Skip to content

Commit

Permalink
Merge branch 'main' into release-2.5
Browse files Browse the repository at this point in the history
  • Loading branch information
@ramanan-ravi
ramanan-ravi committed Dec 20, 2024
2 parents a6856d5 + f07b2ac commit 791930b
Show file tree
Hide file tree
Showing 15 changed files with 61 additions and 69 deletions.
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
export IMAGE_REPOSITORY?=quay.io/deepfenceio
export DF_IMG_TAG?=2.5.0
export DF_IMG_TAG?=2.5.2

all: yarahunter

Expand Down
6 changes: 3 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ Images may be compromised with the installation of a cryptominer such as XMRig.
Pull the official **yarahunter** image:

```
docker pull quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0
docker pull quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2
```

or Build it from source clone this repo and run below command
Expand Down Expand Up @@ -68,7 +68,7 @@ docker run -i --rm --name=deepfence-yarahunter \
-e DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key> \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /tmp:/home/deepfence/output \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \
--image-name metal3d/xmrig:latest \
--output=json > xmrig-scan.json
```
Expand All @@ -83,7 +83,7 @@ docker run -i --rm --name=deepfence-yarahunter \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /tmp:/home/deepfence/output \
-v /tmp/rules:/tmp/rules \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \
--image-name metal3d/xmrig:latest \
--output=json \
--rules-path=/tmp/rules > xmrig-scan.json
Expand Down
2 changes: 1 addition & 1 deletion docs/docs/yarahunter/configure/cli.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ title: Command-Line Options
Display the command line options:

```bash
$ docker run -it --rm quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 --help
$ docker run -it --rm quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 --help
```

Note that all files and directories used in YaraHunter configuration are local to the container, not the host filesystem. The examples given illustrate how to map host directories to the container when needed.
Expand Down
2 changes: 1 addition & 1 deletion docs/docs/yarahunter/configure/output.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ docker run -i --rm --name=yara-hunter \
-e DEEPFENCE_PRODUCT=<ThreatMapper or ThreatStryker> \
-e DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key> \
-v /var/run/docker.sock:/var/run/docker.sock \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \
--image-name node:latest \
# highlight-next-line
--output=json > xmrig-scan.json
Expand Down
2 changes: 1 addition & 1 deletion docs/docs/yarahunter/configure/rules.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ docker run -it --rm --name=yara-hunter \
-v /var/run/docker.sock:/var/run/docker.sock \
# highlight-next-line
-v $(pwd)/my-rules:/tmp/my-rules \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 --image-name node:latest \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 --image-name node:latest \
# highlight-next-line
--rules-path /tmp/my-rules
```
Expand Down
2 changes: 1 addition & 1 deletion docs/docs/yarahunter/img/yarahunter.svg
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
4 changes: 2 additions & 2 deletions docs/docs/yarahunter/index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ docker run -i --rm --name=deepfence-yarahunter \
-e DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key> \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /tmp:/home/deepfence/output \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \
--image-name metal3d/xmrig:latest \
--output=json > xmrig-scan.json
```
Expand All @@ -59,7 +59,7 @@ docker run -i --rm --name=deepfence-yarahunter \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /tmp:/home/deepfence/output \
-v /tmp/rules:/tmp/rules \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \
--image-name metal3d/xmrig:latest \
--output=json \
--rules-path=/tmp/rules > xmrig-scan.json
Expand Down
6 changes: 3 additions & 3 deletions docs/docs/yarahunter/quickstart.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ Pull the latest YaraHunter image, and use it to scan a `node:latest` container.
## Pull the latest YaraHunter image

```bash
docker pull quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0
docker pull quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2
```

## Generate License Key
Expand All @@ -30,7 +30,7 @@ docker run -i --rm --name=yara-hunter \
-e DEEPFENCE_PRODUCT=<ThreatMapper or ThreatStryker> \
-e DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key> \
-v /var/run/docker.sock:/var/run/docker.sock \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \
--image-name node:latest

docker rmi node:latest
Expand All @@ -46,7 +46,7 @@ docker run -i --rm --name=yara-hunter \
-e DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key> \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /tmp:/home/deepfence/output \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \
--image-name node:latest \
--output=json > node-latest.json

Expand Down
6 changes: 3 additions & 3 deletions docs/docs/yarahunter/using/build.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,11 @@ title: Build YaraHunter
YaraHunter is a self-contained docker-based tool. Clone the [YaraHunter repository](https://github.com/deepfence/YaraHunter), then build:

```bash
docker build --rm=true --tag=quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 -f Dockerfile .
docker build --rm=true --tag=quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 -f Dockerfile .
```

Alternatively, you can pull the official deepfence image at `quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0`.
Alternatively, you can pull the official deepfence image at `quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2`.

