Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improved default profile handling / running modules script #572

Merged
merged 8 commits into from
Apr 11, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 44 additions & 0 deletions helpers/running_modules.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
#!/bin/bash -p
# see: https://developer.apple.com/library/archive/documentation/OpenSource/Conceptual/ShellScripting/ShellScriptSecurity/ShellScriptSecurity.html#//apple_ref/doc/uid/TP40004268-CH8-SW29

# EMBA - EMBEDDED LINUX ANALYZER
#
# Copyright 2020-2023 Siemens Energy AG
#
# EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
# EMBA is licensed under GPLv3
#
# Author(s): Michael Messner

# Description: EMBA helper script to identify currently running EMBA modules
# start it with "watch". E.g.,
# watch -c ./helpers/running_modules.sh ~/firmware-stuff/emba_logs_dir300_new_bins


export GREEN="\033[0;32m"
export ORANGE="\033[0;33m"
export NC="\033[0m" # no color

if [[ $# -eq 0 ]]; then
echo -e "\\n""${ORANGE}""In order to be able to use this script, you have to specify an EMBA firmware log directory${NC}"
exit 1
fi

EMBA_LOG_DIR="${1:-}"
EMBA_LOG_FILE="${EMBA_LOG_DIR}""/emba.log"

if ! [[ -f "${EMBA_LOG_FILE}" ]]; then
echo -e "\\n""${ORANGE}""No valid EMBA firmware log directory found.${NC}"
exit 1
fi

mapfile -t STARTED_EMBA_PROCESSES < <(grep starting "${EMBA_LOG_FILE}" | awk '{print $9}'|| true)

for EMBA_STARTED_PROC in "${STARTED_EMBA_PROCESSES[@]}"; do
if ! grep -q "${EMBA_STARTED_PROC}"" finished" "${EMBA_LOG_FILE}"; then
echo -e "[*] EMBA module ${GREEN}${EMBA_STARTED_PROC}${NC} currently running"
fi
done
29 changes: 29 additions & 0 deletions modules/S22_php_check.sh
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,8 @@ S22_php_check()
mapfile -t PHP_SCRIPTS < <( find "$FIRMWARE_PATH" -xdev -type f -iname "*.php" -exec md5sum {} \; 2>/dev/null | sort -u -k1,1 | cut -d\ -f3 )
s22_vuln_check_caller "${PHP_SCRIPTS[@]}"

s22_vuln_check_semgrep "${PHP_SCRIPTS[@]}"

s22_check_php_ini

s22_phpinfo_check "${PHP_SCRIPTS[@]}"
Expand Down Expand Up @@ -62,6 +64,33 @@ s22_phpinfo_check() {
print_ln
}

s22_vuln_check_semgrep() {
sub_module_title "PHP script vulnerabilities - semgrep"
local PHP_SEMGREP_LOG="$LOG_PATH_MODULE"/semgrep_php_results.log
local S22_SEMGREP_VULNS=0

semgrep --disable-version-check --config "$EXT_DIR"/semgrep-rules/php "$LOG_DIR"/firmware/ > "$PHP_SEMGREP_LOG" 2>&1 || true

if [[ -f "$PHP_SEMGREP_LOG" ]]; then
S22_SEMGREP_ISSUES=$(grep "\ findings\." "$PHP_SEMGREP_LOG" | cut -d: -f2 | awk '{print $1}' || true)
S22_SEMGREP_VULNS=$(grep -c "semgrep-rules.php.lang.security" "$PHP_SEMGREP_LOG" || true)
S22_SEMGREP_SCRIPTS=$(grep "\ findings\." "$PHP_SEMGREP_LOG" | awk '{print $5}' || true)
print_ln

sub_module_title "Summary of php issues (semgrep)"
if [[ "$S22_SEMGREP_VULNS" -gt 0 ]]; then
print_output "[+] Found ""$ORANGE""$S22_SEMGREP_ISSUES"" issues""$GREEN"" (""$ORANGE""$S22_SEMGREP_VULNS"" vulnerabilites${GREEN}) in ""$ORANGE""$S22_SEMGREP_SCRIPTS""$GREEN"" php files""$NC" "" "$PHP_SEMGREP_LOG"
elif [[ "$S22_SEMGREP_ISSUES" -gt 0 ]]; then
print_output "[+] Found ""$ORANGE""$S22_SEMGREP_ISSUES"" issues""$GREEN"" in ""$ORANGE""$S22_SEMGREP_SCRIPTS""$GREEN"" php files""$NC" "" "$PHP_SEMGREP_LOG"
fi
# highlight security findings in semgrep log:
sed -i -r "s/.*external\.semgrep-rules\.php\.lang\.security.*/\x1b[32m&\x1b[0m/" "$PHP_SEMGREP_LOG"
fi

