Migrate CI makrdown link check to Github actions (#349)

* Implement link checker in Github actions * Test ignorePatterns in markdown link check CI job * Test ignorePatterns in markdown link check CI job * Update link check to npm run-script * Fix typo in link check workflow and package.json * Update link-check npm command * Update link-check npm command * Update link-check npm command * Change the markdown link checker cofig file name mlc_config.json to markdown-link-check-config.json * Implement step to show brocken links after running link checker in CI * Update link checker to add comment with broken links in PR * chore: HTTPS all bean validation links * chore: C toolchain links update * chore: rm non-existent link * chore: rm non existent pdf * chore: clickjacking link update * chore: rm RSnake ref from XSS CS * chore: http to https link * chore: update dotnet links * chore: update error handling links * chore: logging links update * chore: update php links * chore: update owasp link in ruby CS * chore: rm avantssar links * chore: ibm links update * chore: tls links update * chore: jwall web archive * chore: update xerces links * chore: web archive old link * chore: owasp links * chore: filter evasion CS link * chore: rm dead link @rbsec * chore: more links * chore: json lint * chore: ignore working patterns * chore: after merge broken links * chore: php.net TLS ->www.php.net * chore: msdn to doc * chore: file upload CS Co-authored-by: Elie Saad <[email protected]> Co-authored-by: ThunderSon <[email protected]>
OWASP · Apr 26, 2020 · 76b585f · 76b585f
1 parent c245734
commit 76b585f
Show file tree

Hide file tree

Showing 59 changed files with 369 additions and 309 deletions.
diff --git a/.github/workflows/md-link-check.yml b/.github/workflows/md-link-check.yml
@@ -0,0 +1,41 @@
+name: Markdown Link Check
+
+on:
+  push:
+  pull_request:
+    branches:
+    - master
+
+jobs:
+  link-check:
+    runs-on: ubuntu-latest
+    env:
+      CI: true
+    steps:
+    - name: Setup Action
+      uses: actions/checkout@v1
+    - name: Setup Node
+      uses: actions/setup-node@v1
+      with:
+        node-version: 12.x
+    - name: Install dependencies
+      run: npm install -g markdown-link-check
+    - name: Run link check
+      run: npm run-script link-check
+    - name: Show broken links
+      if: failure()
+      run: |
+        cat log | awk -v RS="FILE:" 'match($0, /(\S*\.md).*\[✖\].*(\d*\slinks\schecked\.)(.*)/, arr ) { print "FILE:"arr[1] arr[3] > "brokenlinks"}'
+        rm -f err log
+        cat brokenlinks
+        links=`cat brokenlinks`
+        links="${links//'%'/'%25'}"
+        links="${links//$'\n'/'%0A'}"
+        links="${links//$'\r'/'%0D'}"
+        echo ::set-output name=links::**Following links are broken:** %0A$links
+    - name: Send comment to PR with broken links
+      if: failure() && github.event_name == 'pull_request'
+      uses: thollander/actions-comment-pull-request@master
+      with:
+        message: ${{ steps.brokenlinks.outputs.links }}
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.markdownlinkcheck.json b/.markdownlinkcheck.json
diff --git a/CONTRIBUTOR-V1.md b/CONTRIBUTOR-V1.md
@@ -11,7 +11,7 @@ Sorting applied on the name is an alphabetical one.
 **[Abuse Case Cheat Sheet](https://github.com/OWASP/CheatSheetSeries/tree/master/cheatsheets/Abuse_Case_Cheat_Sheet.md)**
 * Dominique Righetto - [email protected]
 * James Robinson - [email protected]
-* [Rick Mitchell](https://www.owasp.org/index.php/User:Rick.mitchell)
+* Rick Mitchell
 
 **[Access Control Cheat Sheet](https://github.com/OWASP/CheatSheetSeries/tree/master/cheatsheets/Access_Control_Cheat_Sheet.md)**
 * Adinath Raveendra Raj - [email protected]
@@ -218,7 +218,7 @@ Sorting applied on the name is an alphabetical one.
 * Kevin Wall - [email protected]
 * Ricardo Iramar - [email protected]
 
-**[Protect FileUpload Against Malicious File](https://github.com/OWASP/CheatSheetSeries/tree/master/cheatsheets/Protect_FileUpload_Against_Malicious_File.md)**
+**Protect FileUpload Against Malicious File**
 * Dominique Righetto - [email protected]
 
