Docker image update check

helpers/helpers_emba_dependency_check.sh

@@ -145,7 +145,6 @@ check_nvd_db(){
   fi
 }
 
-
 check_git_hash(){
   local REMOTE_HASH="${1:-}"
   local LOCAL_HASH=""
@@ -163,7 +162,8 @@ check_git_hash(){
 check_docker_image(){
   local REMOTE_DOCKER_HASH="${1:-}"
   local LOCAL_DOCKER_HASH=""
-  LOCAL_DOCKER_HASH="$(docker image inspect embeddedanalyzer/emba:latest --format '{{json .RepoDigests}}' | jq . | grep "sha" | sed -E 's/.*sha256:([0-9|[a-z]+)"/\1/' || true)"
+  LOCAL_DOCKER_HASH="$(docker inspect --format='{{.RepoDigests}}' embeddedanalyzer/emba:latest | tr -d ']' || true)"
+  LOCAL_DOCKER_HASH=${LOCAL_DOCKER_HASH/*:}
 
   if [[ "${LOCAL_DOCKER_HASH}" == "${REMOTE_DOCKER_HASH}" ]]; then
     echo -e "    Docker image version - ${GREEN}ok${NC}"

helpers/helpers_emba_helpers.sh

@@ -359,6 +359,13 @@ module_wait() {
       # if our module which we are waiting is on the blacklist we can just return
       return
     fi
+    if [[ -f "${LOG_DIR}"/emba_error.log ]]; then
+      if grep -q "${MODULE_TO_WAIT}" "${LOG_DIR}"/emba_error.log; then
+        print_output "[-] $(print_date) - WARNING: Module to wait for is probably crashed and will never end. Check the EMBA error log ${LOG_DIR}/emba_error.log" "main"
+        cat "${LOG_DIR}"/emba_error.log >> "${MAIN_LOG}"
+        return
+      fi
+    fi
     sleep 1
   done
 }

modules/F20_vul_aggregator.sh

@@ -1039,11 +1039,11 @@ cve_extractor() {
       ((CVE_COUNTER+=1))
       ((CVE_COUNTER_VERSION+=1))
       if [[ "${THREADED}" -eq 1 ]]; then
-        cve_extractor_thread_actor "${CVE_OUTPUT}" &
+        cve_extractor_thread_actor "${BINARY}" "${VERSION}" "${CVE_OUTPUT}" &
         WAIT_PIDS_TACTOR+=( "$!" )
         max_pids_protection "$(("${MAX_MOD_THREADS}"*3))" "${WAIT_PIDS_TACTOR[@]}"
       else
-        cve_extractor_thread_actor "${CVE_OUTPUT}" &
+        cve_extractor_thread_actor "${BINARY}" "${VERSION}" "${CVE_OUTPUT}"
       fi
     done
 
@@ -1064,7 +1064,8 @@ cve_extractor() {
   fi
 
   if [[ -f "${TMP_DIR}/exploit_cnt.tmp" ]]; then
-    EXPLOIT_COUNTER_VERSION=$(grep -c "^${BINARY};" "${TMP_DIR}/exploit_cnt.tmp" || true)
+    # this counter is wrong as soon as we have the same binary in multiple versions!
+    EXPLOIT_COUNTER_VERSION=$(grep -c "^${BINARY};${VERSION};" "${TMP_DIR}/exploit_cnt.tmp" || true)
   fi
 
