Weekly Updater Action

[h00die]

Fixes #18120

This PR gets us inline for having weekly updates to data files and external files. We do this with the following changes:

1. Update UA string updater python script to ruby
2. Update joomla component gatherer python script to ruby
3. Sync all the ruby update scripts with -h , descriptions, outputs, etc
4. build a github workflow which runs weekly, runs the update scripts, and submits a PR with the changes

Why is this important?

• I seem to be the only one who updates wordpress plugins, and its infrequent (2yrs since last update).
• I seem to be the only one updating sharphound (2yrs since last update)/JTR (im tired of looking it up)
• UAs change frequently, @smashery seems to be the only one who updates these and its several months between (https://github.com/rapid7/metasploit-framework/pulls?q=is%3Apr+is%3Aclosed+user+agent+author%3Asmashery)

Here's an example PR that gets submitted: h00die#32

[h00die]

Whoever is assigned this, I would suggest landing #19755 and #19774 first, or closing those out as this will supersede them in a week.

[adfoster-r7]

Merged in those two pre-requisite PRs now, thanks!

Looks like there's a small merge conflict for this PR to resolve 🤞

Conflicting files
tools/dev/update_user_agent_strings.py

[h00die]

I wanted to keep attribution (and history) on the .py files, so the workflow was git mv <name>.py <name>.rb, then overwrite the content with a ruby version.

My dev box is down for the day, so if you want to resolve that it should be trivial with that workflow. If not, I can take care of it in like 25hrs or so

[jmartin-tech]

Not sure if the restriction has change, github actions were previously restricted from opening PRs in the R7 org.

[jheysel-r7]

Not sure if the restriction has change, github actions were previously restricted from opening PRs in the R7 org.

Hey @jmartin-tech, great to hear from you :)

Thanks for the heads up. I double checked with PD and github actions are restricted from opening PRs in private R7 repos but not public repos.

[jheysel-r7]

This looks great. I've run all the updater scripts locally, reviewed the PR this action created in your fork also verified that Github actions are able to create PRs in this repo.

One minor question and then I think this is good to land so it can create a PR this coming Monday 🎉

[h00die]

accepted!

[jheysel-r7]

Really appreciate you adding this workflow in @h00die, I was unaware these update scripts were being neglected. Looking forward to seeing the PR Monday.

[jheysel-r7]

Release Notes

Adds a Github workflow to run update_wordpress_vulnerabilities.rb, update_user_agent_strings.rb and update_joomla_components.rb and to post a weekly PR with the changes from each update script. This also converts both update_joomla_components and update_user_agent_strings from python scripts to ruby scripts.