Adjust workflows / CWE checker update to v0.7

.github/workflows/default_install.yml

@@ -34,7 +34,9 @@ jobs:
         with:
           timeout_minutes: 600
           max_attempts: 3
-          command: sudo ./installer.sh -g && sudo ./emba -d 1 -y -j
+          command: |
+            sudo rm -r ./external || true
+            sudo ./installer.sh -g && sudo ./emba -d 1 -y -j
       - name: EMBA firmware download
         run: |
             sudo apt-get update

installer/I02_UEFI_fwhunt.sh

@@ -28,7 +28,7 @@ I02_UEFI_fwhunt() {
     print_pip_info "uefi_firmware"
     print_pip_info "pyyaml"
     print_pip_info "click"
-    print_git_info "rizin" "rizinorg/rizin" ""
+    print_git_info "rizin" "rizinorg/rizin" "Rizin is a fork of the radare2 reverse engineering framework with a focus on usability, working features and code cleanliness."
     print_git_info "fwhunt-scan" "EMBA-support-repos/fwhunt-scan" "Tools for analyzing UEFI firmware and checking UEFI modules with FwHunt rules."
     print_git_info "fwhunt-rules" "EMBA-support-repos/FwHunt" "The Binarly Firmware Hunt (FwHunt) rule format was designed to scan for known vulnerabilities in UEFI firmware."
     print_git_info "BIOSUtilities" "EMBA-support-repos/BIOSUtilities" "Various BIOS Utilities for Modding/Research"

installer/I120_cwe_checker.sh

@@ -27,13 +27,14 @@ I120_cwe_checker() {
     print_tool_info "gcc" 1
     print_tool_info "curl" 1
     print_tool_info "make" 1
-    print_tool_info "rust-all" 1
-    print_tool_info "cargo" 1
+    # print_tool_info "rust-all" 1
+    # print_tool_info "cargo" 1
 
     print_git_info "cwe-checker" "EMBA-support-repos/cwe_checker" "cwe_checker is a suite of checks to detect common bug classes such as use of dangerous functions and simple integer overflows."
     echo -e "$ORANGE""cwe-checker will be downloaded.""$NC"
     print_file_info "OpenJDK" "OpenJDK for cwe-checker" "https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.12%2B7/OpenJDK11U-jdk_x64_linux_hotspot_11.0.12_7.tar.gz" "external/jdk.tar.gz"
-    print_file_info "GHIDRA" "Ghidra for cwe-checker" "https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_10.2.3_build/ghidra_10.2.3_PUBLIC_20230208.zip" "external/ghidra.zip"
+    # print_file_info "GHIDRA" "Ghidra for cwe-checker" "https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_10.2.3_build/ghidra_10.2.3_PUBLIC_20230208.zip" "external/ghidra.zip"
+    print_file_info "GHIDRA" "Ghidra for cwe-checker" "https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_10.3.1_build/ghidra_10.3.1_PUBLIC_20230614.zip" "external/ghidra.zip"
 
     if [[ "$LIST_DEP" -eq 1 ]] || [[ $DOCKER_SETUP -eq 1 ]] ; then
       ANSWER=("n")
@@ -48,11 +49,15 @@ I120_cwe_checker() {
         apt-get install "${INSTALL_APP_LIST[@]}" -y --no-install-recommends
 
         if ! [[ -d ./external/cwe_checker ]]; then
+
           # cleanup first
           rm "$HOME"/.cargo -r -f
           rm "$HOME"/.config -r -f
           rm external/rustup -r -f
 
+          curl https://sh.rustup.rs -sSf | sh -s -- -y
+          export PATH="${PATH}":"${HOME}"/.cargo/bin
+
           # Java SDK for ghidra
           if [[ -d ./external/jdk ]] ; then rm -R ./external/jdk ; fi
           curl -L https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.12%2B7/OpenJDK11U-jdk_x64_linux_hotspot_11.0.12_7.tar.gz -Sf -o external/jdk.tar.gz
@@ -62,26 +67,26 @@ I120_cwe_checker() {
 
           # Ghidra
           if [[ -d ./external/ghidra ]] ; then rm -R ./external/ghidra ; fi
-          curl -L https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_10.2.3_build/ghidra_10.2.3_PUBLIC_20230208.zip -Sf -o external/ghidra.zip
+          curl -L https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_10.3.1_build/ghidra_10.3.1_PUBLIC_20230614.zip -Sf -o external/ghidra.zip
           mkdir external/ghidra 2>/dev/null
           unzip -qo external/ghidra.zip -d external/ghidra
           if [[ "$IN_DOCKER" -eq 1 ]]; then
-            sed -i s@JAVA_HOME_OVERRIDE=@JAVA_HOME_OVERRIDE=/external/jdk@g external/ghidra/ghidra_10.2.3_PUBLIC/support/launch.properties
+            sed -i s@JAVA_HOME_OVERRIDE=@JAVA_HOME_OVERRIDE=/external/jdk@g external/ghidra/ghidra_10.3.1_PUBLIC/support/launch.properties
           else
-            sed -i s@JAVA_HOME_OVERRIDE=@JAVA_HOME_OVERRIDE=external/jdk@g external/ghidra/ghidra_10.2.3_PUBLIC/support/launch.properties
+            sed -i s@JAVA_HOME_OVERRIDE=@JAVA_HOME_OVERRIDE=external/jdk@g external/ghidra/ghidra_10.3.1_PUBLIC/support/launch.properties
           fi
           rm external/ghidra.zip
 
           if [[ -d ./external/cwe_checker ]] ; then rm -R ./external/cwe_checker ; fi
           mkdir ./external/cwe_checker 2>/dev/null
           git clone https://github.com/EMBA-support-repos/cwe_checker.git external/cwe_checker
           cd external/cwe_checker || ( echo "Could not install EMBA component cwe_checker" && exit 1 )
-          make all GHIDRA_PATH="$HOME_PATH""/external/ghidra/ghidra_10.2.3_PUBLIC"
+          make all GHIDRA_PATH="$HOME_PATH""/external/ghidra/ghidra_10.3.1_PUBLIC"
           cd "$HOME_PATH" || ( echo "Could not install EMBA component cwe_checker" && exit 1 )
 
           if [[ "$IN_DOCKER" -eq 1 ]]; then
             cp -pr "$HOME""/.cargo/bin" "external/cwe_checker/bin"
-            echo '{"ghidra_path":"/external/ghidra/ghidra_10.2.3_PUBLIC"}' > /root/.config/cwe_checker/ghidra.json
+            echo '{"ghidra_path":"/external/ghidra/ghidra_10.3.1_PUBLIC"}' > /root/.config/cwe_checker/ghidra.json
 
             # save .config as we remount /root with tempfs -> now we can restore it in the module
             cp -pr /root/.config ./external/cwe_checker/