diff --git a/helpers/helpers_emba_dependency_check.sh b/helpers/helpers_emba_dependency_check.sh index 95307d184..6b43cf972 100755 --- a/helpers/helpers_emba_dependency_check.sh +++ b/helpers/helpers_emba_dependency_check.sh @@ -564,7 +564,7 @@ dependency_check() check_dep_file "sudo-parser script" "${EXT_DIR}""/sudo-parser.pl" # BMC firmware decryptor - https://github.com/c0d3z3r0/smcbmc - check_dep_file "BMC decryptor" "$EXT_DIR""/smcbmc/smcbmc.py" + check_dep_file "BMC decryptor" "${EXT_DIR}""/smcbmc/smcbmc.py" # sh3llcheck - I know it's a typo, but this particular tool nags about it check_dep_tool "shellcheck script" "shellcheck" diff --git a/installer.sh b/installer.sh index cfa8f5adc..66f3c707f 100755 --- a/installer.sh +++ b/installer.sh @@ -20,14 +20,14 @@ STRICT_MODE=1 ORIG_USER="${SUDO_USER:-${USER}}" -ORIG_GROUP=$(groups "$ORIG_USER" | cut -d: -f2 | awk '{print $1}') +ORIG_GROUP=$(groups "${ORIG_USER}" | cut -d: -f2 | awk '{print $1}') export DEBIAN_FRONTEND=noninteractive export INSTALL_APP_LIST=() export DOWNLOAD_FILE_LIST=() export INSTALLER_DIR="./installer" -if [[ "$STRICT_MODE" -eq 1 ]]; then +if [[ "${STRICT_MODE}" -eq 1 ]]; then export DEBUG_SCRIPT=0 if [[ -f "./helpers/helpers_emba_load_strict_settings.sh" ]]; then # shellcheck source=/dev/null @@ -68,58 +68,58 @@ export NC="\033[0m" # no color ## Attribute definition export BOLD="\033[1m" -echo -e "\\n""$ORANGE""$BOLD""EMBA - Embedded Linux Analyzer Installer""$NC" -echo -e "$BOLD""=================================================================""$NC" +echo -e "\\n""${ORANGE}""${BOLD}""EMBA - Embedded Linux Analyzer Installer""${NC}" +echo -e "${BOLD}""=================================================================""${NC}" # import all the installation modules -mapfile -t INSTALLERS < <(find "$INSTALLER_DIR" -iname "*.sh" 2> /dev/null) +mapfile -t INSTALLERS < <(find "${INSTALLER_DIR}" -iname "*.sh" 2> /dev/null) INSTALLER_COUNT=0 for INSTALLER_FILE in "${INSTALLERS[@]}" ; do # https://github.com/koalaman/shellcheck/wiki/SC1090 # shellcheck source=/dev/null - source "$INSTALLER_FILE" + source "${INSTALLER_FILE}" (( INSTALLER_COUNT+=1 )) done echo "" -echo -e "==> ""$GREEN""Imported ""$INSTALLER_COUNT"" installer module files""$NC" +echo -e "==> ""${GREEN}""Imported ""${INSTALLER_COUNT}"" installer module files""${NC}" echo "" if [[ "$#" -le 1 ]] && [[ "$#" -gt 2 ]]; then - echo -e "$RED""$BOLD""Invalid number of arguments""$NC" + echo -e "${RED}""${BOLD}""Invalid number of arguments""${NC}" echo -e "\n\n------------------------------------------------------------------" echo -e "If you are going to install EMBA in default mode you can use:" - echo -e "$CYAN"" sudo ./installer.sh -d""$NC" + echo -e "${CYAN}"" sudo ./installer.sh -d""${NC}" echo -e "------------------------------------------------------------------\n\n" print_help exit 1 fi while getopts CdDFghlrsc: OPT ; do - case $OPT in + case ${OPT} in d) export DOCKER_SETUP=1 export CVE_SEARCH=0 - echo -e "$GREEN""$BOLD""Install all dependecies for EMBA in default/docker mode""$NC" + echo -e "${GREEN}""${BOLD}""Install all dependecies for EMBA in default/docker mode""${NC}" ;; D) export IN_DOCKER=1 export DOCKER_SETUP=0 export CVE_SEARCH=0 - echo -e "$GREEN""$BOLD""Install EMBA in docker image - used for building a docker image""$NC" + echo -e "${GREEN}""${BOLD}""Install EMBA in docker image - used for building a docker image""${NC}" ;; F) export FULL=1 export DOCKER_SETUP=0 export CVE_SEARCH=1 - echo -e "$GREEN""$BOLD""Install all dependecies for developer mode""$NC" + echo -e "${GREEN}""${BOLD}""Install all dependecies for developer mode""${NC}" ;; g) export DOCKER_SETUP=1 export GH_ACTION=1 export CVE_SEARCH=0 - echo -e "$GREEN""$BOLD""Install all dependecies for EMBA test via Github actions""$NC" - echo -e "$GREEN""$BOLD""This mode is a default installation without populating the CVE-search database""$NC" + echo -e "${GREEN}""${BOLD}""Install all dependecies for EMBA test via Github actions""${NC}" + echo -e "${GREEN}""${BOLD}""This mode is a default installation without populating the CVE-search database""${NC}" ;; h) print_help @@ -129,21 +129,21 @@ while getopts CdDFghlrsc: OPT ; do export LIST_DEP=1 export CVE_SEARCH=0 export DOCKER_SETUP=0 - echo -e "$GREEN""$BOLD""List all dependecies (Warning: deprecated feature)""$NC" + echo -e "${GREEN}""${BOLD}""List all dependecies (Warning: