crawl

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 21, 2021 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	UnknownVersion = "unknown"
)

Variables

This section is empty.

Functions

func BytecodeMatchesPartialSignatures added in v1.0.0 

func BytecodeMatchesPartialSignatures(methodBytecodes [][]byte) (string, bool)

BytecodeMatchesPartialSignatures compares the given class method bytecode against snippets from known versions. A partial signature is made up of two parts: exact matches and partial matches. For an exact match to be identified the entirety of the bytecode a method must match the signature. Partial matches provide a prefix and suffix, these must both match a given method for the partial match to be a success.

Types

type Crawler 

type Crawler struct {
	Limiter ratelimit.Limiter
	// if non-nil, error output is written to this writer
	ErrorWriter io.Writer
	IgnoreDirs  []*regexp.Regexp
}

Crawler crawls filesystems, matching and conditionally processing files.

func (Crawler) Crawl 

func (c Crawler) Crawl(ctx context.Context, root string, match MatchFunc, process ProcessFunc) (Stats, error)

Crawl crawls the provided root directory. Each file is passed to the provided match function, which returns true if the path should be processed by the provided process function. On encountering a directory, the path will be compared against all IgnoreDirs configured in the Crawler. If any pattern matches, the directory (and all files nested inside the directory) will be ignored.

type Finding 

type Finding int
const (
	NothingDetected                Finding = 0
	JndiLookupClassName            Finding = 1 << iota
	JndiLookupClassPackageAndName  Finding = 1 << iota
	JndiManagerClassName           Finding = 1 << iota
	JarName                        Finding = 1 << iota
	JarNameInsideArchive           Finding = 1 << iota
	JndiManagerClassPackageAndName Finding = 1 << iota
	JarFileObfuscated              Finding = 1 << iota
	ClassBytecodePartialMatch      Finding = 1 << iota
	ClassBytecodeInstructionMd5    Finding = 1 << iota
	ClassFileMd5                   Finding = 1 << iota
)

func LookForHashMatch added in v1.0.0 

func LookForHashMatch(contents io.Reader, size int64) (Finding, string, bool)

LookForHashMatch compares the Java class file contained within contents against known versions using a variety of approaches: - md5 hashing the entire class - comparing the bytecode for exact matches against known versions - comparing the bytecode for partial matches against known versions

func (Finding) String added in v0.5.0 

func (f Finding) String() string

type Identifier 

type Identifier interface {
	Identify(ctx context.Context, path string, d fs.DirEntry) (Finding, Versions, error)
}

type JavaCVEInstance added in v0.8.0 

type JavaCVEInstance struct {
	Message       string   `json:"message"`
	FilePath      string   `json:"filePath"`
	Findings      []string `json:"findings"`
	Log4JVersions []string `json:"log4jVersions"`
}

type Log4jIdentifier added in v1.0.0 

type Log4jIdentifier struct {
	ErrorWriter                        io.Writer
	DetailedOutputWriter               io.Writer
	Limiter                            ratelimit.Limiter
	IdentifyObfuscation                bool
	ObfuscatedClassNameAverageLength   float32
	ObfuscatedPackageNameAverageLength float32
	OpenFile                           func(string) (*os.File, error)
	ArchiveWalkTimeout                 time.Duration
	ArchiveMaxDepth                    uint
	ArchiveMaxSize                     uint
	ParseArchiveFormat                 func(string) (archive.FormatType, bool)
	ArchiveWalkers                     func(archive.FormatType) (archive.WalkerProvider, bool)
}

Log4jIdentifier identifies files that are vulnerable to Log4J-related CVEs.

func (*Log4jIdentifier) Identify added in v1.0.0 

func (i *Log4jIdentifier) Identify(ctx context.Context, path string, d fs.DirEntry) (result Finding, versions Versions, err error)

Identify identifies vulnerable files. The function identifies: - vulnerable log4j jar files. - zipped files containing vulnerable log4j files, using the provided ZipFileLister.

type MatchFunc 

type MatchFunc func(ctx context.Context, path string, d fs.DirEntry) (Finding, Versions, error)

MatchFunc is used to match a file for processing. If returning a positive finding, a file will be passed onto the ProcessFunc.

type ProcessFunc 

type ProcessFunc func(ctx context.Context, path string, d fs.DirEntry, result Finding, version Versions)

ProcessFunc processes the given matched file.

type Reporter 

type Reporter struct {
	// if non-nil, reported output is written to this writer
	OutputWriter io.Writer
	// True if reported output should be JSON, false otherwise
	OutputJSON bool
	// Disables results only matching JndiLookup classes
	DisableFlaggingJndiLookup bool
	// Disables detection of CVE-45105
	DisableCVE45105 bool
	// contains filtered or unexported fields
}

func (*Reporter) Collect 

func (r *Reporter) Collect(ctx context.Context, path string, d fs.DirEntry, result Finding, versionSet Versions)

Collect increments the count of number of calls to Reporter.Collect and logs the path of the vulnerable file to disk.

func (Reporter) Count 

func (r Reporter) Count() int64

Count returns the number of times that Collect has been called

type Stats added in v0.8.0 

type Stats struct {
	// Total number of files scanned.
	FilesScanned int64 `json:"filesScanned"`
	// Number of paths that were not considered due to "permission denied" errors
	PermissionDeniedCount int64 `json:"permissionDeniedErrors"`
	// Number of paths that were attempted to be processed but encountered errors.
	PathErrorCount int64 `json:"pathErrors"`
}

type Versions added in v0.5.0 

type Versions map[string]struct{}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.