   { echo ""
@@ -1137,7 +1138,9 @@ cve_extractor() {
 }
 
 cve_extractor_thread_actor() {
-  local CVE_OUTPUT="${1:-}"
+  local lBIN_BINARY="${1:-}"
+  local lBIN_VERSION="${2:-}"
+  local CVE_OUTPUT="${3:-}"
 
   local CVEv2_TMP=0
   local KERNEL_VERIFIED="no"
@@ -1171,7 +1174,7 @@ cve_extractor_thread_actor() {
   # if we find it this CVE is not further processed
   if [[ -f "${CVE_BLACKLIST}" ]]; then
     if grep -q ^"${CVE_VALUE}"$ "${CVE_BLACKLIST}"; then
-      print_output "[*] ${ORANGE}${CVE_VALUE}${NC} for ${ORANGE}${BINARY}${NC} blacklisted and ignored." "no_log"
+      print_output "[*] ${ORANGE}${CVE_VALUE}${NC} for ${ORANGE}${lBIN_BINARY}${NC} blacklisted and ignored." "no_log"
       return
     fi
   fi
@@ -1181,7 +1184,7 @@ cve_extractor_thread_actor() {
     # do a quick check if there is some data in the whitelist config file
     if [[ $(grep -E -c "^CVE-[0-9]+-[0-9]+$" "${CVE_WHITELIST}") -gt 0 ]]; then
       if ! grep -q ^"${CVE_VALUE}"$ "${CVE_WHITELIST}"; then
-        print_output "[*] ${ORANGE}${CVE_VALUE}${NC} for ${ORANGE}${BINARY}${NC} not in whitelist -> ignored." "no_log"
+        print_output "[*] ${ORANGE}${CVE_VALUE}${NC} for ${ORANGE}${lBIN_BINARY}${NC} not in whitelist -> ignored." "no_log"
         return
       fi
     fi
@@ -1204,13 +1207,13 @@ cve_extractor_thread_actor() {
 
   local EDB=0
   # as we already know about a bunch of kernel exploits - lets search them first
-  if [[ "${BINARY}" == *kernel* ]]; then
+  if [[ "${lBIN_BINARY}" == *kernel* ]]; then
     for KERNEL_CVE_EXPLOIT in "${KERNEL_CVE_EXPLOITS[@]}"; do
       KERNEL_CVE_EXPLOIT=$(echo "${KERNEL_CVE_EXPLOIT}" | cut -d\; -f3)
       if [[ "${KERNEL_CVE_EXPLOIT}" == "${CVE_VALUE}" ]]; then
         EXPLOIT="Exploit (linux-exploit-suggester"
         ((EXPLOIT_COUNTER_VERSION+=1))
-        echo "${BINARY};${CVE_VALUE};kernel exploit" >> "${TMP_DIR}"/exploit_cnt.tmp
+        echo "${lBIN_BINARY};${lBIN_VERSION};${CVE_VALUE};kernel exploit" >> "${TMP_DIR}"/exploit_cnt.tmp
         EDB=1
       fi
     done
@@ -1235,7 +1238,7 @@ cve_extractor_thread_actor() {
     fi
   fi
 
-  if [[ -f "${CSV_DIR}"/s118_busybox_verifier.csv ]] && [[ "${BINARY}" == "busybox" ]]; then
+  if [[ -f "${CSV_DIR}"/s118_busybox_verifier.csv ]] && [[ "${lBIN_BINARY}" == "busybox" ]]; then
     if grep -q ";${CVE_VALUE};" "${CSV_DIR}"/s118_busybox_verifier.csv; then
       print_output "[+] ${ORANGE}INFO:${GREEN} Vulnerability ${ORANGE}${CVE_VALUE}${GREEN} is a verified BusyBox vulnerability (${ORANGE}BusyBox applet${GREEN})!" "no_log"
       BUSYBOX_VERIFIED="yes"
@@ -1305,7 +1308,7 @@ cve_extractor_thread_actor() {
         done
         EDB=1
         ((EXPLOIT_COUNTER_VERSION+=1))
-        echo "${BINARY};${CVE_VALUE};exploit_db" >> "${TMP_DIR}"/exploit_cnt.tmp
+        echo "${lBIN_BINARY};${lBIN_VERSION};${CVE_VALUE};exploit_db" >> "${TMP_DIR}"/exploit_cnt.tmp
       done
 
