Skip to content

[Security][Workflow]: Include SAST #112

[Security][Workflow]: Include SAST

[Security][Workflow]: Include SAST #112

Workflow file for this run

name: Functional Tests
on:
push:
tags: ['v*']
pull_request:
branches: ['main']
workflow_dispatch:
workflow_call:
jobs:
functional-tests:
strategy:
matrix:
type: [
"distributed-to-nd",
"nd-to-distributed",
"hd-to-nd",
"hd-to-distributed",
]
defaults:
run:
working-directory: './.github/examples/'
shell: bash
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: 'Build dkc script'
uses: actions/setup-go@v4
with:
go-version-file: './go.mod'
- run: go build ../../
- name: 'Install ethdo'
run: |
go install "github.com/wealdtech/ethdo@$ethdo_version"
env:
ethdo_version: 'v1.33.2'
- name: 'Converting ${{matrix.type}}'
run: |
./dkc convert --config ${{matrix.type}}.yaml
- name: 'Preparing Variables For ${{matrix.type}}'
run: |
echo "::debug:: Getting passwords from ./${{matrix.type}}/pass.txt"
passphrases=$(cat "./${{matrix.type}}/pass.txt"|tr '\n' ',')
echo "::debug:: password string is [$passphrases]"
echo "::debug:: Getting input type for wallet"
input_type=$(echo ${{ matrix.type }} | awk -F'-' '{print $1}')
echo "::debug:: Input type for wallet is [$input_type]"
echo "::debug:: Getting input path for wallet"
input_path="./${{ matrix.type }}/$input_type"
echo "::debug:: Input path for wallet is [$input_path]"
echo "::debug:: Getting output type for wallet"
output_type=$(echo ${{ matrix.type }} | awk -F'-' '{print $3}')
echo "::debug:: Output type for wallet is [$output_type]"
echo "::debug:: Getting output path for wallet"
output_path="./${{ matrix.type }}/$output_type"
echo "::debug:: Output path for wallet is [$output_path]"
echo -e "Generating Input And Output Paths: ${green}OK${nc}"
echo -e "${green}Input Path:${nc} [$input_path]"
echo -e "${green}Output Path:${nc} [$output_path]"
echo "::debug:: Adding all variables to GITHUB EVN"
echo "passphrases=$passphrases" >> $GITHUB_ENV
echo "input_path=$input_path" >> $GITHUB_ENV
echo "input_type=$input_type" >> $GITHUB_ENV
echo "output_path=$output_path" >> $GITHUB_ENV
echo "output_type=$output_type" >> $GITHUB_ENV
- name: 'Checking Signatures For ${{matrix.type}}'
run: |
get_signature() {
echo "::debug:: Wallet type is [$1]"
local _type=$1
echo "::debug:: Wallet path is [$2]"
local _path=$2
echo "::debug:: Check number of argumetns [$#] for get_signature function"
if ! [ $# -eq 2 ]; then
echo -e "Number Of Arguments Incorrect: ${red}Fail${nc}"
fi
local _signature
echo "::debug:: Check wallet type [$_type]"
case $_type in
"distributed")
echo "::debug:: Wallet is distirbuted"
echo "::debug:: Get local sig1"
local _sig1=$(ethdo signature sign --base-dir "$_path/$peer_1" --account "$w/$a" --data "${sign_data}" --passphrase "${passphrases}")
echo "::debug:: Local sig1 is [$_sig1]"
echo "::debug:: Get local sig2"
local _sig2=$(ethdo signature sign --base-dir "$_path/$peer_2" --account "$w/$a" --data "${sign_data}" --passphrase "${passphrases}")
echo "::debug:: Local sig2 is [$_sig2]"
echo "::debug:: Get signature"
_signature=$(ethdo signature aggregate --signature "$peer_id_1:$_sig1" --signature "$peer_id_2:$_sig2" --data "${sign_data}")
;;
*)
echo "::debug:: Wallet is not distirbuted"
echo "::debug:: Get signature"
_signature=$(ethdo signature sign --base-dir "$_path" --account "$w/$a" --data "${sign_data}" --passphrase "${passphrases}")
;;
esac
echo $_signature
}
echo "::debug:: Wallets List is [$wallets_list]"
echo "::debug:: Checking if Wallets List is not empty"
if [[ "$wallets_list" == "" ]]; then
echo -e "Wallets List Is Empty: ${red}Fail${nc}"
exit 1
fi
echo -e "Getting Wallets: ${green}OK${nc}"
echo "::debug:: Iterate over Wallets List"
for w in $wallets_list; do
echo "::debug:: Current wallet is [$w]"
echo "::debug:: Accounts List for wallet [$w] is [$accounts_list]"
echo "::debug:: Checking if Accounts List is not empty"
if [[ "accounts_list" == "" ]]; then
echo -e "Accounts List For Wallet [$w] Is Empty: ${red}Fail${nc}"
exit 1
fi
echo "::debug:: Iterate over Accounts List"
for a in $accounts_list; do
echo "::debug:: Current account is [$a]"
echo "::debug:: Get input signature"
input_signature=$(get_signature $input_type $input_path | tail -n 1)
echo "::debug:: Input signature is [$input_signature]"
echo "::debug:: Get output signature"
output_signature=$(get_signature $output_type $output_path | tail -n 1)
echo "::debug:: Output signature is [$output_signature]"
echo "::debug:: Check if input signature has the right format"
if ! [[ "$input_signature" =~ ^0x.*$ ]]; then
echo -e "Input Signature For Account [$w/$a] Has Wrong Format: ${red}Fail${nc}"
exit 1
fi
echo "::debug:: Check if output signature has the right format"
if ! [[ "$output_signature" =~ ^0x.*$ ]]; then
echo -e "Output Signature For Account [$w/$a] Has Wrong Format: ${red}Fail${nc}"
exit 1
fi
echo "::debug:: Compare input signature and output signature"
if [[ "$input_signature" != "$output_signature" ]]; then
echo -e "Failed To Verify Signature For Account [$w/$a]: ${red}Fail${nc}"
exit 1
fi
echo -e "Checking Signature For Account [$w/$a]: ${green}OK${nc}"
done;
done;
env:
red: '\033[0;31m'
green: '\033[0;32m'
yellow: '\033[0;33m'
nc: '\033[0m'
sign_data: '0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f'
wallets_list: "Wallet1 Wallet2 Wallet3"
accounts_list: "Account1 Account2 Account3"
peer_1: "test1"
peer_id_1: "10"
peer_2: "test2"
peer_id_2: "20"