Check against DLL injection (trunc) #40

	# Copyright 2024, Intel Corporation
	# SPDX-License-Identifier: BSD-3-Clause

	name: Check against DLL injection (trunc)

	permissions: read-all

	on:
	workflow_dispatch:
	schedule:
	# Run every day at 22:00 UTC
	- cron: '0 22 * * *'

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	jobs:
	check-dll-injection:
	runs-on: windows-2022
	# Disabling this workflow for non ispc/ispc repo to reduce the traffic to artifacts downloads.

	if: github.repository == 'ispc/ispc'
	steps:
	- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1

	- name: Install required packages
	run: \|
	Install-ChocoPackage wget
	Install-ChocoPackage procmon
	Install-ChocoPackage 7zip
	pip install defusedxml
	shell: powershell

	- name: Download ISPC trunc archives
	env:
	ZIP_URL: https://ci.appveyor.com/api/projects/ispc/ispc/artifacts/build%2Fispc-trunk-windows.zip?job=Environment%3A%20APPVEYOR_BUILD_WORKER_IMAGE%3DVisual%20Studio%202019%2C%20LLVM_VERSION%3Dlatest
	run: \|
	ZIP="ispc-trunk-windows.zip"
	echo "Download artifact $ZIP_URL" >> "$GITHUB_STEP_SUMMARY"
	wget --quiet -O "$ZIP" "$ZIP_URL"
	7z x "$ZIP"
	ISPC_BIN_DIR="ispc-trunk-windows/bin"
	echo "$ISPC_BIN_DIR" >> "$GITHUB_PATH"
	shell: bash

	- name: Check ISPC binary for DLL injection
	run: \|
	python .github\workflows\scripts\check-dll-injection.py dbghelp.dll
	shell: cmd

	- name: Upload results
	uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
	if: always()
	with:
	name: reports
	path: \|
	dll_load_filtered.xml

Provide feedback