From 300e730d9ccdaf6a4f49b30de956f776a77a8407 Mon Sep 17 00:00:00 2001
From: Joe Gasiorek <Joseph.J.Gasiorek@omb.eop.gov>
Date: Sun, 7 Jul 2024 09:54:15 -0700
Subject: [PATCH 01/20] Fix OWASP test

---
 .github/actions/run-server/action.yml  |  1 +
 .github/workflows/owasp-daily-scan.yml | 14 +++++++++-----
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/.github/actions/run-server/action.yml b/.github/actions/run-server/action.yml
index 0672abd89..01abf490d 100644
--- a/.github/actions/run-server/action.yml
+++ b/.github/actions/run-server/action.yml
@@ -18,6 +18,7 @@ runs:
         DATABASE_URL: ${{ inputs.database_url }}
         SECRET_KEY_BASE: not-actually-secret
       run: bundle exec rails server &
+      working-directory: app
 
     - name: "Wait for startup"
       shell: bash
diff --git a/.github/workflows/owasp-daily-scan.yml b/.github/workflows/owasp-daily-scan.yml
index 67aed27eb..95367a38f 100644
--- a/.github/workflows/owasp-daily-scan.yml
+++ b/.github/workflows/owasp-daily-scan.yml
@@ -1,10 +1,12 @@
 name: OWASP ZAP daily scan
 
 on:
-  schedule:
-    # cron format: 'minute hour dayofmonth month dayofweek'
-    # this will run at noon UTC every day (7am EST / 8am EDT)
-    - cron: '0 12 * * *'
+  pull_request:
+    branches: [ main ]
+  # schedule:
+  #   # cron format: 'minute hour dayofmonth month dayofweek'
+  #   # this will run at noon UTC every day (7am EST / 8am EDT)
+  #   - cron: '0 12 * * *'
 
 jobs:
   owasp-scan:
@@ -31,6 +33,8 @@ jobs:
 
       - id: setup
         uses: ./.github/actions/setup-project
+        with:
+          rails_env: test
 
       - uses: ./.github/actions/run-server
         with:
@@ -41,5 +45,5 @@ jobs:
         with:
           target: 'http://localhost:3000/'
           fail_action: true
-          rules_file_name: 'zap.conf'
+          rules_file_name: 'app/zap.conf'
           cmd_options: '-I'

From 929a2d2bd008fda160cf1a6fa827593d8e0335a9 Mon Sep 17 00:00:00 2001
From: Joe Gasiorek <Joseph.J.Gasiorek@omb.eop.gov>
Date: Mon, 8 Jul 2024 08:33:27 -0700
Subject: [PATCH 02/20] include csrf

---
 app/app/views/cbv/employer_searches/show.html.erb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/app/views/cbv/employer_searches/show.html.erb b/app/app/views/cbv/employer_searches/show.html.erb
index e5c68d5e2..020507931 100644
--- a/app/app/views/cbv/employer_searches/show.html.erb
+++ b/app/app/views/cbv/employer_searches/show.html.erb
@@ -8,6 +8,7 @@
   <p><%= t(".directed_to_login_portal") %></p>
 
   <%= form_with url: cbv_flow_employer_search_path, method: :get, class: "usa-search usa-search--big margin-top-4", html: { role: "search" }, data: { turbo_frame: "employers", turbo_action: "advance" } do |f| %>
+    <%= hidden_field_tag :authenticity_token, form_authenticity_token -%>
     <%= f.label :query, "Search for your employer", class: "usa-sr-only" %>
     <%= f.text_field :query, value: @query, class: "usa-input", type: "search", data: { "cbv-employer-search-target": "searchTerms" } %>
     <button
@@ -24,6 +25,7 @@
   <%= render partial: "employer", locals: { employer: @employers } %>
 
   <%= form_with url: next_path, method: :get, class: "display-none", data: { 'cbv-employer-search-target': "form" } do |f| %>
+    <%= hidden_field_tag :authenticity_token, form_authenticity_token -%>
     <input type="hidden" name="user[account_id]" data-cbv-employer-search-target="userAccountId" >
   <% end %>
 

