mirror of
https://github.com/trailofbits/algo.git
synced 2025-09-05 19:43:22 +02:00
be744b16a2
* chore: Conservative dependency updates for security - Update Ansible from 9.1.0 to 9.2.0 (one minor version bump only) - Update Jinja2 to ~3.1.6 to fix CVE-2025-27516 (critical security fix) - Pin netaddr to 1.3.0 (current stable version) This is a minimal, conservative update focused on: 1. Critical security fix for Jinja2 2. Minor ansible update for bug fixes 3. Pinning netaddr to prevent surprises No changes to Ansible collections - keeping them unpinned for now. * fix: Address linter issues (ruff, yamllint, shellcheck) - Fixed ruff configuration by moving linter settings to [tool.ruff.lint] section - Fixed ruff code issues: - Moved imports to top of files (E402) - Removed unused variables or commented them out - Updated string formatting from % to .format() - Replaced dict() calls with literals - Fixed assert False usage in tests - Fixed yamllint issues: - Added missing newlines at end of files - Removed trailing spaces - Added document start markers (---) to YAML files - Fixed 'on:' truthy warnings in GitHub workflows - Fixed shellcheck issues: - Properly quoted variables in shell scripts - Fixed A && B || C pattern with proper if/then/else - Improved FreeBSD rc script quoting All linters now pass without errors related to our code changes. * fix: Additional yamllint fixes for GitHub workflows - Added document start markers (---) to test-effectiveness.yml - Fixed 'on:' truthy warning by quoting as 'on:' - Removed trailing spaces from main.yml - Added missing newline at end of test-effectiveness.yml
44 lines
1.2 KiB
Bash
44 lines
1.2 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
set -eEo pipefail
|
|
|
|
ALGO_DIR="/algo"
|
|
DATA_DIR="/data"
|
|
|
|
umask 0077
|
|
|
|
usage() {
|
|
retcode="${1:-0}"
|
|
echo "To run algo from Docker:"
|
|
echo ""
|
|
echo "docker run --cap-drop=all -it -v <path to configurations>:${DATA_DIR} ghcr.io/trailofbits/algo:latest"
|
|
echo ""
|
|
exit "${retcode}"
|
|
}
|
|
|
|
if [ ! -f "${DATA_DIR}"/config.cfg ] ; then
|
|
echo "Looks like you're not bind-mounting your config.cfg into this container."
|
|
echo "algo needs a configuration file to run."
|
|
echo ""
|
|
usage -1
|
|
fi
|
|
|
|
if [ ! -e /dev/console ] ; then
|
|
echo "Looks like you're trying to run this container without a TTY."
|
|
echo "If you don't pass -t, you can't interact with the algo script."
|
|
echo ""
|
|
usage -1
|
|
fi
|
|
|
|
# To work around problems with bind-mounting Windows volumes, we need to
|
|
# copy files out of ${DATA_DIR}, ensure appropriate line endings and permissions,
|
|
# then copy the algo-generated files into ${DATA_DIR}.
|
|
|
|
tr -d '\r' < "${DATA_DIR}"/config.cfg > "${ALGO_DIR}"/config.cfg
|
|
test -d "${DATA_DIR}"/configs && rsync -qLktr --delete "${DATA_DIR}"/configs "${ALGO_DIR}"/
|
|
|
|
"${ALGO_DIR}"/algo "${ALGO_ARGS[@]}"
|
|
retcode=${?}
|
|
|
|
rsync -qLktr --delete "${ALGO_DIR}"/configs "${DATA_DIR}"/
|
|
exit "${retcode}"
|