Path: blob/main/components/ee/agent-smith/cmd/signature-matches.go
2500 views
// Copyright (c) 2022 Gitpod GmbH. All rights reserved.1// Licensed under the GNU Affero General Public License (AGPL).2// See License.AGPL.txt in the project root for license information.34package cmd56import (7"encoding/json"8"fmt"9"os"1011"github.com/gitpod-io/gitpod/agent-smith/pkg/classifier"12"github.com/gitpod-io/gitpod/agent-smith/pkg/config"1314"github.com/gitpod-io/gitpod/common-go/log"15"github.com/spf13/cobra"16)1718// signatureElfdumpCmd represents the signatureElfdump command19var signatureMatchesCmd = &cobra.Command{20Use: "matches <binary>",21Short: "Finds all signatures that match the binary",22Args: cobra.MinimumNArgs(1),23Run: func(cmd *cobra.Command, args []string) {24f, err := os.OpenFile(args[0], os.O_RDONLY, 0644)25if err != nil {26log.Fatal(err)27}28defer f.Close()2930sfc := classifier.SignatureReadCache{31Reader: f,32}3334if cfgFile == "" {35log.Info("no config present - reading signature from STDIN")36var sig classifier.Signature37err := json.NewDecoder(os.Stdin).Decode(&sig)38if err != nil {39log.Fatal(err)40}4142match, err := sig.Matches(&sfc)43if err != nil {44log.Fatal(err)45}4647if !match {48fmt.Println("no match")49os.Exit(1)50}51fmt.Println(sig)52return53}5455cfg, err := config.GetConfig(cfgFile)56if err != nil {57log.WithError(err).Fatal("cannot get config")58}59if cfg.Blocklists == nil {60log.WithError(err).Fatal("no signatures configured")61}6263var res []*classifier.Signature64for _, bl := range cfg.Blocklists.Levels() {65for _, s := range bl.Signatures {66m, err := s.Matches(&sfc)67if err != nil {68log.WithError(err).WithField("signature", s.Name).Warn("cannot match signature")69continue70}71if !m {72log.WithField("signature", s.Name).Debug("no match")73continue74}75res = append(res, s)76}77}7879if len(res) == 0 {80os.Exit(1)81}8283for _, s := range res {84fmt.Println(s)85}86},87}8889func init() {90signatureCmd.AddCommand(signatureMatchesCmd)91}929394