Set IDOR protection enabled on context #318
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 🧪 QA Tests | |
| permissions: | |
| contents: read | |
| on: | |
| push: {} | |
| workflow_call: {} | |
| jobs: | |
| qa-tests: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Checkout zen-demo-ruby | |
| uses: actions/checkout@v5 | |
| with: | |
| repository: Aikido-demo-apps/zen-demo-ruby | |
| path: zen-demo-ruby | |
| submodules: true | |
| - name: Checkout firewall-ruby | |
| uses: actions/checkout@v5 | |
| with: | |
| path: zen-demo-ruby/firewall-ruby | |
| # We need Ruby + Bundler on the runner to regenerate Gemfile.lock | |
| - name: Set up Ruby (same as zen-demo-ruby) | |
| uses: ruby/setup-ruby@8aeb6ff8030dd539317f8e1769a044873b56ea71 # v1.268.0 | |
| with: | |
| ruby-version: '3.3.8' | |
| bundler-cache: false | |
| - name: Download libzen for current platform | |
| working-directory: zen-demo-ruby/firewall-ruby | |
| run: | | |
| bundle config set --local without '' | |
| bundle install | |
| bundle exec ruby -e "require 'bundler/setup'; require 'rake/clean'; load 'tasklib/libzen.rake'; Rake::Task['libzen:download:current'].invoke" | |
| - name: Patch Gemfile to use the local firewall-ruby directory | |
| working-directory: zen-demo-ruby | |
| run: | | |
| echo "Gemfile before patch:" | |
| grep -n "aikido-zen" Gemfile || true | |
| # Replace the aikido-zen dependency to use the local path | |
| sed -i "s/^gem ['\"]aikido-zen['\"].*/gem 'aikido-zen', path: 'firewall-ruby'/" Gemfile | |
| echo "Gemfile after patch:" | |
| grep -n "aikido-zen" Gemfile | |
| # Make sure Bundler installs locally (not system-wide) | |
| bundle config set path 'vendor/bundle' | |
| # IMPORTANT: regenerate Gemfile.lock so it's in sync with Gemfile | |
| bundle install | |
| # Update Dockerfile to copy the firewall-ruby directory | |
| sed -i "s/^COPY Gemfile Gemfile.lock .*/COPY Gemfile Gemfile.lock .\/\nCOPY firewall-ruby\/ .\/firewall-ruby/" Dockerfile | |
| # Print Dockerfile | |
| echo "Dockerfile:" | |
| cat Dockerfile | |
| - name: Run Firewall QA Tests | |
| uses: AikidoSec/firewall-tester-action@v1.0.11 | |
| with: | |
| dockerfile_path: ./zen-demo-ruby/Dockerfile | |
| app_port: 3000 | |
| sleep_before_test: 30 | |
| extra_args: "-e RAILS_ENV=test -e AIKIDO_CLIENT_IP_HEADER=HTTP_X_FORWARDED_FOR" | |
| max_parallel_tests: 15 | |
| skip_tests: test_rate_limiting_group_id_1_minute |