From bbb74e2a89f2591176af3eabbc95db679c31beca Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Thu, 12 Mar 2026 07:50:34 +0000 Subject: [PATCH] add regression test project --- .../.devcontainer/.tool-versions | 1 + .../regression_tests/.devcontainer/Dockerfile | 39 ++++++++++ .../.devcontainer/devcontainer.json | 18 +++++ .../.devcontainer/scripts/root_install.sh | 7 ++ .../.devcontainer/scripts/vscode_install.sh | 6 ++ .../regression_tests/.trivyignore.yaml | 75 +++++++++++++++++++ src/projects/regression_tests/trivy.yaml | 1 + 7 files changed, 147 insertions(+) create mode 100644 src/projects/regression_tests/.devcontainer/.tool-versions create mode 100644 src/projects/regression_tests/.devcontainer/Dockerfile create mode 100644 src/projects/regression_tests/.devcontainer/devcontainer.json create mode 100755 src/projects/regression_tests/.devcontainer/scripts/root_install.sh create mode 100755 src/projects/regression_tests/.devcontainer/scripts/vscode_install.sh create mode 100644 src/projects/regression_tests/.trivyignore.yaml create mode 100644 src/projects/regression_tests/trivy.yaml diff --git a/src/projects/regression_tests/.devcontainer/.tool-versions b/src/projects/regression_tests/.devcontainer/.tool-versions new file mode 100644 index 0000000..edb8359 --- /dev/null +++ b/src/projects/regression_tests/.devcontainer/.tool-versions @@ -0,0 +1 @@ +allure 2.37.0 diff --git a/src/projects/regression_tests/.devcontainer/Dockerfile b/src/projects/regression_tests/.devcontainer/Dockerfile new file mode 100644 index 0000000..8226af2 --- /dev/null +++ b/src/projects/regression_tests/.devcontainer/Dockerfile @@ -0,0 +1,39 @@ +ARG BASE_VERSION_TAG=latest +ARG BASE_IMAGE=ghcr.io/nhsdigital/eps-devcontainers/node_24_python_3_13:${BASE_VERSION_TAG} + +FROM ${BASE_IMAGE} + +ARG SCRIPTS_DIR=/usr/local/share/eps +ARG CONTAINER_NAME +ARG MULTI_ARCH_TAG +ARG BASE_VERSION_TAG +ARG IMAGE_TAG +ARG TARGETARCH + +ENV SCRIPTS_DIR=${SCRIPTS_DIR} +ENV CONTAINER_NAME=${CONTAINER_NAME} +ENV MULTI_ARCH_TAG=${MULTI_ARCH_TAG} +ENV BASE_VERSION_TAG=${BASE_VERSION_TAG} +ENV IMAGE_TAG=${IMAGE_TAG} +ENV TARGETARCH=${TARGETARCH} + +LABEL org.opencontainers.image.description="EPS devcontainer ${CONTAINER_NAME}:${IMAGE_TAG}" +LABEL org.opencontainers.image.version=${IMAGE_TAG} +LABEL org.opencontainers.image.base.name=${BASE_IMAGE} +LABEL org.opencontainers.image.containerName=${CONTAINER_NAME} + +USER root +COPY --chmod=755 scripts ${SCRIPTS_DIR}/${CONTAINER_NAME} +WORKDIR ${SCRIPTS_DIR}/${CONTAINER_NAME} +RUN ./root_install.sh + +USER vscode + +WORKDIR ${SCRIPTS_DIR}/${CONTAINER_NAME} +COPY .tool-versions /tmp/.tool-versions +RUN cat /tmp/.tool-versions >> /home/vscode/.tool-versions + +RUN ./vscode_install.sh + +# Switch back to root to install the devcontainer CLI globally +USER root diff --git a/src/projects/regression_tests/.devcontainer/devcontainer.json b/src/projects/regression_tests/.devcontainer/devcontainer.json new file mode 100644 index 0000000..95c0a22 --- /dev/null +++ b/src/projects/regression_tests/.devcontainer/devcontainer.json @@ -0,0 +1,18 @@ +// For format details, see https://aka.ms/devcontainer.json. For config options, see the +// README at: https://github.com/devcontainers/templates/tree/main/src/ubuntu +{ + "name": "EPS Devcontainer node_24 python_3.13", + // Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile + "build": { + "dockerfile": "Dockerfile", + "args": { + "CONTAINER_NAME": "eps_devcontainer_${localEnv:CONTAINER_NAME}", + "MULTI_ARCH_TAG": "${localEnv:MULTI_ARCH_TAG}", + "BASE_VERSION_TAG": "${localEnv:BASE_VERSION_TAG}", + "IMAGE_TAG": "${localEnv:IMAGE_TAG}" + }, + "context": "." + }, + "features": {} + } + diff --git a/src/projects/regression_tests/.devcontainer/scripts/root_install.sh b/src/projects/regression_tests/.devcontainer/scripts/root_install.sh new file mode 100755 index 0000000..474c45b --- /dev/null +++ b/src/projects/regression_tests/.devcontainer/scripts/root_install.