Merge pull request #1376 from GSA/check-usage-SSL_free_buffers

Check usage ssl_free_buffers
GSA · Jun 17, 2024 · 4787289 · 4787289
2 parents db35384 + 016a039
commit 4787289
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/.github/workflows/commit.yml b/.github/workflows/commit.yml
@@ -55,6 +55,15 @@ jobs:
       - name: test_importer
         run: make test-import-tool
 
+  test_vulnerability:
+    name: test vulnerability
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: test_vulnerability
+        run: make vulnerability-check
+
   create-cloudgov-services-development:
     if: github.ref == 'refs/heads/develop'
     name: create services (development)

diff --git a/Makefile b/Makefile
@@ -174,3 +174,7 @@ harvest:
 	# ARGS=gather-consumer make harvest
 	# ARGS=fetch-consumer make harvest
 	docker compose exec ckan ckan harvester $(ARGS)
+
+vulnerability-check:
+	# Check for no usage of SSL_free_buffers. # Details: https://github.com/GSA/data.gov/issues/4781
+	! docker compose run --rm -T ckan grep -riI "SSL_free_buffers" /usr/local/lib/python3.10/site-packages/ && echo "Vulnerable SSL_free_buffers is not used"