@@ -8,8 +8,8 @@ permissions:
88jobs :
99 phishdestroy-check :
1010 runs-on : ubuntu-latest
11-
1211 steps :
12+
1313 - name : Download JSON destroylist
1414 run : |
1515 curl -sSLo list.json https://raw.githubusercontent.com/phishdestroy/destroylist/main/list.json
@@ -18,28 +18,40 @@ jobs:
1818 run : |
1919 jq -r '.domains[]' list.json | sort | uniq > destroylist_domains.txt
2020
21- name : Download deployed homepage and extract domains
21+ name : Download deployed homepage and extract referenced domains
2222 run : |
2323 curl -sS https://universalbit-dev.github.io/CityGenerator/ > deployed_site.html
2424 grep -oE "https?://[a-zA-Z0-9._~:/?#@!$&'()*,;=%-]+" deployed_site.html \
2525 | sed 's|https\?://||' | cut -d'/' -f1 | sort | uniq > referenced_domains.txt
2626
27- name : Whitelist only your own domain ( and trusted CDNs if needed)
27+ name : Whitelist only your own domain and trusted CDNs
2828 run : |
2929 cat > whitelist.txt <<EOF
3030universalbit-dev.github.io
3131cdn.jsdelivr.net
3232github.com
33- # add more if you trust other APIs/CDNs used on your site
33+ # Add more trusted domains if needed
3434EOF
3535 grep -vxFf whitelist.txt referenced_domains.txt > domains_to_check.txt
3636
37- - name : Scan for blocklisted domains, error only if a non-whitelisted match is found
37+ - name : Scan for blocklisted domains
3838 run : |
3939 if grep -Ff destroylist_domains.txt domains_to_check.txt > destroylist_matches.txt; then
40- echo "Blocked phishing domains found in deployed site:"
40+ echo "::error :: Blocked phishing domains found in deployed site! Review below :"
4141 cat destroylist_matches.txt
4242 exit 1
4343 else
4444 echo "No blocked phishing domains found in deployed site."
4545 fi
46+
47+ name : Upload log artifacts (optional)
48+ if : always()
49+ uses : actions/upload-artifact@v4
50+ with :
51+ name : phishdestroy-scan-logs
52+ path : |
53+ destroylist.txt
54+ destroylist_domains.txt
55+ referenced_domains.txt
56+ domains_to_check.txt
57+ destroylist_matches.txt
0 commit comments