Skip to content

Penetration testing for EC-CUBE #20

Penetration testing for EC-CUBE

Penetration testing for EC-CUBE #20

name: Penetration testing for EC-CUBE
on:
schedule:
- cron: '0 15 * * 1'
jobs:
PenetrationTest:
name: Penetration testing
runs-on: ${{ matrix.operating-system }}
strategy:
fail-fast: false
matrix:
operating-system: [ ubuntu-22.04 ]
group:
- 'test/front_login/contact.test.ts'
- 'test/front_guest/about.test.ts'
- 'test/front_guest/contact.test.ts'
- 'test/admin/content_layout.test.ts'
- 'test/admin/content_layout_delete.test.ts'
- 'test/admin/customer_new.test.ts'
- 'test/admin/customer.test.ts'
- 'test/admin/content_cache.test.ts'
- 'test/admin/customer_edit.test.ts'
- 'test/admin/product_class_name.test.ts'
- 'test/admin/order_mail.test.ts'
- 'test/admin/product.test.ts'
- 'test/admin/product_csv_template.test.ts'
- 'test/admin/content_block.test.ts'
- 'test/admin/content_page.test.ts'
- 'test/admin/product_category_export.test.ts'
- 'test/admin/change_password.test.ts'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup to EC-CUBE
run: |
sudo chown -R 1001:1000 zap
sudo chmod -R g+w zap
docker-compose -f docker-compose.yml -f docker-compose.pgsql.yml -f docker-compose.dev.yml -f docker-compose.owaspzap.yml -f docker-compose.owaspzap.daemon.yml up -d
docker-compose -f docker-compose.yml -f docker-compose.pgsql.yml -f docker-compose.dev.yml -f docker-compose.owaspzap.yml -f docker-compose.owaspzap.daemon.yml exec -T ec-cube bin/console doctrine:schema:create --env=dev
docker-compose -f docker-compose.yml -f docker-compose.pgsql.yml -f docker-compose.dev.yml -f docker-compose.owaspzap.yml -f docker-compose.owaspzap.daemon.yml exec -T ec-cube bin/console eccube:fixtures:load --env=dev
docker-compose -f docker-compose.yml -f docker-compose.pgsql.yml -f docker-compose.dev.yml -f docker-compose.owaspzap.yml -f docker-compose.owaspzap.daemon.yml exec -T ec-cube bin/console eccube:fixtures:generate --products=5 --customers=1 --orders=5
docker-compose -f docker-compose.yml -f docker-compose.pgsql.yml -f docker-compose.dev.yml -f docker-compose.owaspzap.yml -f docker-compose.owaspzap.daemon.yml exec -T ec-cube bin/console doctrine:query:sql "UPDATE dtb_customer SET email = 'zap_user@example.com' WHERE id = 1;"
sed -i 's!APP_ENV: "dev"!APP_ENV: "prod"!g' docker-compose.yml
docker-compose -f docker-compose.yml -f docker-compose.pgsql.yml -f docker-compose.dev.yml -f docker-compose.owaspzap.yml -f docker-compose.owaspzap.daemon.yml up -d ec-cube
- name: yarn install
working-directory: zap/selenium/ci/TypeScript
run: |
yarn install
yarn run playwright install --with-deps chromium
yarn playwright install-deps chromium
- run: |
git config --global user.name "$(git --no-pager log --format=format:'%an' -n 1)"
git config --global user.email "$(git --no-pager log --format=format:'%ae' -n 1)"
- name: Apply patch to change_password
if: matrix.group == 'test/admin/change_password.test.ts'
working-directory: zap/selenium/ci/TypeScript
run: git am patches/0001-Member.patch
- name: Apply patch to delete_layout
if: matrix.group == 'test/admin/content_layout_delete.test.ts'
working-directory: zap/selenium/ci/TypeScript
run: git am patches/0001-DeleteLayout.patch
- name: Apply patch to new_customer
if: matrix.group == 'test/admin/customer_new.test.ts'
working-directory: zap/selenium/ci/TypeScript
run: git am patches/0002-NewCustomer.patch
- name: Penetration testing
working-directory: zap/selenium/ci/TypeScript
env:
GROUP: ${{ matrix.group }}
HTTP_PROXY: 127.0.0.1:8090
HTTPS_PROXY: 127.0.0.1:8090
CI: 1
FORCE_COLOR: 1
run: yarn playwright test ${GROUP}
- env:
GROUP: ${{ matrix.group }}
if: always()
run: echo "ARTIFACT_NAME=$(echo ${GROUP} | sed 's,/,-,g')" >> $GITHUB_ENV
- name: Upload evidence
if: always()
uses: actions/upload-artifact@v4
with:
name: zap-${{ env.ARTIFACT_NAME }}-session
path: zap/sessions