VCVRack
/
library
mirror of https://github.com/VCVRack/library.git
1
0
Fork 0
Code Issues 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
184 Commits
3 Branches
154MB
Tree: ffa5a7fcdf
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ffa5a7fcdf'
${ noResults }
library/test.js

130 lines
4.6KB
Raw Blame History 

  1. /*

  2.  

  3. check valid JSON

  4. check valid SHA256

  5. upload to VirusTotal and assert less than 3 or so engines return suspicious for each ZIP

  6. 

  7. ZIP must not contain a __MACOSX directory at root level.

  8. ZIP must not be a tarbomb. Yes, I know the first is a subset of this one, but it's better to have more feedback.

  9. We might even want to assert that the single folder at root level is named as the slug of the plugin. I'm for this.

  10. 

  11. schema validation

  12. 

  13. slug required

  14. if we could have a "soft" warning for slugs matching /[a-zA-Z0-9_\-]/+, that'd be great, although I'd rather their slugs break this than change.

  15. version required

  16. version must begin with "0.5." (this will be changed with each version bump.)

  17. 

  18. */

  19. 

  20. 

  21. 

  22. const fs = require("fs");

  23. const request = require("request");

  24. const { exec } = require('child_process');

  25. const vt = require("node-virustotal");//https://github.com/natewatson999/node-virustotal

  26. const con = vt.MakePublicConnection();

  27. const archArr = ['win', 'lin', 'mac'];

  28. const verbose = false;

  29. 

  30. //VT_API_KEY is set in travisci (or set when run locally)

  31. con.setKey(process.env.VT_API_KEY);

  32. if(verbose){console.log('key', con.getKey());}

  33. 

  34. //15 seconds between calls is required by virus total (4 per minute)

  35. //https://www.virustotal.com/en/documentation/public-api/v2/

  36. con.setDelay(15000);

  37. if(verbose){console.log('delay', con.getDelay());}

  38. 

  39. //We always just check all JSON because it's easy.  

  40. //However, we only want to check zip files of manifests that have changed.

  41. 

  42. 

  43. 

  44. //TODO FIX - travis doesn't have master

  45. //           https://github.com/travis-ci/travis-ci/issues/6069

  46. //           todo check diff to see if "download" or "sha256" changed 

  47. exec('git diff -w --stat --name-only origin/master -- plugins/', (error, stdout, stderr) => {

  48.   if (error) {

  49.     console.error(`exec error: ${error}`);

  50.     return;

  51.   }

  52.   const changedManifestFiles = stdout.trim().split('\n');

  53.   testAllManifests(changedManifestFiles);

  54. });

  55. 

  56. function testAllManifests(changedManifestFiles){

  57.     if(verbose){console.log("changedManifestFiles", changedManifestFiles);}

  58.     fs.readdir('plugins', function(err, files) {

  59.         if (err){ throw err; }

  60. 

  61.         for (let index in files) {

  62.             const filePath = `plugins/${files[index]}`;

  63.             if(!filePath.toLowerCase().endsWith('.json')){

  64.                 throw new Error("manifests should have .json extension");

  65.             }

  66.             fs.readFile(filePath, 'utf8', (err, data) => {

  67.                 if (err){ throw err; }

  68.                 if(verbose){console.log("testing: ", filePath);}

  69.                 

  70.                 const shouldTestZip = changedManifestFiles.includes(filePath);

  71.                 testOneManifest(filePath, data, shouldTestZip);

  72.             });

  73.         }

  74.     });

  75. }

  76. 

  77. function testOneManifest(filePath, fileContent, shouldTestZip = false) {

  78.     let manifestObj;

  79.     try {

  80.         manifestObj = JSON.parse(fileContent);

  81.     } catch(err){

  82.         console.error(`Invalid JSON: ${filePath}`);

  83.         throw err;

  84.     }

  85. 

  86.     if (manifestObj.downloads) {

  87.         let zipUrlsChecked = [];

  88.         let lastSha256;

  89.         

  90.         archArr.map(arch => {

  91.             const archObj = manifestObj.downloads[arch];

  92.             if (archObj && archObj.download) {

  93.                 if(zipUrlsChecked.includes(archObj.download)){

  94.                     if(lastSha256 !== archObj.sha256){

  95.                         throw new Error('SHA256 should be the same if the download URL is the same.');

  96.                     }

  97.                 } else {

  98.                     zipUrlsChecked.push(archObj.download);

  99.                     lastSha256 = archObj.sha256;

  100. 

  101.                     if(shouldTestZip){

  102.                         testOneArch(archObj);

  103.                     } else {

  104.                         if(verbose){console.log("not testing zip because the manifest hasn't changed: ", filePath);}

  105.                     }

  106.                 }

  107.             }

  108.         });

  109.     }

  110. }

  111. 

  112. function testOneArch(archObj) {

  113.     const urlParts = archObj.download.split('/');

  114.     const zipName = urlParts[urlParts.length - 1].split('\?')[0];

  115.     if(verbose){console.log(`Downloading ${archObj.download}`);}

  116.     request(archObj.download).pipe(fs.createWriteStream(zipName)).on('finish', ()=>{

  117.         con.FileEvaluation(zipName, "application/zip", fs.readFileSync(zipName), function(data) {

  118.             console.log(data);

  119.             if(archObj.sha256 !== data.sha256){

  120.                 throw new Error(`Invalid sha256 value.  manifest:${archObj.sha256} virustotal:${data.sha256}`);

  121.             }

  122.             if(data.positives > 2){

  123.                 throw new Error(`Too many positives from virustotal.`);   

  124.             }

  125.         }, function(err) {

  126.             if (err){ throw err; }

  127.         });

  128.     });

  129. }