Skip to content

Application Security Engine support #14

Application Security Engine support

Application Security Engine support #14

name: Appsec Rules Tests
on:
pull_request:
branches: [ master ]
paths:
- 'appsec-configs/**.yaml'
- 'appsec-configs/**.yml'
- 'appsec-rules/**.yaml'
- 'appsec-rules/**.yml'
- '.github/workflows/test_appsec_rules.yaml'
- '.appsec-tests/**'
push:
branches: [ master ]
paths:
- 'appsec-configs/**.yaml'
- 'appsec-configs/**.yml'
- 'appsec-rules/**.yaml'
- 'appsec-rules/**.yml'
- '.github/workflows/test_appsec_rules.yaml'
- '.appsec-tests/**'
jobs:
run-hub-tests:
runs-on: ubuntu-20.04
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v4
- uses: actions/setup-go@v4
with:
go-version: '1.21'
- name: Install requirements
run: |
sudo apt install libre2-dev
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
- name: Install CrowdSec
run: |
git clone https://github.com/crowdsecurity/crowdsec.git
cd crowdsec
git checkout "coraza_poc_acquis"
BUILD_STATIC=1 make release
cd crowdsec-v*
sudo ./wizard.sh --unattended
- name: Install NGINX
run: |
sudo apt install nginx
- name: Install CrowdSec NGINX Bouncer
run: |
git clone https://github.com/crowdsecurity/cs-nginx-bouncer.git
cd cs-nginx-bouncer/
git checkout waf_integration
make release
tar xzvf crowdsec-nginx-bouncer.tgz
cd crowdsec-nginx-bouncer-v*
sudo ./install.sh -y
- name: Setup NGINX Bouncer API key
run: |
sudo cscli bouncers add hubtestAppsec -k "this_is_a_bad_password"
sudo sed -i 's/API_KEY=.*$/API_KEY=this_is_a_bad_password/' /etc/crowdsec/bouncers/crowdsec-nginx-bouncer.conf
echo "WAF_URL=http://127.0.0.1:4241" | sudo tee -a /etc/crowdsec/bouncers/crowdsec-nginx-bouncer.conf
sudo systemctl restart nginx
- name: run tests on last crowdsec tag
run: |
cscli hubtest run --all --appsec
echo "APPSEC_RULE_COV=$(cscli hubtest coverage --appsec --percent | cut -d '=' -f2)" >> $GITHUB_ENV
APPSEC_RULE_COV_NUMBER=$(cscli hubtest coverage --appsec --percent | cut -d '=' -f2 | tr -d '%' | tr -d '[[:space:]]')
echo "APPSEC_RULE_BADGE_COLOR=$(if [ "$APPSEC_RULE_COV_NUMBER" -lt "70" ]; then echo 'red'; else echo 'green'; fi)" >> $GITHUB_ENV
- name: Create appsec badge
uses: schneegans/[email protected]
#if: ${{ github.ref == 'refs/heads/master' }}
if: false
with:
auth: ${{ secrets.GIST_BADGES_SECRET }}
gistID: ${{ secrets.GIST_BADGES_ID }}
filename: hub_appsec_badge.json
label: Hub Appsec
message: ${{ env.APPSEC_RULE_COV }}
color: ${{ env.APPSEC_RULE_BADGE_COLOR }}