Scan profile support

emba.sh

@@ -213,7 +213,7 @@ main()
   export EMBA_COMMAND
   EMBA_COMMAND="$(dirname "$0")""/emba.sh ""$*"
 
-  while getopts a:A:cdDe:Ef:Fghik:l:m:N:stxX:Y:WzZ: OPT ; do
+  while getopts a:A:cdDe:Ef:Fghik:l:m:N:p:stxX:Y:WzZ: OPT ; do
     case $OPT in
       a)
         export ARCH="$OPTARG"
@@ -270,6 +270,9 @@ main()
       N)
         export FW_NOTES="$OPTARG"
         ;;
+      p)
+        export PROFILE="$OPTARG"
+       ;;
       s)
         export SHORT_PATH=1
         ;;
@@ -304,6 +307,26 @@ main()
 
   echo
 
+  # profile handling
+  if [[ -n "$PROFILE" ]]; then
+    if [[ -f ./scan-profiles/"$PROFILE" ]]; then
+      print_bar "no_log"
+      if [[ $IN_DOCKER -ne 1 ]] ; then
+        print_output "[*] Loading emba scan profile with the following settings:" "no_log"
+      else
+        print_output "[*] Loading emba scan profile." "no_log"
+      fi
+      # all profile output and settings are done by the profile file located in ./scan-profiles/
+      # shellcheck disable=SC1090
+      source ./scan-profiles/"$PROFILE"
+      print_output "[*] Profile ./scan-profiles/$PROFILE loaded." "no_log"
+      print_bar "no_log"
+    else
+      print_output "[!] Profile ./scan-profiles/$PROFILE not found." "no_log"
+      exit 1
+    fi
+  fi
+
   # check provided paths for validity 
   check_path_valid "$FIRMWARE_PATH"
   check_path_valid "$KERNEL_CONFIG"
@@ -431,7 +454,7 @@ main()
 
     OPTIND=1
     ARGS=""
-    while getopts a:A:cdDe:Ef:Fghik:l:m:N:stX:Y:WxzZ: OPT ; do
+    while getopts a:A:cdDe:Ef:Fghik:l:m:N:p:stX:Y:WxzZ: OPT ; do
       case $OPT in
         D|f|i|l)
           ;;

helpers/print.sh

@@ -370,6 +370,7 @@ print_help()
   echo -e "$CYAN""-E""$NC""                Enables automated qemu emulation tests (WARNING this module could harm your host!)"
   echo -e "$CYAN""-D""$NC""                Runs emba in docker container"
   echo -e "$CYAN""-i""$NC""                Ignores log path check"
+  echo -e "$CYAN""-p [PROFILE]""$NC""      Emba starts with a pre-defined profile (stored in ./scan-profiles)"
   echo -e "\\nWeb reporter"
   echo -e "$CYAN""-W""$NC""                Activates web report creation in log path (overwrites -z)"
   echo -e "\\nDependency check"

modules/F50_base_aggregator.sh

@@ -264,6 +264,7 @@ output_binaries() {
     print_bar
   fi
 
+  cwe_logging
   # we use the logger from the s120 cwe checker module again:
   if [[ -f "$LOG_DIR"/"$S120_LOG" ]]; then
     final_cwe_log "$TOTAL_CWE_CNT"
@@ -568,3 +569,20 @@ print_os() {
   fi
 }
 
+cwe_logging() {
+  LOG_DIR_MOD="s120_cwe_checker"
+  if [[ -d "$LOG_DIR"/"$LOG_DIR_MOD" ]]; then
+    mapfile -t CWE_OUT < <( cat "$LOG_DIR"/"$LOG_DIR_MOD"/cwe_*.log 2>/dev/null | grep -v "ERROR\|DEBUG\|INFO" | grep "CWE[0-9]" | sed -z 's/[0-9]\.[0-9]//g' | cut -d\( -f1,3 | cut -d\) -f1 | sort -u | tr -d '(' | tr -d "[" | tr -d "]" )
+    print_output ""
+    if [[ ${#CWE_OUT[@]} -gt 0 ]] ; then
+      print_output "[+] cwe-checker found a total of ""$ORANGE""${#CWE_OUT[@]}""$GREEN"" of the following security issues:"
+      for CWE_LINE in "${CWE_OUT[@]}"; do
+        CWE="$(echo "$CWE_LINE" | cut -d\  -f1)"
+        CWE_DESC="$(echo "$CWE_LINE" | cut -d\  -f2-)"
+        CWE_CNT="$(cat "$LOG_DIR"/"$LOG_DIR_MOD"/cwe_*.log 2>/dev/null | grep -c "$CWE")"
+        print_output "$(indent "$(orange "$CWE""$GREEN"" - ""$CWE_DESC"" - ""$ORANGE""$CWE_CNT"" times.")")"
+      done
+    fi
+  fi
+}
+

