Skip to content

Commit

Permalink
add graphql flags, scan-suite flag (#40)
Browse files Browse the repository at this point in the history
  • Loading branch information
@yogesh-gogia1
yogesh-gogia1 authored May 31, 2024
1 parent fd2fb6b commit 68081b3
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 21 deletions.
36 changes: 20 additions & 16 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,22 +14,26 @@ Traceable’s GitHub action can be used to continuously test your software build
## Getting started with Traceable AST action
### Understanding the inputs

| **Input** | **Description** |
| ------------------- |--------------------------------------------------------------------|
| step\_name | Scan action: init/ run/ init and run/ stop. |
| scan\_name | Name of the scan |
| client\_scan\_token | Access token from platform |
| cli\_version | Version of CLI you want to use for AST. Current one is 1.0.0-rc.3. |
| traffic\_env | Environment from where AST should observe traffic. |
| plugins | List of plugins you want to run the AST scan for. |
| include\_url\_regex | Include URL patterns to test. |
| exclude\_url\_regex | exclude URL patterns from scan. |
| target\_url | Target URL for the tests. |
| traceable\_server | URL for traceable server, not applicable for SaaS customers. |
| idle\_timeout | Scan timeout for a scan when it goes in IDLE state. |
| scan\_timeout | Scan timeout in general. |
| reference\_env | Reference environment from where AST should pick up the API specs. |
| max\_retries | Max retries for the scan after failure. |
| **Input** | **Description** |
|---------------------------------|-------------------------------------------------------------------------------|
| step\_name | Scan action: init/ run/ init and run/ stop. |
| scan\_name | Name of the scan |
| client\_scan\_token | Access token from platform |
| cli\_version | Version of CLI you want to use for AST. Current one is 1.0.0-rc.3. |
| traffic\_env | Environment from where AST should observe traffic. |
| plugins | List of plugins you want to run the AST scan for. |
| include\_url\_regex | Include URL patterns to test. |
| exclude\_url\_regex | exclude URL patterns from scan. |
| target\_url | Target URL for the tests. |
| traceable\_server | URL for traceable server, not applicable for SaaS customers. |
| idle\_timeout | Scan timeout for a scan when it goes in IDLE state. |
| scan\_timeout | Scan timeout in general. |
| reference\_env | Reference environment from where AST should pick up the API specs. |
| max\_retries | Max retries for the scan after failure. |
| scan\_suite | AST suite name as defined on the Traceable.ai platform. |
| graphql\_schema\_ids | Comma separated GraphQl schema IDs uploaded on Traceable.ai platform. |
| graphql\_schema\_files | Comma separated GraphQl SDL file paths. |
| graphql\_introspection\_enabled | Enables extracting the GraphQl Schema by running introspection on target-url. |


### Sample GitHub Action workflow
Expand Down
25 changes: 20 additions & 5 deletions action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,22 @@ inputs:
required: false
description: 'Output stream/file for traceable cli logs'
default: 'NULL'

