Init and run scan action - uses: Traceableai/ast-action@main + uses: Traceableai/ast-action@e2e-test with: step_name: 'init and run' client_scan_token: ${{ secrets.CLIENT_SCAN_TOKEN_DEMO }} diff --git a/action.yml b/action.yml index 73552de..74c42fd 100644 --- a/action.yml +++ b/action.yml @@ -176,7 +176,7 @@ runs: traceableCliBinaryLocation=${GITHUB_WORKSPACE}/traceable scanInitCmd=$traceableCliBinaryLocation' ast scan initAndRun' - optionsArr=('--scan-name' '--traffic-env' '--token' '--plugins' '--include-url-regex' '--exclude-url-regex' '--target-url' '--traceable-server' '--idle-timeout' '--scan-timeout' ' --reference-env' '--max-retries' '--openapi-spec-ids' '--openapi-spec-files' '--policy' '--postman-collection' '--postman-environment' '--include-endpoint-labels' '--exclude-endpoint-labels' '--include-endpoint-with-owner-attributes' '--include-endpoint-owners' '--loglevel') + optionsArr=('--scan-name' '--traffic-env' '--token' '--plugins' '"--include-url-regex"' '"--exclude-url-regex"' '--target-url' '--traceable-server' '--idle-timeout' '--scan-timeout' ' --reference-env' '--max-retries' '--openapi-spec-ids' '--openapi-spec-files' '--policy' '--postman-collection' '--postman-environment' '--include-endpoint-labels' '--exclude-endpoint-labels' '--include-endpoint-with-owner-attributes' '--include-endpoint-owners' '--loglevel') #Iterating the options available from options array and filling them with the arguments received in order iterator=0 From e6ad54541f2edf68ef9ed8b2be172071961b44dc Mon Sep 17 00:00:00 2001 From: Dhruv Singhal Date: Mon, 17 Apr 2023 23:56:30 +0530 Subject: [PATCH 03/10] test-2 --- action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/action.yml b/action.yml index 74c42fd..4ca2bc8 100644 --- a/action.yml +++ b/action.yml @@ -176,11 +176,11 @@ runs: traceableCliBinaryLocation=${GITHUB_WORKSPACE}/traceable scanInitCmd=$traceableCliBinaryLocation' ast scan initAndRun' - optionsArr=('--scan-name' '--traffic-env' '--token' '--plugins' '"--include-url-regex"' '"--exclude-url-regex"' '--target-url' '--traceable-server' '--idle-timeout' '--scan-timeout' ' --reference-env' '--max-retries' '--openapi-spec-ids' '--openapi-spec-files' '--policy' '--postman-collection' '--postman-environment' '--include-endpoint-labels' '--exclude-endpoint-labels' '--include-endpoint-with-owner-attributes' '--include-endpoint-owners' '--loglevel') + optionsArr=('--scan-name' '--traffic-env' '--token' '--plugins' '--include-url-regex' '--exclude-url-regex' '--target-url' '--traceable-server' '--idle-timeout' '--scan-timeout' ' --reference-env' '--max-retries' '--openapi-spec-ids' '--openapi-spec-files' '--policy' '--postman-collection' '--postman-environment' '--include-endpoint-labels' '--exclude-endpoint-labels' '--include-endpoint-with-owner-attributes' '--include-endpoint-owners' '--loglevel') #Iterating the options available from options array and filling them with the arguments received in order iterator=0 - for option in '${{ inputs.scan_name }}' '${{ inputs.traffic_env }}' '${{ inputs.client_scan_token }}' '${{ inputs.plugins }}' '"${{ inputs.include_url_regex }}"' '"${{ inputs.exclude_url_regex }}"' '${{ inputs.target_url }}' '${{ inputs.traceable_server }}' '${{ inputs.idle_timeout }}' '${{ inputs.scan_timeout }}' '${{ inputs.reference_env }}' '${{ inputs.max_retries }}' '${{ inputs.openapi_spec_ids }}' '${{ inputs.openapi_spec_files }}' '${{ inputs.policy }}' '${{ inputs.postman_collection }}' '${{ inputs.postman_environment }}' '${{ inputs.include_endpoint_labels}}' '${{ inputs.exclude_endpoint_labels }}' '${{ inputs.include_endpoint_with_owner_attributes }}' '${{ inputs.include_endpoint_owners }}' '${{ inputs.log_level }}' + for option in '${{ inputs.scan_name }}' '${{ inputs.traffic_env }}' '${{ inputs.client_scan_token }}' '${{ inputs.plugins }}' "${{ inputs.include_url_regex }}" "${{ inputs.exclude_url_regex }}" '${{ inputs.target_url }}' '${{ inputs.traceable_server }}' '${{ inputs.idle_timeout }}' '${{ inputs.scan_timeout }}' '${{ inputs.reference_env }}' '${{ inputs.max_retries }}' '${{ inputs.openapi_spec_ids }}' '${{ inputs.openapi_spec_files }}' '${{ inputs.policy }}' '${{ inputs.postman_collection }}' '${{ inputs.postman_environment }}' '${{ inputs.include_endpoint_labels}}' '${{ inputs.exclude_endpoint_labels }}' '${{ inputs.include_endpoint_with_owner_attributes }}' '${{ inputs.include_endpoint_owners }}' '${{ inputs.log_level }}' do if [ -z "$option" ] || [ "$option" = "''" ] || [ "$option" = "NULL" ] then From b3df6f8b9090e4f0b812351d9a56f52056cf1cc0 Mon Sep 17 00:00:00 2001 From: Dhruv Singhal Date: Tue, 18 Apr 2023 00:01:11 +0530 Subject: [PATCH 04/10] test3 --- action.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/action.yml b/action.yml index 2064b5e..e345d6f 100644 --- a/action.yml +++ b/action.yml @@ -179,10 +179,10 @@ runs: optionsArr=('--scan-name' '--traffic-env' '--token' '--plugins' '--include-url-regex' '--exclude-url-regex' '--target-url' '--traceable-server' '--idle-timeout' '--scan-timeout' ' --reference-env' '--max-retries' '--openapi-spec-ids' '--openapi-spec-files' '--policy' '--postman-collection' '--postman-environment' '--include-endpoint-labels' '--exclude-endpoint-labels' '--include-endpoint-with-owner-attributes' '--include-endpoint-owners' '--loglevel') #Iterating the options available from options array and filling them with the arguments received in order - iterator=0 - for option in '${{ inputs.scan_name }}' '${{ inputs.traffic_env }}' '${{ inputs.client_scan_token }}' '${{ inputs.plugins }}' "${{ inputs.include_url_regex }}" "${{ inputs.exclude_url_regex }}" '${{ inputs.target_url }}' '${{ inputs.traceable_server }}' '${{ inputs.idle_timeout }}' '${{ inputs.scan_timeout }}' '${{ inputs.reference_env }}' '${{ inputs.max_retries }}' '${{ inputs.openapi_spec_ids }}' '${{ inputs.openapi_spec_files }}' '${{ inputs.policy }}' '${{ inputs.postman_collection }}' '${{ inputs.postman_environment }}' '${{ inputs.include_endpoint_labels}}' '${{ inputs.exclude_endpoint_labels }}' '${{ inputs.include_endpoint_with_owner_attributes }}' '${{ inputs.include_endpoint_owners }}' '${{ inputs.log_level }}' + iterator=0 + for option in '${{ inputs.scan_name }}' '${{ inputs.traffic_env }}' '${{ inputs.client_scan_token }}' '${{ inputs.plugins }}' '"${{ inputs.include_url_regex }}"' '"${{ inputs.exclude_url_regex }}"' '${{ inputs.target_url }}' '${{ inputs.traceable_server }}' '${{ inputs.idle_timeout }}' '${{ inputs.scan_timeout }}' '${{ inputs.reference_env }}' '${{ inputs.max_retries }}' '${{ inputs.openapi_spec_ids }}' '${{ inputs.openapi_spec_files }}' '${{ inputs.policy }}' '${{ inputs.postman_collection }}' '${{ inputs.postman_environment }}' '${{ inputs.include_endpoint_labels}}' '${{ inputs.exclude_endpoint_labels }}' '${{ inputs.include_endpoint_with_owner_attributes }}' '${{ inputs.include_endpoint_owners }}' '${{ inputs.log_level }}' do - if [ -z "$option" ] || [ "$option" = "''" ] || [ "$option" = "NULL" ] + if [ -z "$option" ] || [ "$option" = "''" ] || [ "$option" = "NULL" ] || [ $option = "NULL" ] then echo "${optionsArr[$iterator]}" is Null else From 7697fbd4a895167c3ca81f578c082fd59b0f79cd Mon Sep 17 00:00:00 2001 From: Dhruv Singhal Date: Tue, 18 Apr 2023 00:09:04 +0530 Subject: [PATCH 05/10] test4 --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index e345d6f..6a2af02 100644 --- a/action.yml +++ b/action.yml @@ -182,7 +182,7 @@ runs: iterator=0 for option in '${{ inputs.scan_name }}' '${{ inputs.traffic_env }}' '${{ inputs.client_scan_token }}' '${{ inputs.plugins }}' '"${{ inputs.include_url_regex }}"' '"${{ inputs.exclude_url_regex }}"' '${{ inputs.target_url }}' '${{ inputs.traceable_server }}' '${{ inputs.idle_timeout }}' '${{ inputs.scan_timeout }}' '${{ inputs.reference_env }}' '${{ inputs.max_retries }}' '${{ inputs.openapi_spec_ids }}' '${{ inputs.openapi_spec_files }}' '${{ inputs.policy }}' '${{ inputs.postman_collection }}' '${{ inputs.postman_environment }}' '${{ inputs.include_endpoint_labels}}' '${{ inputs.exclude_endpoint_labels }}' '${{ inputs.include_endpoint_with_owner_attributes }}' '${{ inputs.include_endpoint_owners }}' '${{ inputs.log_level }}' do - if [ -z "$option" ] || [ "$option" = "''" ] || [ "$option" = "NULL" ] || [ $option = "NULL" ] + if [ -z "$option" ] || [ "$option" = "''" ] || [ "$option" = "NULL" ] || [ "$option" = ""NULL"" ] then echo "${optionsArr[$iterator]}" is Null else From 31e225137860d7afede54d2529304c3b095877d6 Mon Sep 17 00:00:00 2001 From: Dhruv Singhal Date: Tue, 18 Apr 2023 00:34:27 +0530 Subject: [PATCH 06/10] test-5 --- action.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/action.yml b/action.yml index 6a2af02..132a252 100644 --- a/action.yml +++ b/action.yml @@ -180,13 +180,17 @@ runs: #Iterating the options available from options array and filling them with the arguments received in order iterator=0 - for option in '${{ inputs.scan_name }}' '${{ inputs.traffic_env }}' '${{ inputs.client_scan_token }}' '${{ inputs.plugins }}' '"${{ inputs.include_url_regex }}"' '"${{ inputs.exclude_url_regex }}"' '${{ inputs.target_url }}' '${{ inputs.traceable_server }}' '${{ inputs.idle_timeout }}' '${{ inputs.scan_timeout }}' '${{ inputs.reference_env }}' '${{ inputs.max_retries }}' '${{ inputs.openapi_spec_ids }}' '${{ inputs.openapi_spec_files }}' '${{ inputs.policy }}' '${{ inputs.postman_collection }}' '${{ inputs.postman_environment }}' '${{ inputs.include_endpoint_labels}}' '${{ inputs.exclude_endpoint_labels }}' '${{ inputs.include_endpoint_with_owner_attributes }}' '${{ inputs.include_endpoint_owners }}' '${{ inputs.log_level }}' + for option in '${{ inputs.scan_name }}' '${{ inputs.traffic_env }}' '${{ inputs.client_scan_token }}' '${{ inputs.plugins }}' '${{ inputs.include_url_regex }}' '${{ inputs.exclude_url_regex }}' '${{ inputs.target_url }}' '${{ inputs.traceable_server }}' '${{ inputs.idle_timeout }}' '${{ inputs.scan_timeout }}' '${{ inputs.reference_env }}' '${{ inputs.max_retries }}' '${{ inputs.openapi_spec_ids }}' '${{ inputs.openapi_spec_files }}' '${{ inputs.policy }}' '${{ inputs.postman_collection }}' '${{ inputs.postman_environment }}' '${{ inputs.include_endpoint_labels}}' '${{ inputs.exclude_endpoint_labels }}' '${{ inputs.include_endpoint_with_owner_attributes }}' '${{ inputs.include_endpoint_owners }}' '${{ inputs.log_level }}' do - if [ -z "$option" ] || [ "$option" = "''" ] || [ "$option" = "NULL" ] || [ "$option" = ""NULL"" ] + if [ -z "$option" ] || [ "$option" = "''" ] || [ "$option" = "NULL" ] then echo "${optionsArr[$iterator]}" is Null else - scanInitCmd=$scanInitCmd" "${optionsArr[$iterator]}" "${option} + if [ "${optionsArr[$iterator]}" = "--include-url-regex" ] || [ "${optionsArr[$iterator]}" = "--exclude-url-regex" ] + then + scanInitCmd=$scanInitCmd" "${optionsArr[$iterator]}" ""${option}" + else + scanInitCmd=$scanInitCmd" "${optionsArr[$iterator]}" ""${option}" fi iterator=$(($iterator+1)) done From e5a6697602ab6053e92a7e803a8fb474c98940fa Mon Sep 17 00:00:00 2001 From: Dhruv Singhal Date: Tue, 18 Apr 2023 00:37:06 +0530 Subject: [PATCH 07/10] test6 --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index 132a252..a01ee64 100644 --- a/action.yml +++ b/action.yml @@ -190,7 +190,7 @@ runs: then scanInitCmd=$scanInitCmd" "${optionsArr[$iterator]}" ""${option}" else - scanInitCmd=$scanInitCmd" "${optionsArr[$iterator]}" ""${option}" + scanInitCmd=$scanInitCmd" "${optionsArr[$iterator]}" "${option} fi