first commit

tests/check/test_content.py

@@ -0,0 +1,25 @@
+import re
+import os
+
+FILE_EXCLUDE_PATTERN = re.compile(r'[/\\]\.(git|idea|vscode|pytest_cache)[/\\]')
+
+
+def is_textplain(data: bytes):
+    return b'\x00' not in data
+
+
+def test_content():
+    basedir = os.path.realpath(os.path.join(os.path.dirname(os.path.realpath(__file__)), '..', '..'))
+    for (now_dir, dirs, files) in os.walk(basedir):
+        for name in files:
+            filename = os.path.join(now_dir, name)
+            if FILE_EXCLUDE_PATTERN.search(filename):
+                continue
+
+            with open(filename, 'rb') as f:
+                data = f.read()
+
+            if not is_textplain(data):
+                continue
+
+            assert b'\r\n' not in data, f'CRLF must be convert to LF for Vulhub files, but {filename} did not'

tests/check/test_dockerfile.py

@@ -0,0 +1,18 @@
+import os
+import subprocess
+
+
+def test_dockerfile_lint():
+    basedir = os.path.realpath(os.path.join(os.path.dirname(os.path.realpath(__file__)), '..', '..'))
+
+    dockerfiles = []
+    for (now_dir, dirs, files) in os.walk(basedir):
+        for name in files:
+            if name in ('oracle-java', ):
+                continue
+
+            if name == 'Dockerfile':
+                dockerfiles.append(os.path.join(now_dir, name))
+
+    config = os.path.join(basedir, 'tests', 'hadolint.yaml')
+    subprocess.run(['hadolint', '--config', config, '--failure-threshold', 'error'] + dockerfiles, check=True)

tests/check/test_env_toml.py

@@ -0,0 +1,50 @@
+import os
+import glob
+import tomllib
+import difflib
+
+basedir = os.path.realpath(os.path.join(os.path.dirname(os.path.realpath(__file__)), '..', '..'))
+
+
+def test_toml_format():
+    with open(os.path.join(basedir, 'environments.toml'), 'rb') as f:
+        data = tomllib.load(f)
+
+    for env in data['environment']:
+        assert 'name' in env
+        assert 'cve' in env
+        assert 'app' in env
+        assert 'path' in env
+        assert 'tags' in env
+        assert len(env) == 5
+
+        assert len(env['tags']) > 0
+        assert isinstance(env['name'], str)
+        assert isinstance(env['cve'], list)
+        assert isinstance(env['app'], str)
+        assert isinstance(env['path'], str)
+        assert isinstance(env['tags'], list)
+        assert os.path.exists(os.path.join(basedir, env['path']))
+
+        blocks = env['path'].split('/')
+        assert len(blocks) == 2
+
+        assert len(data['tags']) > 0
+        for tag in env['tags']:
+            assert tag in data['tags']
+
+
+def test_environments_files():
+    with open(os.path.join(basedir, 'environments.toml'), 'rb') as f:
+        data = tomllib.load(f)
+
+    compose_files = [name.replace('\\', '/') for name in sorted(glob.glob("**/docker-compose.yml", recursive=True))]
+    env_files = []
+    for env in data['environment']:
+        files = os.listdir(os.path.join(basedir, env['path']))
+        assert 'README.md' in files, f"README.md not found in {env['path']}"
+        assert 'README.zh-cn.md' in files, f"README.zh-cn.md not found in {env['path']}"
+        assert 'docker-compose.yml' in files, f"docker-compose.yml not found in {env['path']}"
+        env_files.append(env['path'] + "/docker-compose.yml")
+
+    assert len(compose_files) == len(env_files), f"Do not forget to add new environment in environments.toml, difference: \n{'\n'.join(difflib.unified_diff(compose_files, env_files))}"

tests/check/test_filename.py

@@ -0,0 +1,48 @@
+import os
+import re
+
+
+basedir = os.path.realpath(os.path.join(os.path.dirname(os.path.realpath(__file__)), '..', '..'))
+ARCHIVE_FILE_PATTERN = re.compile(r'^.*\.(tar\.gz|zip|7z|rar|exe|jar|xz|gz|tar|war)$', re.I)
+ARCHIVE_EXCEPTED = re.compile(r'[/\\](struts2|weblogic[/\\]weak_password)[/\\]')
+
+
+def test_dir_islower():
+    for name in os.listdir(basedir) + os.listdir(os.path.join(basedir, 'base')):
+        if not os.path.isdir(name):
+            continue
+
+        assert name.islower()
+
+
+def test_filename_format():
+    """
+    We are not allowed uppercase software directory name
+    """    
+    for (root, _, files) in os.walk(basedir):
+        if os.path.basename(root).startswith('.'):
+            continue
+
+        for name in files:
+            # check if extension is lowercase
+            fullname = os.path.join(root, name)
+            _, ext = os.path.splitext(name)
+            assert ext == ext.lower(), 'file extension must be lowercase, not %r' % name
+
+            # check if docker-compose.yaml is used
+            assert name != "docker-compose.yaml", "docker-compose.yaml is not allowed, use docker-compose.yml instead"
+
+            # check if readme file name is correct
+            if name.lower() == 'readme.md':
+                assert name == 'README.md', "README filename must be 'README.md', not %r" % name
+
+            # check if readme.zh-cn.md file name is correct
+            if name.lower() == 'readme.zh-cn.md':
+                assert name == 'README.zh-cn.md', "README.zh-cn filename must be 'README.zh-cn.md', not %r" % name
+
+            if os.path.isdir(fullname) and (name.lower().startswith('cve-') or name.lower().startswith('cnvd-') or name.lower().startswith('cnnvd-')):
+                assert name == name.upper(), "CVE/CNVD/CNNVD directory name must be uppercase, not %r" % name
+
+            # check if archive file size is lower than 4096 bytes
+            if ARCHIVE_FILE_PATTERN.match(name) is not None and ARCHIVE_EXCEPTED.search(fullname) is None:
+                assert os.path.getsize(fullname) <= 4096, "You should not upload a archive file larger than 4096 bytes"