Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Drop the ssdeep library and remove its hash support #7525

Merged
merged 4 commits into from Apr 5, 2022
Merged

Drop the ssdeep library and remove its hash support #7525

merged 4 commits into from Apr 5, 2022

Conversation

iko1
Copy link
Contributor

@iko1 iko1 commented Mar 19, 2022

Fixes #7520

@iko1 iko1 requested review from a team as code owners March 19, 2022 13:56
@directionless directionless added the deprecation Relating to function deprecation label Mar 19, 2022
@mike-myers-tob mike-myers-tob added ready for review Pull requests that are ready to be reviewed by a maintainer libraries For things referring to osquery third party libraries dependency labels Mar 22, 2022
directionless
directionless reviewed Mar 25, 2022
View reviewed changes
Copy link
Member

@directionless directionless left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reading about ssdeep, it seems like fuzzyhasing is somewhat important in some areas. But it also seems like this is pretty unmaintained, I don't know if we have good options

@directionless
Copy link
Member

In discussion at office hours today, we concluded that while fuzzy hashing is useful, since the ssdeep library looks unmaintained, we should make the hard choice and drop it. If we find a more maintained version, we should bring it back. But for now 👍

@iko1
Copy link
Contributor Author

iko1 commented Mar 30, 2022

In discussion at office hours today, we concluded that while fuzzy hashing is useful, since the ssdeep library looks unmaintained, we should make the hard choice and drop it. If we find a more maintained version, we should bring it back. But for now 👍

I'm totally agree with this choice, but in the other hand the fuzzy hashing can be useful for some users in experimental cases. What do you think to have the ssdeep feature as an extension so it can be used on demand?

@iko1 iko1 requested a review from directionless March 30, 2022 17:39
@directionless
Copy link
Member

I'm totally agree with this choice, but in the other hand the fuzzy hashing can be useful for some users in experimental cases. What do you think to have the ssdeep feature as an extension so it can be used on demand?

At present, the osquery foundation does not maintain or distribute extensions. I think it would be a great thing for people to try, but folks don't need our permission for that.

Smjert
Smjert reviewed Mar 31, 2022
View reviewed changes
Copy link
Member

@Smjert Smjert left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this PR! We should also remove this now unused variable:
https://github.com/osquery/osquery/pull/7525/files#diff-021da22b2dcfaaaf9c769954cde0773b7cb8ac1e684e7b79fd58ecd5662db2deL306

And actually delete also the folder libraries/cmake/source/ssdeep-cpp

@iko1
Copy link
Contributor Author

iko1 commented Mar 31, 2022

Thanks for this PR! We should also remove this now unused variable: https://github.com/osquery/osquery/pull/7525/files#diff-021da22b2dcfaaaf9c769954cde0773b7cb8ac1e684e7b79fd58ecd5662db2deL306

And actually delete also the folder libraries/cmake/source/ssdeep-cpp

Can you specify which variable should be removed please?

@Smjert
Copy link
Member

Smjert commented Mar 31, 2022

Thanks for this PR! We should also remove this now unused variable: https://github.com/osquery/osquery/pull/7525/files#diff-021da22b2dcfaaaf9c769954cde0773b7cb8ac1e684e7b79fd58ecd5662db2deL306
And actually delete also the folder libraries/cmake/source/ssdeep-cpp

Can you specify which variable should be removed please?

Yeah sorry, sometimes those links don't work: it's const std::string contentSsdeep = "3:Ttn:Jn"; in the system_tables_tests.cpp file

@Smjert
Copy link
Member

Smjert commented Mar 31, 2022
edited

Also for the ReadTheDocs failure, please rebase on latest master, which has the fix.

@iko1 iko1 requested a review from Smjert March 31, 2022 15:53
@mike-myers-tob mike-myers-tob merged commit c101603 into osquery:master Apr 5, 2022
alessandrogario pushed a commit to trailofbits/osquery that referenced this pull request Apr 5, 2022
@iko1 @alessandrogario
Drop the ssdeep library and remove its hash support (osquery#7525)
e7475d3 
* drop ssdeep support

* CR comment

* delete unused variable
@Smjert Smjert mentioned this pull request Jul 20, 2022
Closed
aikuchin pushed a commit to aikuchin/osquery that referenced this pull request Jul 11, 2023
@mogrein
Merge pull request osquery#24 in CLOUD/osquery from sync/osquery-5.2.…
9b71df7 
…3 to master

* commit '35edba4e8627f883dc6394f60a7fff60a5a39353':
  libs: Update OpenSSL from version 1.1.1l to 1.1.1n (osquery#7506)
  Drop shortcut_files table (osquery#7547)
  Drop the ssdeep library and remove its hash support  (osquery#7525)
  libs: Update zlib from v1.2.11 to v1.2.12 (osquery#7548)
  Remove libelfin and elf parsing tables (osquery#7524)
  Update librpm to 4.17.0 (osquery#7529)
  libs: Update expat from version 2.2.10 to 2.4.7 (osquery#7526)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Smjert Smjert Smjert approved these changes

@directionless directionless Awaiting requested review from directionless

Assignees
No one assigned
Labels
deprecation Relating to function deprecation libraries For things referring to osquery third party libraries ready for review Pull requests that are ready to be reviewed by a maintainer
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Drop the ssdeep library and hash
4 participants
@iko1 @directionless @Smjert @mike-myers-tob