Skip to content

Commit

Permalink
Merge branch 'main' into release-2.5
Browse files Browse the repository at this point in the history
ramanan-ravi committed Dec 20, 2024
2 parents a6856d5 + f07b2ac commit 791930b
Showing 15 changed files with 61 additions and 69 deletions.
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
export IMAGE_REPOSITORY?=quay.io/deepfenceio
export DF_IMG_TAG?=2.5.0
export DF_IMG_TAG?=2.5.2

all: yarahunter

6 changes: 3 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
@@ -37,7 +37,7 @@ Images may be compromised with the installation of a cryptominer such as XMRig.
Pull the official **yarahunter** image:

```
docker pull quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0
docker pull quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2
```

or Build it from source clone this repo and run below command
@@ -68,7 +68,7 @@ docker run -i --rm --name=deepfence-yarahunter \
-e DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key> \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /tmp:/home/deepfence/output \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \
--image-name metal3d/xmrig:latest \
--output=json > xmrig-scan.json
```
@@ -83,7 +83,7 @@ docker run -i --rm --name=deepfence-yarahunter \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /tmp:/home/deepfence/output \
-v /tmp/rules:/tmp/rules \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \
--image-name metal3d/xmrig:latest \
--output=json \
--rules-path=/tmp/rules > xmrig-scan.json
2 changes: 1 addition & 1 deletion docs/docs/yarahunter/configure/cli.md
Original file line number Diff line number Diff line change
@@ -7,7 +7,7 @@ title: Command-Line Options
Display the command line options:

```bash
$ docker run -it --rm quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 --help
$ docker run -it --rm quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 --help
```

Note that all files and directories used in YaraHunter configuration are local to the container, not the host filesystem. The examples given illustrate how to map host directories to the container when needed.
2 changes: 1 addition & 1 deletion docs/docs/yarahunter/configure/output.md
Original file line number Diff line number Diff line change
@@ -12,7 +12,7 @@ docker run -i --rm --name=yara-hunter \
-e DEEPFENCE_PRODUCT=<ThreatMapper or ThreatStryker> \
-e DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key> \
-v /var/run/docker.sock:/var/run/docker.sock \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \
--image-name node:latest \
# highlight-next-line
--output=json > xmrig-scan.json
2 changes: 1 addition & 1 deletion docs/docs/yarahunter/configure/rules.md
Original file line number Diff line number Diff line change
@@ -20,7 +20,7 @@ docker run -it --rm --name=yara-hunter \
-v /var/run/docker.sock:/var/run/docker.sock \
# highlight-next-line
-v $(pwd)/my-rules:/tmp/my-rules \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 --image-name node:latest \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 --image-name node:latest \
# highlight-next-line
--rules-path /tmp/my-rules
```
2 changes: 1 addition & 1 deletion docs/docs/yarahunter/img/yarahunter.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
4 changes: 2 additions & 2 deletions docs/docs/yarahunter/index.md
Original file line number Diff line number Diff line change
@@ -37,7 +37,7 @@ docker run -i --rm --name=deepfence-yarahunter \
-e DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key> \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /tmp:/home/deepfence/output \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \
--image-name metal3d/xmrig:latest \
--output=json > xmrig-scan.json
```
@@ -59,7 +59,7 @@ docker run -i --rm --name=deepfence-yarahunter \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /tmp:/home/deepfence/output \
-v /tmp/rules:/tmp/rules \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \
--image-name metal3d/xmrig:latest \
--output=json \
--rules-path=/tmp/rules > xmrig-scan.json
6 changes: 3 additions & 3 deletions docs/docs/yarahunter/quickstart.md
Original file line number Diff line number Diff line change
@@ -9,7 +9,7 @@ Pull the latest YaraHunter image, and use it to scan a `node:latest` container.
## Pull the latest YaraHunter image

```bash
docker pull quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0
docker pull quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2
```

## Generate License Key
@@ -30,7 +30,7 @@ docker run -i --rm --name=yara-hunter \
-e DEEPFENCE_PRODUCT=<ThreatMapper or ThreatStryker> \
-e DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key> \
-v /var/run/docker.sock:/var/run/docker.sock \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \
--image-name node:latest

docker rmi node:latest
@@ -46,7 +46,7 @@ docker run -i --rm --name=yara-hunter \
-e DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key> \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /tmp:/home/deepfence/output \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \
--image-name node:latest \
--output=json > node-latest.json

6 changes: 3 additions & 3 deletions docs/docs/yarahunter/using/build.md
Original file line number Diff line number Diff line change
@@ -7,11 +7,11 @@ title: Build YaraHunter
YaraHunter is a self-contained docker-based tool. Clone the [YaraHunter repository](https://github.com/deepfence/YaraHunter), then build:

```bash
docker build --rm=true --tag=quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 -f Dockerfile .
docker build --rm=true --tag=quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 -f Dockerfile .
```

Alternatively, you can pull the official deepfence image at `quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0`.
Alternatively, you can pull the official deepfence image at `quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2`.

