test #903
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: test | |
on: | |
push: | |
paths: | |
- 'cvehound/**' | |
- 'tests/**' | |
pull_request: | |
paths: | |
- 'cvehound/**' | |
- 'tests/**' | |
workflow_dispatch: | |
schedule: | |
- cron: '0 0 * * MON' | |
jobs: | |
install: | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- os: ubuntu-20.04 | |
python-version: "3.5" | |
- os: ubuntu-latest | |
python-version: "3.11" | |
- os: macos-latest | |
python-version: "3.10" | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Install CVEhound | |
run: python -m pip --disable-pip-version-check install . | |
- name: Run CVEHound | |
run: | | |
cvehound --help | |
cvehound --version | |
build: | |
strategy: | |
fail-fast: false | |
matrix: | |
python-version: [3.8] | |
os: [ubuntu-20.04] | |
ocaml-version: [4.07.1] | |
coccinelle-version: [1.0.7, 1.0.8, 1.0.9, 1.1.0, 1.1.1, git] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Get Date | |
id: date | |
run: echo "date=$(date +'%Y-%m')" >> $GITHUB_OUTPUT | |
- name: Set up Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python-version }} | |
cache: 'pip' | |
cache-dependency-path: setup.py | |
- name: Update Apt-Get Index | |
run: sudo apt-get update -qq | |
- name: Install system Coccinelle with apt | |
if: ${{ matrix.coccinelle-version == 'system' }} | |
run: | | |
sudo apt-get install -y coccinelle | |
- name: Install system dependencies for opam and coccinelle | |
if: ${{ matrix.coccinelle-version != 'system' }} | |
run: | | |
sudo apt-get install -y python-dev aspcud ocaml | |
- name: Setup Opam | |
if: ${{ matrix.coccinelle-version != 'system' }} | |
uses: ocaml/setup-ocaml@v2 | |
with: | |
ocaml-compiler: ${{ matrix.ocaml-version }} | |
opam-disable-sandboxing: true | |
- name: Install Coccinelle with opam (${{ matrix.coccinelle-version }}) | |
if: ${{ matrix.coccinelle-version != 'system' && matrix.coccinelle-version != 'git' }} | |
run: | | |
eval $(opam env) | |
opam install -y coccinelle.${{ matrix.coccinelle-version }} | |
- name: Install latest Coccinelle from git | |
if: ${{ matrix.coccinelle-version == 'git' }} | |
run: | | |
eval $(opam env) | |
opam remove -y coccinelle | |
opam install -y num camlp4 pcre pyml menhir | |
git clone https://github.com/coccinelle/coccinelle | |
cd coccinelle | |
./autogen | |
./configure --prefix /usr/local --libdir /usr/local/lib --enable-python --enable-ocaml --enable-pcre-syntax --enable-pcre --enable-opt --disable-bytes | |
make all.opt | |
sudo make install | |
- name: Spatch Version | |
run: | | |
which opam >/dev/null 2>&1 && eval $(opam env) | |
spatch --version | |
if [[ ${{ matrix.coccinelle-version }} != 'system' && ${{ matrix.coccinelle-version }} != 'git' ]]; then | |
spatch_version="$(spatch --version | head -1)" | |
if [[ ${{ matrix.coccinelle-version }} != '1.0.9' ]]; then | |
if [[ "$spatch_version" != "spatch version ${{ matrix.coccinelle-version }}"* ]]; then | |
echo "Wrong coccinelle version installed" >&2 | |
exit 1 | |
fi | |
elif [[ "$spatch_version" != "spatch version 1.0.8"* ]]; then | |
echo "Wrong coccinelle version installed" >&2 | |
exit 1 | |
fi | |
fi | |
- name: Install CVEhound | |
run: | | |
python -m pip install --upgrade pip | |
python -m pip install --upgrade pytest | |
python -m pip install -e '.[tests]' | |
- name: Cache Kernel Bundle | |
uses: actions/cache@v3 | |
with: | |
path: clone.bundle | |
key: linux-${{ steps.date.outputs.date }} | |
- name: Download Linux Tree | |
run: | | |
if [[ ! -f clone.bundle ]]; then | |
sudo apt-get install -y axel | |
axel -q https://mirrors.edge.kernel.org/pub/scm/.bundles/pub/scm/linux/kernel/git/stable/linux/clone.bundle | |
fi | |
git clone clone.bundle tests/linux | |
cd tests/linux | |
git remote set-url origin git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git | |
git remote add next git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git | |
git remote add stable git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git | |
git remote update origin | |
git fetch stable | |
git fetch next | |
cd - | |
- name: Test with pytest | |
run: | | |
sudo setcap cap_sys_nice,cap_sys_admin+eip $(realpath $(which python3)) | |
which opam >/dev/null 2>&1 && eval $(opam env) | |
readarray RULES < <(git diff --name-only ${{ github.event.before }}..${{ github.event.after }} | grep -o 'CVE-[[:digit:]]*-[[:digit:]]*') | |
if [[ ${#RULES[@]} -gt 0 && ${#RULES[@]} -le 5 ]]; then | |
pytest --runslow $(for rule in ${RULES[@]}; do echo " --cve=$rule "; done) | |
else | |
pytest | |
fi |