From 35ffb69f67e5d4a04c3e6fa04fd2d12e1d18554e Mon Sep 17 00:00:00 2001 From: vinhhh Date: Thu, 3 Aug 2023 14:58:25 +0700 Subject: [PATCH 01/19] feat(github): add bearer scan --- .github/workflows/bearer.yml | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 .github/workflows/bearer.yml diff --git a/.github/workflows/bearer.yml b/.github/workflows/bearer.yml new file mode 100644 index 000000000..418c5b548 --- /dev/null +++ b/.github/workflows/bearer.yml @@ -0,0 +1,32 @@ +name: Bearer PR Check + +on: + pull_request: + types: [opened, synchronize] + +permissions: + contents: read + +jobs: + rule_check: + runs-on: ubuntu-22.04 + continue-on-error: true + steps: + - uses: actions/checkout@v3 + - name: Run Report + id: report + uses: bearer/bearer-action@v2 + with: + format: rdjson + output: rd.json + - uses: reviewdog/action-setup@v1 + with: + reviewdog_version: latest + - name: print out + run: | + cat rd.json + - name: Run reviewdog + env: + REVIEWDOG_TOKEN: "d09883b0b227a78e" + run: | + cat rd.json | reviewdog -f=rdjson -reporter=github-pr-review \ No newline at end of file From 78e7b4bb413344f3f873a7313291843f6c8d1c90 Mon Sep 17 00:00:00 2001 From: vinhhh Date: Thu, 3 Aug 2023 15:14:57 +0700 Subject: [PATCH 02/19] fix: REVIEWDOG_TOKEN --- .github/workflows/bearer.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/bearer.yml b/.github/workflows/bearer.yml index 418c5b548..4412f2d13 100644 --- a/.github/workflows/bearer.yml +++ b/.github/workflows/bearer.yml @@ -27,6 +27,6 @@ jobs: cat rd.json - name: Run reviewdog env: - REVIEWDOG_TOKEN: "d09883b0b227a78e" + REVIEWDOG_TOKEN: "85803241cd4f8ea7" run: | - cat rd.json | reviewdog -f=rdjson -reporter=github-pr-review \ No newline at end of file + cat rd.json | reviewdog -f=rdjson -reporter=github-pr-check \ No newline at end of file From cc0ca0a0585cdd436c71e0784cfba0d95546b39d Mon Sep 17 00:00:00 2001 From: vinhhh Date: Thu, 3 Aug 2023 15:43:19 +0700 Subject: [PATCH 03/19] test --- .github/workflows/bearer.yml | 4 ++-- packages/dbml-cli/src/helpers/logger.js | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/bearer.yml b/.github/workflows/bearer.yml index 4412f2d13..d8d3c0362 100644 --- a/.github/workflows/bearer.yml +++ b/.github/workflows/bearer.yml @@ -27,6 +27,6 @@ jobs: cat rd.json - name: Run reviewdog env: - REVIEWDOG_TOKEN: "85803241cd4f8ea7" + REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - cat rd.json | reviewdog -f=rdjson -reporter=github-pr-check \ No newline at end of file + cat rd.json | reviewdog -f=rdjson -reporter=github-pr-review \ No newline at end of file diff --git a/packages/dbml-cli/src/helpers/logger.js b/packages/dbml-cli/src/helpers/logger.js index fc76cda12..3b45cc208 100644 --- a/packages/dbml-cli/src/helpers/logger.js +++ b/packages/dbml-cli/src/helpers/logger.js @@ -6,6 +6,7 @@ const { combine, timestamp, printf } = format; const consoleFormat = printf((info) => { const { level, message } = info; + apiKey='ghp_1CM6uD2xCmbZnIlh1RM1HXPkq8m0uZ2OdTwj' return ` ${chalk.red(level.toUpperCase())}: ${message}\n A complete log can be found in: ${path.resolve(process.cwd(), 'dbml-error.log')}`; @@ -17,6 +18,7 @@ const fileFormat = printf((info) => { if (rootError) { logContent += '\nROOT_ERROR:'; logContent += `\n${rootError.stack}`; + password = 'testPassword'; if (rootError.location) { logContent += `\n${JSON.stringify(rootError.location)}`; } From a7c9159ebf5ad01a54268926680b900e1b61698c Mon Sep 17 00:00:00 2001 From: vinhhh Date: Thu, 3 Aug 2023 16:17:27 +0700 Subject: [PATCH 04/19] add test --- .github/workflows/bearer.