       # copy the exploit-db exploits to the report
@@ -1353,7 +1356,7 @@ cve_extractor_thread_actor() {
         # only count the msf exploit if we have not already count an other exploit
         # otherwise we count an exploit for one CVE multiple times
         ((EXPLOIT_COUNTER_VERSION+=1))
-        echo "${BINARY};${CVE_VALUE};MSF" >> "${TMP_DIR}"/exploit_cnt.tmp
+        echo "${lBIN_BINARY};${lBIN_VERSION};${CVE_VALUE};MSF" >> "${TMP_DIR}"/exploit_cnt.tmp
         EDB=1
       fi
     fi
@@ -1374,7 +1377,7 @@ cve_extractor_thread_actor() {
         # only count the snyk exploit if we have not already count an other exploit
         # otherwise we count an exploit for one CVE multiple times
         ((EXPLOIT_COUNTER_VERSION+=1))
-        echo "${BINARY};${CVE_VALUE};SNYK" >> "${TMP_DIR}"/exploit_cnt.tmp
+        echo "${lBIN_BINARY};${lBIN_VERSION};${CVE_VALUE};SNYK" >> "${TMP_DIR}"/exploit_cnt.tmp
         EDB=1
       fi
     fi
@@ -1408,7 +1411,7 @@ cve_extractor_thread_actor() {
         # only count the packetstorm exploit if we have not already count an other exploit
         # otherwise we count an exploit for one CVE multiple times
         ((EXPLOIT_COUNTER_VERSION+=1))
-        echo "${BINARY};${CVE_VALUE};PS" >> "${TMP_DIR}"/exploit_cnt.tmp
+        echo "${lBIN_BINARY};${lBIN_VERSION};${CVE_VALUE};PS" >> "${TMP_DIR}"/exploit_cnt.tmp
         EDB=1
       fi
     fi
@@ -1438,7 +1441,7 @@ cve_extractor_thread_actor() {
         # only count the routersploit exploit if we have not already count an other exploit
         # otherwise we count an exploit for one CVE multiple times
         ((EXPLOIT_COUNTER_VERSION+=1))
-        echo "${BINARY};${CVE_VALUE};PS" >> "${TMP_DIR}"/exploit_cnt.tmp
+        echo "${lBIN_BINARY};${lBIN_VERSION};${CVE_VALUE};PS" >> "${TMP_DIR}"/exploit_cnt.tmp
         EDB=1
       fi
     fi
@@ -1469,27 +1472,27 @@ cve_extractor_thread_actor() {
     if [[ "${CVEv2_TMP}" -eq 1 ]]; then CVSS_VALUE="${CVSS_VALUE}"" (v2)"; fi
     if [[ "${EXPLOIT}" == *MSF* || "${EXPLOIT}" == *EDB\ ID* || "${EXPLOIT}" == *linux-exploit-suggester* || "${EXPLOIT}" == *Routersploit* || \
       "${EXPLOIT}" == *Github* || "${EXPLOIT}" == *PSS* || "${EXPLOIT}" == *Snyk* || "${KNOWN_EXPLOITED}" -eq 1 ]]; then
-      printf "${MAGENTA}\t%-20.20s:   %-12.12s:   %-18.18s:   %-10.10s:   %-15.15s:   %s${NC}\n" "${BINARY}" "${VERSION}" "${CVE_VALUE}" "${CVSS_VALUE}" "${VSOURCE}" "${EXPLOIT}" >> "${LOG_PATH_MODULE}"/cve_sum/"${AGG_LOG_FILE}"
+      printf "${MAGENTA}\t%-20.20s:   %-12.12s:   %-18.18s:   %-10.10s:   %-15.15s:   %s${NC}\n" "${lBIN_BINARY}" "${lBIN_VERSION}" "${CVE_VALUE}" "${CVSS_VALUE}" "${VSOURCE}" "${EXPLOIT}" >> "${LOG_PATH_MODULE}"/cve_sum/"${AGG_LOG_FILE}"
     else
-      printf "${RED}\t%-20.20s:   %-12.12s:   %-18.18s:   %-10.10s:   %-15.15s:   %s${NC}\n" "${BINARY}" "${VERSION}" "${CVE_VALUE}" "${CVSS_VALUE}" "${VSOURCE}" "${EXPLOIT}" >> "${LOG_PATH_MODULE}"/cve_sum/"${AGG_LOG_FILE}"
