From 8bc65325a01633e8ce8ef1782a4d708cecc0e8c6 Mon Sep 17 00:00:00 2001
From: Carl Flottmann <carl.flottmann@oracle.com>
Date: Wed, 5 Feb 2025 16:32:10 +1000
Subject: [PATCH] chore: added pre-commit hook for sourcecode sample files
 execution permissions

---
 .pre-commit-config.yaml                       | 12 +++++++++++
 .../samples_permissions_checker.sh            | 20 +++++++++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100755 scripts/dev_scripts/samples_permissions_checker.sh

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 2f34c064f..3f7afe8be 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -203,6 +203,18 @@ repos:
     always_run: true
     pass_filenames: false
 
+# Checks that tests/malware_analyzer/pypi/resources/sourcecode_samples files do not have executable permissions
+# This is another measure to make sure the files can't be accidentally executed
+- repo: local
+  hooks:
+  - id: sourcecode-sample-permissions
+    name: Sourcecode sample executable permissions checker
+    entry: scripts/dev_scripts/samples_permissions_checker.sh
+    language: system
+    always_run: true
+    pass_filenames: false
+
+
 # A linter for Golang
 - repo: https://github.com/golangci/golangci-lint
   rev: v1.61.0
diff --git a/scripts/dev_scripts/samples_permissions_checker.sh b/scripts/dev_scripts/samples_permissions_checker.sh
new file mode 100755
index 000000000..7f3d9604f
--- /dev/null
+++ b/scripts/dev_scripts/samples_permissions_checker.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2022 - 2025, Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
+
+#
+# Checks if the files in tests/malware_analyzer/pypi/resources/sourcecode_samples have executable permissions,
+# failing if any do.
+#
+
+MACARON_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && cd ../.. && pwd)"
+SAMPLES_PATH="${MACARON_DIR}/tests/malware_analyzer/pypi/resources/sourcecode_samples"
+
+# any files have any of the executable bits set
+executables=$(find "$SAMPLES_PATH" -type f -perm -u+x -o -type f -perm -g+x -o -type f -perm -o+x)
+if [ -n "$executables" ]; then
+    echo "The following files should not have any executable permissions:"
+    echo "$executables"
+    exit 1
+fi