 **[Query Parameterization Cheat Sheet](https://github.com/OWASP/CheatSheetSeries/tree/master/cheatsheets/Query_Parameterization_Cheat_Sheet.md)**
@@ -313,7 +313,7 @@ Sorting applied on the name is an alphabetical one.
 * Ryan Barnett - [email protected]
 
 **[Vulnerability Disclosure Cheat Sheet](https://github.com/OWASP/CheatSheetSeries/tree/master/cheatsheets/Vulnerability_Disclosure_Cheat_Sheet.md)**
-* [OWASP Montréal](https://www.owasp.org/index.php/Montréal) chapter
+* [OWASP Montréal](https://owasp.org/www-chapter-montreal/) chapter
 * [@el_d33](https://twitter.com/el_d33)
 * [gosecure.ca](https://gosecure.net/)
 

diff --git a/Index.md b/Index.md
@@ -112,7 +112,7 @@
 
 [Pinning Cheat Sheet](cheatsheets/Pinning_Cheat_Sheet.md).
 
-[Protect FileUpload Against Malicious File](cheatsheets/Protect_FileUpload_Against_Malicious_File.md). ![Java](assets/Index_Java.png) 
+[File Upload Cheat Sheet](cheatsheets/File_Upload_Cheat_Sheet.md). ![Java](assets/Index_Java.png) 
 
 # Q
 

diff --git a/IndexASVS.md b/IndexASVS.md
@@ -91,7 +91,7 @@
 
 # Objective
 
-The objective of this index is to help an OWASP [Application Security Verification Standard](https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project)  (ASVS) user clearly identify which cheat sheets are useful for each section during his or her usage of the ASVS.
+The objective of this index is to help an OWASP [Application Security Verification Standard](https://owasp.org/www-project-application-security-verification-standard/) (ASVS) user clearly identify which cheat sheets are useful for each section during his or her usage of the ASVS.
 
 This index is based on the version 4.x of the ASVS.
 

diff --git a/IndexProactiveControls.md b/IndexProactiveControls.md
@@ -14,7 +14,7 @@
 
 # Objective
 
-This cheatsheet will help users of the [OWASP Proactive Controls](https://www.owasp.org/index.php/OWASP_Proactive_Controls) identify which cheatsheets map to each proactive controls item. This mapping is based the [OWASP Proactive Controls](https://www.owasp.org/index.php/OWASP_Proactive_Controls) version 3.0 (2018).
+This cheatsheet will help users of the [OWASP Proactive Controls](https://owasp.org/www-project-proactive-controls/) identify which cheatsheets map to each proactive controls item. This mapping is based the [OWASP Proactive Controls](https://owasp.org/www-project-proactive-controls/) version 3.0 (2018).
 
 # 1. Define Security Requirements
 
@@ -90,7 +90,7 @@ This cheatsheet will help users of the [OWASP Proactive Controls](https://www.ow
 
 [OS Command Injection Defense Cheat Sheet](cheatsheets/OS_Command_Injection_Defense_Cheat_Sheet.md)
 
-[Protect FileUpload Against Malicious File](cheatsheets/Protect_FileUpload_Against_Malicious_File.md)
+[File Upload Cheat Sheet](cheatsheets/File_Upload_Cheat_Sheet.md)
 
 [REST Security Cheat Sheet (Input Validation)](cheatsheets/REST_Security_Cheat_Sheet.md#input-validation)
 

diff --git a/Preface.md b/Preface.md
@@ -11,7 +11,7 @@ You can download this site [here](bundle.zip).
 An ATOM feed is available [here](News.xml) with the latest updates.
 
 Project leaders:
-- [Jim Manico](https://www.owasp.org/index.php/User:Jmanico)
+- [Jim Manico](https://github.com/jmanico)
 - [Elie Saad](https://github.com/ThunderSon)
 