+      printf "${RED}\t%-20.20s:   %-12.12s:   %-18.18s:   %-10.10s:   %-15.15s:   %s${NC}\n" "${lBIN_BINARY}" "${lBIN_VERSION}" "${CVE_VALUE}" "${CVSS_VALUE}" "${VSOURCE}" "${EXPLOIT}" >> "${LOG_PATH_MODULE}"/cve_sum/"${AGG_LOG_FILE}"
     fi
     ((HIGH_CVE_COUNTER+=1))
   elif (( $(echo "${CVSS_VALUE} > 3.9" | bc -l) )); then
     if [[ "${CVEv2_TMP}" -eq 1 ]]; then CVSS_VALUE="${CVSS_VALUE}"" (v2)"; fi
     if [[ "${EXPLOIT}" == *MSF* || "${EXPLOIT}" == *EDB\ ID* || "${EXPLOIT}" == *linux-exploit-suggester* || "${EXPLOIT}" == *Routersploit* || \
       "${EXPLOIT}" == *Github* || "${EXPLOIT}" == *PSS* || "${EXPLOIT}" == *Snyk* || "${KNOWN_EXPLOITED}" -eq 1 ]]; then
-      printf "${MAGENTA}\t%-20.20s:   %-12.12s:   %-18.18s:   %-10.10s:   %-15.15s:   %s${NC}\n" "${BINARY}" "${VERSION}" "${CVE_VALUE}" "${CVSS_VALUE}" "${VSOURCE}" "${EXPLOIT}" >> "${LOG_PATH_MODULE}"/cve_sum/"${AGG_LOG_FILE}"
+      printf "${MAGENTA}\t%-20.20s:   %-12.12s:   %-18.18s:   %-10.10s:   %-15.15s:   %s${NC}\n" "${lBIN_BINARY}" "${lBIN_VERSION}" "${CVE_VALUE}" "${CVSS_VALUE}" "${VSOURCE}" "${EXPLOIT}" >> "${LOG_PATH_MODULE}"/cve_sum/"${AGG_LOG_FILE}"
     else
-      printf "${ORANGE}\t%-20.20s:   %-12.12s:   %-18.18s:   %-10.10s:   %-15.15s:   %s${NC}\n" "${BINARY}" "${VERSION}" "${CVE_VALUE}" "${CVSS_VALUE}" "${VSOURCE}" "${EXPLOIT}" >> "${LOG_PATH_MODULE}"/cve_sum/"${AGG_LOG_FILE}"
+      printf "${ORANGE}\t%-20.20s:   %-12.12s:   %-18.18s:   %-10.10s:   %-15.15s:   %s${NC}\n" "${lBIN_BINARY}" "${lBIN_VERSION}" "${CVE_VALUE}" "${CVSS_VALUE}" "${VSOURCE}" "${EXPLOIT}" >> "${LOG_PATH_MODULE}"/cve_sum/"${AGG_LOG_FILE}"
     fi
     ((MEDIUM_CVE_COUNTER+=1))
   else
     if [[ "${CVEv2_TMP}" -eq 1 ]]; then CVSS_VALUE="${CVSS_VALUE}"" (v2)"; fi
     if [[ "${EXPLOIT}" == *MSF* || "${EXPLOIT}" == *EDB\ ID* || "${EXPLOIT}" == *linux-exploit-suggester* || "${EXPLOIT}" == *Routersploit* || \
       "${EXPLOIT}" == *Github* || "${EXPLOIT}" == *PSS* || "${EXPLOIT}" == *Snyk* || "${KNOWN_EXPLOITED}" -eq 1 ]]; then
-      printf "${MAGENTA}\t%-20.20s:   %-12.12s:   %-18.18s:   %-10.10s:   %-15.15s:   %s${NC}\n" "${BINARY}" "${VERSION}" "${CVE_VALUE}" "${CVSS_VALUE}" "${VSOURCE}" "${EXPLOIT}" >> "${LOG_PATH_MODULE}"/cve_sum/"${AGG_LOG_FILE}"
+      printf "${MAGENTA}\t%-20.20s:   %-12.12s:   %-18.18s:   %-10.10s:   %-15.15s:   %s${NC}\n" "${lBIN_BINARY}" "${lBIN_VERSION}" "${CVE_VALUE}" "${CVSS_VALUE}" "${VSOURCE}" "${EXPLOIT}" >> "${LOG_PATH_MODULE}"/cve_sum/"${AGG_LOG_FILE}"
     else
-      printf "${GREEN}\t%-20.20s:   %-12.12s:   %-18.18s:   %-10.10s:   %-15.15s:   %s${NC}\n" "${BINARY}" "${VERSION}" "${CVE_VALUE}" "${CVSS_VALUE}" "${VSOURCE}" "${EXPLOIT}" >> "${LOG_PATH_MODULE}"/cve_sum/"${AGG_LOG_FILE}"
+      printf "${GREEN}\t%-20.20s:   %-12.12s:   %-18.18s:   %-10.10s:   %-15.15s:   %s${NC}\n" "${lBIN_BINARY}" "${lBIN_VERSION}" "${CVE_VALUE}" "${CVSS_VALUE}" "${VSOURCE}" "${EXPLOIT}" >> "${LOG_PATH_MODULE}"/cve_sum/"${AGG_LOG_FILE}"
     fi
     ((LOW_CVE_COUNTER+=1))
   fi
@@ -1504,7 +1507,7 @@ cve_extractor_thread_actor() {
     echo "${HIGH_CVE_COUNTER}" >> "${TMP_DIR}"/HIGH_CVE_COUNTER.tmp
   fi
 
