test: adding integration test for email analyzer, included her invalid email check on smooth-operator

art1f1c3R · art1f1c3R · commit 83963cbf6535 · 2025-08-15T13:54:47.000+10:00
Signed-off-by: Carl Flottmann &lt;carl.flottmann@oracle.com&gt;
diff --git a/tests/integration/cases/email_checking_pypi_malware_analyzer/check_smooth_operator_email.sh b/tests/integration/cases/email_checking_pypi_malware_analyzer/check_smooth_operator_email.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+# Copyright (c) 2024 - 2025, Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
+if sqlite3 --json output/macaron.db "SELECT detect_malicious_metadata_check.detail_information
+    FROM detect_malicious_metadata_check JOIN check_facts on detect_malicious_metadata_check.id = check_facts.id
+    JOIN check_result on check_facts.check_result_id = check_result.id JOIN component
+    ON component.id = check_result.component_id WHERE check_result.check_id = 'mcn_detect_malicious_metadata_1'
+    AND component.name = 'clodd'" | jq -r ".[0].detail_information | fromjson | .invalid_emails | length > 0"; then
+    exit 0
+else
+    echo "ERROR: the invalid_emails report for smooth-operator is empty" >&2
+    exit 1
+fi
diff --git a/tests/integration/cases/email_checking_pypi_malware_analyzer/policy.dl b/tests/integration/cases/email_checking_pypi_malware_analyzer/policy.dl
@@ -0,0 +1,11 @@
+/* Copyright (c) 2024 - 2025, Oracle and/or its affiliates. All rights reserved. */
+/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */
+
+#include "prelude.dl"
+
+Policy("check-smooth-operator", component_id, "Check clodd artifacts") :-
+    check_passed(component_id, "mcn_detect_malicious_metadata_1").
+
+apply_policy_to("check-smooth-operator", component_id) :-
+    is_component(component_id, purl),
+    match("pkg:pypi/smooth-operator", purl).
diff --git a/tests/integration/cases/email_checking_pypi_malware_analyzer/test.yaml b/tests/integration/cases/email_checking_pypi_malware_analyzer/test.yaml
@@ -0,0 +1,25 @@
+# Copyright (c) 2024 - 2025, Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
+
+description: |
+  Analyzing two python packages to check if the email address is deliverable and valid. The package smooth-operator is known
+  to use an invalid email address with an example.com domain.
+
+tags:
+- macaron-python-package
+
+steps:
+- name: Run macaron analyze against smooth-operator
+  kind: analyze
+  options:
+    command_args:
+    - -purl
+    - pkg:pypi/smooth-operator
+- name: Query the output database to verify the smooth-operator email was invalid.
+  kind: shell
+  options:
+    cmd: ./check_smooth_operator_email.sh
+- name: Run macaron verify-policy to check the results of the packages
+  kind: verify
+  options:
+    policy: policy.dl