From 54a25bd6aeceafed2279f0127876cfa7e470565e Mon Sep 17 00:00:00 2001
From: Joe Gasiorek <Joseph.J.Gasiorek@omb.eop.gov>
Date: Mon, 8 Jul 2024 09:27:56 -0700
Subject: [PATCH 03/20] do not allow hidden files urls

---
 app/app/controllers/pages_controller.rb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/app/app/controllers/pages_controller.rb b/app/app/controllers/pages_controller.rb
index 45f463e4c..ffa5b55c3 100644
--- a/app/app/controllers/pages_controller.rb
+++ b/app/app/controllers/pages_controller.rb
@@ -1,4 +1,7 @@
 class PagesController < ApplicationController
   def home
+    unless params['format'].nil?
+      redirect_to '/404'
+    end
   end
 end

From cf4421e49bd9d2c11f1c79809df8511f68030f09 Mon Sep 17 00:00:00 2001
From: Joe Gasiorek <Joseph.J.Gasiorek@omb.eop.gov>
Date: Mon, 8 Jul 2024 09:50:06 -0700
Subject: [PATCH 04/20] 401

---
 app/app/controllers/pages_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/app/controllers/pages_controller.rb b/app/app/controllers/pages_controller.rb
index ffa5b55c3..9447a156e 100644
--- a/app/app/controllers/pages_controller.rb
+++ b/app/app/controllers/pages_controller.rb
@@ -1,7 +1,7 @@
 class PagesController < ApplicationController
   def home
     unless params['format'].nil?
-      redirect_to '/404'
+      head 401, content_type: 'text/html'
     end
   end
 end

From 610f65c34ab298f978a28246e41052faf5803c0b Mon Sep 17 00:00:00 2001
From: Joe Gasiorek <Joseph.J.Gasiorek@omb.eop.gov>
Date: Mon, 8 Jul 2024 12:19:25 -0700
Subject: [PATCH 05/20] try and exclude

---
 .github/workflows/owasp-daily-scan.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/owasp-daily-scan.yml b/.github/workflows/owasp-daily-scan.yml
index 95367a38f..55fff178c 100644
--- a/.github/workflows/owasp-daily-scan.yml
+++ b/.github/workflows/owasp-daily-scan.yml
@@ -46,4 +46,4 @@ jobs:
           target: 'http://localhost:3000/'
           fail_action: true
           rules_file_name: 'app/zap.conf'
-          cmd_options: '-I'
+          cmd_options: '-I -config globalexcludeurl.url_list.url.regex="^((http:\/\/localhost:3000\/cbv\/employer_search\?authenticity_token).*)$"'

From 1cbecd310b1f0e8a69c5564a489850459bcc3949 Mon Sep 17 00:00:00 2001
From: Joe Gasiorek <Joseph.J.Gasiorek@omb.eop.gov>
Date: Mon, 8 Jul 2024 12:27:53 -0700
Subject: [PATCH 06/20] try and exclude2

---
 .github/workflows/owasp-daily-scan.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/owasp-daily-scan.yml b/.github/workflows/owasp-daily-scan.yml
index 55fff178c..8a68a3c2e 100644
--- a/.github/workflows/owasp-daily-scan.yml
+++ b/.github/workflows/owasp-daily-scan.yml
@@ -46,4 +46,4 @@ jobs:
           target: 'http://localhost:3000/'
           fail_action: true
           rules_file_name: 'app/zap.conf'
-          cmd_options: '-I -config globalexcludeurl.url_list.url.regex="^((http:\/\/localhost:3000\/cbv\/employer_search\?authenticity_token).*)$"'
+          cmd_options: '-I -z "-config globalexcludeurl.url_list.url.regex="^((http:\/\/localhost:3000\/cbv\/employer_search\?authenticity_token).*)""'

From 1857b86b1bfa034db889d6ff6d48ee7584cb97bf Mon Sep 17 00:00:00 2001
From: Joe Gasiorek <Joseph.J.Gasiorek@omb.eop.gov>
Date: Mon, 8 Jul 2024 12:36:46 -0700
Subject: [PATCH 07/20] try and exclude3