```bash
docker pull quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0
docker pull quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2
```
2 changes: 1 addition & 1 deletion docs/docs/yarahunter/using/grpc.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ docker run -it --rm --name=deepfence-malwarescanner \
-v $(pwd):/home/deepfence/output \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /tmp/sock:/tmp/sock \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \
-socket-path /tmp/sock/s.sock
```

Expand Down
6 changes: 3 additions & 3 deletions docs/docs/yarahunter/using/scan.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ docker run -it --rm --name=yara-hunter \
-e DEEPFENCE_PRODUCT=<ThreatMapper or ThreatStryker> \
-e DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key> \
-v /var/run/docker.sock:/var/run/docker.sock \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \
# highlight-next-line
--image-name node:latest

Expand All @@ -36,7 +36,7 @@ docker run -it --rm --name=yara-hunter \
-v /var/run/docker.sock:/var/run/docker.sock \
# highlight-next-line
-v /:/deepfence/mnt \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \
# highlight-next-line
--host-mount-path /deepfence/mnt --container-id 69221b948a73
```
Expand All @@ -51,7 +51,7 @@ docker run -it --rm --name=yara-hunter \
-e DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key> \
# highlight-next-line
-v ~/src/YARA-RULES:/tmp/YARA-RULES \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \
# highlight-next-line
--local /tmp/YARA-RULES --host-mount-path /tmp/YARA-RULES
```
Expand Down
16 changes: 8 additions & 8 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,14 @@ replace github.com/deepfence/agent-plugins-grpc => ./agent-plugins-grpc
require (
github.com/VirusTotal/gyp v0.9.0
github.com/deepfence/agent-plugins-grpc v0.0.0-00010101000000-000000000000
github.com/deepfence/golang_deepfence_sdk/client v0.0.0-20241112090544-f42aabb5dc7f
github.com/deepfence/golang_deepfence_sdk/utils v0.0.0-20241112090544-f42aabb5dc7f
github.com/deepfence/golang_deepfence_sdk/client v0.0.0-20241220101350-67a37a759769
github.com/deepfence/golang_deepfence_sdk/utils v0.0.0-20241220101350-67a37a759769
github.com/deepfence/match-scanner v0.0.0-20241104190155-00799508ab6c
github.com/gabriel-vasile/mimetype v1.4.6
github.com/hillu/go-yara/v4 v4.3.3
github.com/olekukonko/tablewriter v0.0.5
github.com/sirupsen/logrus v1.9.3
google.golang.org/grpc v1.67.1
google.golang.org/grpc v1.69.2
gopkg.in/yaml.v3 v3.0.1
)