 Core team:

diff --git a/README.md b/README.md
@@ -46,9 +46,9 @@ When a reference to a cheat sheet needs to be created, then a link pointing to t
 The following indexes are provided:
 * This [index](Index.md) references all released cheat sheets sorted alphabetically.
     * This index is automatically generated by this [script](scripts/Update_CheatSheets_Index.py).
-* This [index](IndexASVS.md) references all released cheat sheets using the [OWASP ASVS](https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project) project as reading source.
+* This [index](IndexASVS.md) references all released cheat sheets using the [OWASP ASVS](https://owasp.org/www-project-application-security-verification-standard/) project as reading source.
     * This index is manually managed in order to allow contribution along with custom content.
-* This [index](IndexProactiveControls.md) references all released cheat sheets using the [OWASP Proactive Controls](https://www.owasp.org/index.php/OWASP_Proactive_Controls) project as the reading source.
+* This [index](IndexProactiveControls.md) references all released cheat sheets using the [OWASP Proactive Controls](https://owasp.org/www-project-proactive-controls/) project as the reading source.
     * This index is manually managed in order to allow contribution along with custom content.
 
 The official website provides a search bar (top left corner) that can be used.
@@ -200,7 +200,7 @@ See [here](CONTRIBUTING.md#how-to-contribute).
 
 ## Contributors
 
-* **From 2014 to 2018:** [V1](CONTRIBUTOR-V1.md) - Initial version of the project hosted on the [OWASP WIKI](https://www.owasp.org).
+* **From 2014 to 2018:** [V1](CONTRIBUTOR-V1.md) - Initial version of the project hosted on the [OWASP WIKI](https://wiki.owasp.org).
 * **From 2019:** [V2](https://github.com/OWASP/CheatSheetSeries/graphs/contributors) - Hosted on [GitHub](https://github.com/OWASP/CheatSheetSeries).
 
 ## Special thanks

diff --git a/cheatsheets/AJAX_Security_Cheat_Sheet.md b/cheatsheets/AJAX_Security_Cheat_Sheet.md
@@ -18,7 +18,7 @@ When using data to build HTML, script, CSS, XML, JSON, etc. make sure you take i
 
 Data should be properly encoded before used in this manner to prevent injection style issues, and to make sure the logical meaning is preserved.
 
-[Check out the OWASP Java Encoder Project.](https://www.owasp.org/index.php/OWASP_Java_Encoder_Project)
+[Check out the OWASP Java Encoder Project.](https://owasp.org/www-project-java-encoder/)
 
 ### Don't rely on client logic for security
 

diff --git a/cheatsheets/Abuse_Case_Cheat_Sheet.md b/cheatsheets/Abuse_Case_Cheat_Sheet.md
@@ -68,7 +68,7 @@ that lead to proper protection of these critical business use cases.
 
 There are many different ways to define the list of abuse cases for a feature (that can be mapped to a user story in agile projects).
 
-The project [OWASP Open SAMM](https://www.owasp.org/index.php/OWASP_SAMM_Project) proposes the following approach in the *Activity A* of the Security Practice *Threat Assessment* for the Maturity level 2:
+The project [OWASP Open SAMM](https://owasp.org/www-project-samm/) proposes the following approach in the *Activity A* of the Security Practice *Threat Assessment* for the Maturity level 2:
 
 ```
 Further considering the threats to the organization, conduct a more formal analysis to determine
@@ -91,7 +91,7 @@ phase. For existing projects, new requirements should be analyzed for potential
 projects should opportunistically build abuse-cases for established functionality where practical.
 ```
 
-Open SAMM source: [Threat Assessment Level 2 Activity A](https://www.owasp.org/index.php/SAMM_-_Threat_Assessment_-_2)
+Open SAMM source: [Threat Assessment Level 2 Activity A](https://wiki.owasp.org/index.php/SAMM_-_Threat_Assessment_-_2)
 
 Another way to achieve the building of the list can be the following (more bottom-up and collaboratively oriented):
 
@@ -186,8 +186,8 @@ For each feature, follow this flow:
 
 If the presence of offensives is not possible then you can use the following references to identify the applicable attacks on your features:
 
--   [OWASP Automated Threats to Web Applications](https://www.owasp.org/index.php/OWASP_Automated_Threats_to_Web_Applications)
--   [OWASP Testing Guide](https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents)
+-   [OWASP Automated Threats to Web Applications](https://owasp.org/www-project-automated-threats-to-web-applications/)
+-   [OWASP Testing Guide](https://owasp.org/www-project-web-security-testing-guide/stable/)
 -   [OWASP Mobile Testing Guide](https://github.com/OWASP/owasp-mstg)
 -   [Common Attack Pattern Enumeration and Classification (CAPEC)](https://capec.mitre.org/)
 
@@ -249,7 +249,7 @@ Adding automated tests also allow teams to track that countermeasures against th
 
 # Example of derivation of Abuse Cases as User Stories
 
-The following section show an example of derivation of Abuse Cases as User Stories, here using the [OWASP TOP 10](https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project) as input source.
+The following section show an example of derivation of Abuse Cases as User Stories, here using the [OWASP TOP 10](https://owasp.org/www-project-top-ten/) as input source.
 
