Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

修改规则的部分书写问题、删除无用变量 #233

Merged
merged 4 commits into from May 6, 2023
Merged

修改规则的部分书写问题、删除无用变量 #233

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
5dd9aae
bug fix : 删除无用变量、规则拼写错误
testwill May 5, 2023
9d82ea3
bug fix:恢复误删代码
testwill May 5, 2023
4b689b0
恢复k8s的规则
testwill May 5, 2023
cb4913f
代码优化、增加错误处理
testwill May 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 0 additions & 1 deletion plugins/go/veinmind-iac/cmd/cli.go
View file
Open in desktop
Expand Up @@ -25,7 +25,6 @@ var (
reportService = &report.Service{}

results []scanner.Result
scanStart = time.Now()
scanTotal = 0

reportLevelMap = map[string]event.Level{
Expand Down
4 changes: 2 additions & 2 deletions plugins/go/veinmind-iac/rules/common/docker.rego
View file
Open in desktop
Expand Up @@ -83,7 +83,7 @@ meta_data["DF-008"] := {

meta_data["DF-009"] := {
"id": "DF-009",
"name": "chwon flag in COPY",
"name": "chown flag in COPY",
"type": "dockerfile",
"severity": "Low",
"description": "Make sure not to use the --chown parameter when the user only needs enforcement rights",
Expand Down Expand Up @@ -166,7 +166,7 @@ meta_data["DF-017"] := {
"name": "Multiple entrypoint commands are used",
"type": "dockerfile",
"severity": "CRITICAL",
"description": "There can only be one entrypont command in a Docker file. If you list multiple entrypoints, only the last one will take effect.",
"description": "There can only be one entrypoint command in a Docker file. If you list multiple entrypoints, only the last one will take effect.",
"solution": "Delete other entrypoint commands and use only one entrypoint command",
"reference": "https://docs.docker.com/engine/reference/builder/#entrypoint",
}
Expand Down
2 changes: 1 addition & 1 deletion plugins/go/veinmind-iac/rules/common/kubernetes.rego
View file
Open in desktop
Expand Up @@ -32,7 +32,7 @@ meta_data["KN-003"] = {

meta_data["KN-004"] = {
"id": "KN-004",
"name": "SElinux set custom options",
"name": "SELinux set custom options",
"type": "kubernetes",
"severity": "Medium",
"description": "Setting custom SELinux user or role options should be disallowed.",
Expand Down
2 changes: 1 addition & 1 deletion plugins/go/veinmind-iac/rules/kubernetes/kubernetes.rego
View file
Open in desktop
Expand Up @@ -77,4 +77,4 @@ is_controller {

is_controller {
input[_].kind = "Job"
}
}
4 changes: 2 additions & 2 deletions plugins/go/veinmind-log4j2/go.sum
View file
Open in desktop
Expand Up @@ -165,8 +165,8 @@ github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghf
github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/chaitin/libveinmind v1.5.2/go.mod h1:TXLYL6GeSAQ7pQ5IxPG4Tp0DuB1QvPPFhqdOjyiWxVU=
github.com/chaitin/libveinmind v1.5.5 h1:cd3aAc4v+p4ZTuzVPQQMqAgq4aboDoa1XAUxyl35hWg=
github.com/chaitin/libveinmind v1.5.5/go.mod h1:TXLYL6GeSAQ7pQ5IxPG4Tp0DuB1QvPPFhqdOjyiWxVU=
github.com/chaitin/libveinmind v1.5.6 h1:fyNq142a+uOfYZ68GTzElFXVB0dtEXvs+ffwk24+Vfg=
github.com/chaitin/libveinmind v1.5.6/go.mod h1:TXLYL6GeSAQ7pQ5IxPG4Tp0DuB1QvPPFhqdOjyiWxVU=
github.com/chaitin/veinmind-common-go v1.4.2 h1:+AK2lt/OI7/kGQpt3rkp1gVJvoxfosnxxFaBfi6nbGw=
github.com/chaitin/veinmind-common-go v1.4.2/go.mod h1:+dshrlmHiBtRV7ATyObBIg3SZoffpNCr1PdahT1LUQo=
github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw=
Expand Down
8 changes: 5 additions & 3 deletions plugins/go/veinmind-log4j2/pkg/scanner/scanner.go
View file
Open in desktop
Expand Up @@ -7,7 +7,6 @@ import (
"fmt"
"io"
"io/fs"
"io/ioutil"
"os"
"path/filepath"
"strings"
Expand Down Expand Up @@ -80,6 +79,9 @@ func ScanFile(file api.File, path string, depth int) (*Result, error) {
}

