From dfb9a52ca49f6f87ba697eb5e2a808e29382eaf4 Mon Sep 17 00:00:00 2001
From: h0x0er <jatink843@protonmail.com>
Date: Tue, 20 Aug 2024 12:28:30 +0530
Subject: [PATCH] populated tests

---
 .github/ISSUE_TEMPLATE.md                  |  4 +
 .github/workflows/basic.yml                | 58 ++++++++++++++
 .github/workflows/tls-basic-tests.yml      | 34 +++++++++
 .github/workflows/tls-github-api-calls.yml | 88 ++++++++++++++++++++++
 README.md                                  |  1 +
 req.js                                     | 37 +++++++++
 6 files changed, 222 insertions(+)
 create mode 100644 .github/ISSUE_TEMPLATE.md
 create mode 100644 .github/workflows/basic.yml
 create mode 100644 .github/workflows/tls-basic-tests.yml
 create mode 100644 .github/workflows/tls-github-api-calls.yml
 create mode 100644 README.md
 create mode 100644 req.js

diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
new file mode 100644
index 0000000..89b420e
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE.md
@@ -0,0 +1,4 @@
+---
+title: Someone just pushed
+---
+Someone just pushed, oh no! Here's who did it: {{ payload.sender.login }}.
\ No newline at end of file
diff --git a/.github/workflows/basic.yml b/.github/workflows/basic.yml
new file mode 100644
index 0000000..2992e9a
--- /dev/null
+++ b/.github/workflows/basic.yml
@@ -0,0 +1,58 @@
+name: Basic Tests
+
+on:
+  workflow_dispatch:
+
+# permissions:
+#   contents: read
+
+jobs:
+  overwrite:
+    if: always()
+    runs-on: ARMLinuxRunner
+    steps:
+      - uses: h0x0er/harden-runner@arm-support
+        with:
+          egress-policy: audit
+      - uses: actions/checkout@v3
+
+      - name: echo overwrite
+        run: echo "## Overwritten" >> README.md
+
+      - name: mv overwrite
+        run: echo "# Replaced" >> README2.md; mv README2.md README.md
+
+  egress-test:
+    if: always()
+    runs-on: ARMLinuxRunner
+    steps:
+      - uses: h0x0er/harden-runner@arm-support
+        with:
+          egress-policy: block
+          disable-sudo: true
+          allowed-endpoints: |
+            www.google.com:443
+
+      - uses: actions/checkout@v3
+
+      - run: curl https://www.google.com
+      - run: curl https://microsoft.com
+
+  disabled-telemetry:
+    if: always()
+    runs-on: ARMLinuxRunner
+    steps:
+      - uses: h0x0er/harden-runner@arm-support
+        with:
+          egress-policy: block
+          disable-sudo: true
+          disable-telemetry: true
+          allowed-endpoints: |
+            www.google.com:443
+
+      - uses: actions/checkout@v3
+
+      - run: curl https://www.google.com
+      - run: curl https://microsoft.com
+      - run: curl https://youtube.com
+      - run: curl https://bing.com
diff --git a/.github/workflows/tls-basic-tests.yml b/.github/workflows/tls-basic-tests.yml
new file mode 100644
index 0000000..07231ec
--- /dev/null
+++ b/.github/workflows/tls-basic-tests.yml
@@ -0,0 +1,34 @@
+name: TLS Basic Tests
+
+on:
+  workflow_dispatch:
+
+# permissions:
+#   contents: read
+
+jobs:
+  dynamic-node:
+    if: always()
+    runs-on: ARMLinuxRunner
+    steps:
+      - uses: h0x0er/harden-runner@arm-support
+        with:
+          egress-policy: audit
+      - uses: actions/checkout@v3
+      - run: which node
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "16"
+
+      - run: which node
+
+      - run: node req.js
+
+  owner-mismatch:
+    if: always()
+    runs-on: ARMLinuxRunner
+    steps:
+      - uses: h0x0er/harden-runner@arm-support
+        with:
+          egress-policy: audit
+      - run: curl -XPOST https://api.github.com/repos/malicious-owner/malicious-repo
diff --git a/.github/workflows/tls-github-api-calls.yml b/.github/workflows/tls-github-api-calls.yml
new file mode 100644
index 0000000..ad4abe7
--- /dev/null
+++ b/.github/workflows/tls-github-api-calls.yml
@@ -0,0 +1,88 @@
+name: TLS Github API Calls
+
+on:
+  workflow_dispatch:
+
+# permissions:
+#   contents: read
+
+jobs:
+  issue-create:
+    permissions:
+      contents: write
+      issues: write
+    if: always()
+    runs-on: ARMLinuxRunner
+    steps:
+      - run: free -m
+
+      - uses: h0x0er/harden-runner@arm-support
+        with:
+          egress-policy: audit
+      - uses: actions/checkout@v3
+      - uses: JasonEtco/create-an-issue@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - run: free -m
+
+  create-pr:
+    permissions:
+      contents: write
+      pull-requests: write
+    if: always()
+    runs-on: ARMLinuxRunner
+    steps:
+      - run: free -m
+      - uses: h0x0er/harden-runner@arm-support
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@v4
+      - run: "echo '// changes' >> main.js"
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - run: free -m
+
+  comment-on-pr:
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
+    if: always()
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: h0x0er/harden-runner@arm-support
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@v4
+
+      - name: Comment PR
+        uses: thollander/actions-comment-pull-request@v2
+        with:
+          message: |
+            Hello world ! :wave:
+          pr_number: 1
+
+  dispatch-workflow:
+    permissions:
+      contents: write
+      actions: write
+    if: always()
+    runs-on: ARMLinuxRunner
+    steps:
+      - run: free -m
+      - uses: h0x0er/harden-runner@arm-support
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@v4
+      - name: Invoke workflow without inputs
+        uses: benc-uk/workflow-dispatch@v1
+        with:
+          workflow: enumeration.yml
+      - run: free -m
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..28ea091
--- /dev/null
+++ b/README.md
@@ -0,0 +1 @@
+# Integration tests for arm runners
diff --git a/req.js b/req.js
new file mode 100644
index 0000000..13565e1
--- /dev/null
+++ b/req.js
@@ -0,0 +1,37 @@
+const https = require('https');
+
+async function httpsGet(hostname, path, headers) {
+  return new Promise(async (resolve, reject) => {
+
+    const options = {
+      hostname: hostname,
+      path: path,
+      port: 443,
+      method: 'GET',
+      headers: headers
+    };
+
+    let body = [];
+
+    const req = https.request(options, res => {
+      res.on('data', chunk => body.push(chunk));
+      res.on('end', () => {
+        const data = Buffer.concat(body).toString();
+        resolve(data);
+      });
+    });
+    req.on('error', e => {
+      reject(e);
+    });
+    req.end();
+
+  });
+
+}
+
+result = httpsGet("api.github.com", "/", "");
+result.then(function (data) {
+    console.log(data)
+},function (err) {
+   consoel.log('https request failed',err)
+})
\ No newline at end of file