Merge pull request #945 from m-1-k-3/master

Docker build updates for Kali 2023.4
e-m-b-a · Dec 7, 2023 · 0c131b9 · 0c131b9
2 parents d8bc706 + c7d2d01
commit 0c131b9
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 38 deletions.
diff --git a/.github/ISSUE_TEMPLATE/new_kali_release.md b/.github/ISSUE_TEMPLATE/new_kali_release.md
@@ -15,19 +15,22 @@ We need to test EMBA on it
 
 Testfirmware: [DLink DIR300](https://ftp.dlink.de/dir/dir-300/archive/driver_software/DIR-300_fw_revb_214b01_ALL_de_20130206.zip)
 
-- [ ] Default/docker installation working with current docker image (`./installer.sh -d`)
+- [ ] Default/docker installation working with current docker image
+  - [ ] `./installer.sh -d` finished without errors
   - [ ] dependency check (`./emba -d 1`)
   - [ ] EMBA run with profile default-scan
   - [ ] EMBA run with profile default-scan in strict mode (-S)
   - [ ] EMBA run with profile default-scan-emulation in strict mode (-S)
   - [ ] EMBA run with profile full-scan in strict mode (-S)
-- [ ] Docker build (`sudo docker-compose build --no-cache --pull`)
+- [ ] Docker base image build 
+  - [ ] `sudo docker-compose build --no-cache --pull` finished without errors
   - [ ] dependency check (`./emba -d 2`)
   - [ ] EMBA run with profile default-scan
   - [ ] EMBA run with profile default-scan in strict mode (-S)
   - [ ] EMBA run with profile default-scan-emulation in strict mode (-S)
   - [ ] EMBA run with profile full-scan in strict mode (-S)
-- [ ] Full installation working (`./installer.sh -F`)
+- [ ] Full installation working on Kali Linux
+  - [ ] `./installer.sh -F` finished without errors
   - [ ] dependency check (`./emba -d 1`)
   - [ ] EMBA run in dev mode with options -s -z -S -D -E -t -W -Q
   - [ ] EMBA run in dev mode with options -s -z -S -D, -c, -E, -t, -W -Q

diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
@@ -1,18 +1,17 @@
 name: EMBA Docker Image build
 
 on:
+  # push:
+  #  branches:
+  #    - '**'        # matches every branch
+  # pull_request:
+  #  branches:
+  #    - '**'
+      # Allows you to run this workflow manually from the Actions tab
+  # workflow_dispatch:
   schedule:
     - cron: '0 0 * * *' # do it every day
 
-#on:
-#  push:
-#    branches:
-#      - '**'        # matches every branch
-#  pull_request:
-#    branches:
-#      - '**'
-#      # Allows you to run this workflow manually from the Actions tab
-#  workflow_dispatch:
 
 jobs:
   docker-build:
@@ -32,18 +31,13 @@ jobs:
           large-packages: false
           swap-storage: true
       - name: EMBA container build
-        uses: nick-fields/retry@v2
-        with:
-          timeout_minutes: 600
-          max_attempts: 3
-          command: |
+        run: |
             sudo docker image prune -f
             sudo docker container prune -f
             sudo apt-get update -y
             sudo apt-get install python3-venv -y
             mkdir ./external
             python3 -m venv "./external/emba_venv"
             source "./external/emba_venv/bin/activate"
-            sudo docker-compose build --no-cache --pull
-            sudo ./emba -d 2 -y
-            deactivate
+            echo "GH_action:true" > ./config/gh_action
+            sudo docker-compose build --no-cache --pull && sudo ./emba -d 2 -y
diff --git a/installer/I13_disasm.sh b/installer/I13_disasm.sh
@@ -29,6 +29,7 @@ I13_disasm() {
       print_file_info "${BINUTIL_VERSION_NAME}" "The GNU Binutils are a collection of binary tools." "https://ftp.gnu.org/gnu/binutils/${BINUTIL_VERSION_NAME}.tar.gz" "external/${BINUTIL_VERSION_NAME}.tar.gz" "external/objdump"
       print_tool_info "texinfo" 1
       print_tool_info "git" 1
+      print_tool_info "wget" 1
       print_tool_info "gcc" 1
       print_tool_info "make" 1
       print_tool_info "build-essential" 1
@@ -38,6 +39,7 @@ I13_disasm() {
       print_tool_info "python3" 1
       print_tool_info "python-is-python3" 1
       print_tool_info "libzip-dev" 1
+      print_tool_info "meson" 1
       # if [[ "${OTHER_OS}" -eq 0 ]] && [[ "${UBUNTU_OS}" -eq 0 ]]; then
       #  print_tool_info "radare2" 1
       # else
@@ -82,13 +84,21 @@ I13_disasm() {
 