scan_suite:
required: false
description: 'AST suite name as defined on the Traceable.ai platform'
default: 'NULL'
graphql_schema_ids:
required: false
description: 'Comma separated GraphQl schema IDs uploaded on Traceable.ai platform'
default: 'NULL'
graphql_schema_files:
required: false
description: 'Comma separated GraphQl SDL file paths'
default: 'NULL'
graphql_introspection_enabled:
required: false
description: 'Enables extracting the GraphQl Schema by running introspection on target-url'
default: 'false'
runs:
using: composite
steps:
Expand Down Expand Up @@ -196,11 +211,11 @@ runs:
traceableCliBinaryLocation=${GITHUB_WORKSPACE}/traceable
scanInitCmd=$traceableCliBinaryLocation' ast scan initAndRun'
optionsArr=('--scan-name' '--traffic-env' '--token' '--plugins' '--include-url-regex' '--exclude-url-regex' '--target-url' '--traceable-server' '--idle-timeout' '--scan-timeout' ' --reference-env' '--max-retries' '--openapi-spec-ids' '--openapi-spec-files' '--policy' '--postman-collection' '--postman-environment' '--include-endpoint-labels' '--exclude-endpoint-labels' '--include-endpoint-with-owner-attributes' '--include-endpoint-owners' '--loglevel' '--logfile' '--agent-logfile' '--proxy-logfile')
optionsArr=('--scan-name' '--traffic-env' '--token' '--plugins' '--include-url-regex' '--exclude-url-regex' '--target-url' '--traceable-server' '--idle-timeout' '--scan-timeout' ' --reference-env' '--max-retries' '--openapi-spec-ids' '--openapi-spec-files' '--policy' '--postman-collection' '--postman-environment' '--include-endpoint-labels' '--exclude-endpoint-labels' '--include-endpoint-with-owner-attributes' '--include-endpoint-owners' '--loglevel' '--logfile' '--agent-logfile' '--proxy-logfile' '--scan-suite' '--graphql-schema-ids' '--graphql-schema-files' '--graphql-introspection-enabled')
#Iterating the options available from options array and filling them with the arguments received in order
iterator=0
for option in '${{ inputs.scan_name }}' '${{ inputs.traffic_env }}' '${{ inputs.client_scan_token }}' '${{ inputs.plugins }}' '${{ inputs.include_url_regex }}' '${{ inputs.exclude_url_regex }}' '${{ inputs.target_url }}' '${{ inputs.traceable_server }}' '${{ inputs.idle_timeout }}' '${{ inputs.scan_timeout }}' '${{ inputs.reference_env }}' '${{ inputs.max_retries }}' '${{ inputs.openapi_spec_ids }}' '${{ inputs.openapi_spec_files }}' '${{ inputs.policy }}' '${{ inputs.postman_collection }}' '${{ inputs.postman_environment }}' '${{ inputs.include_endpoint_labels}}' '${{ inputs.exclude_endpoint_labels }}' '${{ inputs.include_endpoint_with_owner_attributes }}' '${{ inputs.include_endpoint_owners }}' '${{ inputs.log_level }}' '${{ inputs.logfile }}' '${{ inputs.agent_logfile }}' '${{ inputs.proxy_logfile }}'
for option in '${{ inputs.scan_name }}' '${{ inputs.traffic_env }}' '${{ inputs.client_scan_token }}' '${{ inputs.plugins }}' '${{ inputs.include_url_regex }}' '${{ inputs.exclude_url_regex }}' '${{ inputs.target_url }}' '${{ inputs.traceable_server }}' '${{ inputs.idle_timeout }}' '${{ inputs.scan_timeout }}' '${{ inputs.reference_env }}' '${{ inputs.max_retries }}' '${{ inputs.openapi_spec_ids }}' '${{ inputs.openapi_spec_files }}' '${{ inputs.policy }}' '${{ inputs.postman_collection }}' '${{ inputs.postman_environment }}' '${{ inputs.include_endpoint_labels}}' '${{ inputs.exclude_endpoint_labels }}' '${{ inputs.include_endpoint_with_owner_attributes }}' '${{ inputs.include_endpoint_owners }}' '${{ inputs.log_level }}' '${{ inputs.logfile }}' '${{ inputs.agent_logfile }}' '${{ inputs.proxy_logfile }}' '${{ inputs.scan_suite }}' '${{ inputs.graphql_schema_ids }}' '${{ inputs.graphql_schema_files }}' '${{ inputs.graphql_introspection_enabled }}'
do
if [ -z "$option" ] || [ "$option" = "''" ] || [ "$option" = "NULL" ]
then
Expand Down Expand Up @@ -248,11 +263,11 @@ runs:
traceableCliBinaryLocation=${GITHUB_WORKSPACE}/traceable
scanInitCmd=$traceableCliBinaryLocation' ast scan init '
optionsArr=('--scan-name' '--traffic-env' '--token' '--plugins' '--include-url-regex' '--exclude-url-regex' '--target-url' '--traceable-server' '--scan-timeout' ' --reference-env' '--openapi-spec-ids' '--openapi-spec-files' '--policy' '--include-endpoint-labels' '--exclude-endpoint-labels' '--include-endpoint-with-owner-attributes' '--include-endpoint-owners' '--loglevel')
optionsArr=('--scan-name' '--traffic-env' '--token' '--plugins' '--include-url-regex' '--exclude-url-regex' '--target-url' '--traceable-server' '--scan-timeout' ' --reference-env' '--openapi-spec-ids' '--openapi-spec-files' '--policy' '--include-endpoint-labels' '--exclude-endpoint-labels' '--include-endpoint-with-owner-attributes' '--include-endpoint-owners' '--loglevel' '--scan-suite' '--graphql-schema-ids' '--graphql-schema-files' '--graphql-introspection-enabled')
#Iterating the options available from options array and filling them with the arguments received in order
iterator=0
for option in '${{ inputs.scan_name }}' '${{ inputs.traffic_env }}' '${{ inputs.client_scan_token }}' '${{ inputs.plugins }}' '${{ inputs.include_url_regex }}' '${{ inputs.exclude_url_regex }}' '${{ inputs.target_url }}' '${{ inputs.traceable_server }}' '${{ inputs.scan_timeout }}' '${{ inputs.reference_env }}' '${{ inputs.openapi_spec_ids }}' '${{ inputs.openapi_spec_files }}' '${{ inputs.policy }}' '${{ inputs.include_endpoint_labels}}' '${{ inputs.exclude_endpoint_labels }}' '${{ inputs.include_endpoint_with_owner_attributes }}' '${{ inputs.include_endpoint_owners }}' '${{ inputs.log_level }}'
for option in '${{ inputs.scan_name }}' '${{ inputs.traffic_env }}' '${{ inputs.client_scan_token }}' '${{ inputs.plugins }}' '${{ inputs.include_url_regex }}' '${{ inputs.exclude_url_regex }}' '${{ inputs.target_url }}' '${{ inputs.traceable_server }}' '${{ inputs.scan_timeout }}' '${{ inputs.reference_env }}' '${{ inputs.openapi_spec_ids }}' '${{ inputs.openapi_spec_files }}' '${{ inputs.policy }}' '${{ inputs.include_endpoint_labels}}' '${{ inputs.exclude_endpoint_labels }}' '${{ inputs.include_endpoint_with_owner_attributes }}' '${{ inputs.include_endpoint_owners }}' '${{ inputs.log_level }}' '${{ inputs.scan_suite }}' '${{ inputs.graphql_schema_ids }}' '${{ inputs.graphql_schema_files }}' '${{ inputs.graphql_introspection_enabled }}'
do
if [ -z "$option" ] || [ "$option" = "''" ] || [ "$option" = "NULL" ]
then
Expand Down

0 comments on commit 68081b3

Please sign in to comment.