fix runner

2021-03-11 16:51:02 +02:00
parent a9e2c0e133
commit 9468d41aea
3 changed files with 57 additions and 36 deletions
--- a/action.yml
+++ b/action.yml
@ -1,33 +1,33 @@
-# action.yml
+# action.yml
-name: 'KICS Github Action'
+name: 'KICS Github Action'
-description: 'Run KICS scan against IaC projects'
+description: 'Run KICS scan against IaC projects'
-inputs:
+inputs:
-  path:
+  path:
-    description: 'path to file or directory to scan'
+    description: 'path to file or directory to scan'
-    required: true
+    required: true
-  output_path:
+  output_path:
-    description: 'file path to store result in json format'
+    description: 'file path to store result in json format'
-    required: false
+    required: false
-  payload_path:
+  payload_path:
-    description: 'file path to store source internal representation in JSON format'
+    description: 'file path to store source internal representation in JSON format'
-    required: false
+    required: false
-  queries:
+  queries:
-    description: 'path to directory with queries (default "./assets/queries")'
+    description: 'path to directory with queries (default "./assets/queries")'
-    required: false
+    required: false
-  verbose:
+  verbose:
-    description: 'verbose scan'
+    description: 'verbose scan'
-outputs:
+outputs:
-  results:
+  results:
-    description: 'the result of KICS scan'
+    description: 'the result of KICS scan'
-branding:
+branding:
-  icon: 'shield'
+  icon: 'shield'
-  color: 'green'
+  color: 'green'
-runs:
+runs:
-  using: 'docker'
+  using: 'docker'
-  image: 'Dockerfile'
+  image: 'Dockerfile'
-  args:
+  args:
-    - ${{ inputs.path }}
+    - ${{ inputs.path }}
-    - ${{ inputs.output_path }}
+    - ${{ inputs.output_path }}
-    - ${{ inputs.payload_path }}
+    - ${{ inputs.payload_path }}
-    - ${{ inputs.queries }}
+    - ${{ inputs.queries }}
-    - ${{ inputs.versbose }}
+    - ${{ inputs.versbose }}
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -1,4 +1,26 @@
-#!/bin/bash
+#!/bin/ash
 DATETIME="`date '+%H:%M'`"
-./app/bin/kics -p $GITHUB_WORKSPACE/$INPUTS_PATH -o $INPUTS.OUTPUT_PATH
+if [ -z "$INPUT_PATH" ]
 then
      echo "${DATETIME} - ERR input path can't be empty"
      exit 1
 else
      INPUT_PARAM="-p $INPUT_PATH"
 fi
 [[ ! -z "$INPUT_OUTPUT_PATH" ]] && OUTPUT_PATH_PARAM="-o $INPUT_OUTPUT_PATH"
 [[ ! -z "$INPUT_PAYLOAD_PATH" ]] && PAYLOAD_PATH_PARAM="-d $INPUT_PAYLOAD_PATH"
 [[ ! -z "$INPUT_VERBOSE" ]] && VERBOSE_PARAM="-v"
 if [ ! -z "$INPUT_QUERIES" ]
 then
    QUERIES_PARAM="-q $INPUT_QUERIES"
 else
    QUERIES_PARAM="-q /usr/bin/assets/queries"
 fi
 cd $GITHUB_WORKSPACE
 echo "${DATETIME} - INF : about to scan directory $INPUT_PATH"
 echo "${DATETIME} - INF : kics command kics $INPUT_PARAM $OUTPUT_PATH_PARAM $PAYLOAD_PATH_PARAM $QUERIES_PARAM $VERBOSE_PARAM"
 /app/bin/kics $INPUT_PARAM $OUTPUT_PATH_PARAM $PAYLOAD_PATH_PARAM $QUERIES_PARAM $VERBOSE_PARAM
--- a/1
+++ b/1
@ -1 +0,0 @@
 {"osa":null,"projectId":"702","team":"KICS","project":"Checkmarx-kics-master","link":"https://sast.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1049455&projectid=702","files":"1526","loc":"22018","scanType":"Full","output":null,"additionalDetails":{"flow-summary":{"Medium":3},"numFailedLoc":"0","scanRiskSeverity":"4","scanId":"1049455","scanStartDate":"Monday, January 4, 2021 3:02:19 PM","customFields":{},"scanRisk":"35"},"scanSummary":{"highSeverity":0,"mediumSeverity":3,"lowSeverity":1,"infoSeverity":0,"statisticsCalculationDate":"2021-01-04T15:09:22.987"},"scaResults":null,"astResults":null,"xissues":[{"vulnerability":"Denial_Of_Service_Resource_Exhaustion","vulnerabilityStatus":"TO VERIFY","similarityId":"626320759","cwe":"400","cve":null,"description":"","language":"Go","severity":"Medium","link":"https://sast.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1049455&projectid=702&pathid=1","filename":"pkg/kics/service.go","gitUrl":"","falsePositiveCount":0,"osaDetails":null,"scaDetails":null,"details":{"52":{"falsePositive":false,"codeSnippet":"\t\t\tcontent, err := ioutil.ReadAll(rc)","comment":""}},"additionalDetails":{"recommendedFix":"https://sast.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=4679&queryVersionCode=107797906&queryTitle=Denial_Of_Service_Resource_Exhaustion","categories":null,"results":[{"sink":{"file":"pkg/kics/service.go","line":"62","column":"23","object":"<"},"state":"0","source":{"file":"pkg/kics/service.go","line":"52","column":"27","object":"ReadAll"}}]},"allFalsePositive":false},{"vulnerability":"Denial_Of_Service_Resource_Exhaustion","vulnerabilityStatus":"TO VERIFY","similarityId":"1471033900","cwe":"400","cve":null,"description":"","language":"Go","severity":"Medium","link":"https://sast.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1049455&projectid=702&pathid=2","filename":"test/main_test.go","gitUrl":"","falsePositiveCount":0,"osaDetails":null,"scaDetails":null,"details":{"83":{"falsePositive":false,"codeSnippet":"\tcontent, err := ioutil.ReadFile(filePath)","comment":""}},"additionalDetails":{"recommendedFix":"https://sast.