-
Notifications
You must be signed in to change notification settings - Fork 361
105 lines (94 loc) · 3.1 KB
/
tests.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
name: 🛠️ Tests
on:
pull_request:
branches:
- main
paths:
- 'chaos-bugbounty-list.json'
workflow_dispatch:
env:
LIST_PATH_PREFIX: 'chaos-bugbounty-list'
jobs:
validate-list:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: projectdiscovery/actions/setup/ajv@v1
- run: ajv test -s "${LIST_PATH_PREFIX}.schema.json" -d "${LIST_PATH_PREFIX}.json" --valid --all-errors --errors text
duplicate-domain:
needs: validate-list
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Find duplicate domains
run: >
set -e
jq -r '.programs[].domains[]' "${LIST_PATH_PREFIX}.json" | sort | uniq
-c | awk '$1 > 1 { print $2 }' > duplicates.txt
if [[ -s duplicates.txt ]]; then
echo "Duplicate domains found: $(cat duplicates.txt)"
exit 1
else
echo "No duplicate domains found."
fi
invalid-domain:
needs: validate-list
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Go
uses: projectdiscovery/actions/setup/go@v1
- name: Validate domains
run: go run .
working-directory: cmd/validate-domains
- name: Check if invalid domains found
run: |
if [[ -s invalid_domains.txt ]]; then
echo "Invalid domains found: $(cat invalid_domains.txt)"
exit 1
fi
working-directory: cmd/validate-domains
# url-status:
# runs-on: ubuntu-latest
# steps:
# - name: Checkout code
# uses: actions/checkout@v3
# with:
# fetch-depth: 0
#
# - name: Setup golang
# uses: actions/setup-go@v4
# with:
# go-version: 1.19
# cache: true
#
# # This command compares the changes made in a pull request with the main branch,
# # and filters out the JSON files containing URLs of bug bounty programs. It then
# # extracts the URLs from the changed JSON files, compares them with the URLs in the main branch,
# # and saves the unique URLs in a text file named "urls.txt".
#
# - name: Diff and save URLs
# run: |
# git fetch origin main:main
# tmpfile=$(mktemp)
# git --no-pager show origin/main:chaos-bugbounty-list.json | jq -r '.programs[].url' > "$tmpfile"
# git diff --name-only origin/main HEAD | grep '.json$' | xargs cat | jq -r '.programs[].url' | grep -vf "$tmpfile" > urls.txt
# rm "$tmpfile"
#
# - name: Installing Validate domains binary
# run: >
# go install
# github.com/projectdiscovery/public-bugbounty-programs/cmd/httpx-tester
#
# - name: Checking URL availability
# run: |
# httpx-tester -file urls.txt
#
# - name: Checking programs with unaccessible policy URL
# run: |
# if [[ -s invalid.txt ]]; then
# echo "programs with not accessible URL policy found: $(cat invalid.txt)"
# exit 1
# fi