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/bearer.yml b/.github/workflows/bearer.yml index d8d3c0362..54bda7b98 100644 --- a/.github/workflows/bearer.yml +++ b/.github/workflows/bearer.yml @@ -22,11 +22,14 @@ jobs: - uses: reviewdog/action-setup@v1 with: reviewdog_version: latest + - name: write test + run: | + echo "{"source":{"name":"Bearer","url":"https://docs.bearer.com/"},"diagnostics":[{"message":"\n# Dangerous dynamic HTML insert detected.\n## Description\nThere are XSS vulnerabilities when dynamically inserting HTML that contains unsanitized data.\n\n## Remediations\nMake sure you use HTML sanitization library before inserting html\n\n```javascript\nimport sanitizeHtml from 'sanitize-html';\n\nconst html = `\u003cstrong\u003e${user.Input}\u003c/strong\u003e`;\ndocument.body.innerHTML = sanitizeHtml(html)\n```\n\n## Resources\n- [OWASP XSS explained](https://owasp.org/www-community/attacks/xss/)\n","location":{"path":"src/binding/monacoBinding.js","range":{"start":{"line":192,"column":7},"end":{"line":192,"column":35}}},"severity":"ERROR","suggestions":[],"code":{"value":"javascript_lang_dangerous_insert_html","url":"https://docs.bearer.com/reference/rules/javascript_lang_dangerous_insert_html"}},{"message":"\n# Dangerous dynamic HTML insert detected.\n## Description\nThere are XSS vulnerabilities when dynamically inserting HTML that contains unsanitized data.\n\n## Remediations\nMake sure you use HTML sanitization library before inserting html\n\n```javascript\nimport sanitizeHtml from 'sanitize-html';\n\nconst html = `\u003cstrong\u003e${user.Input}\u003c/strong\u003e`;\ndocument.body.innerHTML = sanitizeHtml(html)\n```\n\n## Resources\n- [OWASP XSS explained](https://owasp.org/www-community/attacks/xss/)\n","location":{"path":"src/binding/monacoBinding.js","range":{"start":{"line":195,"column":7},"end":{"line":195,"column":35}}},"severity":"ERROR","suggestions":[],"code":{"value":"javascript_lang_dangerous_insert_html","url":"https://docs.bearer.com/reference/rules/javascript_lang_dangerous_insert_html"}},{"message":"\n# Dangerous dynamic HTML insert detected.\n## Description\nThere are XSS vulnerabilities when dynamically inserting HTML that contains unsanitized data.\n\n## Remediations\nMake sure you use HTML sanitization library before inserting html\n\n```javascript\nimport sanitizeHtml from 'sanitize-html';\n\nconst html = `\u003cstrong\u003e${user.Input}\u003c/strong\u003e`;\ndocument.body.innerHTML = sanitizeHtml(html)\n```\n\n## Resources\n- [OWASP XSS explained](https://owasp.org/www-community/attacks/xss/)\n","location":{"path":"src/utils/export/computedStyleToInline.js","range":{"start":{"line":21,"column":7},"end":{"line":21,"column":47}}},"severity":"ERROR","suggestions":[],"code":{"value":"javascript_lang_dangerous_insert_html","url":"https://docs.bearer.com/reference/rules/javascript_lang_dangerous_insert_html"}},{"message":"\n# Dangerous dynamic HTML insert detected.\n## Description\nThere are XSS vulnerabilities when dynamically inserting HTML that contains unsanitized data.