Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix L15 report #695

Merged
merged 6 commits into from
Jul 11, 2023
Merged

Fix L15 report #695

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
9b73ff1
trivy test
m-1-k-3 Jul 11, 2023
67add70
trivy test
m-1-k-3 Jul 11, 2023
0ade427
l15 web output
m-1-k-3 Jul 11, 2023
4974612
remove trivy workflow
m-1-k-3 Jul 11, 2023
23d5014
Merge branch 'e-m-b-a:master' into restart_emulation
m-1-k-3 Jul 11, 2023
5683051
shellcheck
m-1-k-3 Jul 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 15 additions & 5 deletions .github/workflows/trivy-container-check.yml → .github/trivy-container-check.yml.bak
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,18 +3,28 @@
# separate terms of service, privacy policy, and support
# documentation.

name: Trivy docker image security check
name: Trivy EMBA docker image security check

#on:
#schedule:
# - cron: '0 0 * * *' # do it every day

on:
schedule:
- cron: '0 0 * * *' # do it every day
push:
branches:
- '**' # matches every branch
pull_request:
branches:
- '**'
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:

permissions:
contents: read

jobs:
trivy:
if: github.repository_owner == 'e-m-b-a'
# if: github.repository_owner == 'e-m-b-a'
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
Expand All @@ -39,7 +49,7 @@ jobs:
docker save -o vuln-image.tar embeddedanalyzer/emba

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe
uses: aquasecurity/trivy-action@master
with:
input: /github/workspace/vuln-image.tar
timeout: "60m"
Expand Down
6 changes: 4 additions & 2 deletions modules/L15_emulated_checks_nmap.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,8 +126,9 @@ check_live_nmap_basic() {
mapfile -t S09_L15_CHECK < <(awk -v IGNORECASE=1 -F\; '$2 $3 ~ /'"$SERVICE_NAME"'/' "$CSV_DIR"/s09_firmware_base_version_check.csv || true)
if [[ "${#S09_L15_CHECK[@]}" -gt 0 ]]; then
for S09_L15_MATCH in "${S09_L15_CHECK[@]}"; do
print_output "[+] Service also detected with static analysis (S09):\\n$(indent "$ORANGE$S09_L15_MATCH$NC")"
echo "$S09_L15_MATCH" >> "$CSV_DIR"/l15_emulated_checks_nmap.csv
S09_L15_MATCH=$(echo "${S09_L15_MATCH}" | cut -d ';' -f3)
print_output "[+] Service also detected with static analysis (S09): ${ORANGE}${S09_L15_MATCH}${NC}"
done
fi
fi
Expand All @@ -136,8 +137,9 @@ check_live_nmap_basic() {
mapfile -t S116_L15_CHECK < <(awk -v IGNORECASE=1 -F\; '$2 $3 ~ /'"$SERVICE_NAME"'/' "$CSV_DIR"/s116_qemu_version_detection.csv || true)
if [[ "${#S116_L15_CHECK[@]}" -gt 0 ]]; then
for S116_L15_MATCH in "${S116_L15_CHECK[@]}"; do
print_output "[+] Service also detected with dynamic user-mode emulation (S115/S116):\\n $(indent "$ORANGE$S116_L15_MATCH$NC")"
echo "$S116_L15_MATCH" >> "$CSV_DIR"/l15_emulated_checks_nmap.csv
S116_L15_MATCH=$(echo "${S116_L15_MATCH}" | cut -d ';' -f3)
print_output "[+] Service also detected with dynamic user-mode emulation (S115/S116): ${ORANGE}${S116_L15_MATCH}${NC}"
done
fi
fi
Expand Down