Add WAF virtual patches for CVE-2020-37123, CVE-2022-3236, CVE-2025-10353 and improve CVE-2025-2611 #2867
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: validate each item against its schema | |
| on: | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| branches: | |
| - master | |
| jobs: | |
| yaml-schema-validation: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: checkout repo | |
| uses: actions/checkout@v4 | |
| - name: checkout yaml schemas | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: "crowdsecurity/crowdsec-yaml-schemas" | |
| path: crowdsec-yaml-schemas | |
| - name: split hub YAML to per-doc JSON (no jq) | |
| uses: mikefarah/yq@master | |
| with: | |
| cmd: | | |
| set -eu | |
| # iterate all YAMLs except .tests | |
| for f in $(find . -not -path './.*' -name '*yaml' -print); do | |
| base="${f%.yaml}" # trim .yaml | |
| i=0 | |
| while : ; do | |
| out="${base}.${i}.json" | |
| # select one YAML document by index (0-based) and write it | |
| yq -o=json 'select(documentIndex == '"$i"')' "$f" > "$out" | |
| # empty file => no more docs, clean up and stop | |
| if [ ! -s "$out" ]; then rm -f "$out"; break; fi | |
| i=$((i+1)) | |
| done | |
| echo "split $f -> ${i} JSON doc(s)" | |
| done | |
| - name: validate parsers against schema | |
| # Don't get confused by the version, the cli has a different schema than the library | |
| run: | | |
| go install github.com/santhosh-tekuri/jsonschema/cmd/jv@v0.6.0 | |
| for ITEM in ./parsers/*/*/*.json; do echo $ITEM && ~/go/bin/jv crowdsec-yaml-schemas/parser_schema.0.json $ITEM ; done | |
| - name: validate scenarios against schema | |
| run: | | |
| for ITEM in ./scenarios/*/*.json; do echo $ITEM && ~/go/bin/jv crowdsec-yaml-schemas/scenario_schema.0.json $ITEM ; done | |
| - name: validate postoverflows against schema | |
| run: | | |
| for ITEM in ./postoverflows/*/*/*.json; do echo $ITEM && ~/go/bin/jv crowdsec-yaml-schemas/parser_schema.0.json $ITEM ; done | |
| - name: validate collections against schema | |
| run: | | |
| for ITEM in ./collections/*/*.json; do echo $ITEM && ~/go/bin/jv crowdsec-yaml-schemas/collection_schema.0.json $ITEM ; done | |
| - name: validate appsec-rules against schema | |
| run: | | |
| for ITEM in ./appsec-rules/*/*.json; do echo $ITEM && ~/go/bin/jv crowdsec-yaml-schemas/appsec_rules_schema.0.json $ITEM ; done |