```bash
docker pull quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0
docker pull quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2
```
2 changes: 1 addition & 1 deletion docs/docs/yarahunter/using/grpc.md
Original file line number Diff line number Diff line change
@@ -27,7 +27,7 @@ docker run -it --rm --name=deepfence-malwarescanner \
-v $(pwd):/home/deepfence/output \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /tmp/sock:/tmp/sock \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \
-socket-path /tmp/sock/s.sock
```

6 changes: 3 additions & 3 deletions docs/docs/yarahunter/using/scan.md
Original file line number Diff line number Diff line change
@@ -18,7 +18,7 @@ docker run -it --rm --name=yara-hunter \
-e DEEPFENCE_PRODUCT=<ThreatMapper or ThreatStryker> \
-e DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key> \
-v /var/run/docker.sock:/var/run/docker.sock \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \
# highlight-next-line
--image-name node:latest

@@ -36,7 +36,7 @@ docker run -it --rm --name=yara-hunter \
-v /var/run/docker.sock:/var/run/docker.sock \
# highlight-next-line
-v /:/deepfence/mnt \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \
# highlight-next-line
--host-mount-path /deepfence/mnt --container-id 69221b948a73
```
@@ -51,7 +51,7 @@ docker run -it --rm --name=yara-hunter \
-e DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key> \
# highlight-next-line
-v ~/src/YARA-RULES:/tmp/YARA-RULES \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \
# highlight-next-line
--local /tmp/YARA-RULES --host-mount-path /tmp/YARA-RULES
```
16 changes: 8 additions & 8 deletions go.mod
Original file line number Diff line number Diff line change
@@ -7,14 +7,14 @@ replace github.com/deepfence/agent-plugins-grpc => ./agent-plugins-grpc
require (
github.com/VirusTotal/gyp v0.9.0
github.com/deepfence/agent-plugins-grpc v0.0.0-00010101000000-000000000000
github.com/deepfence/golang_deepfence_sdk/client v0.0.0-20241112090544-f42aabb5dc7f
github.com/deepfence/golang_deepfence_sdk/utils v0.0.0-20241112090544-f42aabb5dc7f
github.com/deepfence/golang_deepfence_sdk/client v0.0.0-20241220101350-67a37a759769
github.com/deepfence/golang_deepfence_sdk/utils v0.0.0-20241220101350-67a37a759769
github.com/deepfence/match-scanner v0.0.0-20241104190155-00799508ab6c
github.com/gabriel-vasile/mimetype v1.4.6
github.com/hillu/go-yara/v4 v4.3.3
github.com/olekukonko/tablewriter v0.0.5
github.com/sirupsen/logrus v1.9.3
google.golang.org/grpc v1.67.1
google.golang.org/grpc v1.69.2
gopkg.in/yaml.v3 v3.0.1
)

