From 3186547322741ff036824e5c5248f1231ff2bc81 Mon Sep 17 00:00:00 2001
From: Fernando Flores <fernandofloresdev@gmail.com>
Date: Tue, 2 Apr 2024 12:27:57 -0600
Subject: [PATCH] Added check

---
 .github/workflows/CVE-check.yml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 .github/workflows/CVE-check.yml

diff --git a/.github/workflows/CVE-check.yml b/.github/workflows/CVE-check.yml
new file mode 100644
index 000000000..33e4f199d
--- /dev/null
+++ b/.github/workflows/CVE-check.yml
@@ -0,0 +1,18 @@
+name: Simple XZ util check
+
+on:
+  pull_request:
+    branches:
+      - dev
+      - staging*
+
+jobs:
+  bandit:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Fail if version of xz tool is affected by CVE-2024-3094
+      if: ${{ ! startsWith(matrix.os, 'windows') }}
+      run: |
+        xz --version;
+        bash -c "! (xz --version | grep -E '5\.6\.(0|1)')"