-
Notifications
You must be signed in to change notification settings - Fork 5
295 lines (276 loc) · 10.4 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
name: CI
on:
push:
branches: [ master ]
pull_request:
# schedule:
# - cron: '0 0 * * *'
jobs:
build:
name: Build Elementary CLI
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ macos-latest, windows-latest, ubuntu-latest ]
steps:
- name: Setup go 1.18
uses: actions/setup-go@v3
with: { go-version: '1.18' }
- uses: actions/checkout@v3
- run: cd cmd/elementary && go build .
- name: Go Build
run: |
mkdir bin
mv elementary* bin
shell: bash
working-directory: cmd/elementary
- name: Upload
uses: actions/upload-artifact@master
with:
name: elementary ${{ matrix.os }}
path: cmd/elementary/bin
lint:
name: Lint Elementary
runs-on: ubuntu-latest
steps:
- name: Setup go 1.18
uses: actions/setup-go@v3
with: { go-version: '1.18' }
- uses: actions/checkout@v3
- name: Lint
uses: golangci/golangci-lint-action@v3
with:
version: v1.45.2
args: --verbose --config .github/.golangci.yml --enable gofmt --enable goimports --enable gofumpt
if: matrix.os != 'windows-latest'
- name: Lint Windows
uses: golangci/golangci-lint-action@v3
with:
version: v1.45.2
args: --verbose --config .github/.golangci.yml
if: matrix.os == 'windows-latest'
test:
name: Unittest Elementary
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ macos-latest, windows-latest, ubuntu-latest ]
steps:
- name: Setup go 1.18
uses: actions/setup-go@v3
with: { go-version: '1.18' }
- uses: actions/checkout@v3
- run: go install github.com/ory/go-acc@latest
- run: bash test/download_testdata.sh
- run: go list ./...
- run: go-acc ./...
- name: Upload coverage
env:
CI: "true"
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
run: bash <(curl -s https://codecov.io/bash) -f coverage.txt
shell: bash
cli-integrationtests:
name: Integration Test CLI
needs: build
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ macos-latest, windows-latest, ubuntu-latest ]
steps:
- name: Checkout code
uses: actions/checkout@v3
- uses: actions/setup-python@v3
with: { python-version: '3.8' }
- run: doskey python3=python
if: matrix.os == 'windows-latest'
- name: download elementary
uses: actions/download-artifact@v3
with:
name: elementary ${{ matrix.os }}
- run: curl --fail --output ${{ matrix.os }}.zip --location https://github.com/forensicanalysis/forensicstore/releases/download/v0.17.1/${{ matrix.os }}.zip
- run: unzip ${{ matrix.os }}.zip
- run: chmod +x elementary
- name: Set system path
run: echo $PWD >> $GITHUB_PATH
shell: bash
- name: Setup node
uses: actions/setup-node@v3
with: { node-version: '12' }
- name: Install bats
run: npm install -g bats@1.1.0
- name: Download testdata
run: bash test/download_testdata.sh
shell: bash
- name: Bats test Unix
run: bats test/bats/elementary.bats test/bats/elementary_unix.bats
shell: bash
if: matrix.os != 'windows-latest'
- name: Bats test Windows
run: bats test/bats/elementary.bats
shell: bash
if: matrix.os == 'windows-latest'
collect:
name: Test Collect
runs-on: windows-latest
steps:
- name: Collect artifacts
run: |
curl --fail --output windows.zip --location https://github.com/forensicanalysis/artifactcollector/releases/download/v0.15.0/windows.zip
unzip windows.zip
./artifactcollector.exe
mv *.forensicstore test.forensicstore
- name: upload test.forensicstore
uses: actions/upload-artifact@v3
with:
name: test.forensicstore
path: test.forensicstore
case0:
name: Test Case 0
needs: [ collect, build ]
runs-on: ubuntu-latest
steps:
- uses: actions/setup-python@v3
with: { python-version: '3.8' }
- name: download test.forensicstore
uses: actions/download-artifact@v3
with:
name: test.forensicstore
- name: download elementary
uses: actions/download-artifact@v3
with:
name: elementary ubuntu-latest
- run: chmod +x elementary
- run: ./elementary install -f
# - name: run import-json
# run: elementary run --debug import-json --format csv test.forensicstore
# shell: bash
- name: run networking
run: ./elementary run --debug networking --format csv test.forensicstore
- name: run prefetch
run: ./elementary run --debug prefetch --format csv test.forensicstore
- name: run run-keys
run: ./elementary run --debug run-keys --format csv test.forensicstore
- name: run services
run: ./elementary run --debug services --format csv test.forensicstore
- name: run shimcache
run: ./elementary run --debug shimcache --format csv test.forensicstore
- name: run yara
run: ./elementary run --debug yara --format csv test.forensicstore
case1:
name: Test Case 1 (import-file, eventlogs, sigma)
needs: build
runs-on: ubuntu-latest
steps:
- name: download elementary
uses: actions/download-artifact@v3
with:
name: elementary ubuntu-latest
- run: chmod +x elementary
- run: ./elementary install -f
- run: curl --fail --output ubuntu-latest.zip --location https://github.com/forensicanalysis/forensicstore/releases/download/v0.17.1/ubuntu-latest.zip
- run: unzip ubuntu-latest.zip
- run: curl --fail --output master.zip --location https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/archive/master.zip
- run: unzip master.zip
- run: ./forensicstore create case1.forensicstore
- run: ./elementary run --debug import-file --file EVTX-ATTACK-SAMPLES-master case1.forensicstore
- run: ./elementary run --debug eventlogs --format none --add-to-store case1.forensicstore
- run: ./elementary run --debug sigma case1.forensicstore
case2:
name: Test Case 2 (hotfixes) # import-image
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/setup-python@v3
with: { python-version: '3.8' }
- name: download elementary
uses: actions/download-artifact@v3
with:
name: elementary ubuntu-latest
- run: chmod +x elementary
- run: ./elementary install -f
- run: curl --fail --output ubuntu-latest.zip --location https://github.com/forensicanalysis/forensicstore/releases/download/v0.17.1/ubuntu-latest.zip
- run: unzip ubuntu-latest.zip
- run: ./forensicstore create case2.forensicstore
- run: curl --fail --output win10_mock.zip --location https://download.artifacthub.org/windows/win10_mock.zip
- run: unzip win10_mock.zip
# - run: ./elementary run --debug import-image --input-dir . --input-file win10_mock.vhd case2.forensicstore
- run: ./elementary run --debug hotfixes --format csv case2.forensicstore
case3:
name: Test Case 3 (import-forensicstore, plaso)
needs: build
runs-on: ubuntu-latest
steps:
- name: download elementary
uses: actions/download-artifact@v3
with:
name: elementary ubuntu-latest
- run: chmod +x elementary
- run: ./elementary install -f
- run: curl --fail --output ubuntu-latest.zip --location https://github.com/forensicanalysis/forensicstore/releases/download/v0.17.1/ubuntu-latest.zip
- run: unzip ubuntu-latest.zip
- run: curl --fail --output example2.forensicstore --location https://download.artifacthub.org/forensics/example2.forensicstore
- run: ./forensicstore create case3.forensicstore
- run: ./elementary run --debug import-forensicstore --file example2.forensicstore case3.forensicstore
- run: ./elementary run --debug plaso case3.forensicstore
case4:
name: Test Case 4 (usb, export)
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/setup-python@v3
with: { python-version: '3.8' }
- name: download elementary
uses: actions/download-artifact@v3
with:
name: elementary ubuntu-latest
- run: chmod +x elementary
- run: ./elementary install -f
- run: curl --fail --output usb.forensicstore --location https://download.artifacthub.org/forensics/usb.forensicstore
- run: ./elementary run --debug usb --format csv usb.forensicstore
- run: ./elementary run --debug export --format json usb.forensicstore
case5:
name: Test Case 5 (software, export-timesketch)
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/setup-python@v3
with: { python-version: '3.8' }
- name: download elementary
uses: actions/download-artifact@v3
with:
name: elementary ubuntu-latest
- run: chmod +x elementary
- run: ./elementary install -f
- run: curl --fail --output example2.forensicstore --location https://download.artifacthub.org/forensics/example2.forensicstore
- run: ./elementary run --debug software --add-to-store --format csv example2.forensicstore
- run: ./elementary run --debug export-timesketch --timesketch export.jsonl --filter type=uninstall_entry --format jsonl example2.forensicstore
scripts:
name: Test Scripts
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ ubuntu-latest ]
steps:
- uses: actions/setup-python@v3
with: { python-version: '3.8' }
- run: pip install pylint==2.8.3 pytest pytest-cov
- name: Checkout code
uses: actions/checkout@v3
- run: pip install -r plugin/scripts/requirements.txt
- name: Python Lint
run: pylint *.py --rcfile ../../../test/.pylintrc
shell: bash
working-directory: plugin/scripts/scripts
- name: Download testdata
run: bash test/download_testdata.sh
shell: bash
- name: Python Test
run: pytest -v --cov-config .coveragerc --cov-report=xml --cov=plugin/scripts/scripts test/python
shell: bash
- name: Upload coverage
env:
CI: "true"
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
run: bash <(curl -s https://codecov.io/bash) -f coverage.xml
shell: bash