Improve detection for Python setuptools backdoors #164
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Fix GoReleaser * Add project_name * Remove problematic MS repository from Checks * Repository has been fixed
…d-dev#171) Bumps the all group with 1 update: [actions/checkout](https://github.com/actions/checkout). Updates `actions/checkout` from 4.1.3 to 4.1.4 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@1d96c77...0ad4b8f) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Add ThreatHunting-Keywords-yara-rules * Update README * Remove superfluous mkdir command * Fix tests * Fix tests * Remove merge artifacts * Pin rules to a known commit; add check for updates * Re-add -s * Avoid using jq for portability * Add new commit to output * Fix test
…v#172) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 4.0.0 to 5.0.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@3cfe3a4...82d40c2) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Thomas Strömberg <t+github@chainguard.dev> Co-authored-by: Ville Aikas <11279988+vaikas@users.noreply.github.com>
tstromberg
changed the title
tstromberg
changed the title
tstromberg
changed the title
tstromberg
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Our Python rules didn't reliably match the use of "setuptools"; often we'll use the fact that the script is a library installer to up the suspicion level.
This does add a private rule that we copy around to a couple of files. The lack of re-use isn't great, and neither is the private rule behavior. The use of a private rule means we're unable to see or extract the strings related to it and present it to the user.
This also fixes a misfeature in
report.gowhere we'd use the longest rule match description even if the rule had less criticality. This was being seen in the py_setuptools backdoor combo rule.