Add Einride Vulnerability Disclosure Policy #8
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 🛠️ Tests | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| paths: | |
| - 'chaos-bugbounty-list.json' | |
| workflow_dispatch: | |
| env: | |
| LIST_PATH_PREFIX: 'chaos-bugbounty-list' | |
| jobs: | |
| validate-list: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: projectdiscovery/actions/setup/ajv@v1 | |
| - run: ajv test -s "${LIST_PATH_PREFIX}.schema.json" -d "${LIST_PATH_PREFIX}.json" --valid --all-errors --errors text | |
| duplicate-domain: | |
| needs: validate-list | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Find duplicate domains | |
| run: > | |
| set -e | |
| jq -r '.programs[].domains[]' "${LIST_PATH_PREFIX}.json" | sort | uniq | |
| -c | awk '$1 > 1 { print $2 }' > duplicates.txt | |
| if [[ -s duplicates.txt ]]; then | |
| echo "Duplicate domains found: $(cat duplicates.txt)" | |
| exit 1 | |
| else | |
| echo "No duplicate domains found." | |
| fi | |
| invalid-domain: | |
| needs: validate-list | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Go | |
| uses: projectdiscovery/actions/setup/go@v1 | |
| - name: Validate domains | |
| run: go run . | |
| working-directory: cmd/validate-domains | |
| - name: Check if invalid domains found | |
| run: | | |
| if [[ -s invalid_domains.txt ]]; then | |
| echo "Invalid domains found: $(cat invalid_domains.txt)" | |
| exit 1 | |
| fi | |
| working-directory: cmd/validate-domains | |
| # url-status: | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - name: Checkout code | |
| # uses: actions/checkout@v3 | |
| # with: | |
| # fetch-depth: 0 | |
| # | |
| # - name: Setup golang | |
| # uses: actions/setup-go@v4 | |
| # with: | |
| # go-version: 1.19 | |
| # cache: true | |
| # | |
| # # This command compares the changes made in a pull request with the main branch, | |
| # # and filters out the JSON files containing URLs of bug bounty programs. It then | |
| # # extracts the URLs from the changed JSON files, compares them with the URLs in the main branch, | |
| # # and saves the unique URLs in a text file named "urls.txt". | |
| # | |
| # - name: Diff and save URLs | |
| # run: | | |
| # git fetch origin main:main | |
| # tmpfile=$(mktemp) | |
| # git --no-pager show origin/main:chaos-bugbounty-list.json | jq -r '.programs[].url' > "$tmpfile" | |
| # git diff --name-only origin/main HEAD | grep '.json$' | xargs cat | jq -r '.programs[].url' | grep -vf "$tmpfile" > urls.txt | |
| # rm "$tmpfile" | |
| # | |
| # - name: Installing Validate domains binary | |
| # run: > | |
| # go install | |
| # github.com/projectdiscovery/public-bugbounty-programs/cmd/httpx-tester | |
| # | |
| # - name: Checking URL availability | |
| # run: | | |
| # httpx-tester -file urls.txt | |
| # | |
| # - name: Checking programs with unaccessible policy URL | |
| # run: | | |
| # if [[ -s invalid.txt ]]; then | |
| # echo "programs with not accessible URL policy found: $(cat invalid.txt)" | |
| # exit 1 | |
| # fi |