@@ -40,7 +40,7 @@ require (
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
github.com/docker/go-units v0.5.0 // indirect
github.com/felixge/httpsnoop v1.0.3 // indirect
github.com/go-logr/logr v1.3.0 // indirect
github.com/go-logr/logr v1.4.2 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
@@ -66,14 +66,14 @@ require (
github.com/pkg/errors v0.9.1 // indirect
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 // indirect
go.opentelemetry.io/otel v1.21.0 // indirect
go.opentelemetry.io/otel/metric v1.21.0 // indirect
go.opentelemetry.io/otel/trace v1.21.0 // indirect
go.opentelemetry.io/otel v1.31.0 // indirect
go.opentelemetry.io/otel/metric v1.31.0 // indirect
go.opentelemetry.io/otel/trace v1.31.0 // indirect
golang.org/x/net v0.30.0 // indirect
golang.org/x/sync v0.8.0 // indirect
golang.org/x/sys v0.26.0 // indirect
golang.org/x/text v0.19.0 // indirect
google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 // indirect
google.golang.org/protobuf v1.35.1 // indirect
)
46 changes: 24 additions & 22 deletions go.sum
Original file line number Diff line number Diff line change
@@ -40,10 +40,10 @@ github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3H
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/deepfence/golang_deepfence_sdk/client v0.0.0-20241112090544-f42aabb5dc7f h1:XI49+zaunyxw7tlUzS8DHzf9PTvDp+/CQDF/xcyaxVU=
github.com/deepfence/golang_deepfence_sdk/client v0.0.0-20241112090544-f42aabb5dc7f/go.mod h1:UkHg/qLuPVnTqx4fPwmc2DhlNp5isdYwIxQ63B9JB4o=
github.com/deepfence/golang_deepfence_sdk/utils v0.0.0-20241112090544-f42aabb5dc7f h1:819FVayVu5J10JSXfIxl75kiQDF73/aTxkOrImtviNU=
github.com/deepfence/golang_deepfence_sdk/utils v0.0.0-20241112090544-f42aabb5dc7f/go.mod h1:QdyXNUGNYGPMj8ls9R4N1y/IzmM7LrBQSBC/QuYCX+U=
github.com/deepfence/golang_deepfence_sdk/client v0.0.0-20241220101350-67a37a759769 h1:c55yJVYimo2iGiJcVH/cqpqXUdKgQ5PMGGcKZHqLkLA=
github.com/deepfence/golang_deepfence_sdk/client v0.0.0-20241220101350-67a37a759769/go.mod h1:UkHg/qLuPVnTqx4fPwmc2DhlNp5isdYwIxQ63B9JB4o=
github.com/deepfence/golang_deepfence_sdk/utils v0.0.0-20241220101350-67a37a759769 h1:p5l4xp6CcZE4XqiRATyx8C+X44Ij7jVRxGaDq8UhVM4=
github.com/deepfence/golang_deepfence_sdk/utils v0.0.0-20241220101350-67a37a759769/go.mod h1:QdyXNUGNYGPMj8ls9R4N1y/IzmM7LrBQSBC/QuYCX+U=
github.com/deepfence/match-scanner v0.0.0-20241104190155-00799508ab6c h1:0nXgsUJAvP3tgENagcuKlzb92AZFbBAONSE1QmEJzYc=
github.com/deepfence/match-scanner v0.0.0-20241104190155-00799508ab6c/go.mod h1:mrnCFKtEOzLlNUkagkwQeWWdPtrVIZLc7nbEX/7PbaU=
github.com/deepfence/vessel v0.13.0 h1:QRtjtuvSXdjrFt4Nb0SE8FO4n7aUtblFY6am/c9oeIQ=
@@ -69,8 +69,8 @@ github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSw
github.com/gabriel-vasile/mimetype v1.4.6 h1:3+PzJTKLkvgjeTbts6msPJt4DixhT4YtFNf1gtGe3zc=
github.com/gabriel-vasile/mimetype v1.4.6/go.mod h1:JX1qVKqZd40hUPpAfiNTe0Sne7hdfKSbOqqmkq8GCXc=
github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
@@ -177,26 +177,28 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 h1:x8Z78aZx8cOF0+Kkazoc7lwUNMGy0LrzEMxTm4BbTxg=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0/go.mod h1:62CPTSry9QZtOaSsE3tOzhx6LzDhHnXJ6xHeMNNiM6Q=
go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc=
go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo=
go.opentelemetry.io/otel v1.31.0 h1:NsJcKPIW0D0H3NgzPDHmo0WW6SptzPdqg/L1zsIm2hY=
go.opentelemetry.io/otel v1.31.0/go.mod h1:O0C14Yl9FgkjqcCZAsE053C13OaddMYr/hz6clDkEJE=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 h1:Mne5On7VWdx7omSrSSZvM4Kw7cS7NQkOOmLcgscI51U=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0/go.mod h1:IPtUMKL4O3tH5y+iXVyAXqpAwMuzC1IrxVS81rummfE=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0 h1:IeMeyr1aBvBiPVYihXIaeIZba6b8E1bYp7lbdxK8CQg=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0/go.mod h1:oVdCUtjq9MK9BlS7TtucsQwUcXcymNiEDjgDD2jMtZU=
go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4=
go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM=
go.opentelemetry.io/otel/sdk v1.21.0 h1:FTt8qirL1EysG6sTQRZ5TokkU8d0ugCj8htOgThZXQ8=
go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E=
go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc=
go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ=
go.opentelemetry.io/otel/metric v1.31.0 h1:FSErL0ATQAmYHUIzSezZibnyVlft1ybhy4ozRPcF2fE=
go.opentelemetry.io/otel/metric v1.31.0/go.mod h1:C3dEloVbLuYoX41KpmAhOqNriGbA+qqH6PQ5E5mUfnY=
go.opentelemetry.io/otel/sdk v1.31.0 h1:xLY3abVHYZ5HSfOg3l2E5LUj2Cwva5Y7yGxnSW9H5Gk=
go.opentelemetry.io/otel/sdk v1.31.0/go.mod h1:TfRbMdhvxIIr/B2N2LQW2S5v9m3gOQ/08KsbbO5BPT0=
go.opentelemetry.io/otel/sdk/metric v1.31.0 h1:i9hxxLJF/9kkvfHppyLL55aW7iIJz4JjxTeYusH7zMc=
go.opentelemetry.io/otel/sdk/metric v1.31.0/go.mod h1:CRInTMVvNhUKgSAMbKyTMxqOBC0zgyxzW55lZzX43Y8=
go.opentelemetry.io/otel/trace v1.31.0 h1:ffjsj1aRouKewfr85U2aGagJ46+MvodynlQ1HYdmJys=
go.opentelemetry.io/otel/trace v1.31.0/go.mod h1:TXZkRk7SM2ZQLtR6eoAWQFIHPvzQ06FJAsO1tJg480A=
go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I=
go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@@ -261,17 +263,17 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98
google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3 h1:1hfbdAfFbkmpg41000wDVqr7jUpK/Yo+LPnIxxGzmkg=
google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3/go.mod h1:5RBcpGRxr25RbDzY5w+dmaqpSEvl8Gwl1x2CICf60ic=
google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 h1:wKguEg1hsxI2/L3hUYrpo1RVi48K+uTyzKqprwLXsb8=
google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142/go.mod h1:d6be+8HhtEtucleCbxpPW9PA9XwISACu8nvpPqF0BVo=
google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 h1:e7S5W7MGGLaSu8j3YjdezkZ+m1/Nm0uRVRMEMGk26Xs=
google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53 h1:fVoAXEKA4+yufmbdVYv+SE73+cPZbbbe8paLsHfkK+U=
google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53/go.mod h1:riSXTwQ4+nqmPGtobMFyW5FqVAmIs0St6VPp4Ug7CE4=
google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 h1:X58yt85/IXCx0Y3ZwN6sEIKZzQtDEYaBWrDvErdXrRE=
google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E=
google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU=
google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
9 changes: 4 additions & 5 deletions pkg/output/output.go
Original file line number Diff line number Diff line change
@@ -3,19 +3,18 @@ package output
import (
"encoding/json"
"fmt"
"os"
"path/filepath"
"strings"
"time"
"unicode/utf8"

