0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-16 20:26:19 -05:00

ci(core): disable cloud metadata rule in zap (#4277)

* ci(core): disable cloud metadata rule in zap

disable cloud metadata rule in zap

* fix: update rule files

update rule files

* fix: update the conf file

update the conf file

* fix: revert docker settings

revert docker settings
This commit is contained in:
simeng-li 2023-08-03 10:17:14 +08:00 committed by GitHub
parent 7ce014d033
commit 64e78024e0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 3 deletions

View file

@ -4,7 +4,7 @@ on:
# Be careful when using the workflow_run trigger
# https://github.community/t/workflow-run-completed-event-triggered-by-failed-workflow/128001/7
workflow_run:
workflows: [ "Release" ]
workflows: ["Release"]
branches:
- master
types:
@ -20,6 +20,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Docker Compose up
run: |
curl -fsSL https://raw.githubusercontent.com/logto-io/logto/HEAD/docker-compose.yml |\
@ -32,8 +35,9 @@ jobs:
uses: zaproxy/action-full-scan@v0.5.1
with:
target: http://localhost:3001
cmd_options: '-a'
cmd_options: "-a"
fail_action: true
allow_issue_writing: false
rules_file_name: ".zap/rules.conf"
# TODO: send slack message on failure

9
.zap/rules.conf Normal file
View file

@ -0,0 +1,9 @@
# Mark the following rules as INFO
# CloudFlare will block the metadata endpoint access
90034 INFO (Cloud Metadata Potentially Exposed - Active/release)
10096 INFO (Timestamp Disclosure - Passive/release)
10063-1 INFO (Permissions Policy Header Not Set - Passive/beta)
10055-4 INFO (CSP - Wildcard Directive)
40039 INFO (Web Cache Deception)