Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

added catalog checker #95

Merged
merged 31 commits into from
May 10, 2020
Merged

added catalog checker #95

merged 31 commits into from
May 10, 2020

Conversation

milenkowski
Copy link
Contributor

  • updated static_analyzer.py, requirements.txt
  • hooks.json left unmodified
  • added asn1.py (a fixed version of the pyasn1 library)

Wenzel
Wenzel requested changes Apr 25, 2020
View reviewed changes
Copy link
Owner

@Wenzel Wenzel left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please see my remarks.

I will test your hook tomorrow.

And thanks for your work !

asn1.py Outdated Show resolved Hide resolved
hooks/static_analyzer.py Outdated Show resolved Hide resolved
hooks/static_analyzer.py Outdated Show resolved Hide resolved
hooks/static_analyzer.py Outdated Show resolved Hide resolved
hooks/static_analyzer.py Outdated Show resolved Hide resolved
@Wenzel Wenzel mentioned this pull request Apr 25, 2020
Open
@Wenzel Wenzel changed the base branch from static_analyzer_catfiles to master April 26, 2020 15:31
Wenzel and others added 25 commits May 8, 2020 01:47
@Wenzel
static_analyzer: add hook skeleton
afa7a3f
@milenkowski @Wenzel
First draft: PE checker
4e064a7
@milenkowski @Wenzel
added catalog checker
880d517
@milenkowski @Wenzel
Update of static_analyzer based on feedback
a7302e0
@Wenzel
static_analyzer: update getting Inode mime type after rebase
fd4febc
@Wenzel
static_analyzer: add error recovery when LIEF PE parsing failed
24d0b8d
@Wenzel
static_analyzer: dump failed parsing binaries
035b4f0
@Wenzel
static_analyzer: check Neo4j enabled before using OS node
73d118e
@Wenzel
oswatcher: add utils package
a63f814
@Wenzel
oswatcher: move asn1 into utils
0a071a9
@Wenzel
static_analyzer: fix node parameter
cc43b43
@Wenzel
static_analyzer: add typing on functions return values
33c76b7
@Wenzel
static_analyzer: add typing on function parameters
2ef27a2
@Wenzel
static_analyzer: set CATROOT_PATH as class constant
615ea59
@Wenzel
filesystem: add GuestFSWrapper
c53d38a
@Wenzel
filesystem: remove walk_count
515d3de
@Wenzel
filesystem: remove logger parameter from Inode
cb65011
@Wenzel
filesystem: send gfs_wrapper as well
da9e84f
@Wenzel
filesystem: add exists property on Inode
e0f08f7
@Wenzel
static_analyzer: improve has_catSignature with GuestFSWrapper
5febec7
@Wenzel
static_analyzer: rename camelcase variables
419c83e
@Wenzel
static_analyzer: move functions to oswactcher utils
cb10bb9
@Wenzel
static_analyzer: rename class
4d4fb76
@Wenzel
static_analyzer: fix PEP8
db98b2e
@Wenzel
static_analyzer: remove code size and image size
f42fd98
@Wenzel Wenzel force-pushed the static_analyzer_catfiles branch from 0a75415 to 26c0a82 Compare May 7, 2020 23:51
@Wenzel
Copy link
Owner

Wenzel commented May 7, 2020

@milenkowski I did the following changes:

  • rebase on master and solved conflicts
  • rename all variables to remove camelcase (not pythonic)
  • remove some fields such as code size and imports, we are not going to process them now, and it will be in a different hook
  • refactor the variables around the check of the signature.

@Wenzel
Copy link
Owner

Wenzel commented May 8, 2020

@milenkowski I finished the rest of the work for this PR.

I updated the model to add new properties on the Neo4J Inode to define PE security properties
and I triggered the event in the static_analyzer hook to insert these data into the node.

The data is in Neo4j 🎉

Sample query: get all signed (embedded) binaries
Capture d’écran de 2020-05-08 03-04-41

MATCH (o:OS {name:"winxp"})-[*]->(i:GraphInode)
WHERE i.checksec = true AND i.signed = true
RETURN o,i

@Wenzel Wenzel force-pushed the static_analyzer_catfiles branch from ab908b1 to fa19b61 Compare May 8, 2020 01:07
@Wenzel Wenzel merged commit 8038d7f into Wenzel:master May 10, 2020
@Wenzel Wenzel deleted the static_analyzer_catfiles branch May 10, 2020 00:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Wenzel Wenzel Wenzel approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@milenkowski @Wenzel