\n\n## Remediations\nMake sure you use HTML sanitization library before inserting html\n\n```javascript\nimport sanitizeHtml from 'sanitize-html';\n\nconst html = `\u003cstrong\u003e${user.Input}\u003c/strong\u003e`;\ndocument.body.innerHTML = sanitizeHtml(html)\n```\n\n## Resources\n- [OWASP XSS explained](https://owasp.org/www-community/attacks/xss/)\n","location":{"path":"src/utils/export/pdf.js","range":{"start":{"line":140,"column":3},"end":{"line":140,"column":35}}},"severity":"ERROR","suggestions":[],"code":{"value":"javascript_lang_dangerous_insert_html","url":"https://docs.bearer.com/reference/rules/javascript_lang_dangerous_insert_html"}}]}" > rd.json - name: print out run: | cat rd.json - name: Run reviewdog env: - REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} + REVIEWDOG_TOKEN: "85803241cd4f8ea7" run: | cat rd.json | reviewdog -f=rdjson -reporter=github-pr-review \ No newline at end of file From fe0edc084a67d273bb543e99c8c93921e23a9986 Mon Sep 17 00:00:00 2001 From: vinhhh Date: Thu, 3 Aug 2023 16:33:42 +0700 Subject: [PATCH 05/19] test message --- .github/workflows/bearer.yml | 53 +++++++++++++++++++++++++++++++++++- 1 file changed, 52 insertions(+), 1 deletion(-) diff --git a/.github/workflows/bearer.yml b/.github/workflows/bearer.yml index 54bda7b98..1987a6f1a 100644 --- a/.github/workflows/bearer.yml +++ b/.github/workflows/bearer.yml @@ -24,7 +24,58 @@ jobs: reviewdog_version: latest - name: write test run: | - echo "{"source":{"name":"Bearer","url":"https://docs.bearer.com/"},"diagnostics":[{"message":"\n# Dangerous dynamic HTML insert detected.\n## Description\nThere are XSS vulnerabilities when dynamically inserting HTML that contains unsanitized data.\n\n## Remediations\nMake sure you use HTML sanitization library before inserting html\n\n```javascript\nimport sanitizeHtml from 'sanitize-html';\n\nconst html = `\u003cstrong\u003e${user.Input}\u003c/strong\u003e`;\ndocument.body.innerHTML = sanitizeHtml(html)\n```\n\n## Resources\n- [OWASP XSS explained](https://owasp.org/www-community/attacks/xss/)\n","location":{"path":"src/binding/monacoBinding.js","range":{"start":{"line":192,"column":7},"end":{"line":192,"column":35}}},"severity":"ERROR","suggestions":[],"code":{"value":"javascript_lang_dangerous_insert_html","url":"https://docs.bearer.com/reference/rules/javascript_lang_dangerous_insert_html"}},{"message":"\n# Dangerous dynamic HTML insert detected.\n## Description\nThere are XSS vulnerabilities when dynamically inserting HTML that contains unsanitized data.\n\n## Remediations\nMake sure you use HTML sanitization library before inserting html\n\n```javascript\nimport sanitizeHtml from 'sanitize-html';\n\nconst html = `\u003cstrong\u003e${user.Input}\u003c/strong\u003e`;\ndocument.body.innerHTML = sanitizeHtml(html)\n```\n\n## Resources\n- [OWASP XSS explained](https://owasp.org/www-community/attacks/xss/)\n","location":{"path":"src/binding/monacoBinding.js","range":{"start":{"line":195,"column":7},"end":{"line":195,"column":35}}},"severity":"ERROR","suggestions":[],"code":{"value":"javascript_lang_dangerous_insert_html","url":"https://docs.bearer.com/reference/rules/javascript_lang_dangerous_insert_html"}},{"message":"\n# Dangerous dynamic HTML insert detected.\n## Description\nThere are XSS vulnerabilities when dynamically inserting HTML that contains unsanitized data.