-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
trojan scanner #1178
trojan scanner #1178
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
{ | ||
"detect_bidi" : true, | ||
"detect_unicode" : false, | ||
"exclude" : [ | ||
".git", | ||
".git/*", | ||
".git/*/*", | ||
".git/*/*/*", | ||
".git/*/*/*/*", | ||
".git/*/*/*/*/*", | ||
".git/*/*/*/*/*/*", | ||
".git/*/*/*/*/*/*/*", | ||
".git/*/*/*/*/*/*/*/*", | ||
".git/*/*/*/*/*/*/*/*/*", | ||
".git/*/*/*/*/*/*/*/*/*/*", | ||
".git/*/*/*/*/*/*/*/*/*/*/*", | ||
".git/*/*/*/*/*/*/*/*/*/*/*/*", | ||
".git/*/*/*/*/*/*/*/*/*/*/*/*/*", | ||
".git/*/*/*/*/*/*/*/*/*/*/*/*/*/*", | ||
".git/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*", | ||
".git/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*", | ||
".git/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*", | ||
".git/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*", | ||
".git/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*", | ||
"bin", | ||
"bin/*", | ||
"bin/*/*", | ||
"bin/*/*/*", | ||
"bin/*/*/*/*", | ||
"bin/*/*/*/*/*", | ||
"bin/*/*/*/*/*/*", | ||
"bin/*/*/*/*/*/*/*", | ||
"bin/*/*/*/*/*/*/*/*", | ||
"bin/*/*/*/*/*/*/*/*/*", | ||
"bin/*/*/*/*/*/*/*/*/*/*", | ||
"bin/*/*/*/*/*/*/*/*/*/*/*", | ||
"bin/*/*/*/*/*/*/*/*/*/*/*/*", | ||
"bin/*/*/*/*/*/*/*/*/*/*/*/*/*", | ||
"bin/*/*/*/*/*/*/*/*/*/*/*/*/*/*", | ||
"bin/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*", | ||
"bin/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*", | ||
"bin/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*", | ||
"bin/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*", | ||
"bin/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*", | ||
"target", | ||
"target/*", | ||
"target/*/*", | ||
"target/*/*/*", | ||
"target/*/*/*/*", | ||
"target/*/*/*/*/*", | ||
"target/*/*/*/*/*/*", | ||
"target/*/*/*/*/*/*/*", | ||
"target/*/*/*/*/*/*/*/*", | ||
"target/*/*/*/*/*/*/*/*/*", | ||
"target/*/*/*/*/*/*/*/*/*/*", | ||
"target/*/*/*/*/*/*/*/*/*/*/*", | ||
"target/*/*/*/*/*/*/*/*/*/*/*/*", | ||
"target/*/*/*/*/*/*/*/*/*/*/*/*/*", | ||
"target/*/*/*/*/*/*/*/*/*/*/*/*/*/*", | ||
"target/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*", | ||
"target/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*", | ||
"target/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*", | ||
"target/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*", | ||
"target/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*", | ||
"tmp", | ||
"tmp/*", | ||
"tmp/*/*", | ||
"tmp/*/*/*", | ||
"tmp/*/*/*/*", | ||
"tmp/*/*/*/*/*", | ||
"tmp/*/*/*/*/*/*", | ||
"tmp/*/*/*/*/*/*/*", | ||
"tmp/*/*/*/*/*/*/*/*", | ||
"tmp/*/*/*/*/*/*/*/*/*", | ||
"tmp/*/*/*/*/*/*/*/*/*/*", | ||
"tmp/*/*/*/*/*/*/*/*/*/*/*", | ||
"tmp/*/*/*/*/*/*/*/*/*/*/*/*", | ||
"tmp/*/*/*/*/*/*/*/*/*/*/*/*/*", | ||
"tmp/*/*/*/*/*/*/*/*/*/*/*/*/*/*", | ||
"tmp/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*", | ||
"tmp/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*", | ||
"tmp/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*", | ||
"tmp/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*", | ||
"tmp/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*" | ||
] | ||
} | ||
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -17,4 +17,5 @@ pom.xml | |
.lsp/.cache | ||
.clj-kondo/.cache | ||
.clj-kondo/cache | ||
.clj-kondo/rewrite-clj/ | ||
.clj-kondo/rewrite-clj/ | ||
tmp |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,17 @@ | ||
{:paths ["scripts" | ||
"scripts-test"]} | ||
"scripts-test"] | ||
:tasks | ||
{:requires ([babashka.fs :as fs] | ||
[babashka.process :as p :refer [process]] | ||
[babashka.wait :as wait]) | ||
;; bb nrepl | ||
nrepl (let [port (with-open [sock (java.net.ServerSocket. 0)] (.getLocalPort sock)) | ||
proc (process (str "bb nrepl-server " port) {:inherit true}) | ||
paths ["scripts" | ||
"scripts-test"]] | ||
(wait/wait-for-port "localhost" port) | ||
(doseq [path paths | ||
:let [nrepl-port-path (str path "/.nrepl-port")]] | ||
(spit nrepl-port-path port) | ||
(fs/delete-on-exit nrepl-port-path)) | ||
(deref proc))}} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
#!/bin/bash | ||
|
||
set -Eeuxo pipefail | ||
|
||
if ! command -v trojansourcedetector &> /dev/null | ||
then | ||
rm -rf tmp/trojansourcedetector | ||
mkdir -p tmp/trojansourcedetector | ||
cd tmp/trojansourcedetector | ||
curl -sLO https://github.com/haveyoudebuggedit/trojansourcedetector/releases/download/v1.0.1/trojansourcedetector_1.0.1_linux_amd64.tar.gz | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. What happens if it fails to fetch it? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ah of course! 👍 |