---
 .github/workflows/owasp-daily-scan.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/owasp-daily-scan.yml b/.github/workflows/owasp-daily-scan.yml
index 8a68a3c2e..71c5b39fd 100644
--- a/.github/workflows/owasp-daily-scan.yml
+++ b/.github/workflows/owasp-daily-scan.yml
@@ -46,4 +46,4 @@ jobs:
           target: 'http://localhost:3000/'
           fail_action: true
           rules_file_name: 'app/zap.conf'
-          cmd_options: '-I -z "-config globalexcludeurl.url_list.url.regex="^((http:\/\/localhost:3000\/cbv\/employer_search\?authenticity_token).*)""'
+          cmd_options: '-I -z "-config globalexcludeurl.url_list.url.regex="^http:\/\/localhost:3000\/cbv\/employer_search\?authenticity\_token.*""'

From 66965229193a1b2c3edecf1ef0eab583df5a67a1 Mon Sep 17 00:00:00 2001
From: Joe Gasiorek <Joseph.J.Gasiorek@omb.eop.gov>
Date: Tue, 9 Jul 2024 07:49:30 -0700
Subject: [PATCH 08/20] exclude url

---
 .github/workflows/owasp-daily-scan.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/owasp-daily-scan.yml b/.github/workflows/owasp-daily-scan.yml
index 71c5b39fd..fda0d54d1 100644
--- a/.github/workflows/owasp-daily-scan.yml
+++ b/.github/workflows/owasp-daily-scan.yml
@@ -46,4 +46,4 @@ jobs:
           target: 'http://localhost:3000/'
           fail_action: true
           rules_file_name: 'app/zap.conf'
-          cmd_options: '-I -z "-config globalexcludeurl.url_list.url.regex="^http:\/\/localhost:3000\/cbv\/employer_search\?authenticity\_token.*""'
+          cmd_options: '-I -z "-config network.globalExclusions.exclusions\(0\).name=Search -config network.globalExclusions.exclusions\(0\).enabled=true -config network.globalExclusions.exclusions\(0\).value=/.*\/(?:.{2}\/)?cbv\/employer_search\?authenticity\_token.*/gm"'

From d24473d112c6b6bd48191d51b2c86b6e352f7a8e Mon Sep 17 00:00:00 2001
From: Joe Gasiorek <Joseph.J.Gasiorek@omb.eop.gov>
Date: Tue, 9 Jul 2024 08:02:04 -0700
Subject: [PATCH 09/20] try escaing the quote

---
 .github/workflows/owasp-daily-scan.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/owasp-daily-scan.yml b/.github/workflows/owasp-daily-scan.yml
index fda0d54d1..6237af1a3 100644
--- a/.github/workflows/owasp-daily-scan.yml
+++ b/.github/workflows/owasp-daily-scan.yml
@@ -46,4 +46,4 @@ jobs:
           target: 'http://localhost:3000/'
           fail_action: true
           rules_file_name: 'app/zap.conf'
-          cmd_options: '-I -z "-config network.globalExclusions.exclusions\(0\).name=Search -config network.globalExclusions.exclusions\(0\).enabled=true -config network.globalExclusions.exclusions\(0\).value=/.*\/(?:.{2}\/)?cbv\/employer_search\?authenticity\_token.*/gm"'
+          cmd_options: '-I -z \"-config network.globalExclusions.exclusions\(0\).name=Search -config network.globalExclusions.exclusions\(0\).enabled=true -config network.globalExclusions.exclusions\(0\).value=/.*\/(?:.{2}\/)?cbv\/employer_search\?authenticity\_token.*/gm\"'

From cdf33f55b68deeb819fc8d9cf7cba471a584881c Mon Sep 17 00:00:00 2001
From: Joe Gasiorek <Joseph.J.Gasiorek@omb.eop.gov>
Date: Tue, 9 Jul 2024 08:46:18 -0700
Subject: [PATCH 10/20] double