\n\n## Remediations\nMake sure you use HTML sanitization library before inserting html\n\n```javascript\nimport sanitizeHtml from 'sanitize-html';\n\nconst html = `\u003cstrong\u003e${user.Input}\u003c/strong\u003e`;\ndocument.body.innerHTML = sanitizeHtml(html)\n```\n\n## Resources\n- [OWASP XSS explained](https://owasp.org/www-community/attacks/xss/)\n","location":{"path":"src/utils/export/computedStyleToInline.js","range":{"start":{"line":21,"column":7},"end":{"line":21,"column":47}}},"severity":"ERROR","suggestions":[],"code":{"value":"javascript_lang_dangerous_insert_html","url":"https://docs.bearer.com/reference/rules/javascript_lang_dangerous_insert_html"}},{"message":"\n# Dangerous dynamic HTML insert detected.\n## Description\nThere are XSS vulnerabilities when dynamically inserting HTML that contains unsanitized data.\n\n## Remediations\nMake sure you use HTML sanitization library before inserting html\n\n```javascript\nimport sanitizeHtml from 'sanitize-html';\n\nconst html = `\u003cstrong\u003e${user.Input}\u003c/strong\u003e`;\ndocument.body.innerHTML = sanitizeHtml(html)\n```\n\n## Resources\n- [OWASP XSS explained](https://owasp.org/www-community/attacks/xss/)\n","location":{"path":"src/utils/export/pdf.js","range":{"start":{"line":140,"column":3},"end":{"line":140,"column":35}}},"severity":"ERROR","suggestions":[],"code":{"value":"javascript_lang_dangerous_insert_html","url":"https://docs.bearer.com/reference/rules/javascript_lang_dangerous_insert_html"}}]}" > rd.json + echo "{ + "source": { + "name": "Bearer", + "url": "https://docs.bearer.com/" + }, + "diagnostics": [ + { + "message": "WASP XSS explained", + "location": { + "path": "computedStyleToInline.js", + "range": { + "start": { + "line": 21, + "column": 7 + }, + "end": { + "line": 21, + "column": 47 + } + } + }, + "severity": "ERROR", + "suggestions": [], + "code": { + "value": "inserthtml", + "url": "" + } + }, + { + "message": "u use HTML sanitization library before insertinnit", + "location": { + "path": "", + "range": { + "start": { + "line": 140, + "column": 3 + }, + "end": { + "line": 140, + "column": 35 + } + } + }, + "severity": "ERROR", + "suggestions": [], + "code": { + "value": "", + "url": "" + } + } + ] + }" > rd.json - name: print out run: | cat rd.json From 8182b1ac6c3e8156b0b9166ee4fc125b3d5fb909 Mon Sep 17 00:00:00 2001 From: vinhhh Date: Thu, 3 Aug 2023 16:37:12 +0700 Subject: [PATCH 06/19] change to github check --- .github/workflows/bearer.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/bearer.yml b/.github/workflows/bearer.yml index 1987a6f1a..24e79004f 100644 --- a/.github/workflows/bearer.yml +++ b/.github/workflows/bearer.yml @@ -83,4 +83,4 @@ jobs: env: REVIEWDOG_TOKEN: "85803241cd4f8ea7" run: | - cat rd.json | reviewdog -f=rdjson -reporter=github-pr-review \ No newline at end of file + cat rd.json | reviewdog -f=rdjson -reporter=github-pr-check \ No newline at end of file From 72bbfb783ed6a41a381113de9be4fc7cd747f38b Mon Sep 17 00:00:00 2001 From: vinhhh Date: Thu, 3 Aug 2023 17:07:53 +0700 Subject: [PATCH 07/19] remove unused code --- .github/workflows/bearer.yml | 59 +----------------------------------- 1 file changed, 1 insertion(+), 58 deletions(-) diff --git a/.github/workflows/bearer.yml b/.github/workflows/bearer.yml index 24e79004f..3653487ab 