Merge pull request #36 from cerberauth/add-common-args

Add most of the vulnapi common args

.github/workflows/ci.yml

@@ -81,14 +81,16 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
+          scans: jwt.*
           curl: |
-            curl http://localhost:8080 -H "Authorization: Bearer ${{ steps.get-jwt.outputs.jwt }}" --scans "jwt.*"
+            curl http://localhost:8080 -H "Authorization: Bearer ${{ steps.get-jwt.outputs.jwt }}"
 
       # - name: Test OpenAPI Local Action
       #   uses: ./
       #   env:
       #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       #   with:
+      #     scans: jwt.*
       #     openapi: ./__tests__/openapi.yaml
 
       - name: Stop Server

README.md

@@ -107,6 +107,16 @@ jobs:
 | ------- | -------- | --------------------------------------- | ------- |
 | openapi | false    | The OpenAPI file location (path or URL) |         |
 
+### VulnAPI Supported Flags
+
+| Name              | Required | Description                                         | Default |
+| ----------------- | -------- | --------------------------------------------------- | ------- |
+| scans             | false    | The scans performed.                                | all     |
+| excludeScans      | false    | The scans to exclude.                               |         |
+| rateLimit         | false    | The rate limit used to run API vulnerability scans. | 10/s    |
+| proxy             | false    | The proxy server used during the scan.              |         |
+| severityThreshold | false    | The severity threshold to trigger a failure.        | 0       |
+
 ## Outputs
 
 Scan results are output to the console.

action.yml

@@ -21,6 +21,27 @@ inputs:
     description: 'The OpenAPI file used to run API vulnerability scans'
     required: false
 
+  scans:
+    description: 'The scans performed'
+    required: false
+
+  excludeScans:
+    description: 'The scans to exclude'
+    required: false
+
+  rateLimit:
+    description: 'The rate limit used to run API vulnerability scans'
+    required: false
+    default: 10/s
+
+  proxy:
+    description: 'The proxy server used during the scan'
+    required: false
+
+  severityThreshold:
+    description: 'The severity threshold to trigger a failure'
+    required: false
+
 runs:
   using: node20
   main: dist/index.js

src/main.js

@@ -19,6 +19,37 @@ function getArgsFromInput(input) {
   })
 }
 
+function getCommonArgs() {
+  const commonArgs = []
+
+  const rateLimit = getInput('rateLimit')
+  if (rateLimit) {
+    commonArgs.push(`--rate-limit=${rateLimit}`)
+  }
+
+  const scans = getInput('scans')
+  if (scans) {
+    commonArgs.push(`--scans=${scans}`)
+  }
+
+  const excludeScans = getInput('excludeScans')
+  if (excludeScans) {
+    commonArgs.push(`--exclude-scans=${excludeScans}`)
+  }
+
+  const proxy = getInput('proxy')
+  if (proxy) {
+    commonArgs.push(`--proxy=${proxy}`)
+  }
+
+  const severityThreshold = getInput('severityThreshold')
+  if (severityThreshold) {
+    commonArgs.push(`--severity-threshold=${severityThreshold}`)
+  }
+
+  return commonArgs
+}
+
 async function run() {
   try {
     const version = getInput('version')
@@ -30,17 +61,19 @@ async function run() {
     addPath(installDir)
     info('vulnapi has been added to the PATH')
 
+    const commonArgs = getCommonArgs()
+
     const curl = getInput('curl')
     const openapi = getInput('openapi')
     if (curl) {
       debug(`Parsing curl input: ${curl}`)
       const args = getArgsFromInput(curl.replace('curl ', ''))
 
       debug(`Running vulnapi scan with curl: ${JSON.stringify(args)}`)
-      await exec('vulnapi scan curl', args)
+      await exec('vulnapi scan curl', [...args, ...commonArgs])
     } else if (openapi) {
       debug(`Running vulnapi scan with openapi: ${openapi}`)
-      await exec('vulnapi scan openapi', [openapi])
+      await exec('vulnapi scan openapi', [openapi, ...commonArgs])
     } else {
       setFailed('You must provide curl or openapi input')
     }