Merge pull request #6 from thc202/file-writing

Support writing files from the plan
zaproxy · Apr 22, 2024 · 1e914ac · 1e914ac
2 parents 061bdf4 + 4ba81f1
commit 1e914ac
Show file tree

Hide file tree

Showing 6 changed files with 39 additions and 2 deletions.
diff --git a/.github/workflows/check-run.yml b/.github/workflows/check-run.yml
@@ -33,3 +33,12 @@ jobs:
     - name: Check ZAP Plan with Error Failed
       run: exit 1
       if: ${{ !cancelled() && steps.af-plan-error.outcome == 'success' }}
+
+    - name: ZAP Plan with File Creation
+      uses: ./
+      id: af-plan-files
+      with:
+        plan: '.github/workflows/zap/af-plan-files.yml'
+
+    - name: Check ZAP Plan with File Creation
+      run: "[ -f sarif.json ]"
diff --git a/.github/workflows/zap/af-plan-files.yml b/.github/workflows/zap/af-plan-files.yml
@@ -0,0 +1,20 @@
+---
+env:
+  contexts:
+  - name: "Context"
+    urls:
+    - "http://localhost/"
+  parameters:
+    failOnError: true
+    failOnWarning: true
+    progressToStdout: true
+jobs:
+- requests:
+  - url: "http://localhost/"
+  type: "requestor"
+- parameters:
+    template: "sarif-json"
+    reportDir: "/zap/wrk/"
+    reportFile: "sarif.json"
+  name: "sarif-report"
+  type: "report"
diff --git a/README.md b/README.md
@@ -5,7 +5,7 @@ A GitHub Action for running [ZAP Automation Framework](https://www.zaproxy.org/d
 
 ### `plan`
 
-**Required** The file system path to the Automation Framework plan to run.
+**Required** The file system path or URL to the Automation Framework plan to run.
 
 ### `docker_name`
 
@@ -15,6 +15,10 @@ A GitHub Action for running [ZAP Automation Framework](https://www.zaproxy.org/d
 
 **Optional** Additional [command line options](https://www.zaproxy.org/docs/desktop/cmdline/) for ZAP.
 
+## Files
+
+Files created with the plan that need to be used after the plan has finished should be saved to the `/zap/wrk/` directory, which is mapped to the [GITHUB_WORKSPACE](https://docs.github.com/en/actions/learn-github-actions/variables) directory.
+
 ## Environment variables
 
 If set, the following [ZAP authentication environment variables](https://www.zaproxy.org/docs/authentication/handling-auth-yourself/#authentication-env-vars)

diff --git a/action.yml b/action.yml
@@ -5,7 +5,7 @@ branding:
   color: 'blue'
 inputs:
   plan:
-    description: 'The file system path to the Automation Framework plan to run.'
+    description: 'The file system path or URL to the Automation Framework plan to run.'
     required: true
   docker_name:
     description: 'The Docker image to be used.'

diff --git a/dist/index.js b/dist/index.js
@@ -28064,6 +28064,8 @@ async function run() {
         let plan = core.getInput('plan', { required: true });
         let cmdOptions = core.getInput('cmd_options');
 
+        await exec.exec(`chmod a+w ${workspace}`);
+
         await exec.exec(`docker pull ${docker_name} -q`);
         let command = (`docker run -v ${workspace}:/zap/wrk/:rw --network="host" -e ZAP_AUTH_HEADER -e ZAP_AUTH_HEADER_VALUE -e ZAP_AUTH_HEADER_SITE  -t ${docker_name} zap.sh -cmd -autorun /zap/wrk/${plan} ${cmdOptions}`);
 

diff --git a/index.js b/index.js
@@ -9,6 +9,8 @@ async function run() {
         let plan = core.getInput('plan', { required: true });
         let cmdOptions = core.getInput('cmd_options');
 
+        await exec.exec(`chmod a+w ${workspace}`);
+
         await exec.exec(`docker pull ${docker_name} -q`);
         let command = (`docker run -v ${workspace}:/zap/wrk/:rw --network="host" -e ZAP_AUTH_HEADER -e ZAP_AUTH_HEADER_VALUE -e ZAP_AUTH_HEADER_SITE  -t ${docker_name} zap.sh -cmd -autorun /zap/wrk/${plan} ${cmdOptions}`);