Merge pull request #2 from exexute/develop

Develop
HXSecurity · Aug 24, 2021 · 6fa1365 · 6fa1365
2 parents 15bf796 + 415b1ec
commit 6fa1365
Show file tree

Hide file tree

Showing 3 changed files with 73 additions and 19 deletions.
diff --git a/.github/workflows/code-check.yml b/.github/workflows/code-check.yml
@@ -1,7 +1,7 @@
 # This workflow will build a Java project with Maven
 # For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
 
-name: CodeCheck For Develop
+name: DongTai Agent Java CodeCheck、Unit Test And Vulns Test
 
 on:
   push:
@@ -14,22 +14,70 @@ jobs:
 
     steps:
       - uses: actions/checkout@v2
-      - name: Set up JDK 1.6
+      - name: Set up JDK 1.8
         uses: actions/setup-java@v1
         with:
-          java-version: 1.6
+          java-version: 1.8
+
+      - uses: dbelyaev/action-checkstyle@master
+        with:
+          github_token: ${{ secrets.github_token }}
+          reporter: github-pr-review
+          level: warning
 
       - name: Set up Maven
         uses: stCarolas/setup-maven@v4
         with:
           maven-version: 3.2.5
 
-      - name: maven-settings-xml-action
-        uses: whelk-io/maven-settings-xml-action@v14
-        with:
-          mirrors: '[{ "id": "aliyunmaven", "mirrorOf": "*", "url": "https://maven.aliyun.com/repository/public" }]'
-
       - name: Build DongTai-Java-Agent With Maven
         run: |
           mvn -version
           mvn -B package -Dmaven.test.skip=true
+      
+      - uses: shogo82148/actions-setup-mysql@v1
+        with:
+          mysql-version: '8.0'
+          auto-start: true
+          root-password: yuhjnbGYUI
+          user: test
+          password: test
+
+      - name: OpenRASP-Vulns-Test
+        run: |
+          cd ..
+
+          echo "download apache-tomcat-8.5.0..."
+          wget https://github.com/exexute/github_action_samples/releases/download/1.0.0/apache-tomcat-8.5.40.zip 1>/dev/null
+          unzip apache-tomcat-8.5.40.zip
+
+          echo "copy dongtai agent java to tomcat..."
+          cp DongTai-agent-java/release/iast-agent.jar apache-tomcat-8.5.40/iast/agent.jar
+          cp DongTai-agent-java/release/lib/iast-core.jar apache-tomcat-8.5.40/temp/iast-core.jar
+          cp DongTai-agent-java/release/lib/iast-inject.jar apache-tomcat-8.5.40/temp/iast-inject.jar
+          cd apache-tomcat-8.5.40
+
+          echo "init mysql"
+          cat init.sql
+          mysql -uroot -pyuhjnbGYUI -h127.0.0.1 < init.sql
+          mysql -uroot -pyuhjnbGYUI -h127.0.0.1 -e 'show DATABASES;'
+
+          echo "start catalina and waitting 30s..."
+          ./bin/startup.sh 2>/dev/null
+          sleep 30
+
+          echo "start vulns spider..."
+          ./spider.sh
+
+          echo "waitting for send vuls data"
+          sleep 600
+      
+      - name: Benchmark-Vulns-Test
+        run: |
+          pwd
+          ls -l
+          java -version
+          mvn -version
+          # download Benchmark
+          # Copy Agent To Benchmark
+          # Run
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -33,28 +33,34 @@ jobs:
       fail-fast: false
       matrix:
         language: [ 'java' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
-        # Learn more:
-        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
 
     steps:
     - name: Checkout repository
       uses: actions/checkout@v2
 
-    # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v1
       with:
         languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
       uses: github/codeql-action/autobuild@v1
+
+    - uses: actions/checkout@v2
+    - name: Set up JDK 1.8
+      uses: actions/setup-java@v1
+      with:
+        java-version: 1.8
+
+    - name: Set up Maven
+      uses: stCarolas/setup-maven@v4
+      with:
+        maven-version: 3.2.5
+
+    - name: Build DongTai-Java-Agent With Maven
+      run: |
+        mvn -version
+        mvn -B package -Dmaven.test.skip=true
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl

diff --git a/iast-agent/src/main/resources/iast.properties b/iast-agent/src/main/resources/iast.properties
@@ -3,7 +3,7 @@ iast.version=1.0.0
 iast.response.name=dongtai
 iast.response.value=1.0.0
 iast.server.url=http://openapi.iast.huoxian.cn:8000
-iast.server.token=88d2f0096662335d42580cbd03d8ddea745fdfab
+iast.server.token=79798299b48839c84886d728958a8f708e119868
 iast.allhook.enable=false
 iast.dump.class.enable=false
 iast.dump.class.path=/tmp/iast-class-dump/