From 18ac8c50555bcfa25867c3614d8a0d1e7e1ba1ad Mon Sep 17 00:00:00 2001 From: Puneeth Date: Fri, 27 Oct 2023 07:55:23 +0530 Subject: [PATCH 01/24] OWASP #714 : Added code to Cache the JAR file --- .github/workflows/dast-zap-test.yml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dast-zap-test.yml b/.github/workflows/dast-zap-test.yml index 605a6a68f..02517dedd 100644 --- a/.github/workflows/dast-zap-test.yml +++ b/.github/workflows/dast-zap-test.yml @@ -13,14 +13,25 @@ jobs: name: DAST test with ZAP runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Checkout code + uses: actions/checkout@v4 - name: Set up JDK 21 uses: actions/setup-java@v3 with: java-version: "21" distribution: "corretto" + - name: Cache Maven packages + uses: actions/cache@v3 + with: + path: ~/.m2 + key: MavenCache-${{ runner.os }}-${{ hashFiles('**/pom.xml') }} - name: Clean install run: ./mvnw --no-transfer-progress clean install -DskipTests -Ddependency-check.skip -Dcyclonedx.skip=true -Dexec.skip + - name: Cache JAR file + uses: actions/cache@v3 + with: + path: target + key: JarCache-${{ runner.os }}-${{ hashFiles('**/pom.xml') }} - name: Start wrongsecrets run: nohup ./mvnw spring-boot:run -Dspring-boot.run.profiles=without-vault & - name: ZAP Scan From d899746d6705051e7c6adba2083908a6aad7f95e Mon Sep 17 00:00:00 2001 From: Puneeth Date: Fri, 27 Oct 2023 09:55:39 +0530 Subject: [PATCH 02/24] OWASP #714 : Fixing Cache relaed issues --- .github/workflows/dast-zap-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dast-zap-test.yml b/.github/workflows/dast-zap-test.yml index 02517dedd..6e07d420e 100644 --- a/.github/workflows/dast-zap-test.yml +++ b/.github/workflows/dast-zap-test.yml @@ -30,7 +30,7 @@ jobs: - name: Cache JAR file uses: actions/cache@v3 with: - path: target + path: target/wrongsecrets-1.7.0-SNAPSHOT.jar key: JarCache-${{ runner.os }}-${{ hashFiles('**/pom.xml') }} - name: Start wrongsecrets run: nohup ./mvnw spring-boot:run -Dspring-boot.run.profiles=without-vault & From a613c6d76be50f0cb49337ea526e0bbf2dc6b014 Mon Sep 17 00:00:00 2001 From: Puneeth Date: Fri, 27 Oct 2023 10:34:48 +0530 Subject: [PATCH 03/24] OWASP #714 : Fixing Cache related issues --- .github/workflows/dast-zap-test.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/dast-zap-test.yml b/.github/workflows/dast-zap-test.yml index 6e07d420e..826afaaa4 100644 --- a/.github/workflows/dast-zap-test.yml +++ b/.github/workflows/dast-zap-test.yml @@ -20,18 +20,17 @@ jobs: with: java-version: "21" distribution: "corretto" - - name: Cache Maven packages - uses: actions/cache@v3 - with: - path: ~/.m2 - key: MavenCache-${{ runner.os }}-${{ hashFiles('**/pom.xml') }} - name: Clean install run: ./mvnw --no-transfer-progress clean install -DskipTests -Ddependency-check.skip -Dcyclonedx.skip=true -Dexec.skip - name: Cache JAR file + id: cache-jar uses: actions/cache@v3 + run: pwd with: path: target/wrongsecrets-1.7.0-SNAPSHOT.jar key: JarCache-${{ runner.os }}-${{ hashFiles('**/pom.xml') }} + restore-keys: | + JarCache-${{ runner.os }}- - name: Start wrongsecrets run: nohup ./mvnw spring-boot:run -Dspring-boot.run.profiles=without-vault & - name: ZAP Scan From 3b0a0b2c91a122efcb3578880e01f1569957e0a4 Mon Sep 17 00:00:00 2001 From: Puneeth Date: Fri, 27 Oct 2023 10:37:31 +0530 Subject: [PATCH 04/24] OWASP #714 : Fixing Cache related issues --- .github/workflows/dast-zap-test.