Expand All @@ -40,7 +40,7 @@ require (
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
github.com/docker/go-units v0.5.0 // indirect
github.com/felixge/httpsnoop v1.0.3 // indirect
github.com/go-logr/logr v1.3.0 // indirect
github.com/go-logr/logr v1.4.2 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
Expand All @@ -66,14 +66,14 @@ require (
github.com/pkg/errors v0.9.1 // indirect
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 // indirect
go.opentelemetry.io/otel v1.21.0 // indirect
go.opentelemetry.io/otel/metric v1.21.0 // indirect
go.opentelemetry.io/otel/trace v1.21.0 // indirect
go.opentelemetry.io/otel v1.31.0 // indirect
go.opentelemetry.io/otel/metric v1.31.0 // indirect
go.opentelemetry.io/otel/trace v1.31.0 // indirect
golang.org/x/net v0.30.0 // indirect
golang.org/x/sync v0.8.0 // indirect
golang.org/x/sys v0.26.0 // indirect
golang.org/x/text v0.19.0 // indirect
google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 // indirect
google.golang.org/protobuf v1.35.1 // indirect
)
46 changes: 24 additions & 22 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,10 +40,10 @@ github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3H
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/deepfence/golang_deepfence_sdk/client v0.0.0-20241112090544-f42aabb5dc7f h1:XI49+zaunyxw7tlUzS8DHzf9PTvDp+/CQDF/xcyaxVU=
github.com/deepfence/golang_deepfence_sdk/client v0.0.0-20241112090544-f42aabb5dc7f/go.mod h1:UkHg/qLuPVnTqx4fPwmc2DhlNp5isdYwIxQ63B9JB4o=
github.com/deepfence/golang_deepfence_sdk/utils v0.0.0-20241112090544-f42aabb5dc7f h1:819FVayVu5J10JSXfIxl75kiQDF73/aTxkOrImtviNU=
github.com/deepfence/golang_deepfence_sdk/utils v0.0.0-20241112090544-f42aabb5dc7f/go.mod h1:QdyXNUGNYGPMj8ls9R4N1y/IzmM7LrBQSBC/QuYCX+U=
github.com/deepfence/golang_deepfence_sdk/client v0.0.0-20241220101350-67a37a759769 h1:c55yJVYimo2iGiJcVH/cqpqXUdKgQ5PMGGcKZHqLkLA=
github.com/deepfence/golang_deepfence_sdk/client v0.0.0-20241220101350-67a37a759769/go.mod h1:UkHg/qLuPVnTqx4fPwmc2DhlNp5isdYwIxQ63B9JB4o=
github.com/deepfence/golang_deepfence_sdk/utils v0.0.0-20241220101350-67a37a759769 h1:p5l4xp6CcZE4XqiRATyx8C+X44Ij7jVRxGaDq8UhVM4=
github.com/deepfence/golang_deepfence_sdk/utils v0.0.0-20241220101350-67a37a759769/go.mod h1:QdyXNUGNYGPMj8ls9R4N1y/IzmM7LrBQSBC/QuYCX+U=
github.com/deepfence/match-scanner v0.0.0-20241104190155-00799508ab6c h1:0nXgsUJAvP3tgENagcuKlzb92AZFbBAONSE1QmEJzYc=
github.com/deepfence/match-scanner v0.0.0-20241104190155-00799508ab6c/go.mod h1:mrnCFKtEOzLlNUkagkwQeWWdPtrVIZLc7nbEX/7PbaU=
github.com/deepfence/vessel v0.13.0 h1:QRtjtuvSXdjrFt4Nb0SE8FO4n7aUtblFY6am/c9oeIQ=
Expand All @@ -69,8 +69,8 @@ github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSw
github.com/gabriel-vasile/mimetype v1.4.6 h1:3+PzJTKLkvgjeTbts6msPJt4DixhT4YtFNf1gtGe3zc=
github.com/gabriel-vasile/mimetype v1.4.6/go.mod h1:JX1qVKqZd40hUPpAfiNTe0Sne7hdfKSbOqqmkq8GCXc=
github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
Expand Down Expand Up @@ -177,26 +177,28 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 h1:x8Z78aZx8cOF0+Kkazoc7lwUNMGy0LrzEMxTm4BbTxg=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0/go.mod h1:62CPTSry9QZtOaSsE3tOzhx6LzDhHnXJ6xHeMNNiM6Q=
go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc=
go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo=
go.opentelemetry.io/otel v1.31.0 h1:NsJcKPIW0D0H3NgzPDHmo0WW6SptzPdqg/L1zsIm2hY=
go.opentelemetry.io/otel v1.31.0/go.mod h1:O0C14Yl9FgkjqcCZAsE053C13OaddMYr/hz6clDkEJE=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 h1:Mne5On7VWdx7omSrSSZvM4Kw7cS7NQkOOmLcgscI51U=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0/go.mod h1:IPtUMKL4O3tH5y+iXVyAXqpAwMuzC1IrxVS81rummfE=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0 h1:IeMeyr1aBvBiPVYihXIaeIZba6b8E1bYp7lbdxK8CQg=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0/go.mod h1:oVdCUtjq9MK9BlS7TtucsQwUcXcymNiEDjgDD2jMtZU=
go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4=
go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM=
go.opentelemetry.io/otel/sdk v1.21.0 h1:FTt8qirL1EysG6sTQRZ5TokkU8d0ugCj8htOgThZXQ8=
go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E=
go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc=
go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ=
go.opentelemetry.io/otel/metric v1.31.0 h1:FSErL0ATQAmYHUIzSezZibnyVlft1ybhy4ozRPcF2fE=
go.opentelemetry.io/otel/metric v1.31.0/go.mod h1:C3dEloVbLuYoX41KpmAhOqNriGbA+qqH6PQ5E5mUfnY=
go.opentelemetry.io/otel/sdk v1.31.0 h1:xLY3abVHYZ5HSfOg3l2E5LUj2Cwva5Y7yGxnSW9H5Gk=
go.opentelemetry.io/otel/sdk v1.31.0/go.mod h1:TfRbMdhvxIIr/B2N2LQW2S5v9m3gOQ/08KsbbO5BPT0=
go.opentelemetry.io/otel/sdk/metric v1.31.0 h1:i9hxxLJF/9kkvfHppyLL55aW7iIJz4JjxTeYusH7zMc=
go.opentelemetry.io/otel/sdk/metric v1.31.0/go.mod h1:CRInTMVvNhUKgSAMbKyTMxqOBC0zgyxzW55lZzX43Y8=
go.opentelemetry.io/otel/trace v1.31.0 h1:ffjsj1aRouKewfr85U2aGagJ46+MvodynlQ1HYdmJys=
go.opentelemetry.io/otel/trace v1.31.0/go.mod h1:TXZkRk7SM2ZQLtR6eoAWQFIHPvzQ06FJAsO1tJg480A=
go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I=
go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
Expand Down Expand Up @@ -261,17 +263,17 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98
google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3 h1:1hfbdAfFbkmpg41000wDVqr7jUpK/Yo+LPnIxxGzmkg=
google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3/go.mod h1:5RBcpGRxr25RbDzY5w+dmaqpSEvl8Gwl1x2CICf60ic=
google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 h1:wKguEg1hsxI2/L3hUYrpo1RVi48K+uTyzKqprwLXsb8=
google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142/go.mod h1:d6be+8HhtEtucleCbxpPW9PA9XwISACu8nvpPqF0BVo=
google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 h1:e7S5W7MGGLaSu8j3YjdezkZ+m1/Nm0uRVRMEMGk26Xs=
google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53 h1:fVoAXEKA4+yufmbdVYv+SE73+cPZbbbe8paLsHfkK+U=
google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53/go.mod h1:riSXTwQ4+nqmPGtobMFyW5FqVAmIs0St6VPp4Ug7CE4=
google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 h1:X58yt85/IXCx0Y3ZwN6sEIKZzQtDEYaBWrDvErdXrRE=
google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E=
google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU=
google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
Expand Down
9 changes: 4 additions & 5 deletions pkg/output/output.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,19 +3,18 @@ package output
import (
"encoding/json"
"fmt"
"os"
"path/filepath"
"strings"
"time"
"unicode/utf8"