write_log ""
write_log "[*] Statistics1:$S22_SEMGREP_ISSUES:$S22_SEMGREP_SCRIPTS"
}

s22_vuln_check_caller() {
sub_module_title "PHP script vulnerabilities"
write_csv_log "Script path" "PHP issues detected" "common linux file"
Expand Down
4 changes: 2 additions & 2 deletions scan-profiles/default-scan-emulation.emba
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# EMBA - EMBEDDED LINUX ANALYZER
#
# Copyright 2020-2022 Siemens Energy AG
# Copyright 2020-2022 Siemens AG
# Copyright 2020-2023 Siemens Energy AG
# Copyright 2020-2023 Siemens AG
#
# EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
Expand Down
36 changes: 36 additions & 0 deletions scan-profiles/default-scan-long.emba
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
# EMBA - EMBEDDED LINUX ANALYZER
#
# Copyright 2020-2023 Siemens Energy AG
# Copyright 2020-2023 Siemens AG
#
# EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
# EMBA is licensed under GPLv3
#
# Author(s): Michael Messner, Pascal Eckmann
#
# Description: This is a default EMBA profile. You can Use it as a template for your own profiles
# or start emba with "-p default-scan.emba" to use it

export FORMAT_LOG=1
export THREADED=1
export SHORT_PATH=1
export HTML=1
export QEMULATION=1

# we output the profile only at the beginning - outside the docker environment
if [[ $IN_DOCKER -ne 1 ]] ; then
print_output "$(indent "$(orange "Adds ANSI color codes to log")")" "no_log"
print_output "$(indent "$(orange "Activate multi threading (destroys regular console output)")")" "no_log"
print_output "$(indent "$(orange "Prints only relative paths")")" "no_log"
print_output "$(indent "$(orange "Activates web report creation in log path")")" "no_log"
if [[ "$USE_DOCKER" -ne 1 ]]; then
print_output "$(indent "$(orange "Enables automated qemu emulation tests (WARNING this module could harm your host!)")")" "no_log"
else
print_output "$(indent "$(orange "Enables automated qemu emulation tests")")" "no_log"
fi
print_output "$(indent "$(orange "Runs EMBA in docker container")")" "no_log"
export USE_DOCKER=1
fi
9 changes: 7 additions & 2 deletions scan-profiles/default-scan.emba
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# EMBA - EMBEDDED LINUX ANALYZER
#
# Copyright 2020-2022 Siemens Energy AG
# Copyright 2020-2022 Siemens AG
# Copyright 2020-2023 Siemens Energy AG
# Copyright 2020-2023 Siemens AG
#
# EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
Expand All @@ -19,6 +19,7 @@ export THREADED=1
export SHORT_PATH=1
export HTML=1
export QEMULATION=1
export MODULE_BLACKLIST=( "S99_grepit" "S110_yara_check" )

# we output the profile only at the beginning - outside the docker environment
if [[ $IN_DOCKER -ne 1 ]] ; then
Expand All @@ -32,5 +33,9 @@ if [[ $IN_DOCKER -ne 1 ]] ; then
print_output "$(indent "$(orange "Enables automated qemu emulation tests")")" "no_log"
fi
print_output "$(indent "$(orange "Runs EMBA in docker container")")" "no_log"
print_output "$(indent "$(orange "Disable EMBA module via profile")")" "no_log"
for MODULE_ in "${MODULE_BLACKLIST[@]}"; do
print_output "$(indent "$(orange "Blacklisted module: $MODULE_")")" "no_log"
done
export USE_DOCKER=1
fi
5 changes: 3 additions & 2 deletions scan-profiles/full-scan.emba
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# EMBA - EMBEDDED LINUX ANALYZER
#
# Copyright 2020-2022 Siemens Energy AG
# Copyright 2020-2022 Siemens AG
# Copyright 2020-2023 Siemens Energy AG
# Copyright 2020-2023 Siemens AG
#
# EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
Expand All @@ -21,6 +21,7 @@ export HTML=1
export CWE_CHECKER=1
export QEMULATION=1
export FULL_EMULATION=1

# we output the profile only at the beginning - outside the docker environment
if [[ $IN_DOCKER -ne 1 ]] ; then
print_output "$(indent "$(orange "Adds ANSI color codes to log")")" "no_log"
Expand Down