Skip to content

Full scan blobs not commits #155

Full scan blobs not commits

Full scan blobs not commits #155

Workflow file for this run

# This is a basic workflow to help you get started with Actions
name: Scan test
# Controls when the workflow will run
on:
# Triggers the workflow on push or pull request events but only for the "main" branch
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
scan-test:
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v4
# Download test virii
- name: Download EICAR test files
run: |
wget "https://secure.eicar.org/eicar.com.txt"
wget "https://secure.eicar.org/eicar.com"
wget "https://secure.eicar.org/eicar_com.zip"
wget "https://secure.eicar.org/eicarcom2.zip"
- name: Build image
run: docker build -t gitavscan .
- name: Run basic scan
run: |
docker run --rm -v $GITHUB_WORKSPACE:/scandir gitavscan /gitscan.sh > scan_results.txt
- name: Check scan results
run: |
cat scan_results.txt | grep "Win.Test.EICAR_HDB-1 FOUND"
- name: Run basic scan with optional args
run: |
docker run --rm -v $GITHUB_WORKSPACE:/scandir gitavscan /gitscan.sh --options "--max-filesize=1M --max-files=15" | grep "Win.Test.EICAR_HDB-1 FOUND"
- name: Test unknown option
run: |
output=$(docker run --rm -v $GITHUB_WORKSPACE:/scandir gitavscan /gitscan.sh --unknown-option || true)
echo "$output" | grep "OPTIONS:"
- name: Create an unreachable commit with virus
run: |
# Setup Git
git config --global user.email "[email protected]"
git config --global user.name "Evil Git"
- name: Create unreachable commit
run: |
# These commands will create a blob from the file and print the SHA1 hash of the created blob
blob=$(git hash-object -w eicar_com.zip)
echo $blob
# These commands will create a new tree with the blob, please note the '\t' which is the tab character between blob and filename.
tree=$(echo -e "100644 blob $blob\tunreachable-virus" | git mktree)
# This command creates a new commit with the tree
commit=$(git commit-tree $tree -m "Add an unreachable commit with a virus")
echo "Unreachable commit with a virus created: $commit"
# Delete the test viruses
rm -rf eicar*
- name: Run full scan
run: |
docker run --rm -v $GITHUB_WORKSPACE:/scandir gitavscan /gitscan.sh --full | grep "Win.Test.EICAR_HDB-1 FOUND"