fix: add double quote around curl args

cerberauth · Oct 6, 2024 · c8cf180 · c8cf180
1 parent bfa1826
commit c8cf180
Show file tree

Hide file tree

Showing 6 changed files with 29 additions and 18 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -139,7 +139,17 @@ jobs:
           sleep 5
           curl --verbose http://localhost:8080 -H "Authorization: Bearer ${{ steps.get-jwt.outputs.jwt }}"
 
-      - name: Test CURL Local Action
+      - name: Test CURL Local Action with rate limit and excluded scans
+        uses: ./
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          rateLimit: 1000/s
+          excludeScans: discover.*
+          curl: |
+            curl http://localhost:8080 -H "Authorization: Bearer ${{ steps.get-jwt.outputs.jwt }}"
+
+      - name: Test CURL Local Action with selected scans
         uses: ./
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

diff --git a/action.yml b/action.yml
@@ -32,7 +32,6 @@ inputs:
   rateLimit:
     description: 'The rate limit used to run API vulnerability scans'
     required: false
-    default: 10/s
 
   proxy:
     description: 'The proxy server used during the scan'

diff --git a/badges/coverage.svg b/badges/coverage.svg
diff --git a/dist/index.js b/dist/index.js
diff --git a/dist/index.js.map b/dist/index.js.map
diff --git a/src/main.js b/src/main.js
@@ -6,16 +6,17 @@ const { installVersion } = require('./installer')
 
 function getArgsFromInput(input) {
   const inputArgs = parseArgs(input)
+  debug(`Parsed input args: ${JSON.stringify(inputArgs)}`)
   return Object.entries(inputArgs).flatMap(([key, value]) => {
     if (key === '_') {
       return value
     }
 
     if (key.length === 1) {
-      return `-${key} ${value}`
+      return `-${key} "${value}"`
     }
 
-    return `--${key}=${value}`
+    return `--${key}="${value}"`
   })
 }
 
@@ -29,17 +30,17 @@ function getCommonArgs() {
 
   const scans = getInput('scans')
   if (scans) {
-    commonArgs.push(`--scans=${scans}`)
+    commonArgs.push(`--scans="${scans}"`)
   }
 
   const excludeScans = getInput('excludeScans')
   if (excludeScans) {
-    commonArgs.push(`--exclude-scans=${excludeScans}`)
+    commonArgs.push(`--exclude-scans="${excludeScans}"`)
   }
 
   const proxy = getInput('proxy')
   if (proxy) {
-    commonArgs.push(`--proxy=${proxy}`)
+    commonArgs.push(`--proxy="${proxy}"`)
   }
 
   const severityThreshold = getInput('severityThreshold')
@@ -70,10 +71,10 @@ async function run() {
       const args = getArgsFromInput(curl.replace('curl ', ''))
 
       debug(`Running vulnapi scan with curl: ${JSON.stringify(args)}`)
-      await exec('vulnapi scan curl', [...args, ...commonArgs])
+      await exec('vulnapi', ['scan', 'curl', ...args, ...commonArgs])
     } else if (openapi) {
       debug(`Running vulnapi scan with openapi: ${openapi}`)
-      await exec('vulnapi scan openapi', [openapi, ...commonArgs])
+      await exec('vulnapi', ['scan', 'openapi', openapi, ...commonArgs])
     } else {
       setFailed('You must provide curl or openapi input')
     }