Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added reversing labs scanner support #883

Merged
merged 9 commits into from
Nov 11, 2024
Merged

Added reversing labs scanner support #883

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
df13ae0
Added reversing labs scanner support
pmathew92 Oct 29, 2024
345e5d3
Added changes to test the RL workflow
pmathew92 Oct 29, 2024
e9c287b
Resolved wrong file name
pmathew92 Oct 29, 2024
13fa50a
Permissions name resolved
pmathew92 Oct 29, 2024
a27ebb5
adding xcode version for the set up error
pmathew92 Oct 29, 2024
d3a5213
Adding x86_64-linux platform to the bundle lock
pmathew92 Oct 31, 2024
cb7013f
Removed the setup
pmathew92 Oct 31, 2024
11ddb5d
Resolving the rl error
pmathew92 Oct 31, 2024
93e3e04
Validation done removing testing code
developerkunal Oct 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
73 changes: 73 additions & 0 deletions .github/actions/rl-scanner/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@

name: 'RL-Security-Scanner'
description: 'Runs the Reversing Labs scanner on a specified artifact.'
inputs:
artifact-path:
description: 'Path to the artifact to be scanned.'
required: true
version:
description: 'Version of the artifact.'
required: true


runs:
using: 'composite'
steps:
- name: Set up python
uses: actions/setup-python@v4
with:
python-version: '3.10'

- name: Install Python dependencies
shell: bash
run: |
pip install boto3 requests

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ env.PRODSEC_TOOLS_ARN }}
aws-region: 'us-east-1'
mask-aws-account-id: true

- name: Install RL Wrapper
shell: bash
run: |
pip install rl-wrapper>=1.0.0 --index-url "https://${{ env.PRODSEC_TOOLS_USER }}:${{ env.PRODSEC_TOOLS_TOKEN }}@a0us.jfrog.io/artifactory/api/pypi/python-local/simple"

- name: Run RL Scanner
shell: bash
env:
RLSECURE_LICENSE: ${{ env.RLSECURE_LICENSE }}
RLSECURE_SITE_KEY: ${{ env.RLSECURE_SITE_KEY }}
SIGNAL_HANDLER_TOKEN: ${{ env.SIGNAL_HANDLER_TOKEN }}
PYTHONUNBUFFERED: 1
run: |
if [ ! -f "${{ inputs.artifact-path }}" ]; then
echo "Artifact not found: ${{ inputs.artifact-path }}"
exit 1
fi

rl-wrapper \
--artifact "${{ inputs.artifact-path }}" \
--version "${{ inputs.version }}" \
--name "${{ github.event.repository.name }}" \
--repository "${{ github.repository }}" \
--commit "${{ github.sha }}" \
--build-env "github_actions" \
--suppress_output

# Check the outcome of the scanner
if [ $? -ne 0 ]; then
echo "RL Scanner failed."
echo "scan-status=failed" >> $GITHUB_ENV
exit 1
else
echo "RL Scanner passed."
echo "scan-status=success" >> $GITHUB_ENV
fi

outputs:
scan-status:
description: 'The outcome of the scan process.'
value: ${{ env.scan-status }}
2 changes: 1 addition & 1 deletion .github/actions/setup/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,4 @@ runs:
uses: mxcl/xcodebuild@6e60022a0cbe8c89278be2dd1773a2f68e7c5c87
with:
xcode: ${{ inputs.xcode }}
action: none
action: none
59 changes: 59 additions & 0 deletions .github/workflows/rl-scanner.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
name: RL-Security-Scanner
run-name: rl-security-scanner

on:
pull_request:
types:
- closed
workflow_dispatch:

permissions:
id-token: write
contents: write

jobs:
rl-scanner:
name: Run Reversing Labs Scanner
if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged && github.event.pull_request.base.ref == 'master' && startsWith(github.event.pull_request.head.ref, 'release/'))
runs-on: ubuntu-latest
outputs:
scan-status: ${{ steps.rl-scan-conclusion.outcome }}

strategy:
matrix:
xcode:
- "15.0.1"

steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Build package
shell: bash
run: |
zip -r auth0-swift.zip ./*

- name: Get Artifact Version
id: get_version
run: |
version=$(awk -F'"' '/let version/ {print $2}' Auth0/Version.swift)
echo "version=$version" >> $GITHUB_OUTPUT

- name: Run Reversing Labs Scanner
id: rl-scan-conclusion
uses: ./.github/actions/rl-scanner
with:
artifact-path: "$(pwd)/auth0-swift.zip"
version: "${{ steps.get_version.outputs.version }}"
env:
RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }}
RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }}
SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }}
PRODSEC_TOOLS_USER: ${{ secrets.PRODSEC_TOOLS_USER }}
PRODSEC_TOOLS_TOKEN: ${{ secrets.PRODSEC_TOOLS_TOKEN }}
PRODSEC_TOOLS_ARN: ${{ secrets.PRODSEC_TOOLS_ARN }}

- name: Output scan result
run: echo "scan-status=${{ steps.rl-scan-conclusion.outcome }}" >> $GITHUB_ENV
Loading