 Threat Oriented Personas:
 
@@ -261,7 +261,7 @@ Threat Oriented Personas:
 
 *Epic:*
 
-Almost any source of data can be an injection vector, environment variables, parameters, external and internal web services, and all types of users. [Injection](https://www.owasp.org/index.php/Injection_Flaws) flaws occur when an attacker can send hostile data to an interpreter.
+Almost any source of data can be an injection vector, environment variables, parameters, external and internal web services, and all types of users. [Injection](https://owasp.org/www-community/Injection_Flaws) flaws occur when an attacker can send hostile data to an interpreter.
 
 *Abuse Case:*
 

diff --git a/cheatsheets/Attack_Surface_Analysis_Cheat_Sheet.md b/cheatsheets/Attack_Surface_Analysis_Cheat_Sheet.md
@@ -57,9 +57,9 @@ The total number of different attack points can easily add up into the thousands
 
 You also need to identify the valuable data (e.g. confidential, sensitive, regulated) in the application, by interviewing developers and users of the system, and again by reviewing the source code.
 
-You can also build up a picture of the Attack Surface by scanning the application. For web apps you can use a tool like the [OWASP ZAP](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) or [Arachni](http://arachni-scanner.com/) or [Skipfish](http://code.google.com/p/skipfish/) or [w3af](http://w3af.sourceforge.net/) or one of the many commercial dynamic testing and vulnerability scanning tools or services to crawl your app and map the parts of the application that are accessible over the web. Some web application firewalls (WAFs) may also be able to export a model of the application's entry points.
+You can also build up a picture of the Attack Surface by scanning the application. For web apps you can use a tool like the [OWASP ZAP](https://www.zaproxy.org/) or [Arachni](http://arachni-scanner.com/) or [Skipfish](http://code.google.com/p/skipfish/) or [w3af](http://w3af.sourceforge.net/) or one of the many commercial dynamic testing and vulnerability scanning tools or services to crawl your app and map the parts of the application that are accessible over the web. Some web application firewalls (WAFs) may also be able to export a model of the application's entry points.
 
-Validate and fill in your understanding of the Attack Surface by walking through some of the main use cases in the system: signing up and creating a user profile, logging in, searching for an item, placing an order, changing an order, and so on. Follow the flow of control and data through the system, see how information is validated and where it is stored, what resources are touched and what other systems are involved. There is a recursive relationship between Attack Surface Analysis and [Application Threat Modeling](https://www.owasp.org/index.php/Application_Threat_Modeling): changes to the Attack Surface should trigger threat modeling, and threat modeling helps you to understand the Attack Surface of the application.
+Validate and fill in your understanding of the Attack Surface by walking through some of the main use cases in the system: signing up and creating a user profile, logging in, searching for an item, placing an order, changing an order, and so on. Follow the flow of control and data through the system, see how information is validated and where it is stored, what resources are touched and what other systems are involved. There is a recursive relationship between Attack Surface Analysis and [Application Threat Modeling](https://owasp.org/www-community/Application_Threat_Modeling): changes to the Attack Surface should trigger threat modeling, and threat modeling helps you to understand the Attack Surface of the application.
 
 The Attack Surface model may be rough and incomplete to start, especially if you haven't done any security work on the application before. Fill in the holes as you dig deeper in a security analysis, or as you work more with the application and realize that your understanding of the Attack Surface has improved.
-Original file line number
+Diff line change
@@ Expand Up / @@ -112,7 +112,7 @@ @@
     [Pinning Cheat Sheet](cheatsheets/Pinning_Cheat_Sheet.md).
-    [Protect FileUpload Against Malicious File](cheatsheets/Protect_FileUpload_Against_Malicious_File.md). ![Java](assets/Index_Java.png)
+    [File Upload Cheat Sheet](cheatsheets/File_Upload_Cheat_Sheet.md). ![Java](assets/Index_Java.png)
     # Q
@@ Expand Down @@