From 559c19bfc0b416a134ee4d61d0003a49f60aa64c Mon Sep 17 00:00:00 2001 From: wargio Date: Wed, 21 Jun 2023 13:05:25 +0800 Subject: [PATCH 1/4] Build and publish on tag --- .github/workflows/build.yml | 154 ++++++++++++++++++++++++++++++++++++ 1 file changed, 154 insertions(+) create mode 100644 .github/workflows/build.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..9370082 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,154 @@ +name: Build and Release + +on: + pull_request: + branches: main + push: + branches: main + tags: + - v* + workflow_dispatch: + release: + types: [published] + + +# Automatically cancel any previous workflow on new push. +concurrency: + group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }} + cancel-in-progress: true + + +jobs: + build: + strategy: + matrix: + # Include amd64 on all platforms. + goos: [windows, freebsd, openbsd, linux, dragonfly, darwin] + goarch: [amd64, 386] + exclude: + # Exclude i386 on darwin and dragonfly + # because they are not supported by go. + - goarch: 386 + goos: dragonfly + - goarch: 386 + goos: darwin + include: + # BEIGIN MacOS ARM64 + - goos: darwin + goarch: arm64 + # END MacOS ARM64 + # BEGIN Linux ARM 5 6 7 + - goos: linux + goarch: arm + goarm: 7 + - goos: linux + goarch: arm + goarm: 6 + - goos: linux + goarch: arm + goarm: 5 + # END Linux ARM 5 6 7 + # BEGIN Android ARM 8 + - goos: android + goarch: arm64 + # END Android ARM 8 + # Windows ARM 7 + - goos: windows + goarch: arm + goarm: 7 + # BEGIN Other architectures + # BEGIN riscv64 & ARM64 + - goos: linux + goarch: arm64 + - goos: linux + goarch: riscv64 + # END riscv64 & ARM64 + # BEGIN MIPS + - goos: linux + goarch: mips64 + - goos: linux + goarch: mips64le + - goos: linux + goarch: mipsle + - goos: linux + goarch: mipsle + gomips: -softfloat + - goos: linux + goarch: mips + - goos: linux + goarch: mips + gomips: -softfloat + # END MIPS + # BEGIN PPC + - goos: linux + goarch: ppc64 + - goos: linux + goarch: ppc64le + # END PPC + # BEGIN FreeBSD ARM + - goos: freebsd + goarch: arm64 + - goos: freebsd + goarch: arm + goarm: 7 + # END FreeBSD ARM + # BEGIN S390X + - goos: linux + goarch: s390x + # END S390X + # END Other architectures + # BEGIN OPENBSD ARM + - goos: openbsd + goarch: arm64 + - goos: openbsd + goarch: arm + goarm: 7 + # END OPENBSD ARM + fail-fast: false + + runs-on: ubuntu-latest + permissions: write-all + env: + GOOS: ${{ matrix.goos }} + GOARCH: ${{ matrix.goarch }} + GOARM: ${{ matrix.goarm }} + CGO_ENABLED: 0 + steps: + - name: Checkout codebase + uses: actions/checkout@v3 + + - name: Show workflow information + id: get_filename + run: | + export _NAME=$(jq ".[\"$GOOS-$GOARCH$GOARM$GOMIPS\"].friendlyName" -r < .github/build/friendly-filenames.json) + echo "GOOS: $GOOS, GOARCH: $GOARCH, GOARM: $GOARM, GOMIPS: $GOMIPS, RELEASE_NAME: $_NAME" + + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: '^1.18' + cache: false + + - name: Build wafefficacy (any) + if: matrix.gomips != '-softfloat' + run: go build -o wafefficacy-${{ matrix.goos }}-${{ matrix.goarch }}${{ matrix.goarm }} + + - name: Build wafefficacy (mips softfloat) + if: matrix.gomips == '-softfloat' + run: GOMIPS=softfloat go build -o wafefficacy-${{ matrix.goos }}-${{ matrix.goarch }}${{ matrix.gomips }} + + - name: Rename Windows + if: matrix.goos == 'windows' + run: mv wafefficacy-${{ matrix.goos }}-${{ matrix.goarch }}${{ matrix.goarm }} wafefficacy-${{ matrix.goos }}-${{ matrix.goarch }}${{ matrix.goarm }}.exe + + - name: Upload files to Artifacts + uses: actions/upload-artifact@v3 + with: + name: wafefficacy-${{ matrix.goos }}-${{ matrix.goarch }}${{ matrix.goarm }}${{ matrix.gomips }} + path: ./wafefficacy-* + + - name: Release builds on tag + uses: softprops/action-gh-release@v1 + if: startsWith(github.ref, 'refs/tags/') + with: + files: ./wafefficacy-${{ matrix.goos }}-* \ No newline at end of file From 5b6a1e1a5e5b6289692db64280ec36e23339b0c3 Mon Sep 17 00:00:00 2001 From: wargio Date: Wed, 21 Jun 2023 14:21:57 +0800 Subject: [PATCH 2/4] Fix division by zero and check if nuclei is available. --- .gitignore | 2 ++ run.sh | 2 ++ score.py | 7 +++++++ 3 files changed, 11 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..16796c5 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +reports/*.json +wafefficacy diff --git a/run.sh b/run.sh index 537162e..02a5fcb 100755 --- a/run.sh +++ b/run.sh @@ -1,5 +1,7 @@ #!