More /dev/tcp rule tweaks for GitLab healthcheck script #372

egibs · 2024-07-19T18:24:37Z

This PR addresses a false positive seen here: https://github.com/chainguard-dev/enterprise-packages/pull/5949

We resolved this for the bash_dev_tcp_hardcoded_ip rule but not the bash_dev_tcp rule.

Results before this change:

$ yara -r rules/shell/bash_dev_tcp.yara /tmp/bincapz/gitlab-cng/x86_64/scripts/healthcheck -s
bash_dev_tcp /tmp/bincapz/gitlab-cng/x86_64/scripts/healthcheck
0x71:$ref: /dev/tcp

After:

$ yara -r rules/shell/bash_dev_tcp.yara /tmp/bincapz/gitlab-cng/x86_64/scripts/healthcheck -c
0

Signed-off-by: egibs <[email protected]>

…ev#372) * More /dev/tcp rule tweaks for GitLab healthcheck script Signed-off-by: egibs <[email protected]> * Refresh test data Signed-off-by: egibs <[email protected]> --------- Signed-off-by: egibs <[email protected]>

More /dev/tcp rule tweaks for GitLab healthcheck script

9a0dac4

Signed-off-by: egibs <[email protected]>

egibs requested a review from hectorj2f July 19, 2024 18:24

Refresh test data

d7a8f8c

Signed-off-by: egibs <[email protected]>

hectorj2f approved these changes Jul 19, 2024

View reviewed changes

egibs enabled auto-merge (squash) July 19, 2024 18:29

egibs merged commit a038cc6 into chainguard-dev:main Jul 19, 2024
6 checks passed

egibs mentioned this pull request Jul 29, 2024

Remove CRITICAL false positives for popular open-source projects #232

Closed

9 tasks

egibs deleted the tweak-dev-tcp-rule branch August 5, 2024 16:36

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

More /dev/tcp rule tweaks for GitLab healthcheck script #372

More /dev/tcp rule tweaks for GitLab healthcheck script #372

egibs commented Jul 19, 2024

More /dev/tcp rule tweaks for GitLab healthcheck script #372

More /dev/tcp rule tweaks for GitLab healthcheck script #372

Conversation

egibs commented Jul 19, 2024