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +set -e + +# clean up +apt-get clean +rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* diff --git a/src/projects/regression_tests/.devcontainer/scripts/vscode_install.sh b/src/projects/regression_tests/.devcontainer/scripts/vscode_install.sh new file mode 100755 index 0000000..0580425 --- /dev/null +++ b/src/projects/regression_tests/.devcontainer/scripts/vscode_install.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash +set -e + +# install allure using asdf +asdf plugin add allure +asdf install diff --git a/src/projects/regression_tests/.trivyignore.yaml b/src/projects/regression_tests/.trivyignore.yaml new file mode 100644 index 0000000..6abd994 --- /dev/null +++ b/src/projects/regression_tests/.trivyignore.yaml @@ -0,0 +1,75 @@ +vulnerabilities: + - id: GHSA-72hv-8253-57qq + statement: "jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition" + purls: + - "pkg:maven/com.fasterxml.jackson.core/jackson-core@2.21.0" + expired_at: 2026-09-12 + - id: CVE-2026-25547 + statement: "brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion" + purls: + - "pkg:npm/%40isaacs/brace-expansion@5.0.0" + expired_at: 2026-09-12 + - id: CVE-2025-64756 + statement: "glob: glob: Command Injection Vulnerability via Malicious Filenames" + purls: + - "pkg:npm/glob@10.4.5" + - "pkg:npm/glob@11.0.3" + expired_at: 2026-09-12 + - id: CVE-2026-26996 + statement: "minimatch: minimatch: Denial of Service via specially crafted glob patterns" + purls: + - "pkg:npm/minimatch@10.0.3" + - "pkg:npm/minimatch@9.0.5" + expired_at: 2026-09-12 + - id: CVE-2026-27903 + statement: "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns" + purls: + - "pkg:npm/minimatch@10.0.3" + - "pkg:npm/minimatch@9.0.5" + expired_at: 2026-09-12 + - id: CVE-2026-27904 + statement: "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions" + purls: + - "pkg:npm/minimatch@10.0.3" + - "pkg:npm/minimatch@9.0.5" + expired_at: 2026-09-12 + - id: CVE-2026-23745 + statement: "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives" + purls: + - "pkg:npm/tar@7.5.1" + expired_at: 2026-09-12 + - id: CVE-2026-23950 + statement: "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition" + purls: + - "pkg:npm/tar@7.5.1" + expired_at: 2026-09-12 + - id: CVE-2026-24842 + statement: "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check" + purls: + - "pkg:npm/tar@7.5.1" + expired_at: 2026-09-12 + - id: CVE-2026-26960 + statement: "tar: node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation" + purls: + - "pkg:npm/tar@7.5.1" + expired_at: 2026-09-12 + - id: CVE-2026-29786 + statement: "node-tar: hardlink path traversal via drive-relative linkpath" + purls: + - "pkg:npm/tar@7.5.1" + expired_at: 2026-09-12 + - id: CVE-2026-31802 + statement: "node-tar Symlink Path Traversal via Drive-Relative Linkpath" + purls: + - "pkg:npm/tar@7.5.1" + expired_at: 2026-09-12 + - id: CVE-2026-25679 + statement: "url.Parse insufficiently validated the host/authority component and ac ..." + purls: + - "pkg:golang/stdlib@v1.25.6" + expired_at: 2026-09-12 + - id: CVE-2026-27142 + statement: "Actions which insert URLs into the content attribute of HTML meta tags ..." + purls: + - "pkg:golang/stdlib@v1.25.6" + expired_at: 2026-09-12 diff --git a/src/projects/regression_tests/trivy.yaml b/src/projects/regression_tests/trivy.yaml new file mode 100644 index 0000000..3d3a40c --- /dev/null +++ b/src/projects/regression_tests/trivy.yaml @@ -0,0 +1 @@ +ignorefile: "src/projects/regression_tests/.trivyignore_combined.yaml"