From 734fbc022b31e3fdb58102763388e21c4ca8d71c Mon Sep 17 00:00:00 2001 From: Elaine Chien Date: Sat, 27 Jan 2024 00:10:34 +0000 Subject: [PATCH 1/5] Create Dockerfile and Makefile to allow sample python package to be built in a container Signed-off-by: Elaine Chien --- sample_packages/Makefile | 12 ++++++++++++ sample_packages/sample_python_package/Dockerfile | 9 +++++++++ sample_packages/sample_python_package/README.md | 11 ----------- 3 files changed, 21 insertions(+), 11 deletions(-) create mode 100644 sample_packages/Makefile create mode 100644 sample_packages/sample_python_package/Dockerfile delete mode 100644 sample_packages/sample_python_package/README.md diff --git a/sample_packages/Makefile b/sample_packages/Makefile new file mode 100644 index 00000000..bdd6f0a1 --- /dev/null +++ b/sample_packages/Makefile @@ -0,0 +1,12 @@ +.PHONY: build_sample_python_package + +IMAGE_NAME = sample-python-package-image +CONTAINER_NAME = sample-python-package-container + +build_sample_python_package: + docker build -t ${IMAGE_NAME} sample_python_package/ + docker run --name ${CONTAINER_NAME} -d ${IMAGE_NAME} + docker cp ${CONTAINER_NAME}:/sample_python_package/dist/. sample_python_package/output + docker stop ${CONTAINER_NAME} + docker rm ${CONTAINER_NAME} + docker image rm ${IMAGE_NAME} \ No newline at end of file diff --git a/sample_packages/sample_python_package/Dockerfile b/sample_packages/sample_python_package/Dockerfile new file mode 100644 index 00000000..13e7f68f --- /dev/null +++ b/sample_packages/sample_python_package/Dockerfile @@ -0,0 +1,9 @@ +FROM python:3.9 + +WORKDIR /sample_python_package + +COPY . /sample_python_package + +RUN pip install --upgrade build + +RUN python3 -m build \ No newline at end of file diff --git a/sample_packages/sample_python_package/README.md b/sample_packages/sample_python_package/README.md deleted file mode 100644 index 574a5de2..00000000 --- a/sample_packages/sample_python_package/README.md +++ /dev/null @@ -1,11 +0,0 @@ -## Sample Python package - -This package will simulate different scenarios to test package analysis on. While this package will attempt to revert any modifications it makes, it is not recommended to install, import, or use this package in any way outside of a sandboxed setting. - -To use this package for local analysis, build this package by running -`python3 -m build` in this directory. The package will be located in the dist/ -folder. - -Developers can modify which behaviors they want to simulate. (Collection of functionalities listed above main function in example.py) Note, however, that at this time output logging may not be comprehensive. - -The same license for the rest of the package analysis project applies to this package. From df172573b9106bb08df49c18936a29de5b341fb1 Mon Sep 17 00:00:00 2001 From: Elaine Chien Date: Sat, 27 Jan 2024 00:16:20 +0000 Subject: [PATCH 2/5] Add README to sample_packages directory Signed-off-by: Elaine Chien --- sample_packages/README.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 sample_packages/README.md diff --git a/sample_packages/README.md b/sample_packages/README.md new file mode 100644 index 00000000..54e7a732 --- /dev/null +++ b/sample_packages/README.md @@ -0,0 +1,13 @@ +## Sample packages + +Packages in this directory will simulate different scenarios to test package analysis on. These packages should attempt to revert any modifications made, but it is not recommended to install, import, or use these packages in nonisolated settings. + +The same license for the rest of the package analysis project applies to any package in this directory. + +### Sample python package +To use the sample python package for local analysis, build the package by running +`make build_sample_python_package` in this directory. The package will be created in `sample_python_package/output` + +Developers can modify which behaviors they want to simulate. (Collection of functionalities listed above main function in example.py) Note, however, that at