From 17502df7ab4a33a32af825072d8a101959ca010b Mon Sep 17 00:00:00 2001 From: Anthony Fielding Date: Fri, 19 Apr 2024 10:00:10 +0100 Subject: [PATCH] Add detection of CodeMeter obfuscation --- checks/unwanted_files.go | 1 + checks/unwanted_files_test.go | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/checks/unwanted_files.go b/checks/unwanted_files.go index 8acfcc9..bfb913a 100644 --- a/checks/unwanted_files.go +++ b/checks/unwanted_files.go @@ -17,6 +17,7 @@ func detectUnwantedFiles(r *report.Report) { processUnwantedFiles(r, []string{"*.pyd"}, "Python-compiled DLL", []string{"Do not upload Python-compiled DLLs (.pyd files)."}) processUnwantedFiles(r, []string{"*.pyc"}, "compiled Python file", []string{"Veracode requires Python source code for analysis. Do not upload compiled Python files."}) processUnwantedFiles(r, []string{"*.deploy"}, "ClickOnce \".deploy\" files", []string{"Veracode does not support ClickOnce deployments."}) + processUnwantedFiles(r, []string{"WibuCmNET.dll"}, "CodeMeter obfuscation file", []string{"Do not use code obfuscation tools other than Dotfuscator Community Edition. Using other code obfuscation tools may prevent the static binary scan from succeeding."}) } func processUnwantedFiles(r *report.Report, filePatterns []string, fileType string, recommendations []string) { diff --git a/checks/unwanted_files_test.go b/checks/unwanted_files_test.go index d6311f3..023f2d3 100644 --- a/checks/unwanted_files_test.go +++ b/checks/unwanted_files_test.go @@ -59,4 +59,21 @@ func TestUnwantedFiles(t *testing.T) { assert.Contains(t, testReport.Issues[1].Description, "A compiled Python file was uploaded: \"test.pyc\"") assert.Equal(t, 3, len(testReport.Recommendations)) }) + + t.Run("Scan contains WibuCmNET.dll which is an indicator of CodeMeter obfuscation", func(t *testing.T) { + t.Parallel() + testReport := report.Report{ + UploadedFiles: []report.UploadedFile{ + {Id: 222222, Name: "WibucmNeT.dll", MD5: "hash2", IsIgnored: false, IsThirdParty: false}, + {Id: 222222, Name: "app.dll", MD5: "hash2", IsIgnored: false, IsThirdParty: false}, + }, + Issues: []report.Issue{}, + } + + detectUnwantedFiles(&testReport) + + assert.Equal(t, 1, len(testReport.Issues)) + assert.Contains(t, testReport.Issues[0].Description, "CodeMeter obfuscation file") + assert.Equal(t, 2, len(testReport.Recommendations)) + }) }