scan-profiles/default-scan-docker.emba

@@ -0,0 +1,31 @@
+# emba - EMBEDDED LINUX ANALYZER
+#
+# Copyright 2020-2021 Siemens Energy AG
+# Copyright 2020-2021 Siemens AG
+#
+# emba comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+# emba is licensed under GPLv3
+#
+# Author(s): Michael Messner, Pascal Eckmann
+#
+# Description: This is a default emba profile. You can Use it as a template for your own profiles
+#              or start emba with "-p default-scan-docker.emba" to use it
+
+export FORMAT_LOG=1
+export THREADED=1
+export SHORT_PATH=1
+export HTML=1
+export QEMULATION=1
+# we output the profile only at the beginning - outside the docker environment
+if [[ $IN_DOCKER -ne 1 ]] ; then
+  print_output "$(indent "$(orange "Adds ANSI color codes to log")")" "no_log"
+  print_output "$(indent "$(orange "Activate multi threading (destroys regular console output)")")" "no_log"
+  print_output "$(indent "$(orange "Prints only relative paths")")" "no_log"
+  print_output "$(indent "$(orange "Activates web report creation in log path")")" "no_log"
+  print_output "$(indent "$(orange "Enables automated qemu emulation tests (WARNING this module could harm your host!)")")" "no_log"
+  print_output "$(indent "$(orange "Runs emba in docker container")")" "no_log"
+  export USE_DOCKER=1
+fi

scan-profiles/default-scan.emba

@@ -0,0 +1,26 @@
+# emba - EMBEDDED LINUX ANALYZER
+#
+# Copyright 2020-2021 Siemens Energy AG
+# Copyright 2020-2021 Siemens AG
+#
+# emba comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+# emba is licensed under GPLv3
+#
+# Author(s): Michael Messner, Pascal Eckmann
+#
+# Description: This is a default emba profile. You can Use it as a template for your own profiles
+#              or start emba with "-p default-scan.emba" to use it
+
+print_output "$(indent "$(orange "Adds ANSI color codes to log")")" "no_log"
+export FORMAT_LOG=1
+print_output "$(indent "$(orange "Activate multi threading (destroys regular console output)")")" "no_log"
+export THREADED=1
+print_output "$(indent "$(orange "Prints only relative paths")")" "no_log"
+export SHORT_PATH=1
+print_output "$(indent "$(orange "Activates web report creation in log path")")" "no_log"
+export HTML=1
+print_output "$(indent "$(orange "Enables automated qemu emulation tests (WARNING this module could harm your host!)")")" "no_log"
+export QEMULATION=1

scan-profiles/full-scan.emba

@@ -0,0 +1,28 @@
+# emba - EMBEDDED LINUX ANALYZER
+#
+# Copyright 2020-2021 Siemens Energy AG
+# Copyright 2020-2021 Siemens AG
+#
+# emba comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+# emba is licensed under GPLv3
+#
+# Author(s): Michael Messner, Pascal Eckmann
+#
+# Description: This is a default emba profile. You can Use it as a template for your own profiles
+#              or start emba with "-p full-scan.emba" to use it
+
+print_output "$(indent "Adds ANSI color codes to log")" "no_log"
+export FORMAT_LOG=1
+print_output "$(indent "Activate multi threading (destroys regular console output)")" "no_log"
+export THREADED=1
+print_output "$(indent "Prints only relative paths")" "no_log"
+export SHORT_PATH=1
+print_output "$(indent "Activates web report creation in log path")" "no_log"
+export HTML=1
+print_output "$(indent "Enables automated qemu emulation tests (WARNING this module could harm your host!)")" "no_log"
+export QEMULATION=1
+print_output "$(indent "Enable cwe-checker")" "no_log"
+export CWE_CHECKER=1

scan-profiles/full-scan_docker.emba

@@ -0,0 +1,34 @@
+# emba - EMBEDDED LINUX ANALYZER
+#
+# Copyright 2020-2021 Siemens Energy AG
+# Copyright 2020-2021 Siemens AG
+#
+# emba comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+# emba is licensed under GPLv3
+#
+# Author(s): Michael Messner, Pascal Eckmann
+#
+# Description: This is a default emba profile. You can Use it as a template for your own profiles
+#              or start emba with "-p full-scan_docker.emba" to use it
+
+export FORMAT_LOG=1
+export THREADED=1
+export SHORT_PATH=1
+export HTML=1
+export CWE_CHECKER=1
+export QEMULATION=1
+# we output the profile only at the beginning - outside the docker environment
+if [[ $IN_DOCKER -ne 1 ]] ; then
+  print_output "$(indent "$(orange "Adds ANSI color codes to log")")" "no_log"
+  print_output "$(indent "$(orange "Activate multi threading (destroys regular console output)")")" "no_log"
+  print_output "$(indent "$(orange "Prints only relative paths")")" "no_log"
+  print_output "$(indent "$(orange "Activates web report creation in log path")")" "no_log"
+  print_output "$(indent "$(orange "Enable cwe-checker")")" "no_log"
+  print_output "$(indent "$(orange "Enables automated qemu emulation tests (WARNING this module could harm your host!)")")" "no_log"
+  print_output "$(indent "$(orange "Runs emba in docker container")")" "no_log"
+  export USE_DOCKER=1
+fi
+