---
 .github/workflows/owasp-daily-scan.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/owasp-daily-scan.yml b/.github/workflows/owasp-daily-scan.yml
index 6237af1a3..72aa7d7ce 100644
--- a/.github/workflows/owasp-daily-scan.yml
+++ b/.github/workflows/owasp-daily-scan.yml
@@ -46,4 +46,4 @@ jobs:
           target: 'http://localhost:3000/'
           fail_action: true
           rules_file_name: 'app/zap.conf'
-          cmd_options: '-I -z \"-config network.globalExclusions.exclusions\(0\).name=Search -config network.globalExclusions.exclusions\(0\).enabled=true -config network.globalExclusions.exclusions\(0\).value=/.*\/(?:.{2}\/)?cbv\/employer_search\?authenticity\_token.*/gm\"'
+          cmd_options: "-I -z \"-config network.globalExclusions.exclusions\(0\).name=Search -config network.globalExclusions.exclusions\(0\).enabled=true -config network.globalExclusions.exclusions\(0\).value=/.*\/(?:.{2}\/)?cbv\/employer_search\?authenticity\_token.*/gm\""

From c6a750223379a8224612a3484935e18e37c2577d Mon Sep 17 00:00:00 2001
From: Joe Gasiorek <Joseph.J.Gasiorek@omb.eop.gov>
Date: Tue, 9 Jul 2024 08:49:53 -0700
Subject: [PATCH 11/20] valid yaml

---
 .github/workflows/owasp-daily-scan.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/owasp-daily-scan.yml b/.github/workflows/owasp-daily-scan.yml
index 72aa7d7ce..481d1bc46 100644
--- a/.github/workflows/owasp-daily-scan.yml
+++ b/.github/workflows/owasp-daily-scan.yml
@@ -46,4 +46,4 @@ jobs:
           target: 'http://localhost:3000/'
           fail_action: true
           rules_file_name: 'app/zap.conf'
-          cmd_options: "-I -z \"-config network.globalExclusions.exclusions\(0\).name=Search -config network.globalExclusions.exclusions\(0\).enabled=true -config network.globalExclusions.exclusions\(0\).value=/.*\/(?:.{2}\/)?cbv\/employer_search\?authenticity\_token.*/gm\""
+          cmd_options: "-I -z \"-config network.globalExclusions.exclusions\\(0\\).name=Search -config network.globalExclusions.exclusions\\(0\\).enabled=true -config network.globalExclusions.exclusions\\(0\\).value=/.*\\/(?:.{2}\\/)?cbv\\/employer_search\\?authenticity\\_token.*/gm\""

From a4c7c4fc0bfbbb3e3d432aa5a8cdc9aaae70a44e Mon Sep 17 00:00:00 2001
From: Joe Gasiorek <Joseph.J.Gasiorek@omb.eop.gov>
Date: Tue, 9 Jul 2024 09:12:23 -0700
Subject: [PATCH 12/20] rubocop

---
 .github/workflows/owasp-daily-scan.yml  | 2 +-
 app/app/controllers/pages_controller.rb | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/owasp-daily-scan.yml b/.github/workflows/owasp-daily-scan.yml
index 481d1bc46..95a4d85f3 100644
--- a/.github/workflows/owasp-daily-scan.yml
+++ b/.github/workflows/owasp-daily-scan.yml
@@ -46,4 +46,4 @@ jobs:
           target: 'http://localhost:3000/'
           fail_action: true
           rules_file_name: 'app/zap.conf'
-          cmd_options: "-I -z \"-config network.globalExclusions.exclusions\\(0\\).name=Search -config network.globalExclusions.exclusions\\(0\\).enabled=true -config network.globalExclusions.exclusions\\(0\\).value=/.*\\/(?:.{2}\\/)?cbv\\/employer_search\\?authenticity\\_token.*/gm\""
+          cmd_options: "-I -z -config network.globalExclusions.exclusions\\(0\\).exclusion.name=Search -config network.globalExclusions.exclusions\\(0\\).exclusion.enabled=true -config network.globalExclusions.exclusions\\(0\\).exclusion.value=/.*\\/(?:.{2}\\/)?cbv\\/employer_search\\?authenticity\\_token.*/gm"
diff --git a/app/app/controllers/pages_controller.rb b/app/app/controllers/pages_controller.rb
index 9447a156e..fded99fb7 100644
--- a/app/app/controllers/pages_controller.rb
+++ b/app/app/controllers/pages_controller.rb
@@ -1,7 +1,7 @@
 class PagesController < ApplicationController
   def home
-    unless params['format'].nil?
-      head 401, content_type: 'text/html'
+    unless params["format"].nil?
+      head 401, content_type: "text/html"
     end
   end
 end

