-
Notifications
You must be signed in to change notification settings - Fork 6
/
setup.go
141 lines (119 loc) · 4.03 KB
/
setup.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
package main
import (
"fmt"
"log"
"os"
"path/filepath"
"github.com/fatih/color"
"github.com/gobwas/glob"
"github.com/gwillem/urlfilecache"
"github.com/jessevdk/go-flags"
)
type (
hashDB map[uint64]struct{}
walkStats struct {
totalFiles int
filesWithSuspectLines int
filesWithChanges int
filesWithoutChanges int
filesNoCode int
filesCustomCode int
undetectedPaths []string
}
baseArgs struct {
Path struct {
Path []string `positional-arg-name:"<path>" required:"1"`
} `positional-args:"yes" description:"Scan file or dir" required:"true"`
Database string `short:"d" long:"database" description:"Hash database path (default: download Sansec database)"`
Add bool `short:"a" long:"add" description:"Add new hashes to DB, do not check"`
Merge bool `short:"m" long:"merge" description:"Merge databases"`
IgnorePaths bool `short:"i" long:"ignore-paths" description:"Scan everything, not just core paths."`
SuspectOnly bool `short:"s" long:"suspect" description:"Show suspect code lines only."`
AllValidText bool `short:"t" long:"text" description:"Scan all valid UTF-8 text files, instead of just files with valid prefixes."`
NoCMS bool `long:"no-cms" description:"Don't check for CMS root when adding hashes. Do add file paths."`
Verbose bool `short:"v" long:"verbose" description:"Show what is going on"`
PathFilter string `short:"f" long:"path-filter" description:"Applies a path filter prior to diffing (e.g. vendor/magento)"`
}
)
func (stats *walkStats) percentage(of int) float64 {
return float64(of) / float64(stats.totalFiles) * 100
}
const (
hashDBURL = "https://sansec.io/downloads/corediff-db/corediff.bin"
maxTokenSize = 1024 * 1024 * 10 // 10 MB
)
var (
boldred = color.New(color.FgHiRed, color.Bold).SprintFunc()
grey = color.New(color.FgHiBlack).SprintFunc()
boldwhite = color.New(color.FgHiWhite).SprintFunc()
warn = color.New(color.FgYellow, color.Bold).SprintFunc()
alarm = color.New(color.FgHiWhite, color.BgHiRed, color.Bold).SprintFunc()
green = color.New(color.FgGreen).SprintFunc()
logLevel = 1
buf = make([]byte, 0, maxTokenSize)
scanExts = []string{"php", "phtml", "js", "htaccess", "sh"}
skipLines = [][]byte{
[]byte("*"),
[]byte("/*"),
[]byte("//"),
[]byte("#"),
}
cmsPaths = []string{
"/app/etc/local.xml",
"/app/etc/env.php",
"/wp-config.php",
"/lib/internal/Magento",
"/app/design/frontend/Magento",
}
// They vary often, so add these to core paths when adding signatures
// However, do process their contents, so files can be inspected with
// corediff --ignore-paths
excludePaths = []glob.Glob{
// "vendor/composer/**",
glob.MustCompile("vendor/composer/autoload_*.php"),
glob.MustCompile("generated/**"),
glob.MustCompile("var/**"),
}
)
func setup() *baseArgs {
var err error
color.NoColor = false
args := &baseArgs{}
argParser := flags.NewParser(args, flags.HelpFlag|flags.PrintErrors|flags.PassDoubleDash)
if _, err := argParser.Parse(); err != nil {
os.Exit(1)
}
if args.Verbose {
logLevel = 3
}
if args.Database == "" {
if args.Merge {
fmt.Println("Can't merge without given --database file")
os.Exit(1)
}
// fmt.Println("Using default hash database from", hashDBURL)
args.Database = urlfilecache.ToPath(hashDBURL)
}
for i, path := range args.Path.Path {
if !pathExists(path) {
fmt.Println("Path", path, "does not exist?")
os.Exit(1)
}
path, err = filepath.Abs(path)
if err != nil {
log.Fatal("Error getting absolute path:", err)
}
path, err = filepath.EvalSymlinks(path)
if err != nil {
log.Fatal("Error eval'ing symlinks for", path, err)
}
if !args.Merge && !args.IgnorePaths && !args.NoCMS && !isCmsRoot(path) {
fmt.Println("!!!", path)
fmt.Println("Path does not seem to be an application root path, so we cannot check official root paths.")
fmt.Println("Try again with proper root path, or do a full scan with --ignore-paths")
os.Exit(1)
}
args.Path.Path[i] = path
}
return args
}