||
sha256sum trojansourcedetector_1.0.1_linux_amd64.tar.gz | grep 62dfc2afb37c0124b755dbcee52e5af5cea2da372609cc83a8c2cbb62caf7598 | ||
tar -xf trojansourcedetector_1.0.1_linux_amd64.tar.gz | ||
cp trojansourcedetector "${BIN_PATH}" | ||
fi |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
{ | ||
"directory" : "tmp/unzipped-uberjar", | ||
"exclude" : [ | ||
"META-INF/native/linux64/liblmdbjni.so", | ||
"com/google/common/base/CharMatcher$Invisible.class", | ||
"com/google/protobuf/DescriptorProtos$SourceCodeInfo$Location$Builder.class", | ||
"com/ibm/icu/impl/data/icudt65b/brkitr/*.dict", | ||
"com/ibm/icu/impl/data/icudt65b/*.res", | ||
"com/ibm/icu/impl/data/icudt65b/*/*.res", | ||
"com/ibm/icu/impl/data/icudt65b/unames.icu", | ||
"externs.zip", | ||
"goog/demos/emoji/*.gif", | ||
"goog/demos/emoji/*.png", | ||
"goog/images/*.gif", | ||
"goog/images/*.png", | ||
"graphql/parser/antlr/GraphqlLexer.class", | ||
"img/*.png", | ||
"org/apache/commons/codec/language/bm/gen_rules_arabic.txt", | ||
"org/apache/curator/shaded/com/google/common/base/CharMatcher$Invisible.class", | ||
"org/bouncycastle/crypto/engines/AESFastEngine.class", | ||
"org/xerial/snappy/native/Linux/android-arm/libsnappyjava.so", | ||
"org/xerial/snappy/native/Linux/ppc64le/libsnappyjava.so", | ||
"org/xerial/snappy/native/Windows/x86/snappyjava.dll", | ||
"goog/i18n/datetimepatternsext.js", | ||
"goog/i18n/datetimesymbols.js", | ||
"goog/i18n/datetimesymbolsext.js", | ||
"goog/labs/i18n/listsymbols.js", | ||
"goog/labs/i18n/listsymbolsext.js", | ||
"goog/i18n/datetimepatterns.js", | ||
"goog/format/internationalizedemailaddress.js", | ||
"swagger-ui/swagger-ui-bundle.js" | ||
] | ||
} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. How did you find out what needs to be excluded? Just curious. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Start with an empty vector, iterate and add exclusions for things that seemed plausible to need bidi chars. |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
#!/usr/bin/env bb | ||
|
||
;; Devs: run `bb nrepl` at project root start an nrepl server | ||
|
||
;; https://github.com/haveyoudebuggedit/trojansourcedetector#configuration | ||
|
||
(require '[cheshire.core :as json]) | ||
|
||
(defn gen-edn-config [base-config excluded-file-types excluded-directories] | ||
(let [explode-extension (fn [extension] | ||
(take 15 | ||
(iterate (fn [p] | ||
(str "*/" p)) | ||
(str "*." extension)))) | ||
explode-directory (fn [directory] | ||
(take 20 | ||
(iterate (fn [p] | ||
(str p "/*")) | ||
directory)))] | ||
(update base-config | ||
"exclude" (fn [exclude] | ||
(-> (or exclude []) | ||
(into (mapcat explode-extension) excluded-file-types) | ||
(into (mapcat explode-directory) excluded-directories)))))) | ||
|
||
(comment | ||
(clojure.repl/pst) | ||
(gen-edn-config base-config excluded-file-types excluded-directories) | ||
(take 10 | ||
(iterate (fn [p] | ||
(str "*/" p)) | ||
"*.png")) | ||
) | ||
|
||
(defn gen-json-config [base-config excluded-file-types excluded-directories] | ||
(str (json/generate-string | ||
(gen-edn-config base-config excluded-file-types excluded-directories) | ||
{:pretty (json/create-pretty-printer | ||
(assoc json/default-pretty-print-options | ||
:indent-arrays? true))}) | ||
\newline)) | ||
|
||
(comment | ||
(println (gen-json-config base-config excluded-file-types excluded-directories)) | ||
) | ||
|
||
(defn regen-config [path base-config excluded-file-types excluded-directories] | ||
(spit path | ||
(gen-json-config base-config excluded-file-types excluded-directories))) | ||
|
||
(def config-path ".do_not_edit-trojansourcedetector.json") | ||
|
||
(def excluded-file-types | ||
(sorted-set | ||
)) | ||
|
||
(def excluded-directories | ||
(sorted-set | ||
".git" | ||
"target" | ||
"tmp" | ||
"bin")) | ||
|
||
(def base-config | ||
(sorted-map | ||
"detect_unicode" false, | ||
"detect_bidi" true | ||
"exclude" [])) | ||
|
||
(defn -main [& args] | ||
(assert (empty? args) (pr-str args)) | ||
(regen-config config-path base-config excluded-file-types excluded-directories)) | ||
|
||
(comment | ||
(-main)) | ||
|
||
(when (= *file* (System/getProperty "babashka.file")) (-main)) |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
#!/bin/bash | ||
|
||
set -Eeuxo pipefail | ||
|
||
./scripts/generate-trojan-config.clj | ||
|
||
trojansourcedetector -config .do_not_edit-trojansourcedetector.json |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Interesting Christmas tree :)