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=4679&queryVersionCode=107797906&queryTitle=Denial_Of_Service_Resource_Exhaustion","categories":null,"results":[{"sink":{"file":"test/main_test.go","line":"97","column":"6","object":"<"},"state":"0","source":{"file":"test/main_test.go","line":"83","column":"25","object":"ReadFile"}}]},"allFalsePositive":false},{"vulnerability":"Path_Traversal","vulnerabilityStatus":"TO VERIFY","similarityId":"251195871","cwe":"36","cve":null,"description":"","language":"Go","severity":"Medium","link":"https://sast.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1049455&projectid=702&pathid=3","filename":"cmd/builder/main.go","gitUrl":"","falsePositiveCount":0,"osaDetails":null,"scaDetails":null,"details":{"30":{"falsePositive":false,"codeSnippet":"\t\t\tcontent, err := ioutil.ReadFile(inPath)","comment":""}},"additionalDetails":{"recommendedFix":"https://sast.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=4755&queryVersionCode=108916664&queryTitle=Path_Traversal","categories":"FISMA 2014;System And Information Integrity,NIST SP 800-53;SI-10 Information Input Validation (P1)","results":[{"sink":{"file":"cmd/builder/main.go","line":"74","column":"17","object":"Write"},"state":"0","source":{"file":"cmd/builder/main.go","line":"30","column":"27","object":"ReadFile"}}]},"allFalsePositive":false}],"sastScanId":null,"sastResults":true}
		`@ -1 +0,0 @@`
			{"osa":null,"projectId":"702","team":"KICS","project":"Checkmarx-kics-master","link":"https://sast.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1049455&projectid=702","files":"1526","loc":"22018","scanType":"Full","output":null,"additionalDetails":{"flow-summary":{"Medium":3},"numFailedLoc":"0","scanRiskSeverity":"4","scanId":"1049455","scanStartDate":"Monday, January 4, 2021 3:02:19 PM","customFields":{},"scanRisk":"35"},"scanSummary":{"highSeverity":0,"mediumSeverity":3,"lowSeverity":1,"infoSeverity":0,"statisticsCalculationDate":"2021-01-04T15:09:22.987"},"scaResults":null,"astResults":null,"xissues":[{"vulnerability":"Denial_Of_Service_Resource_Exhaustion","vulnerabilityStatus":"TO VERIFY","similarityId":"626320759","cwe":"400","cve":null,"description":"","language":"Go","severity":"Medium","link":"https://sast.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1049455&projectid=702&pathid=1","filename":"pkg/kics/service.go","gitUrl":"","falsePositiveCount":0,"osaDetails":null,"scaDetails":null,"details":{"52":{"falsePositive":false,"codeSnippet":"\t\t\tcontent, err := ioutil.ReadAll(rc)","comment":""}},"additionalDetails":{"recommendedFix":"https://sast.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=4679&queryVersionCode=107797906&queryTitle=Denial_Of_Service_Resource_Exhaustion","categories":null,"results":[{"sink":{"file":"pkg/kics/service.go","line":"62","column":"23","object":"<"},"state":"0","source":{"file":"pkg/kics/service.go","line":"52","column":"27","object":"ReadAll"}}]},"allFalsePositive":false},{"vulnerability":"Denial_Of_Service_Resource_Exhaustion","vulnerabilityStatus":"TO VERIFY","similarityId":"1471033900","cwe":"400","cve":null,"description":"","language":"Go","severity":"Medium","link":"https://sast.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1049455&projectid=702&pathid=2","filename":"test/main_test.go","gitUrl":"","falsePositiveCount":0,"osaDetails":null,"scaDetails":null,"details":{"83":{"falsePositive":false,"codeSnippet":"\tcontent, err := ioutil.ReadFile(filePath)","comment":""}},"additionalDetails":{"recommendedFix":"https://sast.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=4679&queryVersionCode=107797906&queryTitle=Denial_Of_Service_Resource_Exhaustion","categories":null,"results":[{"sink":{"file":"test/main_test.go","line":"97","column":"6","object":"<"},"state":"0","source":{"file":"test/main_test.go","line":"83","column":"25","object":"ReadFile"}}]},"allFalsePositive":false},{"vulnerability":"Path_Traversal","vulnerabilityStatus":"TO VERIFY","similarityId":"251195871","cwe":"36","cve":null,"description":"","language":"Go","severity":"Medium","link":"https://sast.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1049455&projectid=702&pathid=3","filename":"cmd/builder/main.go","gitUrl":"","falsePositiveCount":0,"osaDetails":null,"scaDetails":null,"details":{"30":{"falsePositive":false,"codeSnippet":"\t\t\tcontent, err := ioutil.ReadFile(inPath)","comment":""}},"additionalDetails":{"recommendedFix":"https://sast.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=4755&queryVersionCode=108916664&queryTitle=Path_Traversal","categories":"FISMA 2014;System And Information Integrity,NIST SP 800-53;SI-10 Information Input Validation (P1)","results":[{"sink":{"file":"cmd/builder/main.go","line":"74","column":"17","object":"Write"},"state":"0","source":{"file":"cmd/builder/main.go","line":"30","column":"27","object":"ReadFile"}}]},"allFalsePositive":false}],"sastScanId":null,"sastResults":true}