fix(veinmind-malicious): optimize code (#233)

* bug fix : 删除无用变量、规则拼写错误 * bug fix:恢复误删代码 * 恢复k8s的规则 * 代码优化、增加错误处理
chaitin · May 6, 2023 · 94c1e75 · 94c1e75
1 parent 50cfbc9
commit 94c1e75
Show file tree

Hide file tree

Showing 10 changed files with 18 additions and 18 deletions.
diff --git a/plugins/go/veinmind-iac/cmd/cli.go b/plugins/go/veinmind-iac/cmd/cli.go
@@ -25,7 +25,6 @@ var (
 	reportService = &report.Service{}
 
 	results   []scanner.Result
-	scanStart = time.Now()
 	scanTotal = 0
 
 	reportLevelMap = map[string]event.Level{

diff --git a/plugins/go/veinmind-iac/rules/common/docker.rego b/plugins/go/veinmind-iac/rules/common/docker.rego
@@ -83,7 +83,7 @@ meta_data["DF-008"] := {
 
 meta_data["DF-009"] := {
     "id": "DF-009",
-    "name": "chwon flag in COPY",
+    "name": "chown flag in COPY",
     "type": "dockerfile",
     "severity": "Low",
     "description": "Make sure not to use the --chown parameter when the user only needs enforcement rights",
@@ -166,7 +166,7 @@ meta_data["DF-017"] := {
     "name": "Multiple entrypoint commands are used",
     "type": "dockerfile",
     "severity": "CRITICAL",
-    "description": "There can only be one entrypont command in a Docker file. If you list multiple entrypoints, only the last one will take effect.",
+    "description": "There can only be one entrypoint command in a Docker file. If you list multiple entrypoints, only the last one will take effect.",
     "solution": "Delete other entrypoint commands and use only one entrypoint command",
     "reference": "https://docs.docker.com/engine/reference/builder/#entrypoint",
 }

diff --git a/plugins/go/veinmind-iac/rules/common/kubernetes.rego b/plugins/go/veinmind-iac/rules/common/kubernetes.rego
@@ -32,7 +32,7 @@ meta_data["KN-003"] = {
 
 meta_data["KN-004"] = {
     "id": "KN-004",
-    "name": "SElinux set custom options",
+    "name": "SELinux set custom options",
     "type": "kubernetes",
     "severity": "Medium",
     "description": "Setting custom SELinux user or role options should be disallowed.",

diff --git a/plugins/go/veinmind-iac/rules/kubernetes/kubernetes.rego b/plugins/go/veinmind-iac/rules/kubernetes/kubernetes.rego
@@ -77,4 +77,4 @@ is_controller {
 
 is_controller {
 	input[_].kind = "Job"
-}
+}
diff --git a/plugins/go/veinmind-log4j2/go.sum b/plugins/go/veinmind-log4j2/go.sum
@@ -165,8 +165,8 @@ github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghf
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chaitin/libveinmind v1.5.2/go.mod h1:TXLYL6GeSAQ7pQ5IxPG4Tp0DuB1QvPPFhqdOjyiWxVU=
-github.com/chaitin/libveinmind v1.5.5 h1:cd3aAc4v+p4ZTuzVPQQMqAgq4aboDoa1XAUxyl35hWg=
-github.com/chaitin/libveinmind v1.5.5/go.mod h1:TXLYL6GeSAQ7pQ5IxPG4Tp0DuB1QvPPFhqdOjyiWxVU=
+github.com/chaitin/libveinmind v1.5.6 h1:fyNq142a+uOfYZ68GTzElFXVB0dtEXvs+ffwk24+Vfg=
+github.com/chaitin/libveinmind v1.5.6/go.mod h1:TXLYL6GeSAQ7pQ5IxPG4Tp0DuB1QvPPFhqdOjyiWxVU=
 github.com/chaitin/veinmind-common-go v1.4.2 h1:+AK2lt/OI7/kGQpt3rkp1gVJvoxfosnxxFaBfi6nbGw=
 github.com/chaitin/veinmind-common-go v1.4.2/go.mod h1:+dshrlmHiBtRV7ATyObBIg3SZoffpNCr1PdahT1LUQo=
 github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw=

diff --git a/plugins/go/veinmind-log4j2/pkg/scanner/scanner.go b/plugins/go/veinmind-log4j2/pkg/scanner/scanner.go
@@ -7,7 +7,6 @@ import (
 	"fmt"
 	"io"
 	"io/fs"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
@@ -80,6 +79,9 @@ func ScanFile(file api.File, path string, depth int) (*Result, error) {
 	}
 
 	stat, err := file.Stat()
+	if err != nil {
+		return nil, err
+	}
 	f, err := zip.NewReader(file, stat.Size())
 	if err != nil {
 		return nil, err
@@ -130,7 +132,7 @@ func ScanFile(file api.File, path string, depth int) (*Result, error) {
 				continue
 			}
 