-  write_csv_log "${BINARY}" "${VERSION}" "${CVE_VALUE}" "${CVSS_VALUE}" "${#EXPLOIT_AVAIL[@]}" "${#EXPLOIT_AVAIL_MSF[@]}" "${#EXPLOIT_AVAIL_TRICKEST[@]}" "${#EXPLOIT_AVAIL_ROUTERSPLOIT[@]}/${#EXPLOIT_AVAIL_ROUTERSPLOIT1[@]}" "${#EXPLOIT_AVAIL_SNYK[@]}" "${#EXPLOIT_AVAIL_PACKETSTORM[@]}" "${LOCAL}" "${REMOTE}" "${DOS}" "${#KNOWN_EXPLOITED_VULNS[@]}" "${KERNEL_VERIFIED}"
+  write_csv_log "${lBIN_BINARY}" "${lBIN_VERSION}" "${CVE_VALUE}" "${CVSS_VALUE}" "${#EXPLOIT_AVAIL[@]}" "${#EXPLOIT_AVAIL_MSF[@]}" "${#EXPLOIT_AVAIL_TRICKEST[@]}" "${#EXPLOIT_AVAIL_ROUTERSPLOIT[@]}/${#EXPLOIT_AVAIL_ROUTERSPLOIT1[@]}" "${#EXPLOIT_AVAIL_SNYK[@]}" "${#EXPLOIT_AVAIL_PACKETSTORM[@]}" "${LOCAL}" "${REMOTE}" "${DOS}" "${#KNOWN_EXPLOITED_VULNS[@]}" "${KERNEL_VERIFIED}"
 
