add validate github workflow

2025-12-05 22:35:04 +01:00 · 2025-02-21 13:20:08 +01:00 · 2025-02-21 13:20:08 +01:00 · 408a6e6b2b
commit 408a6e6b2b
parent 2410015f46
3 changed files with 75 additions and 37 deletions
--- a/.github/workflows/validate.yaml
+++ b/.github/workflows/validate.yaml
@ -0,0 +1,17 @@
+name: Validate NFC Files
+
+on:
+  push:
+  pull_request:
+    types: [ opened, synchronize, reopened ]
+
+jobs:
+  validation:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: validate
+        run: ./validation.sh
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,3 @@
 Extra
 *.ini
+.idea
--- a/validation.sh
+++ b/validation.sh
@ -1,48 +1,68 @@
-#!/bin/bash
+#!/usr/bin/env bash

-shopt -s globstar
+ERR_FOUND=0

 REQUIRED_PATTERNS=(
-    "Filetype: Flipper NFC device"
-    "Version: 4"
-    "Device type: SLIX"
-    "UID:( [A-F0-9]{2}){8}"
-    "DSFID: 00"
-    "AFI: 00"
-    "IC Reference: 03"
-    "Lock DSFID: false"
-    "Lock AFI: false"
-    "Block Count: 8"
-    "Block Size: 04"
-    "Data Content:( [A-F0-9]{2}){32}"
-    "Security Status: 00 00 00 00 00 00 00 00"
-    "Capabilities: Default"
-    "Password Privacy: 7F FD 6E 5B"
-    "Password Destroy: 0F 0F 0F 0F"
-    "Password EAS: 00 00 00 00"
-    "Privacy Mode: false"
-    "Lock EAS: false"
+  "Filetype: Flipper NFC device"
+  "Version: 4"
+  "Device type: SLIX"
+  "UID:( [A-F0-9]{2}){8}"
+  "DSFID: 00"
+  "AFI: 00"
+  "IC Reference: 03"
+  "Lock DSFID: false"
+  "Lock AFI: false"
+  "Block Count: 8"
+  "Block Size: 04"
+  "Data Content:( [A-F0-9]{2}){32}"
+  "Security Status: 00 00 00 00 00 00 00 00"
+  "Capabilities: Default"
+  "Password Privacy: 7F FD 6E 5B"
+  "Password Destroy: 0F 0F 0F 0F"
+  "Password EAS: 00 00 00 00"
+  "Privacy Mode: false"
+  "Lock EAS: false"
 )

-for filename in **/*.nfc; do
+FORBIDDEN_PATTERNS=(
+  "Subtype: ([0-9]){2}"
+  # Add more forbidden patterns here
+)

-    for pattern in "${REQUIRED_PATTERNS[@]}"; do
-        if [ -z "$(grep -P "$pattern" "$filename")" ]; then
-            echo $filename
-            echo "    Missing: $pattern"
-        fi
-    done
+# Use process substitution so that ERR_FOUND is updated in the main shell.
+while read -r filename; do
+  content=$(cat "$filename")

-    # The likelihood of two blocks of 00 in data content is almost impossible,
-    # so use that as a check for when the full data is not read
-    if [ ! -z "$(grep -P "Data Content:( [A-F0-9]{2})* 00 00( [A-F0-9]{2})*" "$filename")" ]; then
-        echo $filename
-        echo "    Full data not read"
+  for pattern in "${REQUIRED_PATTERNS[@]}"; do
+    if ! echo "$content" | awk "/$pattern/ { found=1 } END { exit !found }"; then
+      echo "$filename"
+      echo "    Missing: $pattern"
+      ERR_FOUND=1
    fi
+  done

-    if [ ! -z "$(grep -P "\r" "$filename")" ]; then
-        echo $filename
-        echo "    Has carriage return characters"
+  # The likelihood of two blocks of 00 in data content is almost impossible,
+  # so use that as a check for when the full data is not read
+  if echo "$content" | awk '/Data Content:( [A-F0-9]{2})* 00 00( [A-F0-9]{2})*/ { found=1 } END { exit !found }'; then
+    echo "$filename"
+    echo "    Full data not read"
+    ERR_FOUND=1
+  fi
+
+  if echo "$content" | awk '/\r/ { found=1 } END { exit !found }'; then
+    echo "$filename"
+    echo "    Has carriage return characters"
+    ERR_FOUND=1
+  fi
+
+  for pattern in "${FORBIDDEN_PATTERNS[@]}"; do
+    if echo "$content" | awk "/$pattern/ { found=1 } END { exit !found }"; then
+      echo "$filename"
+      echo "    Forbidden pattern found: $pattern"
+      ERR_FOUND=1
    fi
+  done

-done
+done < <(find . -type f -name "*.nfc")
+
+exit $ERR_FOUND