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dast-zap-test.yml b/.github/workflows/dast-zap-test.yml index 826afaaa4..ff6be44cb 100644 --- a/.github/workflows/dast-zap-test.yml +++ b/.github/workflows/dast-zap-test.yml @@ -25,12 +25,13 @@ jobs: - name: Cache JAR file id: cache-jar uses: actions/cache@v3 - run: pwd with: path: target/wrongsecrets-1.7.0-SNAPSHOT.jar key: JarCache-${{ runner.os }}-${{ hashFiles('**/pom.xml') }} restore-keys: | JarCache-${{ runner.os }}- + - name: test + run: pwd - name: Start wrongsecrets run: nohup ./mvnw spring-boot:run -Dspring-boot.run.profiles=without-vault & - name: ZAP Scan From e3d1b88f108c847dae97d444934e6092c899008f Mon Sep 17 00:00:00 2001 From: Puneeth Date: Fri, 27 Oct 2023 10:41:15 +0530 Subject: [PATCH 05/24] OWASP #714 : Fixing Cache related issues --- .github/workflows/dast-zap-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dast-zap-test.yml b/.github/workflows/dast-zap-test.yml index ff6be44cb..eb63ae4fc 100644 --- a/.github/workflows/dast-zap-test.yml +++ b/.github/workflows/dast-zap-test.yml @@ -31,7 +31,7 @@ jobs: restore-keys: | JarCache-${{ runner.os }}- - name: test - run: pwd + run: ls - name: Start wrongsecrets run: nohup ./mvnw spring-boot:run -Dspring-boot.run.profiles=without-vault & - name: ZAP Scan From fe76a18c37ced6c637f7e82ee9526fbb4fbb7718 Mon Sep 17 00:00:00 2001 From: Puneeth Date: Fri, 27 Oct 2023 10:49:29 +0530 Subject: [PATCH 06/24] OWASP #714 : Fixing Cache related issues --- .github/workflows/dast-zap-test.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dast-zap-test.yml b/.github/workflows/dast-zap-test.yml index eb63ae4fc..0275ba68c 100644 --- a/.github/workflows/dast-zap-test.yml +++ b/.github/workflows/dast-zap-test.yml @@ -31,7 +31,9 @@ jobs: restore-keys: | JarCache-${{ runner.os }}- - name: test - run: ls + run: | + cd target + ls - name: Start wrongsecrets run: nohup ./mvnw spring-boot:run -Dspring-boot.run.profiles=without-vault & - name: ZAP Scan From a9d94739292be681add129549d77c00c895a559e Mon Sep 17 00:00:00 2001 From: Puneeth Date: Fri, 27 Oct 2023 11:53:55 +0530 Subject: [PATCH 07/24] OWASP #714 : Adding cache restoring job in java_swagger_doc workflow file --- .github/workflows/dast-zap-test.yml | 6 +----- .github/workflows/java_swagger_doc.yml | 12 ++++++++++++ 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/.github/workflows/dast-zap-test.yml b/.github/workflows/dast-zap-test.yml index 0275ba68c..e08481da2 100644 --- a/.github/workflows/dast-zap-test.yml +++ b/.github/workflows/dast-zap-test.yml @@ -26,14 +26,10 @@ jobs: id: cache-jar uses: actions/cache@v3 with: - path: target/wrongsecrets-1.7.0-SNAPSHOT.jar + path: ./target/wrongsecrets-1.7.0-SNAPSHOT.jar key: JarCache-${{ runner.os }}-${{ hashFiles('**/pom.xml') }} restore-keys: | JarCache-${{ runner.os }}- - - name: test - run: | - cd target - ls - name: Start wrongsecrets run: nohup ./mvnw spring-boot:run -Dspring-boot.run.profiles=without-vault & - name: ZAP Scan diff --git a/.github/workflows/java_swagger_doc.yml b/.github/workflows/java_swagger_doc.yml index 5d48a810c..f82189480 100644 --- a/.github/workflows/java_swagger_doc.yml +++ b/.github/workflows/java_swagger_doc.yml @@ -14,13 +14,25 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + - name: Check the cache + uses: actions/cache/restore@v3 + id: cache + with: + path: ./target + key: JarCache-${{ runner.os }}-${{ hashFiles('**/pom.xml') }} + - name: Check cache hit + id: cache-hit-check + run: echo "::set-output name=cache-hit::${{ steps.cache.outputs.cache-hit }}" - name: Set up JDK 21 + if: steps.cache.outputs.cache-hit != 'true' uses: actions/setup-java@v3 with: java-version: "21" distribution: "corretto" - name: Clean install + if: steps.cache.outputs.cache-hit != 'true' run: ./mvnw --no-transfer-progress clean install -DskipTests -Ddependency-check.skip -Dcyclonedx.skip=true -Dexec.skip + - name: Compile javadoc run: ./mvnw --no-transfer-progress compile javadoc:javadoc - name: Start wrongsecrets From cacd89d315233f9b18f759c963872558fdfa09e5 Mon Sep 17 00:00:00 2001 From: Puneeth Date: Mon, 30 Oct 2023 09:33:33 +0530 Subject: [PATCH 08/24] OWASP #714 : Adding cache restoring job in java_swagger_doc workflow file --- .github/workflows/java_swagger_doc.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/java_swagger_doc.yml b/.github/workflows/java_swagger_doc.yml index f82189480..25b3cdff5 100644 --- a/.github/workflows/java_swagger_doc.yml +++ b/.github/workflows/java_swagger_doc.yml @@ -22,7 +22,7 @@ jobs: key: JarCache-${{ runner.os }}-${{ hashFiles('**/pom.xml') }} - name: Check cache hit id: cache-hit-check - run: echo "::set-output name=cache-hit::${{ steps.cache.outputs.cache-hit }}" + run: echo "cache-hit=${{ steps.cache.outputs.cache-hit }}" >> $GITHUB_ENV - name: Set up JDK 21 if: steps.cache.outputs.cache-hit != 'true' uses: actions/setup-java@v3 @@ -32,7 +32,6 @@ jobs: - name: Clean install if: steps.cache.outputs.cache-hit != 'true' run: ./mvnw --no-transfer-progress clean install -DskipTests -Ddependency-check.skip -Dcyclonedx.skip=true -Dexec.skip - - name: Compile javadoc run: ./mvnw --no-transfer-progress compile javadoc:javadoc - name: Start wrongsecrets From 3852a108389e1eb39d99af47ea7a2d4ff80b5b86 Mon Sep 17 00:00:00 2001 From: Puneeth Date: Mon, 30 Oct 2023 10:35:48 +0530 Subject: [PATCH 09/24] OWASP #714 : Adding sepreate workflow for building the cache --- .github/workflows/building-jar-cache.yml | 26 +++++++++++++ .github/workflows/dast-zap-test.yml | 48 +++++++++++++++++------- 2 files changed, 61 insertions(+), 13 deletions(-) create mode 100644 .github/workflows/building-jar-cache.yml diff --git a/.github/workflows/building-jar-cache.yml b/.github/workflows/building-jar-cache.yml new file mode 100644 index 000000000..75f395588 --- /dev/null +++ b/.github/workflows/building-jar-cache.yml @@ -0,0 +1,26 @@ +name: Building JAR cache + +on: + workflow_call: + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Set up JDK 21 + uses: actions/setup-java@v3 + with: + java-version: "21" + distribution: "corretto" + - name: Clean install + run: ./mvnw --no-transfer-progress clean install -DskipTests -Ddependency-check.skip -Dcyclonedx.skip=true -Dexec.skip + - name: Cache JAR file + id: cache-jar + uses: actions/cache@v3 + with: + path: ./target/wrongsecrets-1.7.0-SNAPSHOT.jar + key: JarCache-${{ runner.os }}-${{ hashFiles('**/pom.xml') }} + restore-keys: | + JarCache-${{ runner.os }}- diff --git a/.github/workflows/dast-zap-test.yml b/.github/workflows/dast-zap-test.yml index e08481da2..ffa1a4b90 100644 --- a/.github/workflows/dast-zap-test.yml +++ b/.github/workflows/dast-zap-test.yml @@ -15,21 +15,43 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 - - name: Set up JDK 21 - uses: actions/setup-java@v3 + - uses: actions/checkout@v4 + - name: Check the cache + uses: actions/cache/restore@v3 + id: cache with: - java-version: "21" - distribution: "corretto" - - name: Clean install - run: ./mvnw --no-transfer-progress clean install -DskipTests -Ddependency-check.skip -Dcyclonedx.skip=true -Dexec.skip - - name: Cache JAR file - id: cache-jar - uses: actions/cache@v3 - with: - path: ./target/wrongsecrets-1.7.0-SNAPSHOT.jar + path: ./target key: JarCache-${{ runner.os }}-${{ hashFiles('**/pom.xml') }} - restore-keys: | - JarCache-${{ runner.os }}- + restore-keys: jar- + - name: Check cache hit + id: cache-hit-check + run: echo "cache-hit=${{ steps.cache.outputs.cache-hit }}" >> $GITHUB_ENV +# - name: Set up JDK 21 +# uses: actions/setup-java@v3 +# with: +# java-version: "21" +# distribution: "corretto" +# - name: Clean install +# run: ./mvnw --no-transfer-progress clean install -DskipTests -Ddependency-check.skip -Dcyclonedx.skip=true -Dexec.skip +# - name: Cache JAR file +# id: cache-jar +# uses: actions/cache@v3 +# with: +# path: ./target/wrongsecrets-1.7.0-SNAPSHOT.jar +# key: JarCache-${{ runner.os }}-${{ hashFiles('**/pom.xml') }} +# restore-keys: | +# JarCache-${{ runner.os }}- + - name: Trigger JAR cache build + if: steps.cache.outputs.cache-hit != 'true' + uses: actions/github-script@v6 + with: + script: | + await github.rest.actions.createWorkflowDispatch({ + owner: context.repo.owner, + repo: context.repo.repo, + workflow_id: 'building-jar-cache.yml', # workflow filename + ref: 'main' + }) - name: Start wrongsecrets run: nohup ./mvnw spring-boot:run -Dspring-boot.run.profiles=without-vault & - name: ZAP Scan From 0f7a3c81a3649e344102c3c41105e39afdfecee1 Mon Sep 17 00:00:00 2001 From: Puneeth Date: Mon, 30 Oct 2023 11:02:32 +0530 Subject: [PATCH 10/24] OWASP #714 : Fixing issues related to triggering of workflows --- .github/workflows/dast-zap-test.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/dast-zap-test.yml b/.github/workflows/dast-zap-test.yml index ffa1a4b90..d2a866019 100644 --- a/.github/workflows/dast-zap-test.yml +++ b/.github/workflows/dast-zap-test.yml @@ -46,11 +46,12 @@ jobs: uses: actions/github-script@v6 with: script: | - await github.rest.actions.createWorkflowDispatch({ - owner: context.repo.owner, - repo: context.repo.repo, - workflow_id: 'building-jar-cache.yml', # workflow filename - ref: 'main' + const {owner, repo} = context.repo + await github.rest.actions.createWorkflowDispatch({ + owner, + repo, + workflow_id: 'other-workflow.yml', + ref: 'main' }) - name: Start wrongsecrets run: nohup ./mvnw spring-boot:run -Dspring-boot.run.profiles=without-vault & From 4fd1aca0962d055166cbbb35f9a6af6ed7e3e0f6 Mon Sep 17 00:00:00 2001 From: Puneeth Date: Mon, 30 Oct 2023 11:30:09 +0530 Subject: [PATCH 11/24] OWASP #714 : Fixing issues related to triggering of workflows --- .github/workflows/dast-zap-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dast-zap-test.yml b/.github/workflows/dast-zap-test.yml index d2a866019..e88ec65c0 100644 --- a/.github/workflows/dast-zap-test.yml +++ b/.github/workflows/dast-zap-test.yml @@ -50,7 +50,7 @@ jobs: await github.rest.actions.createWorkflowDispatch({ owner, repo, - workflow_id: 'other-workflow.yml', + workflow_id: 'building-jar-cache.yml', ref: 'main' }) - name: Start wrongsecrets From 13d4aab0539a116ee33167e585bc593d54ac5521 Mon Sep 17 00:00:00 2001 From: Puneeth Date: Mon, 30 Oct 2023 12:17:54 +0530 Subject: [PATCH 12/24] OWASP #714 : Fixing issues related to triggering of workflows --- .github/workflows/dast-zap-test.yml | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/.github/workflows/dast-zap-test.yml b/.github/workflows/dast-zap-test.yml index e88ec65c0..cebf5ec7b 100644 --- a/.github/workflows/dast-zap-test.yml +++ b/.github/workflows/dast-zap-test.yml @@ -41,18 +41,14 @@ jobs: # key: JarCache-${{ runner.os }}-${{ hashFiles('**/pom.xml') }} # restore-keys: | # JarCache-${{ runner.os }}- - - name: Trigger JAR cache build - if: steps.cache.outputs.cache-hit != 'true' - uses: actions/github-script@v6 + - name: Trigger Building JAR cache + uses: actions/checkout@v2 with: - script: | - const {owner, repo} = context.repo - await github.rest.actions.createWorkflowDispatch({ - owner, - repo, - workflow_id: 'building-jar-cache.yml', - ref: 'main' - }) + repository: owner/repo + token: ${{ secrets.GITHUB_TOKEN }} + path: .github/workflows/building-jar-cache.yml + - name: Run Building JAR cache workflow + run: gh workflow run "Building JAR cache" --ref main - name: Start wrongsecrets run: nohup ./mvnw spring-boot:run -Dspring-boot.run.profiles=without-vault & - name: ZAP Scan From cc14526864cc378925d865ac7a4d21394ee78e82 Mon Sep 17 00:00:00 2001 From: Puneeth Date: Tue, 31 Oct 2023 09:41:39 +0530 Subject: [PATCH 13/24] OWASP #714 : Fixing workflow triggering isues --- .github/workflows/dast-zap-test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/dast-zap-test.yml b/.github/workflows/dast-zap-test.yml index cebf5ec7b..992b8fda1 100644 --- a/.github/workflows/dast-zap-test.yml +++ b/.github/workflows/dast-zap-test.yml @@ -42,12 +42,14 @@ jobs: # restore-keys: | # JarCache-${{ runner.os }}- - name: Trigger Building JAR cache + if: steps.cache.outputs.cache-hit != 'true' uses: actions/checkout@v2 with: repository: owner/repo token: ${{ secrets.GITHUB_TOKEN }} path: .github/workflows/building-jar-cache.yml - name: Run Building JAR cache workflow + if: steps.cache.outputs.cache-hit != 'true' run: gh workflow run "Building JAR cache" --ref main - name: Start wrongsecrets run: nohup ./mvnw spring-boot:run -Dspring-boot.run.profiles=without-vault & From da7be73f28bd88fd89351f21d004883c0c9203ba Mon Sep 17 00:00:00 2001 From: Puneeth Date: Tue, 31 Oct 2023 09:51:54 +0530 Subject: [PATCH 14/24] OWASP #714 : Fixing workflow triggering isues --- .github/workflows/dast-zap-test.yml | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/.github/workflows/dast-zap-test.yml b/.github/workflows/dast-zap-test.yml index 992b8fda1..cd2a4e87d 100644 --- a/.github/workflows/dast-zap-test.yml +++ b/.github/workflows/dast-zap-test.yml @@ -43,14 +43,22 @@ jobs: # JarCache-${{ runner.os }}- - name: Trigger Building JAR cache if: steps.cache.outputs.cache-hit != 'true' - uses: actions/checkout@v2 + uses: actions/github-script@v4 with: - repository: owner/repo - token: ${{ secrets.GITHUB_TOKEN }} - path: .github/workflows/building-jar-cache.yml - - name: Run Building JAR cache workflow - if: steps.cache.outputs.cache-hit != 'true' - run: gh workflow run "Building JAR cache" --ref main + script: | + const { data: workflows } = await octokit.actions.listRepoWorkflows({ + owner: context.repo.owner, + repo: context.repo.repo + }); + const secondWorkflow = workflows.workflows.find(w => w.name === "building-jar-cache.yml"); + if (secondWorkflow) { + await octokit.actions.createWorkflowDispatch({ + owner: context.repo.owner, + repo: context.repo.repo, + workflow_id: secondWorkflow.id + }); + } + token: ${{ secrets.GITHUB_TOKEN }} - name: Start wrongsecrets run: nohup ./mvnw spring-boot:run -Dspring-boot.run.profiles=without-vault & - name: ZAP Scan From 97d7adf2a671dffc5603426fe4ac2b2beac8a70e Mon Sep 17 00:00:00 2001 From: Puneeth Date: Tue, 31 Oct 2023 09:56:11 +0530 Subject: [PATCH 15/24] OWASP #714 : Fixing