From fc471e1c63c9e273bf13bf5291458687b5cd60de Mon Sep 17 00:00:00 2001 From: Yong Yan Date: Thu, 24 Jun 2021 11:56:59 -0700 Subject: [PATCH] update actions files and readme. --- .github/workflows/main.yml | 14 ++++++++------ Dockerfile | 7 +------ README.md | 21 +++++++++++++++++++++ action.yml | 15 ++++++++++----- entrypoint.sh | 4 +++- 5 files changed, 43 insertions(+), 18 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index bf77663..222e7a6 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -4,10 +4,6 @@ jobs: flawfinder: name: Flawfinder runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write steps: # To use this repository's private action, # you must check out the repository @@ -17,9 +13,15 @@ jobs: - name: Flawfinder action step uses: ./ # Uses an action in the root directory with: - command: '--sarif ./ > flawfinder-results.sarif' + arguments: '--sarif ./' + output: 'flawfinder_results.sarif' + + - name: Upload a Build Artifact + uses: actions/upload-artifact@v2.2.4 + with: + path: flawfinder_results.sarif - name: Upload analysis results to GitHub Security tab uses: github/codeql-action/upload-sarif@v1 with: - sarif_file: ./flawfinder-results.sarif + sarif_file: ${{github.workspace}}/flawfinder_results.sarif diff --git a/Dockerfile b/Dockerfile index daa167a..a76eeb8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,14 +1,9 @@ # Container image that runs your code -FROM ubuntu:20.04 +FROM python:3 # Copies your code file from your action repository to the filesystem path `/` of the container COPY entrypoint.sh /entrypoint.sh - -RUN apt update -y - -RUN apt install python3-pip -y - RUN pip install flawfinder # Code file to execute when the docker container starts up (`entrypoint.sh`) diff --git a/README.md b/README.md index d8f0fbf..053d58d 100644 --- a/README.md +++ b/README.md @@ -94,6 +94,27 @@ vulnerabilities in programs that cannot be built or cannot be linked. Flawfinder also doesn't get as confused by macro definitions and other oddities that more sophisticated tools have trouble with. +# Flawfinder Github Action + +## Usage + +See [action.yml](https://github.com/david-a-wheeler/flawfinder/blob/main/action.yml) + +Create a .yml file under .github/workflows with the following contents: + +### Basic: +````yml +- name: Flawfinder + uses: david-a-wheeler/flawfinder@v1.0 + with: + arguments: '--sarif ./' + output: 'flawfinder_results.sarif' +```` +### Input options: +- arguments: Flawfinder command arguments. +Visit https://github.com/david-a-wheeler/flawfinder/blob/master/README.md#usage to check all parameters. +- output: Flawfinder output file name. Can be uploaded to Github. + # Contributions We love contributions! For more information on contributing, see diff --git a/action.yml b/action.yml index cd4b566..f1a9a25 100644 --- a/action.yml +++ b/action.yml @@ -1,12 +1,17 @@ name: 'Flawfinder' description: 'Execute Flawfinder' inputs: - command: - description: 'Command to be sent to Flawfinder' - required: false - default: '--help' + arguments: + description: 'Command arguments to be sent to Flawfinder' + required: true + default: '' + output: + description: 'Output file name' + required: true + default: '' runs: using: 'docker' image: 'Dockerfile' args: - - ${{ inputs.command }} + - ${{ inputs.arguments }} + - ${{ inputs.output }} diff --git a/entrypoint.sh b/entrypoint.sh index 7c35a4b..1aaac26 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,5 +1,7 @@ #!/bin/sh -l +# $1 arguments +# $2 output filename -flawfinder $1 +flawfinder $1 > $2 echo "Executed with success."