merge branch main into patch/tag-standardization

.github/auto_assign.yml

@@ -1,24 +1,24 @@
 # Set to true to add reviewers to pull requests
-addReviewers: true
+addReviewers: false
 
 # Set to true to add assignees to pull requests
-addAssignees: true
+addAssignees: false
 
 # A list of reviewers to be added to pull requests (GitHub user name)
 reviewers:
+  - ritikchaddha
   - pussycat0x
   - DhiyaneshGeek
-  - ritikchaddha
 
 # A number of reviewers added to the pull request
 # Set 0 to add all the reviewers (default: 0)
 numberOfReviewers: 1
 
  # A list of assignees, overrides reviewers if set
 assignees:
+  - pussycat0x
   - ritikchaddha
   - DhiyaneshGeek
-  - pussycat0x
 
 # A number of assignees to add to the pull request
 # Set to 0 to add all of the assignees.

.github/scripts/assign_tasks.py

@@ -0,0 +1,139 @@
+import requests
+import sys
+import json
+
+# GitHub credentials
+password = sys.argv[3]
+
+repo_owner = "projectdiscovery"
+repo_name = "nuclei-templates"
+pr_user_list = ["DhiyaneshGeek", "pussycat0x", "ritikchaddha"]
+issue_user_list = ["princechaddha", "DhiyaneshGeek", "pussycat0x", "ritikchaddha"]
+
+headers = {'Authorization': f'Bearer {password}',
+        'Accept': 'application/vnd.github+json',
+        'X-GitHub-Api-Version': '2022-11-28'}
+
+def get_issue_assignee(issue_number):
+    issue_url = f"https://api.github.com/repos/{repo_owner}/{repo_name}/issues?per_page=2"
+    response = requests.get(issue_url, headers=headers)
+
+    if response.status_code == 200:
+        issue_data = response.json()[1]
+        assignee = issue_data["assignee"]["login"] if issue_data["assignee"] else "None"
+        return assignee
+    else:
+        print(f"Failed to fetch assignee for issue #{issue_number}")
+        return None
+
+def assign_issue_or_pr(user, issue_number):
+    url = f"https://api.github.com/repos/{repo_owner}/{repo_name}/issues/{issue_number}/assignees"
+    data = { "assignees": [user] }
+    response = requests.post(url, headers=headers, data=json.dumps(data))
+
+    if response.status_code == 201:
+        print(f"Assigned issue #{issue_number} to {user}")
+    else:
+        print(f"Failed to assign issue #{issue_number} to {user}. Status code: {response.status_code}")
+
+def get_pr_assignee_and_reviewer(pull_request_number):
+    pull_url = f'https://api.github.com/repos/{repo_owner}/{repo_name}/pulls?per_page=2'
+    response = requests.get(pull_url, headers=headers)
+
+    if response.status_code == 200:
+        pull_request_data = response.json()[1]
+        assignee = pull_request_data['assignee']['login'] if pull_request_data['assignee'] else None
+        reviewers = [reviewer['login'] for reviewer in pull_request_data['requested_reviewers']]
+
+        return assignee, reviewers
+    else:
+        print(f"Failed to retrieve pull request #{pull_request_number}. Response: {response.text}")
+        return None, None
+
+def get_pr_author(pull_request_number):
+    pull_url = f'https://api.github.com/repos/{repo_owner}/{repo_name}/pulls/{pull_request_number}'
+    response = requests.get(pull_url, headers=headers)
+
+    if response.status_code == 200:
+        pull_request_data = response.json()
+        author = pull_request_data['user']['login']
+        return author
+
+    else:
+        print(f"Failed to retrieve pull request #{pull_request_number}. Response: {response.text}")
+        return None
+
+def review_pr(user, pull_request_number):
+    url = f'https://api.github.com/repos/{repo_owner}/{repo_name}/pulls/{pull_request_number}/requested_reviewers'
+    data = { 'reviewers': [user] }
+    response = requests.post(url, headers=headers, data=json.dumps(data))
+
+    if response.status_code == 201:
+        print(f"Review request for pull request #{pull_request_number} sent to {user} successfully.")
+    else:
+        print(f"Failed to send review request for pull request #{pull_request_number}. Response: {response.text}")
+
+def main():
+    if len(sys.argv) != 4:
+        print("Usage: python assign_tasks.py <issue_number> <pr_or_issue> <token>")
+        sys.exit(1)
+
+    issue_number = int(sys.argv[1])
+    type_ = sys.argv[2]
+    if type_ == 'pr':
+        assignee, reviewers = get_pr_assignee_and_reviewer(issue_number - 1)
+        author = get_pr_author(issue_number)
+
+        if reviewers:
+            try:
+                index = pr_user_list.index(reviewers[0])
+                try: 
+                    reviewer = pr_user_list[index + 1]
+                except:
+                    reviewer = pr_user_list[0]
+                if reviewer == author:
+                    reviewer = pr_user_list(pr_user_list.index(reviewer) + 1)
+                    review_pr(reviewer, issue_number)
+                else:
+                    review_pr(reviewer, issue_number)
+
+            except Exception as e:
+                reviewer = pr_user_list[0]
+                review_pr(reviewer, issue_number)
+        else:
+            for user in pr_user_list:
+                if (user != author):
+                    reviewer = user
+                    review_pr(reviewer, issue_number)
+                    break
+
+        if assignee:
+            try:
+                index = pr_user_list.index(assignee)
+                if (pr_user_list[index + 1] == reviewer):
+                    assign_issue_or_pr(pr_user_list[index + 2], issue_number)
+                else:
+                    assign_issue_or_pr(pr_user_list[index + 1], issue_number)
+            except Exception as e:
+                if (pr_user_list[0] == reviewer):
+                    assign_issue_or_pr(pr_user_list[1], issue_number)
+                else:
+                    assign_issue_or_pr(pr_user_list[0], issue_number)
+        else:
+            if (pr_user_list[0] == reviewer):
+                assign_issue_or_pr(pr_user_list[1], issue_number)
+            else:
+                assign_issue_or_pr(pr_user_list[0], issue_number)
+    elif type_ == 'issue':
+        assignee = get_issue_assignee(issue_number-1)
+
+        if assignee:
+            try:
+                index = issue_user_list.index(assignee)
+                assign_issue_or_pr(issue_user_list[index + 1], issue_number)
+            except Exception as e:
+                assign_issue_or_pr(issue_user_list[0], issue_number)
+        else:
+            assign_issue_or_pr(issue_user_list[0], issue_number)
+
+main()

