Skip to content

Delete hardening.py #524

Delete hardening.py

Delete hardening.py #524

Workflow file for this run

name: ZAP full scan
on: [push]
jobs:
zap_scan:
runs-on: ubuntu-latest
name: Scan the webapplication
steps:
- name: Checkout
uses: actions/checkout@v2
with:
ref: main
- name: Setup Python 3.11
uses: actions/setup-python@v2
with:
python-version: 3.11
- name: Launch WebScripts
run: |
mkdir WebScripts/hardening
echo "{}" > WebScripts/hardening/logs_checks.json
echo "{}" > WebScripts/hardening/uploads_file_integrity.json
echo "{}" > WebScripts/hardening/webscripts_file_integrity.json
echo "{}" > WebScripts/hardening/audit.html
echo "{}" > WebScripts/hardening/audit.txt
echo "{}" > WebScripts/hardening/audit.json
python3.11 -c "import json as j,os;f=os.path.join('WebScripts','config','server.json');d=j.load(open(f));d['server']['force_file_permissions']=False;j.dump(d,open(f,'w'))"
python3.11 -c "import os;f=os.path.join('WebScripts','WebScripts.py');d=open(f).read().replace('force_file_permissions = secure','force_file_permissions=False');open(f,'w').write(d)"
python3.11 -m WebScripts --accept-unauthenticated-user --accept-unknow-user --blacklist-time 0 --auth-failures-to-blacklist 99999 &
- name: ZAP Scan
uses: zaproxy/action-full-scan@master
with:
target: 'http://127.0.0.1:8000'
cmd_options: '-a'
fail_action: false
allow_issue_writing: false
issue_title: "ZAP report"