Add waf check fp tool #6
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Waf Check FP | |
| on: | |
| pull_request: | |
| branches: [ master ] | |
| paths: | |
| - 'appsec-configs/**.yaml' | |
| - 'appsec-configs/**.yml' | |
| - 'appsec-rules/**.yaml' | |
| - 'appsec-rules/**.yml' | |
| - '.github/workflows/waf-check.yaml' | |
| - '.appsec-tests/**' | |
| - 'waf-check/**' | |
| push: | |
| branches: [ master ] | |
| paths: | |
| - 'appsec-configs/**.yaml' | |
| - 'appsec-configs/**.yml' | |
| - 'appsec-rules/**.yaml' | |
| - 'appsec-rules/**.yml' | |
| - '.github/workflows/waf-check.yaml' | |
| - '.appsec-tests/**' | |
| - 'waf-check/**' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| build: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Check out code into the Go module directory | |
| uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: '1.21' | |
| - name: Split dateset | |
| run: | | |
| cd waf-check && go build -o waf-check | |
| ./waf-check -download -batch -dir-count 1 | |
| - uses: actions/upload-artifact@v4 | |
| name: Upload dataset in artifact | |
| with: | |
| name: waf-check-dataset | |
| path: ./dataset/dataset_**/ | |
| run: | |
| runs-on: ubuntu-22.04 | |
| needs: build | |
| strategy: | |
| matrix: | |
| dataset_folder: ["dataset_0"] | |
| steps: | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: waf-check-dataset | |
| path: waf-check/dataset/ | |
| name: Download dataset from artifact | |
| - name: Check out code into the Go module directory | |
| uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: '1.21' | |
| - name: Install CrowdSec | |
| run: | | |
| current_pwd=$(pwd) | |
| git clone https://github.com/crowdsecurity/crowdsec.git | |
| cd crowdsec | |
| BUILD_STATIC=1 make release | |
| cd crowdsec-v* | |
| sudo ./wizard.sh --unattended | |
| - name: Setup CrowdSec Appsec | |
| run: | | |
| cp waf-check/config/acquis.yaml /etc/crowdsec/acquis.yaml | |
| sudo cscli collections install crowdsecurity/appsec-virtual-patching | |
| sudo systemctl restart crowdsec | |
| - name: Register Remediation Component API Key | |
| run: | | |
| sudo cscli bouncers add hubtestAppsec -k "this_is_a_bad_password" | |
| - name: Start OpenResty Container | |
| run: | | |
| docker-compose -f docker/appsec/docker-compose.yaml up -d --build | |
| sleep 3 | |
| - name: Build and Run Waf Check | |
| run: | | |
| cd waf-check && go build -o waf-check && ./waf-check -dataset "dataset/${{ matrix.dataset_folder }}" | |