Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

trojan scanner #1178

Merged
merged 2 commits into from Dec 3, 2021
Merged

trojan scanner #1178

merged 2 commits into from Dec 3, 2021

Conversation

frenchy64
Copy link
Contributor

@frenchy64 frenchy64 commented Dec 3, 2021
edited

Related https://github.com/advthreat/iroh/issues/6052

Scans repository every build, and uberjar before every deployment.

There's something wrong with CTIA's uberjar. Worked around it and logged here: https://github.com/advthreat/iroh/issues/6060

§ QA

No QA is needed.

§ Release Notes

intern: trojan scanner

§ Squashed Commits

@frenchy64 frenchy64 marked this pull request as ready for review December 3, 2021 16:23
@frenchy64 frenchy64 self-assigned this Dec 3, 2021
@frenchy64 frenchy64 added review dev Developer facing changes labels Dec 3, 2021
agzam
agzam approved these changes Dec 3, 2021
View reviewed changes
Copy link
Contributor

@agzam agzam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very cool how you were able to get it done so quickly. Lack of docstrings/comments a bit inconvenient, but it feels that if someone starts poking around it, it wouldn't be too difficult to understand what's happening.

.do_not_edit-trojansourcedetector.json
"tmp/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*",
"tmp/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*"
]
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interesting Christmas tree :)

scripts/do_not_edit-uberjar_trojansourcedetector.json
"goog/format/internationalizedemailaddress.js",
"swagger-ui/swagger-ui-bundle.js"
]
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How did you find out what needs to be excluded? Just curious.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Start with an empty vector, iterate and add exclusions for things that seemed plausible to need bidi chars.

scripts/uberjar-trojan-scan.clj
;; FIXME logged: https://github.com/advthreat/iroh/issues/6060
;; erm, there's something wrong with ctia's META-INF/license directory,
;; it cannot be unzipped with jar.
;; java.io.IOException: META-INF/license : could not create directory
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like a permission issue 🤷

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here's how to reproduce:

lein uberjar
cd target
jar xf ctia.jar

scripts/actions/install-trojansourcedetector.sh
rm -rf tmp/trojansourcedetector
mkdir -p tmp/trojansourcedetector
cd tmp/trojansourcedetector
curl -sLO https://github.com/haveyoudebuggedit/trojansourcedetector/releases/download/v1.0.1/trojansourcedetector_1.0.1_linux_amd64.tar.gz
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What happens if it fails to fetch it?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

set -e fails the script.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah of course! 👍

@frenchy64 frenchy64 merged commit d083303 into master Dec 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@agzam agzam agzam approved these changes

@DeLaGuardo DeLaGuardo Awaiting requested review from DeLaGuardo DeLaGuardo is a code owner

@ereteog ereteog Awaiting requested review from ereteog ereteog is a code owner

@gbuisson gbuisson Awaiting requested review from gbuisson gbuisson is a code owner

@irinarenteria irinarenteria Awaiting requested review from irinarenteria

@msprunck msprunck Awaiting requested review from msprunck msprunck is a code owner

@obarbeau obarbeau Awaiting requested review from obarbeau obarbeau is a code owner

@rplevy rplevy Awaiting requested review from rplevy rplevy is a code owner

@turbodog99 turbodog99 Awaiting requested review from turbodog99 turbodog99 is a code owner

@wandersoncferreira wandersoncferreira Awaiting requested review from wandersoncferreira wandersoncferreira is a code owner

@yogsototh yogsototh Awaiting requested review from yogsototh yogsototh is a code owner

Assignees

@frenchy64 frenchy64

Labels
dev Developer facing changes review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@frenchy64 @agzam