this time output logging may not be comprehensive. + + From 18d2180dc538f5ddf46ad478ececf788b07cba50 Mon Sep 17 00:00:00 2001 From: Elaine Chien Date: Sat, 27 Jan 2024 00:42:47 +0000 Subject: [PATCH 3/5] Modify README Signed-off-by: Elaine Chien --- README.md | 3 +++ sample_packages/README.md | 5 ++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 52c1877b..6cbd8699 100644 --- a/README.md +++ b/README.md @@ -147,6 +147,9 @@ allows caching the sandbox images and supports local developement. ## Development +### Testing +See `sample_packages/README.md` for how to use a sample package that simulates malicious activity for testing purposes. + ### Required Dependencies - Go v1.21 diff --git a/sample_packages/README.md b/sample_packages/README.md index 54e7a732..ba8476cb 100644 --- a/sample_packages/README.md +++ b/sample_packages/README.md @@ -1,12 +1,11 @@ ## Sample packages -Packages in this directory will simulate different scenarios to test package analysis on. These packages should attempt to revert any modifications made, but it is not recommended to install, import, or use these packages in nonisolated settings. +Packages in this directory will simulate different types of malicious behavior for testing purposes. These packages should attempt to revert any modifications made, but it is not recommended to install, import, or use these packages in nonisolated settings. The same license for the rest of the package analysis project applies to any package in this directory. ### Sample python package -To use the sample python package for local analysis, build the package by running -`make build_sample_python_package` in this directory. The package will be created in `sample_python_package/output` +Build the package by running`make build_sample_python_package` in this directory. The .tar.gz file that can be used for local analysis will be added to the directory `sample_python_package/output` Developers can modify which behaviors they want to simulate. (Collection of functionalities listed above main function in example.py) Note, however, that at this time output logging may not be comprehensive. From b080c6efa195f8dcfd5c82a2ba1b967255f19c53 Mon Sep 17 00:00:00 2001 From: Elaine Chien Date: Sat, 27 Jan 2024 00:44:52 +0000 Subject: [PATCH 4/5] newline at end of file Signed-off-by: Elaine Chien --- sample_packages/Makefile | 2 +- sample_packages/sample_python_package/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sample_packages/Makefile b/sample_packages/Makefile index bdd6f0a1..0c96c75f 100644 --- a/sample_packages/Makefile +++ b/sample_packages/Makefile @@ -9,4 +9,4 @@ build_sample_python_package: docker cp ${CONTAINER_NAME}:/sample_python_package/dist/. sample_python_package/output docker stop ${CONTAINER_NAME} docker rm ${CONTAINER_NAME} - docker image rm ${IMAGE_NAME} \ No newline at end of file + docker image rm ${IMAGE_NAME} diff --git a/sample_packages/sample_python_package/Dockerfile b/sample_packages/sample_python_package/Dockerfile index 13e7f68f..9d7456dc 100644 --- a/sample_packages/sample_python_package/Dockerfile +++ b/sample_packages/sample_python_package/Dockerfile @@ -6,4 +6,4 @@ COPY . /sample_python_package RUN pip install --upgrade build -RUN python3 -m build \ No newline at end of file +RUN python3 -m build From 957d9d6a471fa2d795c0957b7be253580913e2a8 Mon Sep 17 00:00:00 2001 From: Elaine Chien Date: Tue, 13 Feb 2024 00:45:48 +0000 Subject: [PATCH 5/5] Pin sha for python docker image Signed-off-by: Elaine Chien --- sample_packages/sample_python_package/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sample_packages/sample_python_package/Dockerfile b/sample_packages/sample_python_package/Dockerfile index 9d7456dc..e852547e 100644 --- a/sample_packages/sample_python_package/Dockerfile +++ b/sample_packages/sample_python_package/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.9 +FROM python:3.9@sha256:edee3d665aba1d84f5344eca825d0de34b38dbf77a776cafd9df65c67e240866 WORKDIR /sample_python_package