.github/workflows/autoassign.yml

@@ -0,0 +1,31 @@
+name: run assign_tasks.py
+on:
+  pull_request:
+    types: [opened]
+    branches: 
+      - main
+  issues:
+    types: [opened]
+
+jobs:
+  build:
+    permissions: write-all
+    runs-on: ubuntu-latest
+    env:
+      ASSIGN_TASK_TOKEN: ${{ secrets.GITHUB_TOKEN }} # github personal token
+    steps:
+      - name: checkout repo content
+        uses: actions/checkout@v2 # checkout the repository content
+      - name: setup python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.10' # install the python version needed
+      - name: install python packages
+        run: |
+          pip install requests
+      - name: execute python script on pr
+        if: ${{ github.event_name == 'pull_request' }}
+        run: python .github/scripts/assign_tasks.py ${{ github.event.pull_request.number }} pr ${{ secrets.GITHUB_TOKEN }}
+      - name: execute python script on issue opened
+        if: ${{ github.event_name == 'issues' }}
+        run: python .github/scripts/assign_tasks.py ${{ github.event.issue.number }} issue ${{ secrets.GITHUB_TOKEN }}

.github/workflows/cache-purge.yml

@@ -9,6 +9,7 @@ on:
 jobs:
   deploy:
     runs-on: ubuntu-latest
+    if: github.repository == 'projectdiscovery/nuclei-templates'
     steps:
       # Wait for 5 minutes
       - name: Wait for 2 minutes

