-
Notifications
You must be signed in to change notification settings - Fork 0
183 lines (148 loc) · 5.31 KB
/
scrape_format_ciphersuites.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
name: Scrape & Format Ciphersuites
on:
schedule:
- cron: "0 0 * * 0"
jobs:
scrape-datasources:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
#- uses: actions/checkout@v2
- name: Setup Python 3.x environment
uses: actions/setup-python@v2
with:
python-version: 3.9
- name: Clone cipherscrape github repo
uses: GuillaumeFalourd/clone-github-repo-action@v2
with:
owner: Spacecow99
repository: cipherscrape
- name: Install cipherscrape and dependencies
shell: bash
run: |
python -m pip install cipherscrape/
python -m cipherscrape --version
- name: Scrape IANA reserved ciphersuite list
shell: bash
run: |
python -m cipherscrape.iana > iana_ciphers.yaml
- name: Scrape scanigma knowledge base
shell: bash
run: |
python -m cipherscrape.scanigma > scanigma_ciphers.yaml
- name: Scrape TestSSL.sh cipher-mapping.txt
shell: bash
run: |
python -m cipherscrape.testssl > testssl_ciphers.yaml
- name: Scrape openssl documentation and testssl cipher-mapping.txt
shell: bash
run: |
python -m cipherscrape.openssl > openssl_ciphers.yaml
- name: Scrape gnutls manual
shell: bash
run: |
python -m cipherscrape.gnutls "manual" > gnutls_manual.yaml
- name: Scrape gnutls ciphersuites.c source code
shell: bash
run: |
python -m cipherscrape.gnutls "ciphersuites.c" > gnutls_source.yaml
- name: Archive raw files as artifact
uses: actions/upload-artifact@v3
with:
name: raw-datasets
path: "*.yaml"
process-datasets:
needs: scrape-datasources
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@v2
- name: Setup Python 3.x environment
uses: actions/setup-python@v2
with:
python-version: 3.9
- name: Clone complete_cs_instance github repo
uses: GuillaumeFalourd/clone-github-repo-action@v2
with:
owner: Spacecow99
repository: complete_cs_instance
- name: Install complete_cs_instance and dependencies
shell: bash
run: |
python -m pip install complete_cs_instance/
- name: Create directory structure
shell: bash
run: |
mkdir -p ~/raw/ ~/processed/
- name: Download raw artifacts
uses: actions/download-artifact@v3
with:
name: raw-datasets
path: ~/raw/
- name: Copy openssl_ciphers.yaml from ~/raw/ to ~/processed/
shell: bash
run: |
cp ~/raw/openssl_ciphers.yaml ~/processed/openssl_ciphers.yaml
- name: Combine and deduplicate GNUTLS lists
shell: bash
run: |
python deduplicate_lists.py ~/raw/gnutls_source.yaml ~/raw/gnutls_manual.yaml > ~/processed/gnutls_ciphers.yaml
- name: Combine and deduplicate TestSSL & Scanigma lists
shell: bash
run: |
python deduplicate_lists.py ~/raw/testssl_ciphers.yaml ~/raw/scanigma_ciphers.yaml > ~/processed/combined_3rd_party_ciphers.yaml
- name: Combine and deduplicate IANA & combined 3rd party lists
shell: bash
run: |
python deduplicate_lists.py ~/raw/iana_ciphers.yaml ~/processed/combined_3rd_party_ciphers.yaml > ~/processed/combined_iana_3rd_party_ciphers.yaml
- name: Run combined_cs_instance on combined IANA & 3rd party list
shell: bash
run: |
python -m complete_cs_instance ~/processed/combined_iana_3rd_party_ciphers.yaml > ~/processed/ciphersuites.yaml
- name: Archive processed files as artifact
uses: actions/upload-artifact@v3
with:
name: processed-datasets
path: "~/processed/*.yaml"
upload-datasets:
needs: process-datasets
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/checkout@v2
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Download processed artifacts
uses: actions/download-artifact@v3
with:
name: processed-datasets
path: ~/processed/
- name: Ensure openssl and gnutls folders exist
shell: bash
run: |
mkdir -p fixtures/openssl fixtures/gnutls
- name: Update repo's openssl_ciphers.yaml with artifact version
shell: bash
run: |
cp -f ~/processed/openssl_ciphers.yaml fixtures/openssl/openssl_ciphers.yaml
- name: Update repo's gnutls_ciphers.yaml with artifact version
shell: bash
run: |
cp -f ~/processed/gnutls_ciphers.yaml fixtures/gnutls/gnutls_ciphers.yaml
- name: Update repo's ciphersuites.yaml with artifact version
shell: bash
run: |
cp -f ~/processed/ciphersuites.yaml fixtures/ciphersuites.yaml
- name: Push changes to repo
shell: bash
run: |
git config user.name Spacecow99
git config user.email [email protected]
git add .
if [[ -n "$(git status | grep modified)" ]]; then
git commit -m "Updated fixtures from job @ $(date)"
git push
fi