Merge pull request #572 from m-1-k-3/profile_handling

Improved default profile handling / running modules script
e-m-b-a · Apr 11, 2023 · 9de4c44 · 9de4c44
2 parents 5d8ecf3 + 0cd4cdf
commit 9de4c44
Show file tree

Hide file tree

Showing 6 changed files with 121 additions and 6 deletions.
diff --git a/helpers/running_modules.sh b/helpers/running_modules.sh
@@ -0,0 +1,44 @@
+#!/bin/bash -p
+# see: https://developer.apple.com/library/archive/documentation/OpenSource/Conceptual/ShellScripting/ShellScriptSecurity/ShellScriptSecurity.html#//apple_ref/doc/uid/TP40004268-CH8-SW29
+
+# EMBA - EMBEDDED LINUX ANALYZER
+#
+# Copyright 2020-2023 Siemens Energy AG
+#
+# EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+# EMBA is licensed under GPLv3
+#
+# Author(s): Michael Messner
+
+# Description:  EMBA helper script to identify currently running EMBA modules
+#               start it with "watch". E.g., 
+#               watch -c ./helpers/running_modules.sh ~/firmware-stuff/emba_logs_dir300_new_bins
+
+
+export GREEN="\033[0;32m"
+export ORANGE="\033[0;33m"
+export NC="\033[0m"  # no color
+
+if [[ $# -eq 0 ]]; then
+  echo -e "\\n""${ORANGE}""In order to be able to use this script, you have to specify an EMBA firmware log directory${NC}"
+  exit 1
+fi
+
+EMBA_LOG_DIR="${1:-}"
+EMBA_LOG_FILE="${EMBA_LOG_DIR}""/emba.log"
+
+if ! [[ -f "${EMBA_LOG_FILE}" ]]; then
+  echo -e "\\n""${ORANGE}""No valid EMBA firmware log directory found.${NC}"
+  exit 1
+fi
+
+mapfile -t STARTED_EMBA_PROCESSES < <(grep starting "${EMBA_LOG_FILE}" | awk '{print $9}'|| true)
+
+for EMBA_STARTED_PROC in "${STARTED_EMBA_PROCESSES[@]}"; do
+  if ! grep -q "${EMBA_STARTED_PROC}"" finished" "${EMBA_LOG_FILE}"; then
+    echo -e "[*] EMBA module ${GREEN}${EMBA_STARTED_PROC}${NC} currently running"
+  fi
+done
diff --git a/modules/S22_php_check.sh b/modules/S22_php_check.sh
@@ -34,6 +34,8 @@ S22_php_check()
     mapfile -t PHP_SCRIPTS < <( find "$FIRMWARE_PATH" -xdev -type f -iname "*.php" -exec md5sum {} \; 2>/dev/null | sort -u -k1,1 | cut -d\  -f3 )
     s22_vuln_check_caller "${PHP_SCRIPTS[@]}"
 
+    s22_vuln_check_semgrep "${PHP_SCRIPTS[@]}"
+
     s22_check_php_ini
 
     s22_phpinfo_check "${PHP_SCRIPTS[@]}"
@@ -62,6 +64,33 @@ s22_phpinfo_check() {
   print_ln
 }
 
+s22_vuln_check_semgrep() {
+  sub_module_title "PHP script vulnerabilities - semgrep"
+  local PHP_SEMGREP_LOG="$LOG_PATH_MODULE"/semgrep_php_results.log
+  local S22_SEMGREP_VULNS=0
+
+  semgrep --disable-version-check --config "$EXT_DIR"/semgrep-rules/php "$LOG_DIR"/firmware/ > "$PHP_SEMGREP_LOG" 2>&1 || true
+
+  if [[ -f "$PHP_SEMGREP_LOG" ]]; then
+    S22_SEMGREP_ISSUES=$(grep "\ findings\." "$PHP_SEMGREP_LOG" | cut -d: -f2 | awk '{print $1}' || true)
+    S22_SEMGREP_VULNS=$(grep -c "semgrep-rules.php.lang.security" "$PHP_SEMGREP_LOG" || true)
+    S22_SEMGREP_SCRIPTS=$(grep "\ findings\." "$PHP_SEMGREP_LOG" | awk '{print $5}' || true)
+    print_ln
+
+    sub_module_title "Summary of php issues (semgrep)"
+    if [[ "$S22_SEMGREP_VULNS" -gt 0 ]]; then
+      print_output "[+] Found ""$ORANGE""$S22_SEMGREP_ISSUES"" issues""$GREEN"" (""$ORANGE""$S22_SEMGREP_VULNS"" vulnerabilites${GREEN}) in ""$ORANGE""$S22_SEMGREP_SCRIPTS""$GREEN"" php files""$NC" "" "$PHP_SEMGREP_LOG"
+    elif [[ "$S22_SEMGREP_ISSUES" -gt 0 ]]; then
+      print_output "[+] Found ""$ORANGE""$S22_SEMGREP_ISSUES"" issues""$GREEN"" in ""$ORANGE""$S22_SEMGREP_SCRIPTS""$GREEN"" php files""$NC" "" "$PHP_SEMGREP_LOG"
+    fi
+    # highlight security findings in semgrep log:
+    sed -i -r "s/.*external\.semgrep-rules\.php\.lang\.security.*/\x1b[32m&\x1b[0m/" "$PHP_SEMGREP_LOG"
+  fi
+
+  write_log ""
+  write_log "[*] Statistics1:$S22_SEMGREP_ISSUES:$S22_SEMGREP_SCRIPTS"
+}
+
 s22_vuln_check_caller() {
   sub_module_title "PHP script vulnerabilities"
   write_csv_log "Script path" "PHP issues detected" "common linux file"

