Merge branch 'release/v0.12.0'

fkie-cad · Nov 19, 2021 · 6ffb023 · 6ffb023
2 parents 9d64615 + 0f33867
commit 6ffb023
Show file tree

Hide file tree

Showing 34 changed files with 329 additions and 264 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -16,7 +16,7 @@ jobs:
         strategy:
             matrix:
                 yara-version:
-                    - v4.1.1
+                    - v4.1.3
         steps:
             - uses: actions/checkout@v2
 
@@ -44,12 +44,10 @@ jobs:
         strategy:
             matrix:
                 go-version:
+                    - 1.17
                     - 1.16
-                    - 1.15
                 yara-version:
-                    - v4.1.1
-                openssl-version:
-                    - OpenSSL_1_1_1-stable
+                    - v4.1.3
         steps:
             - uses: actions/checkout@v2
 
@@ -93,7 +91,7 @@ jobs:
             - name: Upload coverage
               uses: actions/upload-artifact@v2
               with:
-                  name: coverage-linux-${{ matrix.go-version }}-${{ matrix.yara-version }}-${{ matrix.openssl-version }}
+                  name: coverage-linux-${{ matrix.go-version }}-${{ matrix.yara-version }}
                   path: coverage.txt
             - name: Codecov
               uses: codecov/codecov-action@v1.5.2
@@ -105,9 +103,9 @@ jobs:
         strategy:
             matrix:
                 go-version:
-                    - 1.16
+                    - 1.17
                 yara-version:
-                    - v4.1.1
+                    - v4.1.3
                 openssl-version:
                     - OpenSSL_1_1_1-stable
         steps:

diff --git a/acceptanceTests/reports_test.go b/acceptanceTests/reports_test.go
@@ -396,27 +396,27 @@ func conveyReportIsReadable(c C, openReport reportOpenFunc, pid int, addressOfDa
 		So(err, ShouldBeNil)
 		defer report.Close()
 
-		reportFiles, err := readReport(c, report)
+		reportFiles, err := readReport(report)
 
 		c.So(reportFiles, ShouldNotBeEmpty)
 		c.So(err, ShouldBeNil)
 
-		var memoryScansJson *file
+		var memoryScansJSON *file
 		filenames := make([]string, len(reportFiles))
 		for i, file := range reportFiles {
 			filenames[i] = file.Name
 			if file.Name == "memory-scans.json" {
-				memoryScansJson = file
+				memoryScansJSON = file
 			}
 		}
 		c.Convey("which contains the expected files", func(c C) {
 			c.So(filenames, ShouldContain, "systeminfo.json")
 			c.So(filenames, ShouldContain, "processes.json")
 			c.So(filenames, ShouldContain, "memory-scans.json")
 			c.So(filenames, ShouldContain, "stats.json")
-			c.So(memoryScansJson, ShouldNotBeNil)
+			c.So(memoryScansJSON, ShouldNotBeNil)
 
-			conveyReportHasMatch(c, pid, addressOfData, memoryScansJson)
+			conveyReportHasMatch(c, pid, addressOfData, memoryScansJSON)
 		})
 	})
 }
@@ -434,27 +434,27 @@ func conveyReportIsReadableButDoesNotHaveMatch(c C, openReport reportOpenFunc, p
 		So(err, ShouldBeNil)
 		defer report.Close()
 
-		reportFiles, err := readReport(c, report)
+		reportFiles, err := readReport(report)
 
 		c.So(reportFiles, ShouldNotBeEmpty)
 		c.So(err, ShouldBeNil)
 
-		var memoryScansJson *file
+		var memoryScansJSON *file
 		filenames := make([]string, len(reportFiles))
 		for i, file := range reportFiles {
 			filenames[i] = file.Name
 			if file.Name == "memory-scans.json" {
-				memoryScansJson = file
+				memoryScansJSON = file
 			}
 		}
 		c.Convey("which contains the expected files", func(c C) {
 			c.So(filenames, ShouldContain, "systeminfo.json")
 			c.So(filenames, ShouldContain, "processes.json")
 			c.So(filenames, ShouldContain, "memory-scans.json")
 			c.So(filenames, ShouldContain, "stats.json")
-			c.So(memoryScansJson, ShouldNotBeNil)
+			c.So(memoryScansJSON, ShouldNotBeNil)
 
-			conveyReportDoesNotHaveMatch(c, pid, addressOfData, memoryScansJson)
+			conveyReportDoesNotHaveMatch(c, pid, addressOfData, memoryScansJSON)
 		})
 	})
 }
@@ -472,7 +472,7 @@ func conveyReportIsAnonymized(c C, openReport reportOpenFunc, reportDir string)
 		So(err, ShouldBeNil)
 		defer report.Close()
 
-		reportFiles, err := readReport(c, report)
+		reportFiles, err := readReport(report)
 
 		c.So(reportFiles, ShouldNotBeEmpty)
 		c.So(err, ShouldBeNil)
@@ -523,14 +523,14 @@ func conveyReportIsNotReadable(c C, openReport reportOpenFunc, reportDir string)
 		}
 		defer report.Close()
 
-		_, err = readReport(c, report)
+		_, err = readReport(report)
 		c.So(err, ShouldNotBeNil)
 	})
 }
 
-func conveyReportHasMatch(c C, pid int, addressOfData uintptr, memoryScansJson *file) {
+func conveyReportHasMatch(c C, pid int, addressOfData uintptr, memoryScansJSON *file) {
 	c.Convey("with the memory-scans.json containing the correct match.", func() {
-		dec := json.NewDecoder(bytes.NewReader(memoryScansJson.Data))
+		dec := json.NewDecoder(bytes.NewReader(memoryScansJSON.Data))
 		foundCorrectMatch := false
 		var err error
 		for {
@@ -549,9 +549,9 @@ func conveyReportHasMatch(c C, pid int, addressOfData uintptr, memoryScansJson *
 	})
 }
 
