Merge branch 'main' into bq_load_keep_dest

README.md

@@ -147,6 +147,9 @@ allows caching the sandbox images and supports local developement.
 
 ## Development
 
+### Testing
+See `sample_packages/README.md` for how to use a sample package that simulates malicious activity for testing purposes.
+
 ### Required Dependencies
 
 - Go v1.21

sample_packages/Makefile

@@ -0,0 +1,12 @@
+.PHONY: build_sample_python_package
+
+IMAGE_NAME = sample-python-package-image
+CONTAINER_NAME = sample-python-package-container
+
+build_sample_python_package:
+	docker build -t ${IMAGE_NAME} sample_python_package/
+	docker run --name ${CONTAINER_NAME} -d ${IMAGE_NAME}
+	docker cp ${CONTAINER_NAME}:/sample_python_package/dist/. sample_python_package/output
+	docker stop ${CONTAINER_NAME}
+	docker rm ${CONTAINER_NAME}
+	docker image rm ${IMAGE_NAME}

sample_packages/README.md

@@ -0,0 +1,12 @@
+## Sample packages
+
+Packages in this directory will simulate different types of malicious behavior for testing purposes. These packages should attempt to revert any modifications made, but it is not recommended to install, import, or use these packages in nonisolated settings.
+
+The same license for the rest of the package analysis project applies to any package in this directory.
+
+### Sample python package
+Build the package by running`make build_sample_python_package` in this directory. The .tar.gz file that can be used for local analysis will be added to the directory `sample_python_package/output`
+
+Developers can modify which behaviors they want to simulate. (Collection of functionalities listed above main function in example.py) Note, however, that at this time output logging may not be comprehensive.
+
+

sample_packages/sample_python_package/Dockerfile

@@ -0,0 +1,9 @@
+FROM python:3.9@sha256:edee3d665aba1d84f5344eca825d0de34b38dbf77a776cafd9df65c67e240866
+
+WORKDIR /sample_python_package
+
+COPY . /sample_python_package
+
+RUN pip install --upgrade build
+
+RUN python3 -m build