-			tmpFile, err := ioutil.TempFile("", "extract_*.jar")
+			tmpFile, err := os.CreateTemp("", "extract_*.jar")
 			if err != nil {
 				log.Warnf("failed to create temp file, err: %v", err)
 				continue
@@ -147,7 +149,7 @@ func ScanFile(file api.File, path string, depth int) (*Result, error) {
 			if err != nil {
 				log.Warnf("failed to scan nested jar %s in %s, err: %v", ff.Name, file, err)
 				_ = tmpFile.Close()
-				err = os.Remove(tmpFile.Name())
+				_ = os.Remove(tmpFile.Name())
 				continue
 			}
 

diff --git a/plugins/go/veinmind-malicious/cmd/scan/cli.go b/plugins/go/veinmind-malicious/cmd/scan/cli.go
@@ -17,7 +17,6 @@ import (
 	_ "github.com/chaitin/veinmind-tools/plugins/go/veinmind-malicious/config"
 	_ "github.com/chaitin/veinmind-tools/plugins/go/veinmind-malicious/database"
 	"github.com/chaitin/veinmind-tools/plugins/go/veinmind-malicious/database/model"
-	_ "github.com/chaitin/veinmind-tools/plugins/go/veinmind-malicious/database/model"
 	"github.com/chaitin/veinmind-tools/plugins/go/veinmind-malicious/embed"
 	"github.com/chaitin/veinmind-tools/plugins/go/veinmind-malicious/scanner/malicious"
 )

diff --git a/plugins/go/veinmind-malicious/embed/embed.go b/plugins/go/veinmind-malicious/embed/embed.go
@@ -2,11 +2,11 @@ package embed
 
 import (
 	"embed"
-	"github.com/chaitin/libveinmind/go/plugin/log"
 	"io/fs"
-	"io/ioutil"
 	"os"
 	"path"
+
+	"github.com/chaitin/libveinmind/go/plugin/log"
 )
 
 //go:embed scripts/.env
@@ -26,7 +26,7 @@ func ReadFile(name string) ([]byte, error) {
 	if _, err := os.Stat(name); os.IsNotExist(err) {
 		return EmbedFile.ReadFile(name)
 	} else {
-		return ioutil.ReadFile(name)
+		return os.ReadFile(name)
 	}
 }
 
@@ -49,7 +49,7 @@ func extract(epath string) {
 			log.Fatal(err)
 		}
 	}
-	err = ioutil.WriteFile(epath, composeYamlBytes, 0755)
+	err = os.WriteFile(epath, composeYamlBytes, 0755)
 	if err != nil {
 		log.Fatal(err)
 	}

diff --git a/plugins/go/veinmind-malicious/sdk/av/clamav/client.go b/plugins/go/veinmind-malicious/sdk/av/clamav/client.go
@@ -81,13 +81,13 @@ type ServiceInfo struct {
 type SizeLimitReachedError struct {
 }
 
-func (self *SizeLimitReachedError) Error() string {
+func (s *SizeLimitReachedError) Error() string {
 	return "File Size Limit Reached"
 }
 
 type ResultParseError struct {
 }
 
-func (self *ResultParseError) Error() string {
+func (r *ResultParseError) Error() string {
 	return "Clamav Result Parse Error"
 }
diff --git a/plugins/go/veinmind-malicious/sdk/av/virustotal/client.go b/plugins/go/veinmind-malicious/sdk/av/virustotal/client.go
@@ -39,7 +39,7 @@ func Active() bool {
 }
 
 func ScanSHA256(ctx context.Context, sha256 string) ([]av.ScanResult, error) {
-	retCommon := []av.ScanResult{}
+	var retCommon []av.ScanResult
 	done := make(chan struct{})
 
 	if client == nil {