From 4ba81f16e0fdc8e71526151b42674002de2f1bfe Mon Sep 17 00:00:00 2001
From: thc202 <thc202@gmail.com>
Date: Mon, 22 Apr 2024 14:09:31 +0100
Subject: [PATCH] Support writing files from the plan

Allow to write to workspace from the running plan.

Signed-off-by: thc202 <thc202@gmail.com>
---
 .github/workflows/check-run.yml         |  9 +++++++++
 .github/workflows/zap/af-plan-files.yml | 20 ++++++++++++++++++++
 README.md                               |  6 +++++-
 action.yml                              |  2 +-
 dist/index.js                           |  2 ++
 index.js                                |  2 ++
 6 files changed, 39 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/zap/af-plan-files.yml

diff --git a/.github/workflows/check-run.yml b/.github/workflows/check-run.yml
index a20f57f..fc98a5b 100644
--- a/.github/workflows/check-run.yml
+++ b/.github/workflows/check-run.yml
@@ -33,3 +33,12 @@ jobs:
     - name: Check ZAP Plan with Error Failed
       run: exit 1
       if: ${{ !cancelled() && steps.af-plan-error.outcome == 'success' }}
+
+    - name: ZAP Plan with File Creation
+      uses: ./
+      id: af-plan-files
+      with:
+        plan: '.github/workflows/zap/af-plan-files.yml'
+
+    - name: Check ZAP Plan with File Creation
+      run: "[ -f sarif.json ]"
diff --git a/.github/workflows/zap/af-plan-files.yml b/.github/workflows/zap/af-plan-files.yml
new file mode 100644
index 0000000..29b0af3
--- /dev/null
+++ b/.github/workflows/zap/af-plan-files.yml
@@ -0,0 +1,20 @@
+---
+env:
+  contexts:
+  - name: "Context"
+    urls:
+    - "http://localhost/"
+  parameters:
+    failOnError: true
+    failOnWarning: true
+    progressToStdout: true
+jobs:
+- requests:
+  - url: "http://localhost/"
+  type: "requestor"
+- parameters:
+    template: "sarif-json"
+    reportDir: "/zap/wrk/"
+    reportFile: "sarif.json"
+  name: "sarif-report"
+  type: "report"
diff --git a/README.md b/README.md
index 72cfdb2..ab9c19b 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@ A GitHub Action for running [ZAP Automation Framework](https://www.zaproxy.org/d
 
 ### `plan`
 
-**Required** The file system path to the Automation Framework plan to run.
+**Required** The file system path or URL to the Automation Framework plan to run.
 
 ### `docker_name`
 
@@ -15,6 +15,10 @@ A GitHub Action for running [ZAP Automation Framework](https://www.zaproxy.org/d
 
 **Optional** Additional [command line options](https://www.zaproxy.org/docs/desktop/cmdline/) for ZAP.
 
+## Files
+
+Files created with the plan that need to be used after the plan has finished should be saved to the `/zap/wrk/` directory, which is mapped to the [GITHUB_WORKSPACE](https://docs.github.com/en/actions/learn-github-actions/variables) directory.
+
 ## Environment variables
 
 If set, the following [ZAP authentication environment variables](https://www.zaproxy.org/docs/authentication/handling-auth-yourself/#authentication-env-vars)
diff --git a/action.yml b/action.yml
index a073612..2de6591 100644
--- a/action.yml
+++ b/action.yml
@@ -5,7 +5,7 @@ branding:
   color: 'blue'
 inputs:
   plan:
-    description: 'The file system path to the Automation Framework plan to run.'
+    description: 'The file system path or URL to the Automation Framework plan to run.'
     required: true
   docker_name:
     description: 'The Docker image to be used.'
diff --git a/dist/index.js b/dist/index.js
index 172ecef..ced0df8 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -28064,6 +28064,8 @@ async function run() {
         let plan = core.getInput('plan', { required: true });
         let cmdOptions = core.getInput('cmd_options');
 
+        await exec.exec(`chmod a+w ${workspace}`);
+
         await exec.exec(`docker pull ${docker_name} -q`);
         let command = (`docker run -v ${workspace}:/zap/wrk/:rw --network="host" -e ZAP_AUTH_HEADER -e ZAP_AUTH_HEADER_VALUE -e ZAP_AUTH_HEADER_SITE  -t ${docker_name} zap.sh -cmd -autorun /zap/wrk/${plan} ${cmdOptions}`);
 
diff --git a/index.js b/index.js
index 160f53a..746cfeb 100644
--- a/index.js
+++ b/index.js
@@ -9,6 +9,8 @@ async function run() {
         let plan = core.getInput('plan', { required: true });
         let cmdOptions = core.getInput('cmd_options');
 
+        await exec.exec(`chmod a+w ${workspace}`);
+
         await exec.exec(`docker pull ${docker_name} -q`);
         let command = (`docker run -v ${workspace}:/zap/wrk/:rw --network="host" -e ZAP_AUTH_HEADER -e ZAP_AUTH_HEADER_VALUE -e ZAP_AUTH_HEADER_SITE  -t ${docker_name} zap.sh -cmd -autorun /zap/wrk/${plan} ${cmdOptions}`);