ike
commented
4 months ago Yeah! Looks like he's also created a new github action.
Open tghosth opened 4 months ago
ike
commented
4 months ago Yeah! Looks like he's also created a new github action.
tghosth
commented
4 months ago Ok so do you want to try and upgrade it?
tghosth
commented
2 months ago Hi @ike, any update on this?
tghosth
commented
2 months ago It would also be good to only include 5.0 in the link checker and not 4.0 because we don't change 4.0 any more but we do add translations so it makes a mess: https://github.com/OWASP/ASVS/actions/runs/10573577586/job/29345695930?pr=1973
@ike @arkid15r
arkid15r
commented
2 months ago It would also be good to only include 5.0 in the link checker and not 4.0 because we don't change 4.0 any more but we do add translations so it makes a mess: https://github.com/OWASP/ASVS/actions/runs/10573577586/job/29345695930?pr=1973
@ike @arkid15r
Alright, I'll work on migrating the workflow to a proper replacement and running it for 5.0 only.
I'm going to look around first as https://github.com/UmbrellaDocs/action-linkspector looks pretty young action
ERROR: 2 dead links found! [✖] https://owasp.org/www-project-security-knowledge-framework/ → Status: 404 [✖] https://cheatsheetseries.owasp.org/cheatsheets/IndexASVS.html → Status: 404
The findings from https://github.com/OWASP/ASVS/actions/runs/10573577586/job/29345695930?pr=1973 look legit to me as they are 404. My understanding is they just irrelevant as 4.0 doesn't require any updates @tghosth ?
tghosth
commented
2 months ago My understanding is they just irrelevant as 4.0 doesn't require any updates
Correct
Alright, I'll work on migrating the workflow to a proper replacement and running it for 5.0 only.
Great!
arkid15r
commented
2 months ago Just a small update:
As https://github.com/OWASP/ASVS/pull/2035 has been merged please let me know if you notice something is broken or works not as expected. I'll keep an eye on the workflow too.
The only part left to resolve this issue is addressing URL checker action deprecated status. I'm going to work on it this week.
tghosth
commented
2 months ago Thanks so much!
tghosth
commented
1 month ago Hi @arkid15r did you ever get to this?
tghosth
commented
1 month ago Looks like link checker is causing grief again...
https://github.com/OWASP/ASVS/actions/workflows/url-checker.yml?query=branch%3Amaster
arkid15r
commented
1 month ago Hi @tghosth actually no, sorry -- I've been busy with some other OWASP projects.
As for this one it seems it's 403ing for this action check request. When I try to open it in a browser it works.
What can be done here:
aliveStatusCodes (quite global change)https://securityheaders.com/ URL from checking w/ <!-- markdown-link-check-disable -->I'm open to other ideas on fixing this case if you have any.
tghosth
commented
4 weeks ago Ok thanks, do you think the updated link checker would help with this?
arkid15r
commented
3 weeks ago Not necessarily. It could be just the website's block of the link checker's source IP address. However, this doesn't change the deprecated tool upgrade need.
The link checker seems to sometimes fail, even when it should not.
For example: https://github.com/OWASP/ASVS/actions/runs/9854671316/job/27207915942
The link seems to work even through the link checker said it didn't.
Also, it says in the README that it is deprecated. https://github.com/gaurav-nelson/github-action-markdown-link-check?tab=readme-ov-file
@ike do you think you could upgrade to the newer tool he suggests?