diff --git a/scan-profiles/default-scan-emulation.emba b/scan-profiles/default-scan-emulation.emba
@@ -1,7 +1,7 @@
 # EMBA - EMBEDDED LINUX ANALYZER
 #
-# Copyright 2020-2022 Siemens Energy AG
-# Copyright 2020-2022 Siemens AG
+# Copyright 2020-2023 Siemens Energy AG
+# Copyright 2020-2023 Siemens AG
 #
 # EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
 # welcome to redistribute it under the terms of the GNU General Public License.

diff --git a/scan-profiles/default-scan-long.emba b/scan-profiles/default-scan-long.emba
@@ -0,0 +1,36 @@
+# EMBA - EMBEDDED LINUX ANALYZER
+#
+# Copyright 2020-2023 Siemens Energy AG
+# Copyright 2020-2023 Siemens AG
+#
+# EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+# EMBA is licensed under GPLv3
+#
+# Author(s): Michael Messner, Pascal Eckmann
+#
+# Description: This is a default EMBA profile. You can Use it as a template for your own profiles
+#              or start emba with "-p default-scan.emba" to use it
+
+export FORMAT_LOG=1
+export THREADED=1
+export SHORT_PATH=1
+export HTML=1
+export QEMULATION=1
+
+# we output the profile only at the beginning - outside the docker environment
+if [[ $IN_DOCKER -ne 1 ]] ; then
+  print_output "$(indent "$(orange "Adds ANSI color codes to log")")" "no_log"
+  print_output "$(indent "$(orange "Activate multi threading (destroys regular console output)")")" "no_log"
+  print_output "$(indent "$(orange "Prints only relative paths")")" "no_log"
+  print_output "$(indent "$(orange "Activates web report creation in log path")")" "no_log"
+  if [[ "$USE_DOCKER" -ne 1 ]]; then
+    print_output "$(indent "$(orange "Enables automated qemu emulation tests (WARNING this module could harm your host!)")")" "no_log"
+  else
+    print_output "$(indent "$(orange "Enables automated qemu emulation tests")")" "no_log"
+  fi
+  print_output "$(indent "$(orange "Runs EMBA in docker container")")" "no_log"
+  export USE_DOCKER=1
+fi
diff --git a/scan-profiles/default-scan.emba b/scan-profiles/default-scan.emba
@@ -1,7 +1,7 @@
 # EMBA - EMBEDDED LINUX ANALYZER
 #
-# Copyright 2020-2022 Siemens Energy AG
-# Copyright 2020-2022 Siemens AG
+# Copyright 2020-2023 Siemens Energy AG
+# Copyright 2020-2023 Siemens AG
 #
 # EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
 # welcome to redistribute it under the terms of the GNU General Public License.
@@ -19,6 +19,7 @@ export THREADED=1
 export SHORT_PATH=1
 export HTML=1
 export QEMULATION=1
+export MODULE_BLACKLIST=( "S99_grepit" "S110_yara_check" )
 
 # we output the profile only at the beginning - outside the docker environment
 if [[ $IN_DOCKER -ne 1 ]] ; then
@@ -32,5 +33,9 @@ if [[ $IN_DOCKER -ne 1 ]] ; then
     print_output "$(indent "$(orange "Enables automated qemu emulation tests")")" "no_log"
   fi
   print_output "$(indent "$(orange "Runs EMBA in docker container")")" "no_log"
+  print_output "$(indent "$(orange "Disable EMBA module via profile")")" "no_log"
+  for MODULE_ in "${MODULE_BLACKLIST[@]}"; do
+    print_output "$(indent "$(orange "Blacklisted module: $MODULE_")")" "no_log"
+  done
   export USE_DOCKER=1
 fi
diff --git a/scan-profiles/full-scan.emba b/scan-profiles/full-scan.emba
@@ -1,7 +1,7 @@
 # EMBA - EMBEDDED LINUX ANALYZER
 #
-# Copyright 2020-2022 Siemens Energy AG
-# Copyright 2020-2022 Siemens AG
+# Copyright 2020-2023 Siemens Energy AG
+# Copyright 2020-2023 Siemens AG
 #
 # EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
 # welcome to redistribute it under the terms of the GNU General Public License.
@@ -21,6 +21,7 @@ export HTML=1
 export CWE_CHECKER=1
 export QEMULATION=1
 export FULL_EMULATION=1
+
 # we output the profile only at the beginning - outside the docker environment
 if [[ $IN_DOCKER -ne 1 ]] ; then
   print_output "$(indent "$(orange "Adds ANSI color codes to log")")" "no_log"