stat, err := file.Stat()
if err != nil {
return nil, err
}
f, err := zip.NewReader(file, stat.Size())
if err != nil {
return nil, err
Expand Down Expand Up @@ -130,7 +132,7 @@ func ScanFile(file api.File, path string, depth int) (*Result, error) {
continue
}

tmpFile, err := ioutil.TempFile("", "extract_*.jar")
tmpFile, err := os.CreateTemp("", "extract_*.jar")
if err != nil {
log.Warnf("failed to create temp file, err: %v", err)
continue
Expand All @@ -147,7 +149,7 @@ func ScanFile(file api.File, path string, depth int) (*Result, error) {
if err != nil {
log.Warnf("failed to scan nested jar %s in %s, err: %v", ff.Name, file, err)
_ = tmpFile.Close()
err = os.Remove(tmpFile.Name())
_ = os.Remove(tmpFile.Name())
continue
}

Expand Down
1 change: 0 additions & 1 deletion plugins/go/veinmind-malicious/cmd/scan/cli.go
View file
Open in desktop
Expand Up @@ -17,7 +17,6 @@ import (
_ "github.com/chaitin/veinmind-tools/plugins/go/veinmind-malicious/config"
_ "github.com/chaitin/veinmind-tools/plugins/go/veinmind-malicious/database"
"github.com/chaitin/veinmind-tools/plugins/go/veinmind-malicious/database/model"
_ "github.com/chaitin/veinmind-tools/plugins/go/veinmind-malicious/database/model"
"github.com/chaitin/veinmind-tools/plugins/go/veinmind-malicious/embed"
"github.com/chaitin/veinmind-tools/plugins/go/veinmind-malicious/scanner/malicious"
)
Expand Down
8 changes: 4 additions & 4 deletions plugins/go/veinmind-malicious/embed/embed.go
View file
Open in desktop
Expand Up @@ -2,11 +2,11 @@ package embed

import (
"embed"
"github.com/chaitin/libveinmind/go/plugin/log"
"io/fs"
"io/ioutil"
"os"
"path"

"github.com/chaitin/libveinmind/go/plugin/log"
)

//go:embed scripts/.env
Expand All @@ -26,7 +26,7 @@ func ReadFile(name string) ([]byte, error) {
if _, err := os.Stat(name); os.IsNotExist(err) {
return EmbedFile.ReadFile(name)
} else {
return ioutil.ReadFile(name)
return os.ReadFile(name)
}
}

Expand All @@ -49,7 +49,7 @@ func extract(epath string) {
log.Fatal(err)
}
}
err = ioutil.WriteFile(epath, composeYamlBytes, 0755)
err = os.WriteFile(epath, composeYamlBytes, 0755)
if err != nil {
log.Fatal(err)
}
Expand Down
4 changes: 2 additions & 2 deletions plugins/go/veinmind-malicious/sdk/av/clamav/client.go
View file
Open in desktop
Expand Up @@ -81,13 +81,13 @@ type ServiceInfo struct {
type SizeLimitReachedError struct {
}

func (self *SizeLimitReachedError) Error() string {
func (s *SizeLimitReachedError) Error() string {
return "File Size Limit Reached"
}

type ResultParseError struct {
}

func (self *ResultParseError) Error() string {
func (r *ResultParseError) Error() string {
return "Clamav Result Parse Error"
}
2 changes: 1 addition & 1 deletion plugins/go/veinmind-malicious/sdk/av/virustotal/client.go
View file
Open in desktop
Expand Up @@ -39,7 +39,7 @@ func Active() bool {
}

func ScanSHA256(ctx context.Context, sha256 string) ([]av.ScanResult, error) {
retCommon := []av.ScanResult{}
var retCommon []av.ScanResult
done := make(chan struct{})

if client == nil {
Expand Down