workflow triggering isues --- .github/workflows/dast-zap-test.yml | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/.github/workflows/dast-zap-test.yml b/.github/workflows/dast-zap-test.yml index cd2a4e87d..3451ac36a 100644 --- a/.github/workflows/dast-zap-test.yml +++ b/.github/workflows/dast-zap-test.yml @@ -26,21 +26,6 @@ jobs: - name: Check cache hit id: cache-hit-check run: echo "cache-hit=${{ steps.cache.outputs.cache-hit }}" >> $GITHUB_ENV -# - name: Set up JDK 21 -# uses: actions/setup-java@v3 -# with: -# java-version: "21" -# distribution: "corretto" -# - name: Clean install -# run: ./mvnw --no-transfer-progress clean install -DskipTests -Ddependency-check.skip -Dcyclonedx.skip=true -Dexec.skip -# - name: Cache JAR file -# id: cache-jar -# uses: actions/cache@v3 -# with: -# path: ./target/wrongsecrets-1.7.0-SNAPSHOT.jar -# key: JarCache-${{ runner.os }}-${{ hashFiles('**/pom.xml') }} -# restore-keys: | -# JarCache-${{ runner.os }}- - name: Trigger Building JAR cache if: steps.cache.outputs.cache-hit != 'true' uses: actions/github-script@v4 From cca1d206482c7167967ac3e6e950d470e1e2ddcf Mon Sep 17 00:00:00 2001 From: Puneeth Date: Tue, 31 Oct 2023 09:59:03 +0530 Subject: [PATCH 16/24] OWASP #714 : Fixing workflow triggering isues --- .github/workflows/dast-zap-test.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dast-zap-test.yml b/.github/workflows/dast-zap-test.yml index 3451ac36a..6c002c0be 100644 --- a/.github/workflows/dast-zap-test.yml +++ b/.github/workflows/dast-zap-test.yml @@ -25,7 +25,8 @@ jobs: restore-keys: jar- - name: Check cache hit id: cache-hit-check - run: echo "cache-hit=${{ steps.cache.outputs.cache-hit }}" >> $GITHUB_ENV + run: | + echo "cache-hit=${{ steps.cache.outputs.cache-hit }}" >> $GITHUB_ENV - name: Trigger Building JAR cache if: steps.cache.outputs.cache-hit != 'true' uses: actions/github-script@v4 From 80b8f6ee7a9737f6217439ef89d7b7a8318380e7 Mon Sep 17 00:00:00 2001 From: Puneeth Date: Tue, 31 Oct 2023 10:03:19 +0530 Subject: [PATCH 17/24] OWASP #714 : Fixing workflow triggering isues --- .github/workflows/dast-zap-test.yml | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/.github/workflows/dast-zap-test.yml b/.github/workflows/dast-zap-test.yml index 6c002c0be..ef822e234 100644 --- a/.github/workflows/dast-zap-test.yml +++ b/.github/workflows/dast-zap-test.yml @@ -15,23 +15,11 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 - - uses: actions/checkout@v4 - - name: Check the cache - uses: actions/cache/restore@v3 - id: cache - with: - path: ./target - key: JarCache-${{ runner.os }}-${{ hashFiles('**/pom.xml') }} - restore-keys: jar- - - name: Check cache hit - id: cache-hit-check - run: | - echo "cache-hit=${{ steps.cache.outputs.cache-hit }}" >> $GITHUB_ENV - name: Trigger Building JAR cache if: steps.cache.outputs.cache-hit != 'true' uses: actions/github-script@v4 with: - script: | + script: | const { data: workflows } = await octokit.actions.listRepoWorkflows({ owner: context.repo.owner, repo: context.repo.repo From 5573de4632c5c61ba49bef1a49ac9ce4341e92e6 Mon Sep 17 00:00:00 2001 From: Puneeth Date: Tue, 31 Oct 2023 10:05:20 +0530 Subject: [PATCH 18/24] OWASP #714 : Fixing workflow triggering isues --- .github/workflows/dast-zap-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dast-zap-test.yml b/.github/workflows/dast-zap-test.yml index ef822e234..2831ed0cc 100644 --- a/.github/workflows/dast-zap-test.yml +++ b/.github/workflows/dast-zap-test.yml @@ -20,7 +20,7 @@ jobs: uses: actions/github-script@v4 with: script: | - const { data: workflows } = await octokit.actions.listRepoWorkflows({ + const { data: workflows } = await octokit.actions.listRepoWorkflows({ owner: context.repo.owner, repo: context.repo.repo }); From 3eb84e5c7a73a0ac5046c310397f8a8b33e05a03 Mon Sep 17 00:00:00 2001 From: Puneeth Date: Tue, 31 Oct 2023 10:15:05 +0530 Subject: [PATCH 19/24] OWASP #714 : Fixing workflow triggering isues --- .github/workflows/dast-zap-test.yml | 31 ++++++++++++++--------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/.github/workflows/dast-zap-test.yml b/.github/workflows/dast-zap-test.yml index 2831ed0cc..8d032dffd 100644 --- a/.github/workflows/dast-zap-test.yml +++ b/.github/workflows/dast-zap-test.yml @@ -17,22 +17,21 @@ jobs: uses: actions/checkout@v4 - name: Trigger Building JAR cache if: steps.cache.outputs.cache-hit != 'true' - uses: actions/github-script@v4 - with: - script: | - const { data: workflows } = await octokit.actions.listRepoWorkflows({ - owner: context.repo.owner, - repo: context.repo.repo - }); - const secondWorkflow = workflows.workflows.find(w => w.name === "building-jar-cache.yml"); - if (secondWorkflow) { - await octokit.actions.createWorkflowDispatch({ - owner: context.repo.owner, - repo: context.repo.repo, - workflow_id: secondWorkflow.id - }); - } - token: ${{ secrets.GITHUB_TOKEN }} + run: | + const { Octokit } = require("@octokit/core"); + const octokit = new Octokit({ auth: process.env.GITHUB_TOKEN }); + const { data: workflows } = await octokit.request("GET /repos/commjoen/wrongsecrets/actions/workflows", { + owner: process.env.GITHUB_REPOSITORY.split("/")[0], + repo: process.env.GITHUB_REPOSITORY.split("/")[1] + }); + const secondWorkflow = workflows.workflows.find(w => w.name === "building-jar-cache.yml"); + if (secondWorkflow) { + await octokit.request("POST /repos/commjoen/wrongsecrets/actions/workflows/Building JAR cache/dispatches", { + owner: process.env.GITHUB_REPOSITORY.split("/")[0], + repo: process.env.GITHUB_REPOSITORY.split("/")[1], + workflow_id: secondWorkflow.id + }); + } - name: Start wrongsecrets run: nohup ./mvnw spring-boot:run -Dspring-boot.run.profiles=without-vault & - name: ZAP Scan From d68db2d450c06bed2fd6dc2ad073766a2e0643a7 Mon Sep 17 00:00:00 2001 From: Puneeth Date: Tue, 31 Oct 2023 10:35:32 +0530 Subject: [PATCH 20/24] OWASP #714 : Fixing workflow triggering isues --- .github/workflows/dast-zap-test.yml | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/.github/workflows/dast-zap-test.yml b/.github/workflows/dast-zap-test.yml index 8d032dffd..7ece5ce4c 100644 --- a/.github/workflows/dast-zap-test.yml +++ b/.github/workflows/dast-zap-test.yml @@ -18,20 +18,7 @@ jobs: - name: Trigger Building JAR cache if: steps.cache.outputs.cache-hit != 'true' run: | - const { Octokit } = require("@octokit/core"); - const octokit = new Octokit({ auth: process.env.GITHUB_TOKEN }); - const { data: workflows } = await octokit.request("GET /repos/commjoen/wrongsecrets/actions/workflows", { - owner: process.env.GITHUB_REPOSITORY.split("/")[0], - repo: process.env.GITHUB_REPOSITORY.split("/")[1] - }); - const secondWorkflow = workflows.workflows.find(w => w.name === "building-jar-cache.yml"); - if (secondWorkflow) { - await octokit.request("POST /repos/commjoen/wrongsecrets/actions/workflows/Building JAR cache/dispatches", { - owner: process.env.GITHUB_REPOSITORY.split("/")[0], - repo: process.env.GITHUB_REPOSITORY.split("/")[1], - workflow_id: secondWorkflow.id - }); - } + gh workflow run "Building JAR cache" --ref "main" - name: Start wrongsecrets run: nohup ./mvnw spring-boot:run -Dspring-boot.run.profiles=without-vault & - name: ZAP Scan From 17fdc4a0c79b59003636f81f497522e03ccdc243 Mon Sep 17 00:00:00 2001 From: Puneeth Date: Tue, 31 Oct 2023 10:37:49 +0530 Subject: [PATCH 21/24] OWASP #714 : Fixing workflow triggering isues --- .github/workflows/dast-zap-test.