Skip to content

Add OWASP CSRFGuard metadata #372

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add OWASP CSRFGuard metadata #372

wants to merge 1 commit into from

Conversation

@owasp-nest
Copy link

@owasp-nest owasp-nest bot commented Oct 3, 2025

⚠️ This PR has been generated by Arkadii Yakovets as part of the OWASP Schema initiative within OWASP Nest.

OWASP Entity Information

  • Project: OWASP CSRFGuard
  • Repository: OWASP/www-project-csrfguard
  • Metadata generated on: 2025-10-03

Changes

This PR adds the project data to comply with the OWASP Schema specification. The changes include:

  • The metadata file in YAML format
  • Schema validation GitHub Actions workflow

Purpose

This addition ensures that the project data follows the standardized OWASP Schema format, enabling:

  • Better data consistency across OWASP entities
  • Improved automation and tooling capabilities
  • Enhanced data validation and quality
  • Streamlined integration with OWASP Nest platform

Review Guidelines

When reviewing this PR, please focus on:

  1. Data Accuracy: Verify that the entity information is correct (type, level, leaders, tags, URLs)
  2. Schema Compliance: Ensure all required fields are present and properly formatted
  3. YAML Syntax: Check for proper YAML formatting and indentation
  4. Content Quality: Review the completeness and accuracy of the data

Support & Questions

If you have any questions about this PR or the OWASP Schema implementation:

Closes OWASP/nest-schema#80

@owasp-nest @arkid15r
Add OWASP CSRFGuard metadata
66bfd30 
Generated on 2025-10-03 by Arkadii Yakovets as part of the OWASP Schema initiative within OWASP Nest.
Repository: `OWASP/www-project-csrfguard`

Co-authored-by: Arkadii Yakovets <[email protected]>
@arkid15r arkid15r mentioned this pull request Oct 3, 2025
Open
5 tasks
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 3, 2025
View reviewed changes
.github/workflows/validate-owasp-metadata.yaml
Comment on lines +17 to +24
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v5

- name: Validate metadata file
uses: owasp/nest-schema/.github/actions/validate@a733198b4a942eb12d3ee8629cd9e0d409b1b2b9

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 21 days ago

To fix this issue, you should add a permissions block to the workflow that explicitly sets the permissions granted to the GITHUB_TOKEN. Since neither the checkout nor the validation step are expected to require write access, the minimal privilege required is likely contents: read. You may add this block either at the top level (applies to all jobs) or under the validate-metadata job specifically. The best approach is to add it as a top-level key just below the workflow name, which will make the permission restriction explicit and protect against permission creep in future jobs. No new methods or imports are required—just a change to the YAML configuration file at the top level.

Suggested changeset 1
.github/workflows/validate-owasp-metadata.yaml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/validate-owasp-metadata.yaml b/.github/workflows/validate-owasp-metadata.yaml
--- a/.github/workflows/validate-owasp-metadata.yaml
+++ b/.github/workflows/validate-owasp-metadata.yaml
@@ -1,4 +1,6 @@
 name: Validate OWASP entity metadata
+permissions:
+  contents: read
 
 on:
   pull_request:
EOF
@@ -1,4 +1,6 @@
name: Validate OWASP entity metadata
permissions:
contents: read

on:
pull_request:
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aramrami aramrami Awaiting requested review from aramrami

@forgedhallpass forgedhallpass Awaiting requested review from forgedhallpass

@hblankenship hblankenship Awaiting requested review from hblankenship

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Schema Migration]: project OWASP CSRFGuard

0 participants