         # radare2
         echo -e "${ORANGE}""${BOLD}""Install radare2""${NC}"
-        apt-get install radare2 libradare2-dev libradare2-common libradare2-5.0.0 -y
+        # apt-get install radare2 libradare2-dev libradare2-common libradare2-5.0.0 -y
+        git clone https://github.com/radareorg/radare2.git external/radare2
+        cd external/radare2 || ( echo "Could not install EMBA component radare2" && exit 1 )
+        # we remove the line to execute the script again as sudo user (non root)
+        # this mechanism is not working with our docker container and results in an endless loop
+        sed -i '/exec sudo -u.*install.sh \$\*/d' sys/install.sh
+        sys/install.sh
+        cd "${HOME_PATH}" || ( echo "Could not install EMBA component radare2" && exit 1 )
 
         echo -e "${ORANGE}""${BOLD}""Install radare2 package r2dec""${NC}"
-        r2pm init
-        r2pm update
+        # r2pm init
+        # r2pm update
         # r2pm install r2dec
-        r2pm -cgi r2dec
+        # r2pm -cgi r2dec
+        r2pm -Uci r2dec
         echo -e "${ORANGE}""${BOLD}""Installed r2 plugins:""${NC}"
         r2pm -l
         # cp -pri /root/.local/share/radare2 external/radare_local_bak

diff --git a/modules/S120_cwe_checker.sh b/modules/S120_cwe_checker.sh
@@ -159,21 +159,24 @@ final_cwe_log() {
   local CWE_CNT=""
 
   if [[ -d "${LOG_PATH_MODULE}" ]]; then
-    mapfile -t CWE_OUT < <( jq -r '.[] | "\(.name) \(.description)"' "${LOG_PATH_MODULE}"/cwe_*.log | cut -d\) -f1 | tr -d '('  | sort -u|| true)
-    print_ln
-    if [[ ${#CWE_OUT[@]} -gt 0 ]] ; then
-      print_bar
-      print_output "[+] cwe-checker found a total of ""${ORANGE}""${TOTAL_CWE_CNT}""${GREEN}"" of the following security issues:"
-      for CWE_LINE in "${CWE_OUT[@]}"; do
-        CWE="$(echo "${CWE_LINE}" | awk '{print $1}')"
-        CWE_DESC="$(echo "${CWE_LINE}" | cut -d\  -f2-)"
-        # do not change this to grep -c!
-        # shellcheck disable=SC2126
-        CWE_CNT="$(grep "${CWE}" "${LOG_PATH_MODULE}"/cwe_*.log 2>/dev/null | wc -l || true)"
-        print_output "$(indent "$(orange "${CWE}""${GREEN}"" - ""${CWE_DESC}"" - ""${ORANGE}""${CWE_CNT}"" times.")")"
-      done
-      print_bar
+    local CWE_LOGS=("${LOG_PATH_MODULE}"/cwe_*.log)
+    if [[ "${#CWE_LOGS[@]}" -gt 0 ]]; then
+      mapfile -t CWE_OUT < <( jq -r '.[] | "\(.name) \(.description)"' "${LOG_PATH_MODULE}"/cwe_*.log | cut -d\) -f1 | tr -d '('  | sort -u|| true)
       print_ln
+      if [[ ${#CWE_OUT[@]} -gt 0 ]] ; then
+        print_bar
+        print_output "[+] cwe-checker found a total of ""${ORANGE}""${TOTAL_CWE_CNT}""${GREEN}"" of the following security issues:"
+        for CWE_LINE in "${CWE_OUT[@]}"; do
+          CWE="$(echo "${CWE_LINE}" | awk '{print $1}')"
+          CWE_DESC="$(echo "${CWE_LINE}" | cut -d\  -f2-)"
+          # do not change this to grep -c!
+          # shellcheck disable=SC2126
+          CWE_CNT="$(grep "${CWE}" "${LOG_PATH_MODULE}"/cwe_*.log 2>/dev/null | wc -l || true)"
+          print_output "$(indent "$(orange "${CWE}""${GREEN}"" - ""${CWE_DESC}"" - ""${ORANGE}""${CWE_CNT}"" times.")")"
+        done
+        print_bar
+        print_ln
+      fi
     fi
   fi
 }