From 7f82448f863824f8be25b73e6ec68aa6fbea4064 Mon Sep 17 00:00:00 2001
From: Joe Gasiorek <Joseph.J.Gasiorek@omb.eop.gov>
Date: Tue, 9 Jul 2024 11:36:11 -0700
Subject: [PATCH 13/20] try

---
 .github/workflows/owasp-daily-scan.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/owasp-daily-scan.yml b/.github/workflows/owasp-daily-scan.yml
index 95a4d85f3..71cd2128d 100644
--- a/.github/workflows/owasp-daily-scan.yml
+++ b/.github/workflows/owasp-daily-scan.yml
@@ -46,4 +46,4 @@ jobs:
           target: 'http://localhost:3000/'
           fail_action: true
           rules_file_name: 'app/zap.conf'
-          cmd_options: "-I -z -config network.globalExclusions.exclusions\\(0\\).exclusion.name=Search -config network.globalExclusions.exclusions\\(0\\).exclusion.enabled=true -config network.globalExclusions.exclusions\\(0\\).exclusion.value=/.*\\/(?:.{2}\\/)?cbv\\/employer_search\\?authenticity\\_token.*/gm"
+          cmd_options: "-I -z '-config network.globalExclusions.exclusions\\(0\\).exclusion.name=Search -config network.globalExclusions.exclusions\\(0\\).exclusion.enabled=true -config network.globalExclusions.exclusions\\(0\\).exclusion.value=/.*\\/(?:.{2}\\/)?cbv\\/employer_search\\?authenticity\\_token.*/gm'"

From a0a805f9c5eff5c6a3dddc6906e529b5d052b528 Mon Sep 17 00:00:00 2001
From: Joe Gasiorek <Joseph.J.Gasiorek@omb.eop.gov>
Date: Tue, 9 Jul 2024 11:50:49 -0700
Subject: [PATCH 14/20] move options to file

---
 .github/workflows/owasp-daily-scan.yml | 3 ++-
 zap_options.conf                       | 3 +++
 2 files changed, 5 insertions(+), 1 deletion(-)
 create mode 100644 zap_options.conf

diff --git a/.github/workflows/owasp-daily-scan.yml b/.github/workflows/owasp-daily-scan.yml
index 71cd2128d..222b420c8 100644
--- a/.github/workflows/owasp-daily-scan.yml
+++ b/.github/workflows/owasp-daily-scan.yml
@@ -46,4 +46,5 @@ jobs:
           target: 'http://localhost:3000/'
           fail_action: true
           rules_file_name: 'app/zap.conf'
-          cmd_options: "-I -z '-config network.globalExclusions.exclusions\\(0\\).exclusion.name=Search -config network.globalExclusions.exclusions\\(0\\).exclusion.enabled=true -config network.globalExclusions.exclusions\\(0\\).exclusion.value=/.*\\/(?:.{2}\\/)?cbv\\/employer_search\\?authenticity\\_token.*/gm'"
+          cmd_options: "-I -z '-configfile zap_options.conf'"
+          # cmd_options: "-I -z '-config network.globalExclusions.exclusions\\(0\\).exclusion.name=Search -config network.globalExclusions.exclusions\\(0\\).exclusion.enabled=true -config network.globalExclusions.exclusions\\(0\\).exclusion.value=/.*\\/(?:.{2}\\/)?cbv\\/employer_search\\?authenticity\\_token.*/gm'"
diff --git a/zap_options.conf b/zap_options.conf
new file mode 100644
index 000000000..74ae025eb
--- /dev/null
+++ b/zap_options.conf
@@ -0,0 +1,3 @@
+network.globalExclusions.exclusions(0).exclusion.name=Search
+network.globalExclusions.exclusions(0).exclusion.enabled=true
+network.globalExclusions.exclusions(0).exclusion.value=/.*\/(?:.{2}\/)?cbv\/employer_search\?authenticity\_token.*/gm

