Skip to content

Commit

Permalink
feat: check the contents of zip or tar.gz packages against allow lists
Browse files Browse the repository at this point in the history 
…COMPASS-8743 (#6679)
  • Loading branch information
@lerouxb
lerouxb authored Feb 19, 2025
1 parent b7baaa2 commit 2b27480
Show file tree
Hide file tree
Showing 11 changed files with 535 additions and 7 deletions.
5 changes: 5 additions & 0 deletions .evergreen/verify-artifacts.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,18 +74,23 @@ if [ "$IS_WINDOWS" = true ]; then
verify_using_powershell $WINDOWS_EXE_NAME
verify_using_powershell $WINDOWS_MSI_NAME
echo "Skipping verification for Windows artifacts using gpg: $WINDOWS_ZIP_NAME, $WINDOWS_NUPKG_NAME"
DEBUG=compass* npm run -w mongodb-compass verify-package-contents

elif [ "$IS_UBUNTU" = true ]; then
setup_gpg
verify_using_gpg $LINUX_DEB_NAME
verify_using_gpg $LINUX_TAR_NAME
DEBUG=compass* npm run -w mongodb-compass verify-package-contents
elif [ "$IS_RHEL" = true ]; then
setup_gpg
verify_using_rpm $RHEL_RPM_NAME
verify_using_gpg $RHEL_TAR_NAME
DEBUG=compass* npm run -w mongodb-compass verify-package-contents
elif [ "$IS_OSX" = true ]; then
setup_gpg
verify_using_gpg $OSX_ZIP_NAME
verify_using_codesign $OSX_DMG_NAME
DEBUG=compass* npm run -w mongodb-compass verify-package-contents
else
echo "Unknown OS, failed to verify file signing"
exit 1
Expand Down
213 changes: 213 additions & 0 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 1 addition & 2 deletions packages/compass-e2e-tests/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,7 @@
"test-web": "env DEBUG=hadron*,mongo*,compass*,xvfb-maybe* npm run test web",
"test-web-noserver": "env DEBUG=hadron*,mongo*,compass*,xvfb-maybe* npm run test web -- --disable-start-stop --bail",
"coverage-merge": "nyc merge .log/coverage .nyc_output/coverage.json",
"coverage-report": "npm run coverage-merge && nyc report",
"smoketest": "ts-node smoke-test.ts"
"coverage-report": "npm run coverage-merge && nyc report"
},
"devDependencies": {
"@electron/rebuild": "^3.7.1",
Expand Down
12 changes: 8 additions & 4 deletions packages/compass/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,8 @@
"depcheck": "depcheck",
"test-ci-electron": "npm run test-electron",
"typecheck": "tsc -p tsconfig-lint.json --noEmit",
"reformat": "npm run eslint . -- --fix && npm run prettier -- --write ."
"reformat": "npm run eslint . -- --fix && npm run prettier -- --write .",
"verify-package-contents": "ts-node ./scripts/verify-package-contents.ts"
},
"repository": {
"type": "git",
Expand All @@ -190,6 +191,7 @@
"devDependencies": {
"@electron/rebuild": "^3.7.1",
"@electron/remote": "^2.1.2",
"@types/minimatch": "^5.1.2",
"@mongodb-js/atlas-service": "^0.35.1",
"@mongodb-js/compass-aggregations": "^9.52.1",
"@mongodb-js/compass-app-stores": "^7.36.1",
Expand Down Expand Up @@ -252,12 +254,14 @@
"electron-squirrel-startup": "^1.0.1",
"ensure-error": "^3.0.1",
"eslint": "^7.25.0",
"hadron-app-registry": "^9.4.1",
"hadron-build": "^25.7.1",
"hadron-ipc": "^3.4.1",
"glob": "^10.2.5",
"local-links": "^1.4.0",
"make-fetch-happen": "^10.2.1",
"marky": "^1.2.1",
"hadron-app-registry": "^9.4.1",
"hadron-build": "^25.7.1",
"hadron-ipc": "^3.4.1",
"minimatch": "^10.0.1",
"mongodb": "^6.12.0",
"mongodb-build-info": "^1.7.2",
"mongodb-cloud-info": "^2.1.2",
Expand Down
Loading

0 comments on commit 2b27480

Please sign in to comment.