-
Notifications
You must be signed in to change notification settings - Fork 104
40 lines (37 loc) · 1.32 KB
/
unsafe-patterns-checker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
name: Unsafe Patterns Checker
on:
pull_request:
types: [opened, synchronize, reopened, ready_for_review, labeled, unlabeled]
jobs:
# Prevent security exclusions
security-exclusions-check:
runs-on: ubuntu-latest
steps:
- name: Check PR
uses: francesco-giordano/[email protected]
with:
diffDoesNotContainRegex: "\\bnosec\\b|\\bnosemgrep\\b"
skipLabels: skip-security-exclusions-check
# Prevent the use of recursive deletion.
recursive-deletion-check:
runs-on: ubuntu-latest
steps:
- name: Check PR (recursive true)
uses: francesco-giordano/[email protected]
with:
diffDoesNotContainRegex: "recursive true"
skipLabels: skip-recursive-deletion-check
- name: Check PR (rm -rf)
uses: francesco-giordano/[email protected]
with:
diffDoesNotContainRegex: "rm -rf"
skipLabels: skip-recursive-deletion-check
# Prevent bad URL suffix
bad-url-suffix-check:
runs-on: ubuntu-latest
steps:
- name: Check PR for Disallowed URL Suffixes
uses: francesco-giordano/[email protected]
with:
diffDoesNotContainRegex: "amazonaws\\.com|amazonaws\\.com\\.cn|c2s\\.ic\\.gov|sc2s\\.sgov\\.gov"
skipLabels: skip-bad-url-suffix-check