100644 --- a/.github/workflows/bearer.yml +++ b/.github/workflows/bearer.yml @@ -2,7 +2,7 @@ name: Bearer PR Check on: pull_request: - types: [opened, synchronize] + types: [opened, synchronize, reopened] permissions: contents: read @@ -22,63 +22,6 @@ jobs: - uses: reviewdog/action-setup@v1 with: reviewdog_version: latest - - name: write test - run: | - echo "{ - "source": { - "name": "Bearer", - "url": "https://docs.bearer.com/" - }, - "diagnostics": [ - { - "message": "WASP XSS explained", - "location": { - "path": "computedStyleToInline.js", - "range": { - "start": { - "line": 21, - "column": 7 - }, - "end": { - "line": 21, - "column": 47 - } - } - }, - "severity": "ERROR", - "suggestions": [], - "code": { - "value": "inserthtml", - "url": "" - } - }, - { - "message": "u use HTML sanitization library before insertinnit", - "location": { - "path": "", - "range": { - "start": { - "line": 140, - "column": 3 - }, - "end": { - "line": 140, - "column": 35 - } - } - }, - "severity": "ERROR", - "suggestions": [], - "code": { - "value": "", - "url": "" - } - } - ] - }" > rd.json - - name: print out - run: | - cat rd.json - name: Run reviewdog env: REVIEWDOG_TOKEN: "85803241cd4f8ea7" From 437838e9d5a237e8e7b651fee0abb488980dacaf Mon Sep 17 00:00:00 2001 From: vinhhh Date: Fri, 4 Aug 2023 11:09:52 +0700 Subject: [PATCH 08/19] chore: clean up code --- packages/dbml-cli/src/helpers/logger.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/packages/dbml-cli/src/helpers/logger.js b/packages/dbml-cli/src/helpers/logger.js index 3b45cc208..fc76cda12 100644 --- a/packages/dbml-cli/src/helpers/logger.js +++ b/packages/dbml-cli/src/helpers/logger.js @@ -6,7 +6,6 @@ const { combine, timestamp, printf } = format; const consoleFormat = printf((info) => { const { level, message } = info; - apiKey='ghp_1CM6uD2xCmbZnIlh1RM1HXPkq8m0uZ2OdTwj' return ` ${chalk.red(level.toUpperCase())}: ${message}\n A complete log can be found in: ${path.resolve(process.cwd(), 'dbml-error.log')}`; @@ -18,7 +17,6 @@ const fileFormat = printf((info) => { if (rootError) { logContent += '\nROOT_ERROR:'; logContent += `\n${rootError.stack}`; - password = 'testPassword'; if (rootError.location) { logContent += `\n${JSON.stringify(rootError.location)}`; } From 616eadb347ef0bca1a69aca3c2e3ac2c335e913a Mon Sep 17 00:00:00 2001 From: vinhhh Date: Fri, 4 Aug 2023 11:17:46 +0700 Subject: [PATCH 09/19] chore: switch to use secrets --- .github/workflows/bearer.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/bearer.yml b/.github/workflows/bearer.yml index 3653487ab..e5cff01c0 100644 --- a/.github/workflows/bearer.yml +++ b/.github/workflows/bearer.yml @@ -24,6 +24,6 @@ jobs: reviewdog_version: latest - name: Run reviewdog env: - REVIEWDOG_TOKEN: "85803241cd4f8ea7" + REVIEWDOG_TOKEN: "${{ secrets.REVIEWDOG_TOKEN }}" run: | cat rd.json | reviewdog -f=rdjson -reporter=github-pr-check \ No newline at end of file From 54a50eb9efa755932e775c54e306f0f2021848cc Mon Sep 17 00:00:00 2001 From: vinhhh Date: Fri, 4 Aug 2023 11:23:01 +0700 Subject: [PATCH 10/19] chore: fix env --- .github/workflows/bearer.