From 4f128f3d9f7fe5b67e982bb23b55ff4a6ba8840b Mon Sep 17 00:00:00 2001
From: romain-dd <romain.mahe@datadoghq.com>
Date: Fri, 28 Apr 2023 13:26:30 +0200
Subject: [PATCH] Add Dockerfile to test legit and malicious packages to avoid
 triggering AV

---
 tests/false_positive/Dockerfile  | 19 +++++++++++++++++++
 tests/false_positive/run_test.sh | 20 ++++++++++++++++++++
 2 files changed, 39 insertions(+)
 create mode 100644 tests/false_positive/Dockerfile
 create mode 100644 tests/false_positive/run_test.sh

diff --git a/tests/false_positive/Dockerfile b/tests/false_positive/Dockerfile
new file mode 100644
index 00000000..4c56faab
--- /dev/null
+++ b/tests/false_positive/Dockerfile
@@ -0,0 +1,19 @@
+FROM python:3.10.11-bullseye
+
+# gcc and musl-dev needed for the pip install
+RUN apt update && apt install -y gcc musl-dev g++ libffi-dev libgit2-dev
+RUN pip install guarddog
+RUN apt install -y git jq unzip
+
+# Download ~954 malicious pypi packages
+COPY download_malicious_pypi_package.sh /opt/
+RUN /bin/sh /opt/download_malicious_pypi_package.sh /opt/malicious_pypi_package/
+ENV MALICIOUS_PYPI_PACKAGE="/opt/malicious_pypi_package/"
+
+# Download legitimate top 1000 pypi packages
+COPY download_legit_pypi_package.sh /opt/
+RUN /bin/sh /opt/download_legit_pypi_package.sh /opt/legit_pypi_package/
+ENV LEGIT_PYPI_PACKAGE="/opt/legit_pypi_package/"
+
+COPY run_test.sh /tmp/
+ENTRYPOINT ["/bin/sh", "/tmp/run_test.sh"]
diff --git a/tests/false_positive/run_test.sh b/tests/false_positive/run_test.sh
new file mode 100644
index 00000000..951ab718
--- /dev/null
+++ b/tests/false_positive/run_test.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+runtest="$1"
+
+if [ -z "$runtest" ]; then
+	echo "Add argument to specify the tests (false_positive, false_negative, all)"
+	exit 0
+fi
+
+if [ "$runtest" = "false_positive" ] || [ "$runtest" = "all" ]; then
+	echo "## Test - False Positives"
+	guarddog pypi scan "$LEGIT_PYPI_PACKAGE" --output-format json | jq -c '.[]' | grep -v '"issues":0' 
+fi
+
+if [ "$runtest" = "false_negative" ] || [ "$runtest" = "all" ]; then
+	echo "## Test - False Negatives"
+	guarddog pypi scan "$MALICIOUS_PYPI_PACKAGE" --output-format json | jq -c '.[]' | grep '"issues":0'
+fi
+
+