Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

linux: alert tuning for k4spreader, injector, medusa, Sliver #517

Merged
merged 17 commits into from
Oct 17, 2024
Merged

linux: alert tuning for k4spreader, injector, medusa, Sliver #517

merged 17 commits into from
Oct 17, 2024

Conversation

tstromberg
Copy link
Collaborator

@tstromberg tstromberg commented Oct 13, 2024
edited
Loading

fixes #324 #325 #327

unrelated change: I changed the chrome testdata file from .md to .simple to be easier to reason about.

@tstromberg tstromberg requested a review from egibs October 13, 2024 23:51
@tstromberg tstromberg enabled auto-merge (squash) October 15, 2024 21:38
@tstromberg
Copy link
Collaborator Author

@egibs - this could use another look. thanks!

egibs
egibs reviewed Oct 17, 2024
View reviewed changes
test_data/javascript/clean/frequency_lists.js.simple
@@ -1,10 +1,12 @@
# javascript/clean/frequency_lists.js: high
# javascript/clean/frequency_lists.js: critical
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we allow any clean samples to register as critical?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In general, I would say no - but until we can define filetype rules, I think it's OK to present the fact that the rule is overly broad.

What I would like to define for combo/degrader/infection is: filetypes = "!js"

@tstromberg tstromberg merged commit fde0469 into chainguard-dev:main Oct 17, 2024
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@egibs egibs egibs approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add detection for Medusa preload
2 participants
@tstromberg @egibs