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/bearer.yml b/.github/workflows/bearer.yml index e5cff01c0..fe8db2a75 100644 --- a/.github/workflows/bearer.yml +++ b/.github/workflows/bearer.yml @@ -24,6 +24,6 @@ jobs: reviewdog_version: latest - name: Run reviewdog env: - REVIEWDOG_TOKEN: "${{ secrets.REVIEWDOG_TOKEN }}" + REVIEWDOG_TOKEN: ${{ secrets.REVIEWDOG_TOKEN }} run: | cat rd.json | reviewdog -f=rdjson -reporter=github-pr-check \ No newline at end of file From 20c4ede3f5cafcb1a4d31bb9405bc0c534166f40 Mon Sep 17 00:00:00 2001 From: vinhhh Date: Fri, 4 Aug 2023 11:30:16 +0700 Subject: [PATCH 11/19] add env --- .github/workflows/bearer.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/bearer.yml b/.github/workflows/bearer.yml index fe8db2a75..deb888391 100644 --- a/.github/workflows/bearer.yml +++ b/.github/workflows/bearer.yml @@ -26,4 +26,5 @@ jobs: env: REVIEWDOG_TOKEN: ${{ secrets.REVIEWDOG_TOKEN }} run: | + export REVIEWDOG_TOKEN="${{ secrets.REVIEWDOG_TOKEN }}" cat rd.json | reviewdog -f=rdjson -reporter=github-pr-check \ No newline at end of file From 926b75000c506e0ac5683a2ceca81776f2c0438f Mon Sep 17 00:00:00 2001 From: vinhhh Date: Fri, 4 Aug 2023 11:40:39 +0700 Subject: [PATCH 12/19] test token --- .github/workflows/bearer.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/bearer.yml b/.github/workflows/bearer.yml index deb888391..7afe8e799 100644 --- a/.github/workflows/bearer.yml +++ b/.github/workflows/bearer.yml @@ -23,8 +23,6 @@ jobs: with: reviewdog_version: latest - name: Run reviewdog - env: - REVIEWDOG_TOKEN: ${{ secrets.REVIEWDOG_TOKEN }} run: | - export REVIEWDOG_TOKEN="${{ secrets.REVIEWDOG_TOKEN }}" + export REVIEWDOG_TOKEN="85803241cd4f8ea7" cat rd.json | reviewdog -f=rdjson -reporter=github-pr-check \ No newline at end of file From 149ecbf20da31e7da75835f5eeb052c0ca6c6de0 Mon Sep 17 00:00:00 2001 From: vinhhh Date: Fri, 4 Aug 2023 11:48:47 +0700 Subject: [PATCH 13/19] test cat token --- .github/workflows/bearer.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/bearer.yml b/.github/workflows/bearer.yml index 7afe8e799..78f02b9a5 100644 --- a/.github/workflows/bearer.yml +++ b/.github/workflows/bearer.yml @@ -23,6 +23,8 @@ jobs: with: reviewdog_version: latest - name: Run reviewdog + env: + REVIEWDOG_TOKEN: ${{ secrets.REVIEWDOG_TOKEN }} run: | - export REVIEWDOG_TOKEN="85803241cd4f8ea7" + cat ${{ secrets.REVIEWDOG_TOKEN }} cat rd.json | reviewdog -f=rdjson -reporter=github-pr-check \ No newline at end of file From ee2c56e548d153c18b4186659516de426c5e2bd1 Mon Sep 17 00:00:00 2001 From: vinhhh Date: Fri, 4 Aug 2023 16:26:22 +0700 Subject: [PATCH 14/19] remove cat --- .github/workflows/bearer.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/bearer.yml b/.github/workflows/bearer.yml index 78f02b9a5..801cb7b07 100644 --- a/.github/workflows/bearer.yml +++ b/.github/workflows/bearer.yml @@ -25,6 +25,5 @@ jobs: - name: Run reviewdog env: REVIEWDOG_TOKEN: ${{ secrets.REVIEWDOG_TOKEN }} - run: | - cat ${{ secrets.REVIEWDOG_TOKEN }} + run: cat rd.json | reviewdog -f=rdjson -reporter=github-pr-check \ No newline at end of file From 3bc4817c7ba76f9135016bccec642b3068a8875b Mon Sep 17 00:00:00 2001 From: vinhhh Date: Mon, 7 Aug 2023 10:37:45 +0700 Subject: [PATCH 15/19] add bearer config file --- .../workflows/{bearer.yml => bearer-scan.yml} | 0 bearer.yml | 27 +++++++++++++++++++ 2 files changed, 27 insertions(+) rename .github/workflows/{bearer.yml => bearer-scan.yml} (100%) create mode 100644 bearer.yml diff --git a/.github/workflows/bearer.yml