feat: add Ghidra feature

phorcys420 · Jul 5, 2024 · ca1e887 · ca1e887
2 parents ed97ccc + b474e21
commit ca1e887
Show file tree

Hide file tree

Showing 7 changed files with 105 additions and 9 deletions.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -36,10 +36,10 @@ jobs:
           git config pull.rebase false
           branch=automated-documentation-update-$GITHUB_RUN_ID
           git checkout -b $branch
-          message='Automated documentation update'
+          message='chore: Automated documentation update'
           # Add / update and commit
           git add */**/README.md
-          git commit -m 'Automated documentation update [skip ci]' || export NO_UPDATES=true
+          git commit -m "$message [skip ci]" || export NO_UPDATES=true
           # Push
           if [ "$NO_UPDATES" != "true" ] ; then
               git push origin "$branch"

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -13,7 +13,7 @@ jobs:
     strategy:
       matrix:
         features:
-          - burp-suite
+          - ghidra
         baseImage:
           - debian:latest
           - ubuntu:latest
@@ -34,6 +34,7 @@ jobs:
       matrix:
         features:
           - burp-suite
+          - ghidra
     steps:
       - uses: actions/checkout@v3
 

diff --git a/src/burp-suite/install.sh b/src/burp-suite/install.sh
@@ -2,7 +2,7 @@
 
 echo "Activating feature 'burp-suite'"
 
-set -e
+set -euo pipefail
 
 EDITION=${VERSION:-community}
 VERSION=${VERSION:-latest}
@@ -25,20 +25,20 @@ check_packages curl ca-certificates jq sudo
 if [ $VERSION = "latest" ]; then
   echo "[burp-suite] [+] Grabbing the latest Burp version"
 
-  RELEASE_DATA=$(curl 'https://portswigger.net/burp/releases/data?previousLastId=-1&lastId=-1&pageSize=1' -sS)
+  RELEASE_DATA=$(curl 'https://portswigger.net/burp/releases/data?previousLastId=-1&lastId=-1&pageSize=1' --silent --show-error)
   VERSION=$(echo -n "$RELEASE_DATA" | jq -r '.ResultSet.Results[0].version')
 fi
 
 TMP=$(mktemp -d)
-DESTINATION_FILE="$TMP/burp_install"
+DESTINATION_FILE="$TMP/burp_install.sh"
 
 echo "[burp-suite] [+] Downloading version $CURRENT_VERSION"
-curl --get \
-  -o "$DESTINATION_FILE" \
+curl --location --silent --show-error \
   --data-urlencode "product=$EDITION" \
   --data-urlencode "version=$CURRENT_VERSION" \
   --data-urlencode "type=Linux" \
-   "https://portswigger-cdn.net/burp/releases/download"
+  --output "$DESTINATION_FILE" \
+  "https://portswigger-cdn.net/burp/releases/download"
 
 chmod +x "$DESTINATION_FILE"
 

diff --git a/src/ghidra/devcontainer-feature.json b/src/ghidra/devcontainer-feature.json
@@ -0,0 +1,31 @@
+{
+    "name": "Ghidra",
+    "id": "ghidra",
+    "version": "1.0.0",
+    "description": "A feature that installs Ghidra",
+    "keywords": ["ghidra", "reverse-engineering", "security"],
+    "options": {
+        "version_tag": {
+            "type": "string",
+            "proposals": [
+                "latest",
+                "Ghidra_11.1.1_build"
+            ],
+            "default": "latest",
+            "description": "Select the Ghidra version (either 'latest' or a GitHub release tag)"
+        },
+
+        "repository": {
+            "type": "string",
+            "proposals": [
+                "NationalSecurityAgency/ghidra"
+            ],
+            "default": "NationalSecurityAgency/ghidra",
+            "description": "Define the repository to grab"
+        }
+    },
+
+    "installsAfter": [
+        "ghcr.io/devcontainers/features/common-utils"
+    ]
+}
diff --git a/src/ghidra/install.sh b/src/ghidra/install.sh
@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+
+echo "Activating feature 'ghidra'"
+
+set -euo pipefail
+
+REPOSITORY=${REPOSITORY:-NationalSecurityAgency/ghidra}
+VERSION_TAG=${VERSION_TAG:-latest}
+
+INSTALL_DIR=${INSTALL_DIR:-/opt/ghidra}
+
+# From aws-cli feature (https://github.com/devcontainers/features/blob/main/src/aws-cli/install.sh#L59-L72)
+export DEBIAN_FRONTEND=noninteractive
+check_packages() {
+  if ! dpkg -s "$@" > /dev/null 2>&1; then
+      if [ "$(find /var/lib/apt/lists/* | wc -l)" = "0" ]; then
+          echo "Running apt-get update..."
+          apt-get update -y
+      fi
+
+      apt-get install -y --no-install-recommends "$@"
+  fi
+}
+
+check_packages curl ca-certificates jq libarchive-tools
+
+if [ $VERSION_TAG = "latest" ]; then
+    RELEASE_API_URL="https://api.github.com/repos/NationalSecurityAgency/ghidra/releases/latest"
+else
+    RELEASE_API_URL="https://api.github.com/repos/NationalSecurityAgency/ghidra/releases/tags/$VERSION_TAG"
+fi
+
+ASSET_URL=$(curl "$RELEASE_API_URL" --silent --show-error | jq -r ".assets[0].browser_download_url")
+
+TMP=$(mktemp -d)
+DESTINATION_FILE="$TMP/ghidra.zip"
+
+echo "[ghidra] [+] Downloading version with tag $VERSION_TAG"
+
+curl --location --silent --show-error \
+  --output "$DESTINATION_FILE" \
+  "$ASSET_URL"
+
+mkdir -p "$INSTALL_DIR"
+
+echo "[ghidra] [+] Extracting to $INSTALL_DIR"
+
+# Extract the archive by stripping the first directory so that we don't end up with a subfolder (e.g ghidra_11.1.1_PUBLIC_20240614) in $INSTALL_DIR 
+bsdtar --strip-components=1 -xf "$DESTINATION_FILE" -C "$INSTALL_DIR"
+
+rm -rf "$TMP"
diff --git a/test/ghidra/scenarios.json b/test/ghidra/scenarios.json
@@ -0,0 +1 @@
+{}
diff --git a/test/ghidra/test.sh b/test/ghidra/test.sh
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+# Optional: Import test library bundled with the devcontainer CLI
+source dev-container-features-test-lib
+
+check "Ghidra folder exists" test -d /opt/ghidra
+
+# Report results
+# If any of the checks above exited with a non-zero exit code, the test will fail.
+reportResults