"github.com/deepfence/YaraHunter/utils"
pb "github.com/deepfence/agent-plugins-grpc/srcgo"
log "github.com/sirupsen/logrus"

// "github.com/fatih/color"

"os"
"strings"
"time"
"unicode/utf8"

tw "github.com/olekukonko/tablewriter"
)

19 changes: 5 additions & 14 deletions pkg/scan/process_image.go
Original file line number Diff line number Diff line change
@@ -3,6 +3,7 @@ package scan
import (
"bytes"
"errors"
"fmt"
"io"
"math"
"os/exec"
@@ -11,8 +12,6 @@ import (
"syscall"
"unsafe"

"fmt"

"github.com/gabriel-vasile/mimetype"

"github.com/deepfence/YaraHunter/pkg/output"
@@ -34,13 +33,6 @@ type manifestItem struct {
LayerIds []string `json:",omitempty"`
}

type fileMatches struct {
fileName string
iocs []output.IOCFound
updatedScore float64
updatedSeverity string
}

func calculateSeverity(lenMatch int, severity string, severityScore float64) (string, float64) {

updatedSeverity := "low"
@@ -214,12 +206,11 @@ func ScanFile(s *Scanner, fileName string, f io.ReadSeeker, fsize int, iocs *[]o
Matches: matches,
})
}
var fileMat fileMatches
fileMat.fileName = fileName
fileMat.iocs = iocsFound
updatedSeverity, updatedScore := calculateSeverity(totalMatches, "low", 0)
fileMat.updatedSeverity = updatedSeverity
fileMat.updatedScore = updatedScore
if updatedSeverity == "low" {
// Ignore low severity malwares
return nil
}
if len(matches) > 0 {
for _, m := range iocsFound {
m.FileSeverity = updatedSeverity

0 comments on commit 791930b

Please sign in to comment.