iterator=$(($iterator+1)) done From 4928eaef02b9514e058a2a392af3a6204136ef0b Mon Sep 17 00:00:00 2001 From: Dhruv Singhal Date: Tue, 18 Apr 2023 00:38:44 +0530 Subject: [PATCH 08/10] test7 --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index a01ee64..146b42a 100644 --- a/action.yml +++ b/action.yml @@ -188,7 +188,7 @@ runs: else if [ "${optionsArr[$iterator]}" = "--include-url-regex" ] || [ "${optionsArr[$iterator]}" = "--exclude-url-regex" ] then - scanInitCmd=$scanInitCmd" "${optionsArr[$iterator]}" ""${option}" + scanInitCmd=$scanInitCmd" "${optionsArr[$iterator]}" \"${option}\"" else scanInitCmd=$scanInitCmd" "${optionsArr[$iterator]}" "${option} fi From 0da612abcebe79ea6cbe38f960277215816b1c3a Mon Sep 17 00:00:00 2001 From: Dhruv Singhal Date: Tue, 18 Apr 2023 00:38:44 +0530 Subject: [PATCH 09/10] test7 --- action.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/action.yml b/action.yml index 146b42a..b5df9fb 100644 --- a/action.yml +++ b/action.yml @@ -191,6 +191,7 @@ runs: scanInitCmd=$scanInitCmd" "${optionsArr[$iterator]}" \"${option}\"" else scanInitCmd=$scanInitCmd" "${optionsArr[$iterator]}" "${option} + fi fi iterator=$(($iterator+1)) done From 52874051dd498050d4659e0b5f2bff3ecf83881f Mon Sep 17 00:00:00 2001 From: Dhruv Singhal Date: Tue, 18 Apr 2023 01:14:32 +0530 Subject: [PATCH 10/10] test8 --- .github/workflows/test-e2e.yml | 2 +- action.yml | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml index f93cf03..bfad26d 100644 --- a/.github/workflows/test-e2e.yml +++ b/.github/workflows/test-e2e.yml @@ -19,7 +19,7 @@ jobs: client_scan_token: ${{ secrets.CLIENT_SCAN_TOKEN_DEMO }} cli_version: 'latest' traffic_env: 'crapi-demo1' - include_url_regex: '.*' + include_url_regex: .* traceable_server: ${{ secrets.TRACEABLE_SERVER_DEMO }} - name: Stop Scan if: always() diff --git a/action.yml b/action.yml index b5df9fb..df60d03 100644 --- a/action.yml +++ b/action.yml @@ -237,13 +237,18 @@ runs: #Iterating the options available from options array and filling them with the arguments received in order iterator=0 - for option in '${{ inputs.scan_name }}' '${{ inputs.traffic_env }}' '${{ inputs.client_scan_token }}' '${{ inputs.plugins }}' '"${{ inputs.include_url_regex }}"' '"${{ inputs.exclude_url_regex }}"' '${{ inputs.target_url }}' '${{ inputs.traceable_server }}' '${{ inputs.scan_timeout }}' '${{ inputs.reference_env }}' '${{ inputs.openapi_spec_ids }}' '${{ inputs.openapi_spec_files }}' '${{ inputs.policy }}' '${{ inputs.include_endpoint_labels}}' '${{ inputs.exclude_endpoint_labels }}' '${{ inputs.include_endpoint_with_owner_attributes }}' '${{ inputs.include_endpoint_owners }}' '${{ inputs.log_level }}' + for option in '${{ inputs.scan_name }}' '${{ inputs.traffic_env }}' '${{ inputs.client_scan_token }}' '${{ inputs.plugins }}' '${{ inputs.include_url_regex }}' '${{ inputs.exclude_url_regex }}' '${{ inputs.target_url }}' '${{ inputs.traceable_server }}' '${{ inputs.scan_timeout }}' '${{ inputs.reference_env }}' '${{ inputs.openapi_spec_ids }}' '${{ inputs.openapi_spec_files }}' '${{ inputs.policy }}' '${{ inputs.include_endpoint_labels}}' '${{ inputs.exclude_endpoint_labels }}' '${{ inputs.include_endpoint_with_owner_attributes }}' '${{ inputs.include_endpoint_owners }}' '${{ inputs.log_level }}' do if [ -z "$option" ] || [ "$option" = "''" ] || [ "$option" = "NULL" ] then echo "${optionsArr[$iterator]}" is Null else - scanInitCmd=$scanInitCmd" "${optionsArr[$iterator]}" "${option} + if [ "${optionsArr[$iterator]}" = "--include-url-regex" ] || [ "${optionsArr[$iterator]}" = "--exclude-url-regex" ] + then + scanInitCmd=$scanInitCmd" "${optionsArr[$iterator]}" \"${option}\"" + else + scanInitCmd=$scanInitCmd" "${optionsArr[$iterator]}" "${option} + fi fi iterator=$(($iterator+1)) done