"github.com/deepfence/YaraHunter/utils"
pb "github.com/deepfence/agent-plugins-grpc/srcgo"
log "github.com/sirupsen/logrus"

// "github.com/fatih/color"

"os"
"strings"
"time"
"unicode/utf8"

tw "github.com/olekukonko/tablewriter"
)

Expand Down
19 changes: 5 additions & 14 deletions pkg/scan/process_image.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package scan
import (
"bytes"
"errors"
"fmt"
"io"
"math"
"os/exec"
Expand All @@ -11,8 +12,6 @@ import (
"syscall"
"unsafe"

"fmt"

"github.com/gabriel-vasile/mimetype"

"github.com/deepfence/YaraHunter/pkg/output"
Expand All @@ -34,13 +33,6 @@ type manifestItem struct {
LayerIds []string `json:",omitempty"`
}

type fileMatches struct {
fileName string
iocs []output.IOCFound
updatedScore float64
updatedSeverity string
}

func calculateSeverity(lenMatch int, severity string, severityScore float64) (string, float64) {

updatedSeverity := "low"
Expand Down Expand Up @@ -214,12 +206,11 @@ func ScanFile(s *Scanner, fileName string, f io.ReadSeeker, fsize int, iocs *[]o
Matches: matches,
})
}
var fileMat fileMatches
fileMat.fileName = fileName
fileMat.iocs = iocsFound
updatedSeverity, updatedScore := calculateSeverity(totalMatches, "low", 0)
fileMat.updatedSeverity = updatedSeverity
fileMat.updatedScore = updatedScore
if updatedSeverity == "low" {
// Ignore low severity malwares
return nil
}
if len(matches) > 0 {
for _, m := range iocsFound {
m.FileSeverity = updatedSeverity
Expand Down

0 comments on commit 791930b

Please sign in to comment.