.github/workflows/cve2json.yml

@@ -1,11 +1,11 @@
-name: Generate JSON Metadata of CVE Templates 
+name: 📝 CVE JSON Metadata
 
 on:
   push:
     branches:
       - main
     paths:
-      - '**/cves/'
+      - 'http/cves/'
   workflow_dispatch: # allows manual triggering of the workflow
 
 jobs:
@@ -17,24 +17,28 @@ jobs:
         uses: actions/setup-go@v4
         with:
           go-version: 1.19
-          check-latest: true
 
-      - name: Run yaml2json.go to generate cves.json
+      - name: Run YAML2JSON
+        id: cves
         run: |
-           go env -w GO111MODULE=off
-           go get gopkg.in/yaml.v3
-           go run .github/scripts/yaml2json.go $GITHUB_WORKSPACE/http/cves/ cves.json
-           md5sum cves.json | cut -d' ' -f1 > cves.json-checksum.txt
+          go env -w GO111MODULE=off
+          go get gopkg.in/yaml.v3
+          go run .github/scripts/yaml2json.go $GITHUB_WORKSPACE/http/cves/ cves.json
+          md5sum cves.json | cut -d' ' -f1 > cves.json-checksum.txt
+          git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
           
       - name: Commit files
+        if: steps.cves.outputs.CHANGES > 0
         run: |
-          git pull
-          git add cves.json cves.json-checksum.txt
           git config --local user.email "action@github.com"
           git config --local user.name "GitHub Action"
+          git add cves.json cves.json-checksum.txt
           git commit -m "Auto Generated cves.json [$(date)] :robot:" -a
 
       - name: Push changes
-        uses: ad-m/github-push-action@master
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
+        if: steps.checksum.outputs.CHANGES > 0
+        run: |
+          git pull --rebase
+          git push origin ${{ github.ref }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/template-checksum.yml

@@ -11,6 +11,7 @@ on:
 jobs:
   checksum:
     runs-on: ubuntu-latest
+    if: github.repository == 'projectdiscovery/nuclei-templates'
     steps:
       - uses: actions/checkout@v3
         with: 
@@ -40,7 +41,9 @@ jobs:
           git commit -am "Auto Generated Templates Checksum [$(date)] :robot:"
 
       - name: Push changes
-        uses: ad-m/github-push-action@master
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          branch: ${{ github.ref }}
+        if: steps.checksum.outputs.CHANGES > 0
+        run: |
+          git pull --rebase
+          git push origin ${{ github.ref }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/template-db-indexer.yml

@@ -11,6 +11,7 @@ on:
 jobs:
   index:
     runs-on: ubuntu-latest
+    if: github.repository == 'projectdiscovery/nuclei-templates'
     steps:
       - name: Set up Go
         uses: actions/setup-go@v4

.github/workflows/templateman.yml

@@ -0,0 +1,48 @@
+name: 🤖 TemplateMan
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - '**.yaml'
+  workflow_dispatch:
+
+jobs:
+  templateman:
+    runs-on: ubuntu-latest
+    if: github.repository == 'projectdiscovery/nuclei-templates'
+    steps:
+      - uses: actions/checkout@master
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.20.x
+
+      - name: Install TemplateMan CLI Client
+        run: |
+          go install -v github.com/projectdiscovery/nuclei/v2/cmd/tmc@dev
+
+      - name: Run TemplateMan
+        id: tmc
+        run: |
+          tmc -i $GITHUB_WORKSPACE -mr
+          git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
+
+      - name: Commit files
+        if: steps.tmc.outputs.CHANGES > 0
+        run: |
+          git config --local user.email "action@github.com"
+          git config --local user.name "GitHub Action"
+          git commit --allow-empty -m "TemplateMan Update [$(date)] :robot:" -a
+
+      - name: Push changes
+        if: steps.tmc.outputs.CHANGES > 0
+        run: |
+          git pull --rebase
+          git push origin ${{ github.ref }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}