-func conveyReportDoesNotHaveMatch(c C, pid int, addressOfData uintptr, memoryScansJson *file) {
+func conveyReportDoesNotHaveMatch(c C, pid int, addressOfData uintptr, memoryScansJSON *file) {
 	c.Convey("with the memory-scans.json not containing a false positive.", func() {
-		dec := json.NewDecoder(bytes.NewReader(memoryScansJson.Data))
+		dec := json.NewDecoder(bytes.NewReader(memoryScansJSON.Data))
 		foundMatchForPID := false
 		foundMatchForAddressInPID := false
 		var err error
@@ -580,7 +580,7 @@ type file struct {
 	Data []byte
 }
 
-func readReport(c C, rdr io.Reader) ([]*file, error) {
+func readReport(rdr io.Reader) ([]*file, error) {
 	zstdRdr, err := zstd.NewReader(rdr)
 	if err != nil {
 		return nil, err

diff --git a/app/app.go b/app/app.go
@@ -11,8 +11,6 @@ import (
 	"github.com/urfave/cli/v2"
 )
 
-const yaraRulesNamespace = ""
-
 var DefaultNumberOfFilescanThreads int
 
 func init() {
@@ -209,7 +207,7 @@ func MakeApp(args []string) *cli.App {
 		Name:        "yapscan",
 		HelpName:    "yapscan",
 		Description: "A yara based scanner for files and process memory with some extras.",
-		Version:     "0.11.0",
+		Version:     "0.12.0",
 		Writer:      os.Stdout,
 		ErrWriter:   os.Stderr,
 		Authors: []*cli.Author{

diff --git a/app/filter.go b/app/filter.go
@@ -33,7 +33,7 @@ func BuildFilterPermissions(fStr string) (yapscan.MemorySegmentFilter, error) {
 func BuildFilterPermissionsExact(fStr []string) (yapscan.MemorySegmentFilter, error) {
 	var err error
 
-	if fStr == nil || len(fStr) == 0 {
+	if len(fStr) == 0 {
 		return nil, nil
 	}
 
@@ -51,16 +51,16 @@ func BuildFilterPermissionsExact(fStr []string) (yapscan.MemorySegmentFilter, er
 func BuildFilterType(fStr []string) (yapscan.MemorySegmentFilter, error) {
 	var err error
 
-	if fStr == nil || len(fStr) == 0 {
+	if len(fStr) == 0 {
 		return nil, nil
 	}
 
-	types := make([]procio.Type, len(fStr))
+	types := make([]procio.SegmentType, len(fStr))
 	for i, s := range fStr {
 		if s == "" {
 			continue
 		}
-		types[i], err = procio.ParseType(strings.ToUpper(s[0:1]) + strings.ToLower(s[1:]))
+		types[i], err = procio.ParseSegmentType(strings.ToUpper(s[0:1]) + strings.ToLower(s[1:]))
 		if err != nil {
 			return nil, fmt.Errorf("could not parse type \"%s\", reason: %w", s, err)
 		}
@@ -72,7 +72,7 @@ func BuildFilterType(fStr []string) (yapscan.MemorySegmentFilter, error) {
 func BuildFilterState(fStr []string) (yapscan.MemorySegmentFilter, error) {
 	var err error
 
-	if fStr == nil || len(fStr) == 0 {
+	if len(fStr) == 0 {
 		return nil, nil
 	}
 
@@ -256,6 +256,9 @@ func ParseAbsoluteSize(s string) (uintptr, error) {
 
 	num := numReg.FindString(s)
 	value, err := strconv.ParseFloat(num, 64)
+	if err != nil {
+		return 0, err
+	}
 
 	unit := strings.Trim(s[len(num):], " \t")
 	mult, err := ParseByteUnit(unit)

diff --git a/app/scan.go b/app/scan.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"crypto/md5"
 	"encoding/base64"
-	"encoding/binary"
 	"encoding/hex"
 	"fmt"
 	"math/rand"
@@ -157,9 +156,12 @@ func scan(c *cli.Context) error {
 		hostname, err := os.Hostname()
 		if err != nil {
 			logrus.WithError(err).Warn("Could not determine hostname.")
+
+			// Generate random name
 			h := md5.New()
-			binary.Write(h, binary.LittleEndian, rand.Int())
-			binary.Write(h, binary.LittleEndian, rand.Int())
+			randBytes := make([]byte, 32)
+			rand.Read(randBytes)
+			h.Write(randBytes)
 			hostname = hex.EncodeToString(h.Sum(nil))
 		}
 		if anonymizer != nil {

diff --git a/arch/bitness_enum.go b/arch/bitness_enum.go
diff --git a/cicd/release.sh b/cicd/release.sh
@@ -98,7 +98,7 @@ if [[ "$?" != "0" ]]; then
     echo "ERROR: Could not create release!"
     exit 15
 fi
-upload_url=${upload_url%{*}
+upload_url=${upload_url%\{*}
 
 echo "Uploading assets to $upload_url..."
 

diff --git a/cicd/yaraVersion.sh b/cicd/yaraVersion.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-DEFAULT_VERSION=v4.1.1
+DEFAULT_VERSION=v4.1.3
 YARA_VERSION=${YARA_VERSION:-$DEFAULT_VERSION}
 
 echo "$YARA_VERSION"
diff --git a/cmd/yapscan/main.go b/cmd/yapscan/main.go
@@ -40,5 +40,4 @@ func main() {
 	}
 	// Started as service.
 	// The ServiceMain is called by the service manager, we can just exit.
-	return
 }