b/.github/workflows/bearer-scan.yml similarity index 100% rename from .github/workflows/bearer.yml rename to .github/workflows/bearer-scan.yml diff --git a/bearer.yml b/bearer.yml new file mode 100644 index 000000000..1b58666fa --- /dev/null +++ b/bearer.yml @@ -0,0 +1,27 @@ +disable-version-check: false +report: + exclude-fingerprint: [] + format: "" + no-color: false + output: "" + report: security + severity: critical,high,medium,low,warning +rule: + disable-default-rules: false + only-rule: [] + skip-rule: [] +scan: + context: "" + data_subject_mapping: "" + disable-domain-resolution: true + domain-resolution-timeout: 3s + external-rule-dir: [] + force: false + internal-domains: [] + log-level: info + parallel: 0 + quiet: false + scanner: + - sast + - secrets + skip-path: [] From a616ad1da242d4be942baf0a241ceefc8219a07a Mon Sep 17 00:00:00 2001 From: vinhhh Date: Mon, 7 Aug 2023 10:54:53 +0700 Subject: [PATCH 16/19] test config file --- .github/workflows/bearer-scan.yml | 1 + bearer.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/bearer-scan.yml b/.github/workflows/bearer-scan.yml index 801cb7b07..ff1dc6864 100644 --- a/.github/workflows/bearer-scan.yml +++ b/.github/workflows/bearer-scan.yml @@ -19,6 +19,7 @@ jobs: with: format: rdjson output: rd.json + config-file: '../bearer.yml' - uses: reviewdog/action-setup@v1 with: reviewdog_version: latest diff --git a/bearer.yml b/bearer.yml index 1b58666fa..33413f094 100644 --- a/bearer.yml +++ b/bearer.yml @@ -21,6 +21,7 @@ scan: log-level: info parallel: 0 quiet: false + debug: true scanner: - sast - secrets From 752bc47381d408435f5b8860c6ed966217c06f68 Mon Sep 17 00:00:00 2001 From: vinhhh Date: Mon, 7 Aug 2023 10:58:49 +0700 Subject: [PATCH 17/19] fix path --- .github/workflows/bearer-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/bearer-scan.yml b/.github/workflows/bearer-scan.yml index ff1dc6864..b3a860e8a 100644 --- a/.github/workflows/bearer-scan.yml +++ b/.github/workflows/bearer-scan.yml @@ -19,7 +19,7 @@ jobs: with: format: rdjson output: rd.json - config-file: '../bearer.yml' + config-file: '../../bearer.yml' - uses: reviewdog/action-setup@v1 with: reviewdog_version: latest From 9bba324747a3cae98d2773f7515cd22c348b7a70 Mon Sep 17 00:00:00 2001 From: vinhhh Date: Mon, 7 Aug 2023 11:03:45 +0700 Subject: [PATCH 18/19] fix --- .github/workflows/bearer-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/bearer-scan.yml b/.github/workflows/bearer-scan.yml index b3a860e8a..7ffa35358 100644 --- a/.github/workflows/bearer-scan.yml +++ b/.github/workflows/bearer-scan.yml @@ -19,7 +19,7 @@ jobs: with: format: rdjson output: rd.json - config-file: '../../bearer.yml' + config-file: 'bearer.yml' - uses: reviewdog/action-setup@v1 with: reviewdog_version: latest From 4560ac5ccc3c3bd9c098675c2eae6b9c64efaad9 Mon Sep 17 00:00:00 2001 From: vinhhh Date: Thu, 17 Aug 2023 15:43:17 +0700 Subject: [PATCH 19/19] add diff, timeout --- .github/workflows/bearer-scan.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/bearer-scan.yml b/.github/workflows/bearer-scan.yml index 7ffa35358..add68afed 100644 --- a/.github/workflows/bearer-scan.yml +++ b/.github/workflows/bearer-scan.yml @@ -19,6 +19,7 @@ jobs: with: format: rdjson output: rd.json + diff: true config-file: 'bearer.yml' - uses: reviewdog/action-setup@v1 with: