reversinglabs
diff --git a/‎.gitignore‎
Lines changed: 7 additions & 6 deletions b/‎.gitignore‎
Lines changed: 7 additions & 6 deletions
diff --git a/‎BUILD.md‎
Lines changed: 54 additions & 0 deletions b/‎BUILD.md‎
Lines changed: 54 additions & 0 deletions
diff --git a/‎Dockerfile‎
Lines changed: 0 additions & 18 deletions b/‎Dockerfile‎
Lines changed: 0 additions & 18 deletions
diff --git a/‎Dockerfile.cache‎
Lines changed: 24 additions & 0 deletions b/‎Dockerfile.cache‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎Dockerfile.no_cache‎
Lines changed: 15 additions & 0 deletions b/‎Dockerfile.no_cache‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎LICENSE‎
Lines changed: 1 addition & 1 deletion b/‎LICENSE‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Makefile‎
Lines changed: 42 additions & 65 deletions b/‎Makefile‎
Lines changed: 42 additions & 65 deletions
@@ -1,7 +1,8 @@
-dist
-rl-deploy
 __pycache__
-input/
-output/
-tmp/
-eicarcom2.zip
+.mypy_cache/
+tests/*/report/
+tests/repro/store/
+tests/repro/report_base/
+tests/repro/report_repro_fail/
+tests/repro/report_repro_ok/
+OLD/
@@ -0,0 +1,54 @@
+# rl-secure Docker image (rl-scanner)
+
+This repository contains configurations used to create `rl-scanner` Docker images. To improve performance and reduce traffic, this image uses the cached install feature provided by the `rl-deploy` tool.
+
+## Prerequisites
+
+To create a cached installation file, you have to make sure that your license information is valid.
+
+License information must be provided using the following environment variables:
+
+| Environment variable | Description |
+| :--------- | :------ |
+| `RLSECURE_ENCODED_LICENSE` | Required. The `rl-secure` license file as a Base64-encoded string. Encode the contents of your license file, and provide the resulting string with this variable. |
+| `RLSECURE_SITE_KEY` | Required. The `rl-secure` license site key. The site key is a string generated by ReversingLabs and sent to users with the license file. |
+
+
+## Building the image
+
+The `make` system is used to perform builds. 
+
+To build an image, you can use one of the following build targets:
+
+| Target name | Description |
+| :--------- | :------ |
+| `build-with-cache` | Generated image will use the installation cache mechanism. This will result in faster execution, since the scanner functionality will use a local cached installation instead of downloading updates from the ReversingLabs server. |
+| `build-without-cache` | Generated image will contain only the scanner functionality. On each execution, the `rl-secure` tool will be downloaded from the ReversingLabs server. |
+
+
+To locally build the scanner image, use the command:
+
+```
+make build-with-cache IMAGE_NAME="my-rl-scanner"
+```
+
+This will create an image with a tag `my-rl-scanner` using your local Docker instance.
+
+Note that in order to make the `build-with-cache` target, you would need to provide the license information using the environment variables.
+
+
+## Testing the image
+
+To test the functionality of the image, you can use the `make` target named `test`.
+
+In order to perform the test, it is expected that the environment variables `RLSECURE_ENCODED_LICENSE` and `RLSECURE_SITE_KEY` are set appropriately.
+
+You can test the generated image with the following command:
+
+```
+make test IMAGE_NAME="my-rl-scanner"
+```
+
+## Release image
+
+Documentation for using the generated image can be found [in the README](README.md).
@@ -0,0 +1,24 @@
+# syntax=docker/dockerfile:1
+
+ARG CACHE_PATH=/tmp/rl-secure.cache
+
+FROM rockylinux:9-minimal
+ARG CACHE_PATH
+COPY scripts/* /opt/rl-scanner/
+RUN --mount=type=secret,id=rlsecure_license --mount=type=secret,id=rlsecure_sitekey <<EORUN
+    set -e
+    echo ${CACHE_PATH}
+    microdnf upgrade -y
+    microdnf install -y --nodocs python3-pip
+    pip3 install --no-cache-dir rl-deploy
+    microdnf clean all
+    rl-deploy cache \
+        --no-tracking \
+        --location=${CACHE_PATH} \
+        --encoded-key=$(cat /run/secrets/rlsecure_license) \
+        --site-key=$(cat /run/secrets/rlsecure_sitekey)
+
+    chmod 755 /opt/rl-scanner/entrypoint /opt/rl-scanner/rl-scan /opt/rl-scanner/rl-prune
+EORUN
+ENV PATH="/opt/rl-scanner:${PATH}"
+ENTRYPOINT [ "/opt/rl-scanner/entrypoint" ]
@@ -0,0 +1,15 @@
+# syntax=docker/dockerfile:1
+
+FROM rockylinux:9-minimal
+COPY scripts/* /opt/rl-scanner/
+RUN <<EORUN
+    set -e
+    microdnf upgrade -y
+    microdnf install -y --nodocs python3-pip
+    pip3 install --no-cache-dir rl-deploy
+    microdnf clean all
+
+    chmod 755 /opt/rl-scanner/entrypoint /opt/rl-scanner/rl-scan /opt/rl-scanner/rl-prune
+EORUN
+ENV PATH="/opt/rl-scanner:${PATH}"
+ENTRYPOINT [ "/opt/rl-scanner/entrypoint" ]
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2023 ReversingLabs
+Copyright (c) 2024 ReversingLabs
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 
@@ -1,97 +1,74 @@
-# the envfile has the 2 required environment variables:
-# RLSECURE_SITE_KEY=
+# Makefile expects 2 required environment variables for
+#   build-with-cache and test targets:
 # RLSECURE_ENCODED_LICENSE=
+# RLSECURE_SITE_KEY=
 
-ifdef DOCKER_TAG
-    BUILD_VERSION	:= $(DOCKER_TAG)
-else
-    BUILD_VERSION=latest
+ifeq ($(strip $(RLSECURE_ENCODED_LICENSE)),)
+    $(error  mandatory RLSECURE_ENCODED_LICENSE not set!)
 endif
 
-VOLUMES 		:= -v ./output:/output -v ./input:/input
-USER_GROUP		:= $(shell id -u):$(shell id -u )
-COMMON_DOCKER	:= -i --rm -u $(USER_GROUP) --env-file=$(HOME)/.envfile_rl-scanner.docker
-
-# IMAGE_NAME		:= rlsecure/scanner:latest
-IMAGE_BASE		:= reversinglabs/rl-scanner
-IMAGE_NAME		:= $(IMAGE_BASE):$(BUILD_VERSION)
-
-ARTIFACT_OK		:=	vim
-ARTIFACT_ERR	:=	eicarcom2.zip
+ifeq ($(strip $(RLSECURE_SITE_KEY)),)
+    $(error  mandatory RLSECURE_SITE_KEY not set!)
+endif
 
+IMAGE_NAME ?= reversinglabs/rl-scanner:test
 LINE_LENGTH = 120
 PL_LINTERS = "eradicate,mccabe,pycodestyle,pyflakes,pylint"
 PL_IGNORE = C0114,C0115,C0116
 SCRIPTS = scripts/
 
-IMAGE ?= reversinglabs/rl-scanner
-TAG   ?= latest
 
-.PHONY: build clean
+.PHONY: build-without-cache build-with-cache push clean format pycheck test test.%
 
-all: clean prep build tests
+all: clean prep build test
 
-clean:
-	docker image prune -f
-	-docker image rm $(IMAGE_NAME)
-	rm -f eicarcom2.zip
-	rm -rf .mypy_cache */.mypy_cache
+prep: format pylama mypy
+
+build: build-with-cache
+
+build-without-cache:
+	docker buildx build . -f Dockerfile.no_cache \
+	--no-cache \
+	-t $(IMAGE_NAME)
 
-prep: format pycheck mypy
-	wget 'https://www.eicar.org/download/eicar-com-2-2/?wpdmdl=8848&refresh=65d33af627b351708342006' --output-document 'eicarcom2.zip'
+#	--build-arg CACHE_PATH=/tmp/rl-secure.cache
+build-with-cache:
+	docker buildx build . -f Dockerfile.cache \
+	--no-cache \
+	--secret id=rlsecure_license,env=RLSECURE_ENCODED_LICENSE \
+	--secret id=rlsecure_sitekey,env=RLSECURE_SITE_KEY \
+	-t $(IMAGE_NAME)
 
-format: $(SCRIPTS)
+clean:
+	-docker rmi $(IMAGE_NAME)
+	rm -rf ./tests/*/report/
+	rm -rf ./tests/repro/store/
+	rm -rf ./tests/repro/report_base/
+	rm -rf ./tests/repro/report_repro_fail/
+	rm -rf ./tests/repro/report_repro_ok/
+
+format:
 	black \
 		--line-length $(LINE_LENGTH) \
 		$(SCRIPTS)/*
 
-pycheck: $(SCRIPTS)
+pylama:
 	pylama \
 		--max-line-length $(LINE_LENGTH) \
 		--linters $(PL_LINTERS) \
 		--ignore $(PL_IGNORE) \
 		$(SCRIPTS)
 
-mypy: $(SCRIPTS)
+mypy:
 	mypy \
 		--strict \
 		--no-incremental \
 		$(SCRIPTS)
 
 
-# build a new docker image from the Dockerfile generated
-build:
-	mkdir -p tmp
-	docker build -t $(IMAGE_NAME) -f Dockerfile .
-	docker image ls $(IMAGE_NAME) | tee ./tmp/image_ls.txt
-	docker image inspect $(IMAGE_NAME) --format '{{ .Config.Labels }}'
-	docker image inspect $(IMAGE_NAME) --format '{{ .RepoTags }}'
-
-tests: testFail test_ok test_err
-
-testFail:
-	# we know that specifying no arguments should print usage() and fail
-	-docker run $(COMMON_DOCKER) $(VOLUMES) $(IMAGE_NAME) # will fail but we will ignore that
-	# we know that specifying no arguments to rl-scan should print usage() and fail
-	-docker run $(COMMON_DOCKER) $(VOLUMES) $(IMAGE_NAME) rl-scan # will fail but we will ignore that
-
-test_ok:
-	rm -rf output input
-	mkdir -m 777 -p input output
-	cp /bin/$(ARTIFACT_OK) ./input/$(ARTIFACT_OK)
-	docker run $(COMMON_DOCKER) $(VOLUMES) $(IMAGE_NAME) \
-		rl-scan --package-path=/input/$(ARTIFACT_OK) --report-path=/output --report-format all
-	ls -laR input output >./tmp/list_in_out_ok.txt
-	cat output/report.rl.json | jq -r . >tmp/test_ok.json
-
-test_err:
-	rm -rf output input
-	mkdir -m 777 -p input output
-	curl -o $(ARTIFACT_ERR) -sS https://secure.eicar.org/$(ARTIFACT_ERR)
-	cp $(ARTIFACT_ERR) ./input/$(ARTIFACT_ERR)
-	# as we are now scanning a item that makes the scan fail (non zero exit code) we have to ignore the error in the makefile
-	-docker run $(COMMON_DOCKER) $(VOLUMES) $(IMAGE_NAME) \
-		rl-scan --package-path=/input/$(ARTIFACT_ERR) --report-path=/output --report-format all
-	ls -laR input output >./tmp/list_in_out_err.txt
-	cat output/report.rl.json | jq -r . >tmp/test_err.json
+all-tests :=  $(addprefix test., $(notdir $(wildcard tests/*)))
+
+test.%: tests/%/run.sh
+	cd $(dir $<) && ./run.sh "$(IMAGE_NAME)"
 
+test: $(all-tests)