Add Dockerfile to test legit and malicious packages to avoid triggeri…

…ng AV
H4dr1en · May 5, 2023 · 4f128f3 · 4f128f3
1 parent 1961148
commit 4f128f3
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 0 deletions.
diff --git a/tests/false_positive/Dockerfile b/tests/false_positive/Dockerfile
@@ -0,0 +1,19 @@
+FROM python:3.10.11-bullseye
+
+# gcc and musl-dev needed for the pip install
+RUN apt update && apt install -y gcc musl-dev g++ libffi-dev libgit2-dev
+RUN pip install guarddog
+RUN apt install -y git jq unzip
+
+# Download ~954 malicious pypi packages
+COPY download_malicious_pypi_package.sh /opt/
+RUN /bin/sh /opt/download_malicious_pypi_package.sh /opt/malicious_pypi_package/
+ENV MALICIOUS_PYPI_PACKAGE="/opt/malicious_pypi_package/"
+
+# Download legitimate top 1000 pypi packages
+COPY download_legit_pypi_package.sh /opt/
+RUN /bin/sh /opt/download_legit_pypi_package.sh /opt/legit_pypi_package/
+ENV LEGIT_PYPI_PACKAGE="/opt/legit_pypi_package/"
+
+COPY run_test.sh /tmp/
+ENTRYPOINT ["/bin/sh", "/tmp/run_test.sh"]
diff --git a/tests/false_positive/run_test.sh b/tests/false_positive/run_test.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+runtest="$1"
+
+if [ -z "$runtest" ]; then
+	echo "Add argument to specify the tests (false_positive, false_negative, all)"
+	exit 0
+fi
+
+if [ "$runtest" = "false_positive" ] || [ "$runtest" = "all" ]; then
+	echo "## Test - False Positives"
+	guarddog pypi scan "$LEGIT_PYPI_PACKAGE" --output-format json | jq -c '.[]' | grep -v '"issues":0' 
+fi
+
+if [ "$runtest" = "false_negative" ] || [ "$runtest" = "all" ]; then
+	echo "## Test - False Negatives"
+	guarddog pypi scan "$MALICIOUS_PYPI_PACKAGE" --output-format json | jq -c '.[]' | grep '"issues":0'
+fi
+
+