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dast-zap-test.yml b/.github/workflows/dast-zap-test.yml index 7ece5ce4c..d76faa27d 100644 --- a/.github/workflows/dast-zap-test.yml +++ b/.github/workflows/dast-zap-test.yml @@ -15,8 +15,10 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 - - name: Trigger Building JAR cache + - name: Trigger Building JAR cache with Git CLI if: steps.cache.outputs.cache-hit != 'true' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | gh workflow run "Building JAR cache" --ref "main" - name: Start wrongsecrets From 7b21b8940769c765d80a4382b15ae90fc6040e49 Mon Sep 17 00:00:00 2001 From: Puneeth Date: Tue, 31 Oct 2023 10:42:30 +0530 Subject: [PATCH 22/24] OWASP #714 : Fixing workflow triggering isues --- .github/workflows/dast-zap-test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/dast-zap-test.yml b/.github/workflows/dast-zap-test.yml index d76faa27d..6daf5681f 100644 --- a/.github/workflows/dast-zap-test.yml +++ b/.github/workflows/dast-zap-test.yml @@ -20,6 +20,7 @@ jobs: env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | + pwd gh workflow run "Building JAR cache" --ref "main" - name: Start wrongsecrets run: nohup ./mvnw spring-boot:run -Dspring-boot.run.profiles=without-vault & From 4aed9af454681abc4b2c210be24e14e9946b7caf Mon Sep 17 00:00:00 2001 From: Puneeth Date: Tue, 31 Oct 2023 10:45:05 +0530 Subject: [PATCH 23/24] OWASP #714 : Fixing workflow triggering isues --- .github/workflows/dast-zap-test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/dast-zap-test.yml b/.github/workflows/dast-zap-test.yml index 6daf5681f..293f8d693 100644 --- a/.github/workflows/dast-zap-test.yml +++ b/.github/workflows/dast-zap-test.yml @@ -21,6 +21,7 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | pwd + cd .github/workflows gh workflow run "Building JAR cache" --ref "main" - name: Start wrongsecrets run: nohup ./mvnw spring-boot:run -Dspring-boot.run.profiles=without-vault & From 1f8699a1d534ac4fbee8d81e9d6cee75e04de10b Mon Sep 17 00:00:00 2001 From: Puneeth Date: Tue, 31 Oct 2023 10:58:29 +0530 Subject: [PATCH 24/24] OWASP #714 : Fixing workflow triggering isues --- .github/workflows/dast-zap-test.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/dast-zap-test.yml b/.github/workflows/dast-zap-test.yml index 293f8d693..f3de6f4a2 100644 --- a/.github/workflows/dast-zap-test.yml +++ b/.github/workflows/dast-zap-test.yml @@ -17,12 +17,12 @@ jobs: uses: actions/checkout@v4 - name: Trigger Building JAR cache with Git CLI if: steps.cache.outputs.cache-hit != 'true' - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - pwd - cd .github/workflows - gh workflow run "Building JAR cache" --ref "main" + curl -X POST \ + -H "Authorization: ${{ secrets.GITHUB_TOKEN }}" \ + -H "Accept: application/vnd.github.v3+json" \ + https://github.com/puneeth072003/wrongsecrets/blob/chal/.github/workflows/building-jar-cache.yml + -d '{"ref":"main"}' - name: Start wrongsecrets run: nohup ./mvnw spring-boot:run -Dspring-boot.run.profiles=without-vault & - name: ZAP Scan