Skip to content

test

test #903

Workflow file for this run

name: test
on:
push:
paths:
- 'cvehound/**'
- 'tests/**'
pull_request:
paths:
- 'cvehound/**'
- 'tests/**'
workflow_dispatch:
schedule:
- cron: '0 0 * * MON'
jobs:
install:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-20.04
python-version: "3.5"
- os: ubuntu-latest
python-version: "3.11"
- os: macos-latest
python-version: "3.10"
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Install CVEhound
run: python -m pip --disable-pip-version-check install .
- name: Run CVEHound
run: |
cvehound --help
cvehound --version
build:
strategy:
fail-fast: false
matrix:
python-version: [3.8]
os: [ubuntu-20.04]
ocaml-version: [4.07.1]
coccinelle-version: [1.0.7, 1.0.8, 1.0.9, 1.1.0, 1.1.1, git]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get Date
id: date
run: echo "date=$(date +'%Y-%m')" >> $GITHUB_OUTPUT
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
cache: 'pip'
cache-dependency-path: setup.py
- name: Update Apt-Get Index
run: sudo apt-get update -qq
- name: Install system Coccinelle with apt
if: ${{ matrix.coccinelle-version == 'system' }}
run: |
sudo apt-get install -y coccinelle
- name: Install system dependencies for opam and coccinelle
if: ${{ matrix.coccinelle-version != 'system' }}
run: |
sudo apt-get install -y python-dev aspcud ocaml
- name: Setup Opam
if: ${{ matrix.coccinelle-version != 'system' }}
uses: ocaml/setup-ocaml@v2
with:
ocaml-compiler: ${{ matrix.ocaml-version }}
opam-disable-sandboxing: true
- name: Install Coccinelle with opam (${{ matrix.coccinelle-version }})
if: ${{ matrix.coccinelle-version != 'system' && matrix.coccinelle-version != 'git' }}
run: |
eval $(opam env)
opam install -y coccinelle.${{ matrix.coccinelle-version }}
- name: Install latest Coccinelle from git
if: ${{ matrix.coccinelle-version == 'git' }}
run: |
eval $(opam env)
opam remove -y coccinelle
opam install -y num camlp4 pcre pyml menhir
git clone https://github.com/coccinelle/coccinelle
cd coccinelle
./autogen
./configure --prefix /usr/local --libdir /usr/local/lib --enable-python --enable-ocaml --enable-pcre-syntax --enable-pcre --enable-opt --disable-bytes
make all.opt
sudo make install
- name: Spatch Version
run: |
which opam >/dev/null 2>&1 && eval $(opam env)
spatch --version
if [[ ${{ matrix.coccinelle-version }} != 'system' && ${{ matrix.coccinelle-version }} != 'git' ]]; then
spatch_version="$(spatch --version | head -1)"
if [[ ${{ matrix.coccinelle-version }} != '1.0.9' ]]; then
if [[ "$spatch_version" != "spatch version ${{ matrix.coccinelle-version }}"* ]]; then
echo "Wrong coccinelle version installed" >&2
exit 1
fi
elif [[ "$spatch_version" != "spatch version 1.0.8"* ]]; then
echo "Wrong coccinelle version installed" >&2
exit 1
fi
fi
- name: Install CVEhound
run: |
python -m pip install --upgrade pip
python -m pip install --upgrade pytest
python -m pip install -e '.[tests]'
- name: Cache Kernel Bundle
uses: actions/cache@v3
with:
path: clone.bundle
key: linux-${{ steps.date.outputs.date }}
- name: Download Linux Tree
run: |
if [[ ! -f clone.bundle ]]; then
sudo apt-get install -y axel
axel -q https://mirrors.edge.kernel.org/pub/scm/.bundles/pub/scm/linux/kernel/git/stable/linux/clone.bundle
fi
git clone clone.bundle tests/linux
cd tests/linux
git remote set-url origin git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git remote add next git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
git remote add stable git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
git remote update origin
git fetch stable
git fetch next
cd -
- name: Test with pytest
run: |
sudo setcap cap_sys_nice,cap_sys_admin+eip $(realpath $(which python3))
which opam >/dev/null 2>&1 && eval $(opam env)
readarray RULES < <(git diff --name-only ${{ github.event.before }}..${{ github.event.after }} | grep -o 'CVE-[[:digit:]]*-[[:digit:]]*')
if [[ ${#RULES[@]} -gt 0 && ${#RULES[@]} -le 5 ]]; then
pytest --runslow $(for rule in ${RULES[@]}; do echo " --cve=$rule "; done)
else
pytest
fi