search

lirantal / is-website-vulnerable

finds publicly known security vulnerabilities in a website's frontend JavaScript libraries
Apache License 2.0
1.94k stars 111 forks source link

GitHub action fails silently #101

Closed tugrulates closed 2 years ago

tugrulates commented 2 years ago

There is an edge case where the action will fail silently, and mark the job as succeeded.

The input scan-url for the action is required. However, the run can still fail if an empty string is passed during the run. In my case, I was passing the output of another job.

Expected Behavior

Job failure.

Current Behavior

Job passing with the following logs.

Run lirantal/is-website-vulnerable@master
Woops! You forgot to provide a URL of a website to scan.
25l? Please provide a URL to scan: ‣  25h

Steps to Reproduce (for bugs)

  snyk:
    runs-on: ubuntu-latest
    steps:
        uses: lirantal/is-website-vulnerable@master
        with:
          scan-url: ${{ inputs.url }}
lirantal commented 2 years ago

Thanks for reporting this @tugrulates! If you want to send over a pull request that fixes it I'm happy to merge.

lirantal commented 2 years ago

Apologies on rushing for a fix here, I figured it would be the best to not keep many folks waiting on this. Much appreciation friend!