From dcaa7d0af897f911e56b216716dbdbc2b28bcf64 Mon Sep 17 00:00:00 2001 From: Ramana Reddy <90540245+RamanaReddy0M@users.noreply.github.com> Date: Fri, 12 Jul 2024 14:53:30 -0700 Subject: [PATCH] Add sarif file existence to outputs (#87) * add sarif file existence to outputs * update readme * misc update * compile dist --- README.md | 10 +++++++++- dist/index.js | 11 +++++++++-- src/index.js | 11 +++++++++-- 3 files changed, 27 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index c6ce147..902b103 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,7 @@ jobs: - uses: actions/checkout@v4 - name: Nuclei - Vulnerability Scan + id: nuclei_scan uses: projectdiscovery/nuclei-action@main with: target: https://example.com @@ -38,8 +39,11 @@ jobs: - name: GitHub Security Dashboard Alerts update uses: github/codeql-action/upload-sarif@v3 + if: steps.nuclei_scan.outputs.sarif_exists == 'true' with: sarif_file: nuclei.sarif + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} ``` **GitHub Action running Nuclei on single URL** @@ -172,14 +176,18 @@ github: ```yaml - name: Nuclei - Vulnerability Scan + id: nuclei_scan uses: projectdiscovery/nuclei-action@main with: target: https://example.com - - name: GitHub Security Dashboard Alerts + - name: GitHub Security Dashboard Alerts update uses: github/codeql-action/upload-sarif@v3 + if: steps.nuclei_scan.outputs.sarif_exists == 'true' with: sarif_file: nuclei.sarif + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} ``` Available Inputs diff --git a/dist/index.js b/dist/index.js index a514ed8..399292e 100644 --- a/dist/index.js +++ b/dist/index.js @@ -10788,6 +10788,7 @@ function parseFlagsToArray(rawFlags) { +const fs = __nccwpck_require__(7147); const target = core.getInput('target', { required: false }); const urls = core.getInput('urls', { required: false }); @@ -10847,7 +10848,8 @@ async function run() { } } if (workflows) params.push(`-w=${workflows}`); - params.push(`-se=${sarifExport ? sarifExport : 'nuclei.sarif'}`); + const sarifFileName = sarifExport ? sarifExport : 'nuclei.sarif'; + params.push(`-se=${sarifFileName}`); if (markdownExport) params.push(`-me=${markdownExport}`); if (config) params.push(`-config=${config}`); if (userAgent) params.push(`-H=${userAgent}`); @@ -10870,7 +10872,12 @@ async function run() { // run tool delete process.env.GITHUB_TOKEN - exec.exec(binPath, params, options); + await exec.exec(binPath, params, options); + if (fs.existsSync(sarifFileName)) { + core.setOutput('sarif_exists', 'true'); + } else { + core.setOutput('sarif_exists', 'false'); + } } catch (error) { core.setFailed(error.message); } diff --git a/src/index.js b/src/index.js index 1b26234..9f3b25a 100644 --- a/src/index.js +++ b/src/index.js @@ -3,6 +3,7 @@ import * as exec from '@actions/exec'; import * as installer from './installer'; import { generateGithubReportFile } from './yaml'; import { parseFlagsToArray } from './utils'; +const fs = require('fs'); const target = core.getInput('target', { required: false }); const urls = core.getInput('urls', { required: false }); @@ -62,7 +63,8 @@ async function run() { } } if (workflows) params.push(`-w=${workflows}`); - params.push(`-se=${sarifExport ? sarifExport : 'nuclei.sarif'}`); + const sarifFileName = sarifExport ? sarifExport : 'nuclei.sarif'; + params.push(`-se=${sarifFileName}`); if (markdownExport) params.push(`-me=${markdownExport}`); if (config) params.push(`-config=${config}`); if (userAgent) params.push(`-H=${userAgent}`); @@ -85,7 +87,12 @@ async function run() { // run tool delete process.env.GITHUB_TOKEN - exec.exec(binPath, params, options); + await exec.exec(binPath, params, options); + if (fs.existsSync(sarifFileName)) { + core.setOutput('sarif_exists', 'true'); + } else { + core.setOutput('sarif_exists', 'false'); + } } catch (error) { core.setFailed(error.message); }