Skip to content

Commit

Permalink
ci: add http misconfigurations scans
Browse files Browse the repository at this point in the history
  • Loading branch information
emmanuelgautier committed Oct 20, 2024
1 parent af50de3 commit 59f985e
Showing 1 changed file with 59 additions and 0 deletions.
59 changes: 59 additions & 0 deletions .github/workflows/scans.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ permissions:

jobs:
run-jwt-scans:
name: JWT Scans
runs-on: ubuntu-latest

strategy:
Expand Down Expand Up @@ -73,3 +74,61 @@ jobs:
- name: Stop Server
if: ${{ always() }}
run: docker stop $(docker ps -q --filter ancestor=ghcr.io/cerberauth/api-vulns-challenges/${{ matrix.challenge }}:latest)

run-http-misconfigurations-scans:
name: HTTP Misconfigurations Scans
runs-on: ubuntu-latest

strategy:
fail-fast: false
matrix:
include:
- challenge: "misconfiguration.http_headers"
url: "http://localhost:8080"
- challenge: "misconfiguration.http_headers"
url: "http://localhost:8080/headers/cors-wildcard"
- challenge: "misconfiguration.http_headers"
url: "http://localhost:8080/headers/csp-frame-ancestors"
- challenge: "misconfiguration.http_cookies"
url: "http://localhost:8080/cookies/unsecure"
- challenge: "misconfiguration.http_cookies"
url: "http://localhost:8080/cookies/not-httponly"
- challenge: "misconfiguration.http_cookies"
url: "http://localhost:8080/cookies/samesite-none"
- challenge: "misconfiguration.http_cookies"
url: "http://localhost:8080/cookies/no-expiration"

steps:
- uses: actions/checkout@v4

- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Run Server
run: docker run -d -p 8080:8080 ghcr.io/cerberauth/api-vulns-challenges/http-misconfigurations:latest

- name: Setup Go environment
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}

- name: Build
run: go build -v ./...

- name: VulnAPI
id: vulnapi
continue-on-error: true
run: |
go run main.go scan curl ${{ matrix.url }} --scans "${{ matrix.challenge }}"
- name: Check for vulnerabilities
if: ${{ steps.vulnapi.outputs.conclusion == 'failure' }}
run: echo "Vulnerabilities found in ${{ matrix.challenge }}"

- name: Stop Server
if: ${{ always() }}
run: docker stop $(docker ps -q --filter ancestor=ghcr.io/cerberauth/api-vulns-challenges/http-misconfigurations:latest)

0 comments on commit 59f985e

Please sign in to comment.