Skip to content

Add waf check fp tool #7

Add waf check fp tool

Add waf check fp tool #7

Workflow file for this run

name: Waf Check FP
on:
pull_request:
branches: [ master ]
paths:
- 'appsec-configs/**.yaml'
- 'appsec-configs/**.yml'
- 'appsec-rules/**.yaml'
- 'appsec-rules/**.yml'
- '.github/workflows/waf-check.yaml'
- '.appsec-tests/**'
- 'waf-check/**'
push:
branches: [ master ]
paths:
- 'appsec-configs/**.yaml'
- 'appsec-configs/**.yml'
- 'appsec-rules/**.yaml'
- 'appsec-rules/**.yml'
- '.github/workflows/waf-check.yaml'
- '.appsec-tests/**'
- 'waf-check/**'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build:
runs-on: ubuntu-22.04
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v4
- uses: actions/setup-go@v4
with:
go-version: '1.21'
- name: Split dateset
run: |
cd waf-check && go build -o waf-check
./waf-check -download -batch -dir-count 1
- uses: actions/upload-artifact@v4
name: Upload dataset in artifact
with:
name: waf-check-dataset
path: ./dataset/dataset_[0-9]+/
run:
runs-on: ubuntu-22.04
needs: build
strategy:
matrix:
dataset_folder: ["dataset_0"]
steps:
- uses: actions/download-artifact@v4
with:
name: waf-check-dataset
path: waf-check/dataset/
name: Download dataset from artifact
- name: Check out code into the Go module directory
uses: actions/checkout@v4
- uses: actions/setup-go@v4
with:
go-version: '1.21'
- name: Install CrowdSec
run: |
current_pwd=$(pwd)
git clone https://github.com/crowdsecurity/crowdsec.git
cd crowdsec
BUILD_STATIC=1 make release
cd crowdsec-v*
sudo ./wizard.sh --unattended
- name: Setup CrowdSec Appsec
run: |
cp waf-check/config/acquis.yaml /etc/crowdsec/acquis.yaml
sudo cscli collections install crowdsecurity/appsec-virtual-patching
sudo systemctl restart crowdsec
- name: Register Remediation Component API Key
run: |
sudo cscli bouncers add hubtestAppsec -k "this_is_a_bad_password"
- name: Start OpenResty Container
run: |
docker-compose -f docker/appsec/docker-compose.yaml up -d --build
sleep 3
- name: Build and Run Waf Check
run: |
cd waf-check && go build -o waf-check && ./waf-check -dataset "dataset/${{ matrix.dataset_folder }}"