Add sarif file existence to outputs (#87)

* add sarif file existence to outputs * update readme * misc update * compile dist
projectdiscovery · Jul 12, 2024 · dcaa7d0 · dcaa7d0
1 parent 739e112
commit dcaa7d0
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -26,6 +26,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Nuclei - Vulnerability Scan
+        id: nuclei_scan
         uses: projectdiscovery/nuclei-action@main
         with:
           target: https://example.com
@@ -38,8 +39,11 @@ jobs:
 
       - name: GitHub Security Dashboard Alerts update
         uses: github/codeql-action/upload-sarif@v3
+        if: steps.nuclei_scan.outputs.sarif_exists == 'true'
         with:
           sarif_file: nuclei.sarif
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 ```
 
 **GitHub Action running Nuclei on single URL**
@@ -172,14 +176,18 @@ github:
 
 ```yaml
       - name: Nuclei - Vulnerability Scan
+        id: nuclei_scan
         uses: projectdiscovery/nuclei-action@main
         with:
           target: https://example.com
 
-      - name: GitHub Security Dashboard Alerts
+      - name: GitHub Security Dashboard Alerts update
         uses: github/codeql-action/upload-sarif@v3
+        if: steps.nuclei_scan.outputs.sarif_exists == 'true'
         with:
           sarif_file: nuclei.sarif
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 ```
 
 Available Inputs

diff --git a/dist/index.js b/dist/index.js
@@ -10788,6 +10788,7 @@ function parseFlagsToArray(rawFlags) {
 
 
 
+const fs = __nccwpck_require__(7147);
 
 const target = core.getInput('target', { required: false });
 const urls = core.getInput('urls', { required: false });
@@ -10847,7 +10848,8 @@ async function run() {
       }
     }
     if (workflows) params.push(`-w=${workflows}`);
-    params.push(`-se=${sarifExport ? sarifExport : 'nuclei.sarif'}`);
+    const sarifFileName = sarifExport ? sarifExport : 'nuclei.sarif';
+    params.push(`-se=${sarifFileName}`);
     if (markdownExport) params.push(`-me=${markdownExport}`);
     if (config) params.push(`-config=${config}`);
     if (userAgent) params.push(`-H=${userAgent}`);
@@ -10870,7 +10872,12 @@ async function run() {
 
     // run tool
     delete process.env.GITHUB_TOKEN
-    exec.exec(binPath, params, options);
+    await exec.exec(binPath, params, options);
+    if (fs.existsSync(sarifFileName)) {
+      core.setOutput('sarif_exists', 'true');
+    } else {
+      core.setOutput('sarif_exists', 'false');
+    }
   } catch (error) {
     core.setFailed(error.message);
   }

diff --git a/src/index.js b/src/index.js
@@ -3,6 +3,7 @@ import * as exec from '@actions/exec';
 import * as installer from './installer';
 import { generateGithubReportFile } from './yaml';
 import { parseFlagsToArray } from './utils';
+const fs = require('fs');
 
 const target = core.getInput('target', { required: false });
 const urls = core.getInput('urls', { required: false });
@@ -62,7 +63,8 @@ async function run() {
       }
     }
     if (workflows) params.push(`-w=${workflows}`);
-    params.push(`-se=${sarifExport ? sarifExport : 'nuclei.sarif'}`);
+    const sarifFileName = sarifExport ? sarifExport : 'nuclei.sarif';
+    params.push(`-se=${sarifFileName}`);
     if (markdownExport) params.push(`-me=${markdownExport}`);
     if (config) params.push(`-config=${config}`);
     if (userAgent) params.push(`-H=${userAgent}`);
@@ -85,7 +87,12 @@ async function run() {
 
     // run tool
     delete process.env.GITHUB_TOKEN
-    exec.exec(binPath, params, options);
+    await exec.exec(binPath, params, options);
+    if (fs.existsSync(sarifFileName)) {
+      core.setOutput('sarif_exists', 'true');
+    } else {
+      core.setOutput('sarif_exists', 'false');
+    }
   } catch (error) {
     core.setFailed(error.message);
   }