[Security][Workflow]: Include SAST #112
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Functional Tests | |
on: | |
push: | |
tags: ['v*'] | |
pull_request: | |
branches: ['main'] | |
workflow_dispatch: | |
workflow_call: | |
jobs: | |
functional-tests: | |
strategy: | |
matrix: | |
type: [ | |
"distributed-to-nd", | |
"nd-to-distributed", | |
"hd-to-nd", | |
"hd-to-distributed", | |
] | |
defaults: | |
run: | |
working-directory: './.github/examples/' | |
shell: bash | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: 'Build dkc script' | |
uses: actions/setup-go@v4 | |
with: | |
go-version-file: './go.mod' | |
- run: go build ../../ | |
- name: 'Install ethdo' | |
run: | | |
go install "github.com/wealdtech/ethdo@$ethdo_version" | |
env: | |
ethdo_version: 'v1.33.2' | |
- name: 'Converting ${{matrix.type}}' | |
run: | | |
./dkc convert --config ${{matrix.type}}.yaml | |
- name: 'Preparing Variables For ${{matrix.type}}' | |
run: | | |
echo "::debug:: Getting passwords from ./${{matrix.type}}/pass.txt" | |
passphrases=$(cat "./${{matrix.type}}/pass.txt"|tr '\n' ',') | |
echo "::debug:: password string is [$passphrases]" | |
echo "::debug:: Getting input type for wallet" | |
input_type=$(echo ${{ matrix.type }} | awk -F'-' '{print $1}') | |
echo "::debug:: Input type for wallet is [$input_type]" | |
echo "::debug:: Getting input path for wallet" | |
input_path="./${{ matrix.type }}/$input_type" | |
echo "::debug:: Input path for wallet is [$input_path]" | |
echo "::debug:: Getting output type for wallet" | |
output_type=$(echo ${{ matrix.type }} | awk -F'-' '{print $3}') | |
echo "::debug:: Output type for wallet is [$output_type]" | |
echo "::debug:: Getting output path for wallet" | |
output_path="./${{ matrix.type }}/$output_type" | |
echo "::debug:: Output path for wallet is [$output_path]" | |
echo -e "Generating Input And Output Paths: ${green}OK${nc}" | |
echo -e "${green}Input Path:${nc} [$input_path]" | |
echo -e "${green}Output Path:${nc} [$output_path]" | |
echo "::debug:: Adding all variables to GITHUB EVN" | |
echo "passphrases=$passphrases" >> $GITHUB_ENV | |
echo "input_path=$input_path" >> $GITHUB_ENV | |
echo "input_type=$input_type" >> $GITHUB_ENV | |
echo "output_path=$output_path" >> $GITHUB_ENV | |
echo "output_type=$output_type" >> $GITHUB_ENV | |
- name: 'Checking Signatures For ${{matrix.type}}' | |
run: | | |
get_signature() { | |
echo "::debug:: Wallet type is [$1]" | |
local _type=$1 | |
echo "::debug:: Wallet path is [$2]" | |
local _path=$2 | |
echo "::debug:: Check number of argumetns [$#] for get_signature function" | |
if ! [ $# -eq 2 ]; then | |
echo -e "Number Of Arguments Incorrect: ${red}Fail${nc}" | |
fi | |
local _signature | |
echo "::debug:: Check wallet type [$_type]" | |
case $_type in | |
"distributed") | |
echo "::debug:: Wallet is distirbuted" | |
echo "::debug:: Get local sig1" | |
local _sig1=$(ethdo signature sign --base-dir "$_path/$peer_1" --account "$w/$a" --data "${sign_data}" --passphrase "${passphrases}") | |
echo "::debug:: Local sig1 is [$_sig1]" | |
echo "::debug:: Get local sig2" | |
local _sig2=$(ethdo signature sign --base-dir "$_path/$peer_2" --account "$w/$a" --data "${sign_data}" --passphrase "${passphrases}") | |
echo "::debug:: Local sig2 is [$_sig2]" | |
echo "::debug:: Get signature" | |
_signature=$(ethdo signature aggregate --signature "$peer_id_1:$_sig1" --signature "$peer_id_2:$_sig2" --data "${sign_data}") | |
;; | |
*) | |
echo "::debug:: Wallet is not distirbuted" | |
echo "::debug:: Get signature" | |
_signature=$(ethdo signature sign --base-dir "$_path" --account "$w/$a" --data "${sign_data}" --passphrase "${passphrases}") | |
;; | |
esac | |
echo $_signature | |
} | |
echo "::debug:: Wallets List is [$wallets_list]" | |
echo "::debug:: Checking if Wallets List is not empty" | |
if [[ "$wallets_list" == "" ]]; then | |
echo -e "Wallets List Is Empty: ${red}Fail${nc}" | |
exit 1 | |
fi | |
echo -e "Getting Wallets: ${green}OK${nc}" | |
echo "::debug:: Iterate over Wallets List" | |
for w in $wallets_list; do | |
echo "::debug:: Current wallet is [$w]" | |
echo "::debug:: Accounts List for wallet [$w] is [$accounts_list]" | |
echo "::debug:: Checking if Accounts List is not empty" | |
if [[ "accounts_list" == "" ]]; then | |
echo -e "Accounts List For Wallet [$w] Is Empty: ${red}Fail${nc}" | |
exit 1 | |
fi | |
echo "::debug:: Iterate over Accounts List" | |
for a in $accounts_list; do | |
echo "::debug:: Current account is [$a]" | |
echo "::debug:: Get input signature" | |
input_signature=$(get_signature $input_type $input_path | tail -n 1) | |
echo "::debug:: Input signature is [$input_signature]" | |
echo "::debug:: Get output signature" | |
output_signature=$(get_signature $output_type $output_path | tail -n 1) | |
echo "::debug:: Output signature is [$output_signature]" | |
echo "::debug:: Check if input signature has the right format" | |
if ! [[ "$input_signature" =~ ^0x.*$ ]]; then | |
echo -e "Input Signature For Account [$w/$a] Has Wrong Format: ${red}Fail${nc}" | |
exit 1 | |
fi | |
echo "::debug:: Check if output signature has the right format" | |
if ! [[ "$output_signature" =~ ^0x.*$ ]]; then | |
echo -e "Output Signature For Account [$w/$a] Has Wrong Format: ${red}Fail${nc}" | |
exit 1 | |
fi | |
echo "::debug:: Compare input signature and output signature" | |
if [[ "$input_signature" != "$output_signature" ]]; then | |
echo -e "Failed To Verify Signature For Account [$w/$a]: ${red}Fail${nc}" | |
exit 1 | |
fi | |
echo -e "Checking Signature For Account [$w/$a]: ${green}OK${nc}" | |
done; | |
done; | |
env: | |
red: '\033[0;31m' | |
green: '\033[0;32m' | |
yellow: '\033[0;33m' | |
nc: '\033[0m' | |
sign_data: '0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f' | |
wallets_list: "Wallet1 Wallet2 Wallet3" | |
accounts_list: "Account1 Account2 Account3" | |
peer_1: "test1" | |
peer_id_1: "10" | |
peer_2: "test2" | |
peer_id_2: "20" |