/bin/bash +command -v nuclei >/dev/null 2>&1 || { echo >&2 "error: nuclei is required, but was not found."; exit 1; } + while getopts ht:b:c:i:k:o:p:r:w:v flag do case "${flag}" in diff --git a/score.py b/score.py index 55c0bc5..473db0a 100644 --- a/score.py +++ b/score.py @@ -70,6 +70,13 @@ def score(self) -> None: self.efficacy_scores[attack_type] = efficacy_score print("Efficacy", self.percentage.format(efficacy_score)) + if (true_positives + false_negatives) == 0: + # avoid dividing by zero + false_negatives = 1 + if (true_negatives + false_positives) == 0: + # avoid dividing by zero + false_positives = 1 + print("------------- WAF Efficacy -------------" ) sensitivity = true_positives / (true_positives + false_negatives) specificity = true_negatives / (true_negatives + false_positives) From c96ff9868c3eab5ce9144db760f7ee89fae07219 Mon Sep 17 00:00:00 2001 From: wargio Date: Wed, 21 Jun 2023 14:38:32 +0800 Subject: [PATCH 3/4] Always show to total amount of tests performed. --- score.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/score.py b/score.py index 473db0a..ee0b7dc 100644 --- a/score.py +++ b/score.py @@ -65,10 +65,11 @@ def score(self) -> None: print("False Positives", fp) sensitivity = tp / (tp + fn) specificity = tn / (tn + fp) + total = tp + fn + tn + fp balanced_accuracy = (sensitivity + specificity) / 2 efficacy_score = balanced_accuracy * 100 self.efficacy_scores[attack_type] = efficacy_score - print("Efficacy", self.percentage.format(efficacy_score)) + print("Efficacy", self.percentage.format(efficacy_score), "over", total, "tests.") if (true_positives + false_negatives) == 0: # avoid dividing by zero @@ -82,8 +83,9 @@ def score(self) -> None: specificity = true_negatives / (true_negatives + false_positives) balanced_accuracy = (sensitivity + specificity) / 2 efficacy_score = balanced_accuracy * 100 + total = true_positives + false_negatives + true_negatives + false_positives self.efficacy_scores['overall'] = efficacy_score - print(self.percentage.format(efficacy_score)) + print(self.percentage.format(efficacy_score), "over", total, "tests.") if self.outfile: with open(self.outfile, 'w') as fp: From 674e9361018a8cb89e5138fc8c5289939e6e7aa2 Mon Sep 17 00:00:00 2001 From: wargio Date: Wed, 21 Jun 2023 14:54:59 +0800 Subject: [PATCH 4/4] Build release as zip --- .github/workflows/build.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9370082..cbffc8a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -141,14 +141,22 @@ jobs: if: matrix.goos == 'windows' run: mv wafefficacy-${{ matrix.goos }}-${{ matrix.goarch }}${{ matrix.goarm }} wafefficacy-${{ matrix.goos }}-${{ matrix.goarch }}${{ matrix.goarm }}.exe + - name: Build release zip + run: | + mkdir wafefficacy-release/ + mv -v ./wafefficacy-${{ matrix.goos }}-* wafefficacy-release/wafefficacy + cp -v LICENSE *.md run.sh score.py wafefficacy-release/ + cp -vr nuclei/ wafefficacy-release/nuclei/ + zip -r wafefficacy-${{ matrix.goos }}-${{ matrix.goarch }}${{ matrix.goarm }}${{ matrix.gomips }}.zip wafefficacy-release/ + - name: Upload files to Artifacts uses: actions/upload-artifact@v3 with: name: wafefficacy-${{ matrix.goos }}-${{ matrix.goarch }}${{ matrix.goarm }}${{ matrix.gomips }} - path: ./wafefficacy-* + path: ./wafefficacy-*.zip - name: Release builds on tag uses: softprops/action-gh-release@v1 if: startsWith(github.ref, 'refs/tags/') with: - files: ./wafefficacy-${{ matrix.goos }}-* \ No newline at end of file + files: ./wafefficacy-*.zip \ No newline at end of file