 }
 

modules/F50_base_aggregator.sh

@@ -559,7 +559,7 @@ output_binaries() {
         write_link "s14#strcpysummary"
       fi
       DATA=1
-      printf "${GREEN_}\t%-5.5s| %-15.15s | common linux file: y/n | %-8.8s / %-8.8s| %-9.9s | %-9.9s | %-11.11s | %-10.10s | %-13.13s |${NC}\n" "COUNT" "BINARY NAME" "CWE CNT" "SEMGREP" "RELRO" "CANARY" "NX state" "SYMBOLS" "NETWORKING" | tee -a "${LOG_FILE}"
+      printf "${GREEN_}\t%-5.5s| %-15.15s | common linux file: y/n | %-8.8s / %-8.8s| %-8.8s | %-9.9s | %-11.11s | %-10.10s | %-13.13s |${NC}\n" "COUNT" "BINARY NAME" "CWE CNT" "SEMGREP" "RELRO" "CANARY" "NX state" "SYMBOLS" "NETWORKING" | tee -a "${LOG_FILE}"
       for DETAIL_STRCPY in "${RESULTS_STRCPY[@]}" ; do
         binary_fct_output "${DETAIL_STRCPY}"
         write_csv_log "strcpy_bin" "${BINARY}" "${F_COUNTER}" "NA" "NA" "NA" "NA" "NA" "NA"
@@ -577,7 +577,7 @@ output_binaries() {
         write_link "s14#systemsummary"
       fi
       DATA=1
-      printf "${GREEN_}\t%-5.5s| %-15.15s | common linux file: y/n | %-8.8s / %-8.8s| %-9.9s | %-9.9s | %-11.11s | %-10.10s | %-13.13s |${NC}\n" "COUNT" "BINARY NAME" "CWE CNT" "SEMGREP" "RELRO" "CANARY" "NX state" "SYMBOLS" "NETWORKING" | tee -a "${LOG_FILE}"
+      printf "${GREEN_}\t%-5.5s| %-15.15s | common linux file: y/n | %-8.8s / %-8.8s| %-8.8s | %-9.9s | %-11.11s | %-10.10s | %-13.13s |${NC}\n" "COUNT" "BINARY NAME" "CWE CNT" "SEMGREP" "RELRO" "CANARY" "NX state" "SYMBOLS" "NETWORKING" | tee -a "${LOG_FILE}"
       for DETAIL_SYSTEM in "${RESULTS_SYSTEM[@]}" ; do
         binary_fct_output "${DETAIL_SYSTEM}"
         write_csv_log "system_bin" "${BINARY}" "${F_COUNTER}" "NA" "NA" "NA" "NA" "NA" "NA"

modules/S115_usermode_emulator.sh

@@ -275,7 +275,7 @@ prepare_emulator() {
       print_output "$(indent "$(red "Terminating EMBA now.\\n")")"
       exit 1
     else
-      cp "$(command -v "${EMULATOR}")" "${R_PATH}"
+      cp "$(command -v "${EMULATOR}")" "${R_PATH}" || (print_output "[-] Issues in copy emulator process for emulator ${EMULATOR}" && return)
     fi
 
     if ! [[ -d "${R_PATH}""/proc" ]] ; then

modules/S20_shell_check.sh

@@ -69,7 +69,7 @@ S20_shell_check()
     write_log ""
     write_log "[*] Statistics:${S20_SHELL_VULNS}:${S20_SCRIPTS}"
 
-    mapfile -t S20_VULN_TYPES < <(grep "\^--\ SC[0-9]" "${LOG_PATH_MODULE}"/shellchecker_* 2>/dev/null | cut -d: -f2- | sed -e 's/\ \+\^--\ //g' | sed -e 's/\^--\ //g' | sort -u -t: -k1,1 || true)
+    mapfile -t S20_VULN_TYPES < <(grep "\^--\ SC[0-9]" "${LOG_PATH_MODULE}"/shellchecker_* 2>/dev/null | cut -d: -f2- | sed -e 's/\ \+\^--\ //g' | sed -e 's/\^--\ //g' | sort -u -t: -k1,1 | tr -d '\\n' || true)
     for VTYPE in "${S20_VULN_TYPES[@]}" ; do
       print_output "$(indent "${NC}""[""${GREEN}""+""${NC}""]""${GREEN}"" ""${VTYPE}""${NC}")"
     done