From 21bce43b007fbc6f134dd506174df9713b5d69c5 Mon Sep 17 00:00:00 2001
From: Joe Gasiorek <Joseph.J.Gasiorek@omb.eop.gov>
Date: Tue, 9 Jul 2024 11:54:22 -0700
Subject: [PATCH 15/20] quotes

---
 .github/workflows/owasp-daily-scan.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/owasp-daily-scan.yml b/.github/workflows/owasp-daily-scan.yml
index 222b420c8..fe635eda9 100644
--- a/.github/workflows/owasp-daily-scan.yml
+++ b/.github/workflows/owasp-daily-scan.yml
@@ -46,5 +46,5 @@ jobs:
           target: 'http://localhost:3000/'
           fail_action: true
           rules_file_name: 'app/zap.conf'
-          cmd_options: "-I -z '-configfile zap_options.conf'"
+          cmd_options: "-I -z \"-configfile zap_options.conf\""
           # cmd_options: "-I -z '-config network.globalExclusions.exclusions\\(0\\).exclusion.name=Search -config network.globalExclusions.exclusions\\(0\\).exclusion.enabled=true -config network.globalExclusions.exclusions\\(0\\).exclusion.value=/.*\\/(?:.{2}\\/)?cbv\\/employer_search\\?authenticity\\_token.*/gm'"

From 27e043f42c36ee590462bc4a645bc3b07b008e54 Mon Sep 17 00:00:00 2001
From: Joe Gasiorek <Joseph.J.Gasiorek@omb.eop.gov>
Date: Tue, 9 Jul 2024 12:26:05 -0700
Subject: [PATCH 16/20] quotes2

---
 .github/workflows/owasp-daily-scan.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/owasp-daily-scan.yml b/.github/workflows/owasp-daily-scan.yml
index fe635eda9..545fcc01f 100644
--- a/.github/workflows/owasp-daily-scan.yml
+++ b/.github/workflows/owasp-daily-scan.yml
@@ -46,5 +46,5 @@ jobs:
           target: 'http://localhost:3000/'
           fail_action: true
           rules_file_name: 'app/zap.conf'
-          cmd_options: "-I -z \"-configfile zap_options.conf\""
+          cmd_options: '-I -z "\'-configfile zap_options.conf\'"'
           # cmd_options: "-I -z '-config network.globalExclusions.exclusions\\(0\\).exclusion.name=Search -config network.globalExclusions.exclusions\\(0\\).exclusion.enabled=true -config network.globalExclusions.exclusions\\(0\\).exclusion.value=/.*\\/(?:.{2}\\/)?cbv\\/employer_search\\?authenticity\\_token.*/gm'"

From 07f8bf6978813b74a258f373454675c9216849a9 Mon Sep 17 00:00:00 2001
From: Joe Gasiorek <Joseph.J.Gasiorek@omb.eop.gov>
Date: Tue, 9 Jul 2024 12:28:26 -0700
Subject: [PATCH 17/20] quotes3

---
 .github/workflows/owasp-daily-scan.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/owasp-daily-scan.yml b/.github/workflows/owasp-daily-scan.yml
index 545fcc01f..d178e3b15 100644
--- a/.github/workflows/owasp-daily-scan.yml
+++ b/.github/workflows/owasp-daily-scan.yml
@@ -46,5 +46,4 @@ jobs:
           target: 'http://localhost:3000/'
           fail_action: true
           rules_file_name: 'app/zap.conf'
-          cmd_options: '-I -z "\'-configfile zap_options.conf\'"'
-          # cmd_options: "-I -z '-config network.globalExclusions.exclusions\\(0\\).exclusion.name=Search -config network.globalExclusions.exclusions\\(0\\).exclusion.enabled=true -config network.globalExclusions.exclusions\\(0\\).exclusion.value=/.*\\/(?:.{2}\\/)?cbv\\/employer_search\\?authenticity\\_token.*/gm'"
+          cmd_options: -I -z "\'-configfile zap_options.conf\'"

