Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wildcards Don't Actually Work #160

Open
simeononsecurity opened this issue Feb 10, 2023 · 1 comment
Open

Wildcards Don't Actually Work #160

simeononsecurity opened this issue Feb 10, 2023 · 1 comment

Comments

@simeononsecurity
Copy link

simeononsecurity commented Feb 10, 2023
edited

I've tried multiple ways, including the exampled methods to no avail. It doesn't work.

name: VirusTotal Scan

on:
  pull_request:
  push:

jobs:
  scan:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v2

      - name: Scan files
        uses: crazy-max/ghaction-virustotal@v3
        with:
          vt_api_key: ${{ secrets.VT_API_KEY }}
          files: |
            *.html
            *.ps1

Also have tried

name: VirusTotal Scan

on:
 pull_request:
 push:

jobs:
 scan:
   runs-on: ubuntu-latest

   steps:
     - name: Checkout code
       uses: actions/checkout@v2

     - name: Scan files
       uses: crazy-max/ghaction-virustotal@v3
       with:
         vt_api_key: ${{ secrets.VT_API_KEY }}
         files: |
           .html$
           .ps1$

As well as

name: VirusTotal Scan

on:
  pull_request:
  push:

jobs:
  scan:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v2

      - name: Scan files
        uses: crazy-max/ghaction-virustotal@v3
        with:
          vt_api_key: ${{ secrets.VT_API_KEY }}
          files: |
            .*\.html$
            .*\.ps1$

Also tried passing it in using a var or text file.

name: VirusTotal Scan

on:
  pull_request:
  push:

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Find Files
        id: find_files
        run: |
          files_to_scan=$(find . -type f \( -name "*.html" -o -name "*.ps1" \))
          files_to_scan=$(echo "$files_to_scan" | sed 's,^\./,$GITHUB_WORKSPACE/,g')
          echo "FILES_TO_SCAN=$files_to_scan" >> $GITHUB_ENV

      - name: VirusTotal Scan
        uses: crazy-max/ghaction-virustotal@v3
        with:
          vt_api_key: ${{ secrets.VT_API_KEY }}
          files: |
            ${{ env.FILES_TO_SCAN }}
@LukeSavefrogs
Copy link

I have the opposite problem @crazy-max 😁

The following will not work as expected (.exe$ is taken from the README) and instead show the No files were found. Please check the 'files' input. warning:

jobs:
  virustotal:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - run: ls -l *.exe
      - name: VirusTotal Scan
        uses: crazy-max/ghaction-virustotal@v4
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          vt_api_key: ${{ secrets.VIRUSTOTAL_TOKEN }}
          files: |
            .exe$

The following instead will correctly upload the .exe file to VirusTotal as expected:

jobs:
  virustotal:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - run: ls -l *.exe
      - name: VirusTotal Scan
        uses: crazy-max/ghaction-virustotal@v4
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          vt_api_key: ${{ secrets.VIRUSTOTAL_TOKEN }}
          files: |
            *.exe

In conclusion glob patterns seem to work, while regex don't (?), event hough the documentation clearly suggests to use regexes.

Belphemur added a commit to Belphemur/SoundSwitch that referenced this issue Apr 8, 2024
@Belphemur
ci(virustotal): fix pattern matching
403170a 
See crazy-max/ghaction-virustotal#160
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@simeononsecurity @LukeSavefrogs