Skip to content

Commit 2b27480

Browse files
lerouxblerouxb
authored
feat: check the contents of zip or tar.gz packages against allow lists COMPASS-8743 (#6679)
1 parent b7baaa2 commit 2b27480

File tree

11 files changed

+535
-7
lines changed

11 files changed

+535
-7
lines changed

.evergreen/verify-artifacts.sh

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -74,18 +74,23 @@ if [ "$IS_WINDOWS" = true ]; then
7474
verify_using_powershell $WINDOWS_EXE_NAME
7575
verify_using_powershell $WINDOWS_MSI_NAME
7676
echo "Skipping verification for Windows artifacts using gpg: $WINDOWS_ZIP_NAME, $WINDOWS_NUPKG_NAME"
77+
DEBUG=compass* npm run -w mongodb-compass verify-package-contents
78+
7779
elif [ "$IS_UBUNTU" = true ]; then
7880
setup_gpg
7981
verify_using_gpg $LINUX_DEB_NAME
8082
verify_using_gpg $LINUX_TAR_NAME
83+
DEBUG=compass* npm run -w mongodb-compass verify-package-contents
8184
elif [ "$IS_RHEL" = true ]; then
8285
setup_gpg
8386
verify_using_rpm $RHEL_RPM_NAME
8487
verify_using_gpg $RHEL_TAR_NAME
88+
DEBUG=compass* npm run -w mongodb-compass verify-package-contents
8589
elif [ "$IS_OSX" = true ]; then
8690
setup_gpg
8791
verify_using_gpg $OSX_ZIP_NAME
8892
verify_using_codesign $OSX_DMG_NAME
93+
DEBUG=compass* npm run -w mongodb-compass verify-package-contents
8994
else
9095
echo "Unknown OS, failed to verify file signing"
9196
exit 1

package-lock.json

Lines changed: 213 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/compass-e2e-tests/package.json

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -28,8 +28,7 @@
2828
"test-web": "env DEBUG=hadron*,mongo*,compass*,xvfb-maybe* npm run test web",
2929
"test-web-noserver": "env DEBUG=hadron*,mongo*,compass*,xvfb-maybe* npm run test web -- --disable-start-stop --bail",
3030
"coverage-merge": "nyc merge .log/coverage .nyc_output/coverage.json",
31-
"coverage-report": "npm run coverage-merge && nyc report",
32-
"smoketest": "ts-node smoke-test.ts"
31+
"coverage-report": "npm run coverage-merge && nyc report"
3332
},
3433
"devDependencies": {
3534
"@electron/rebuild": "^3.7.1",

packages/compass/package.json

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -168,7 +168,8 @@
168168
"depcheck": "depcheck",
169169
"test-ci-electron": "npm run test-electron",
170170
"typecheck": "tsc -p tsconfig-lint.json --noEmit",
171-
"reformat": "npm run eslint . -- --fix && npm run prettier -- --write ."
171+
"reformat": "npm run eslint . -- --fix && npm run prettier -- --write .",
172+
"verify-package-contents": "ts-node ./scripts/verify-package-contents.ts"
172173
},
173174
"repository": {
174175
"type": "git",
@@ -190,6 +191,7 @@
190191
"devDependencies": {
191192
"@electron/rebuild": "^3.7.1",
192193
"@electron/remote": "^2.1.2",
194+
"@types/minimatch": "^5.1.2",
193195
"@mongodb-js/atlas-service": "^0.35.1",
194196
"@mongodb-js/compass-aggregations": "^9.52.1",
195197
"@mongodb-js/compass-app-stores": "^7.36.1",
@@ -252,12 +254,14 @@
252254
"electron-squirrel-startup": "^1.0.1",
253255
"ensure-error": "^3.0.1",
254256
"eslint": "^7.25.0",
255-
"hadron-app-registry": "^9.4.1",
256-
"hadron-build": "^25.7.1",
257-
"hadron-ipc": "^3.4.1",
257+
"glob": "^10.2.5",
258258
"local-links": "^1.4.0",
259259
"make-fetch-happen": "^10.2.1",
260260
"marky": "^1.2.1",
261+
"hadron-app-registry": "^9.4.1",
262+
"hadron-build": "^25.7.1",
263+
"hadron-ipc": "^3.4.1",
264+
"minimatch": "^10.0.1",
261265
"mongodb": "^6.12.0",
262266
"mongodb-build-info": "^1.7.2",
263267
"mongodb-cloud-info": "^2.1.2",

0 commit comments

Comments
 (0)