From f2a0a10cf566d0b0073ba3910e234d47790bd23c Mon Sep 17 00:00:00 2001
From: Joe Gasiorek <Joseph.J.Gasiorek@omb.eop.gov>
Date: Tue, 9 Jul 2024 13:28:07 -0700
Subject: [PATCH 18/20] use fork

---
 .github/workflows/owasp-daily-scan.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/owasp-daily-scan.yml b/.github/workflows/owasp-daily-scan.yml
index d178e3b15..bf037b021 100644
--- a/.github/workflows/owasp-daily-scan.yml
+++ b/.github/workflows/owasp-daily-scan.yml
@@ -41,9 +41,9 @@ jobs:
           database_url: ${{ steps.setup.outputs.database_url }}
 
       - name: Run OWASP Full Scan
-        uses: zaproxy/action-full-scan@v0.10.0
+        uses: JosephGasiorekUSDS/action-full-scan@jgasiorek-args
         with:
           target: 'http://localhost:3000/'
           fail_action: true
           rules_file_name: 'app/zap.conf'
-          cmd_options: -I -z "\'-configfile zap_options.conf\'"
+          cmd_options: -I -z "-configfile zap_options.conf"

From 8d3a8cf1a59b3116a76695a352a89f6b1ea08f3c Mon Sep 17 00:00:00 2001
From: Joe Gasiorek <Joseph.J.Gasiorek@omb.eop.gov>
Date: Tue, 9 Jul 2024 13:38:43 -0700
Subject: [PATCH 19/20] use options

---
 .github/workflows/owasp-daily-scan.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/owasp-daily-scan.yml b/.github/workflows/owasp-daily-scan.yml
index bf037b021..266ac30e0 100644
--- a/.github/workflows/owasp-daily-scan.yml
+++ b/.github/workflows/owasp-daily-scan.yml
@@ -46,4 +46,4 @@ jobs:
           target: 'http://localhost:3000/'
           fail_action: true
           rules_file_name: 'app/zap.conf'
-          cmd_options: -I -z "-configfile zap_options.conf"
+          cmd_options: -I -z "-config network.globalExclusions.exclusions\\(0\\).exclusion.name=Search -config network.globalExclusions.exclusions\\(0\\).exclusion.enabled=true -config network.globalExclusions.exclusions\\(0\\).exclusion.value=/.*\\/(?:.{2}\\/)?cbv\\/employer_search\\?authenticity\\_token.*/gm"

From be40c6a91a392ad28914ede7fcd2c5b7c4bb0047 Mon Sep 17 00:00:00 2001
From: Joe Gasiorek <Joseph.J.Gasiorek@omb.eop.gov>
Date: Tue, 9 Jul 2024 14:53:49 -0700
Subject: [PATCH 20/20] q

---
 .github/workflows/owasp-daily-scan.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/owasp-daily-scan.yml b/.github/workflows/owasp-daily-scan.yml
index 266ac30e0..6b156c60c 100644
--- a/.github/workflows/owasp-daily-scan.yml
+++ b/.github/workflows/owasp-daily-scan.yml
@@ -46,4 +46,4 @@ jobs:
           target: 'http://localhost:3000/'
           fail_action: true
           rules_file_name: 'app/zap.conf'
-          cmd_options: -I -z "-config network.globalExclusions.exclusions\\(0\\).exclusion.name=Search -config network.globalExclusions.exclusions\\(0\\).exclusion.enabled=true -config network.globalExclusions.exclusions\\(0\\).exclusion.value=/.*\\/(?:.{2}\\/)?cbv\\/employer_search\\?authenticity\\_token.*/gm"
+          cmd_options: -I -z \"-config network.globalExclusions.exclusions\\(0\\).exclusion.name=Search -config network.globalExclusions.exclusions\\(0\\).exclusion.enabled=true -config network.globalExclusions.exclusions\\(0\\).exclusion.value=/.*\\/(?:.{2}\\/)?cbv\\/employer_search\\?authenticity\\_token.*/gm\"