New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
trojan scanner #1178
trojan scanner #1178
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very cool how you were able to get it done so quickly. Lack of docstrings/comments a bit inconvenient, but it feels that if someone starts poking around it, it wouldn't be too difficult to understand what's happening.
"tmp/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*", | ||
"tmp/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*" | ||
] | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Interesting Christmas tree :)
"goog/format/internationalizedemailaddress.js", | ||
"swagger-ui/swagger-ui-bundle.js" | ||
] | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How did you find out what needs to be excluded? Just curious.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Start with an empty vector, iterate and add exclusions for things that seemed plausible to need bidi chars.
;; FIXME logged: https://github.com/advthreat/iroh/issues/6060 | ||
;; erm, there's something wrong with ctia's META-INF/license directory, | ||
;; it cannot be unzipped with jar. | ||
;; java.io.IOException: META-INF/license : could not create directory |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like a permission issue 🤷
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here's how to reproduce:
lein uberjar
cd target
jar xf ctia.jar
rm -rf tmp/trojansourcedetector | ||
mkdir -p tmp/trojansourcedetector | ||
cd tmp/trojansourcedetector | ||
curl -sLO https://github.com/haveyoudebuggedit/trojansourcedetector/releases/download/v1.0.1/trojansourcedetector_1.0.1_linux_amd64.tar.gz |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What happens if it fails to fetch it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
set -e
fails the script.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah of course! 👍
Related https://github.com/advthreat/iroh/issues/6052
Scans repository every build, and uberjar before every deployment.
There's something wrong with CTIA's uberjar. Worked around it and logged here: https://github.com/advthreat/iroh/issues/6060
§ QA
No QA is needed.
§ Release Notes
§ Squashed Commits