deprecated feature)""${NC}" ;; r) export REMOVE=1 - echo -e "$GREEN""$BOLD""Remove EMBA from the system""$NC" + echo -e "${GREEN}""${BOLD}""Remove EMBA from the system""${NC}" ;; s) export SSL_REPOS=1 - echo -e "$GREEN""$BOLD""HTTPS repos are used for installation""$NC" + echo -e "${GREEN}""${BOLD}""HTTPS repos are used for installation""${NC}" ;; c) - export CONTAINER="$OPTARG" + export CONTAINER="${OPTARG}" ;; *) - echo -e "$RED""$BOLD""Invalid option""$NC" + echo -e "${RED}""${BOLD}""Invalid option""${NC}" print_help exit 1 ;; @@ -158,24 +158,24 @@ if ! [[ -v CONTAINER ]]; then fi fi -if [[ "$LIST_DEP" -eq 1 ]]; then - echo -e "\n${ORANGE}WARNING: This feature is deprecated and not maintained anymore.$NC" +if [[ "${LIST_DEP}" -eq 1 ]]; then + echo -e "\n${ORANGE}WARNING: This feature is deprecated and not maintained anymore.${NC}" read -p "If you know what you are doing you can press any key to continue ..." -n1 -s -r fi # WSL support - currently experimental! if grep -q -i wsl /proc/version; then - echo -e "\n${ORANGE}INFO: System running in WSL environment!$NC" - echo -e "\n${ORANGE}INFO: WSL is currently experimental!$NC" - echo -e "\n${ORANGE}Please check the documentation https://github.com/e-m-b-a/emba/wiki/Installation#prerequisites$NC" - echo -e "\n${ORANGE}WARNING: If you are using WSL2, disable docker integration from the docker-desktop daemon!$NC" + echo -e "\n${ORANGE}INFO: System running in WSL environment!${NC}" + echo -e "\n${ORANGE}INFO: WSL is currently experimental!${NC}" + echo -e "\n${ORANGE}Please check the documentation https://github.com/e-m-b-a/emba/wiki/Installation#prerequisites${NC}" + echo -e "\n${ORANGE}WARNING: If you are using WSL2, disable docker integration from the docker-desktop daemon!${NC}" read -p "If you know what you are doing you can press any key to continue ..." -n1 -s -r WSL=1 fi # distribution check if ! grep -Eq "ID(_LIKE)?=(\")?(ubuntu)?( )?(debian)?" /etc/os-release 2>/dev/null ; then - echo -e "\\n""$RED""EMBA only supports debian based distributions!""$NC\\n" + echo -e "\\n""${RED}""EMBA only supports debian based distributions!""${NC}\\n" print_help exit 1 elif ! grep -q "kali" /etc/debian_version 2>/dev/null ; then @@ -184,14 +184,14 @@ elif ! grep -q "kali" /etc/debian_version 2>/dev/null ; then OTHER_OS=1 UBUNTU_OS=1 elif grep -q "PRETTY_NAME=\"Ubuntu 20.04 LTS\"" /etc/os-release 2>/dev/null ; then - echo -e "\\n""$RED""EMBA is not fully supported on Ubuntu 20.04 LTS.""$NC" - echo -e "$RED""For EMBA installation you need to update docker-compose manually. See also https://github.com/e-m-b-a/emba/issues/247""$NC" - echo -e "\\n""$ORANGE""Please check the documentation https://github.com/e-m-b-a/emba/wiki/Installation#prerequisites""$NC" + echo -e "\\n""${RED}""EMBA is not fully supported on Ubuntu 20.04 LTS.""${NC}" + echo -e "${RED}""For EMBA installation you need to update docker-compose manually. See also https://github.com/e-m-b-a/emba/issues/247""${NC}" + echo -e "\\n""${ORANGE}""Please check the documentation https://github.com/e-m-b-a/emba/wiki/Installation#prerequisites""${NC}" read -p "If you have updated docker-compose you can press any key to continue ..." -n1 -s -r OTHER_OS=0 # installation procedure identical to kali install UBUNTU_OS=0 # installation procedure identical to kali install else - echo -e "\n${ORANGE}WARNING: compatibility of distribution/version unknown!$NC" + echo -e "\n${ORANGE}WARNING: compatibility of distribution/version unknown!${NC}" OTHER_OS=1 read -p "If you know what you are doing you can press any key to continue ..." -n1 -s -r fi @@ -205,8 +205,8 @@ if ! uname -m | grep -q "x86_64" 2>/dev/null; then read -p "If you know what you are doing you can press any key to continue ..." -n1 -s -r fi -if ! [[ $EUID -eq 0 ]] && [[ $LIST_DEP -eq 0 ]] ; then - echo -e "\\n""$RED""Run EMBA installation script with root permissions!""$NC\\n" +if ! [[ ${EUID} -eq 0 ]] && [[ ${LIST_DEP} -eq 0 ]] ; then + echo -e "\\n""${RED}""Run EMBA installation script with root permissions!""${NC}\\n" print_help exit 1 fi @@ -215,14 +215,14 @@ fi HOME_PATH=$(pwd) -if [[ "$REMOVE" -eq 1 ]]; then +if [[ "${REMOVE}" -eq 1 ]]; then R00_emba_remove exit 0 fi # quick check if we have enough disk space for the docker image -if [[ "$IN_DOCKER" -eq 0 ]]; then +if [[ "${IN_DOCKER}" -eq 0 ]]; then if [[ -d "/var/lib/docker/" ]]; then # docker is already installed DDISK="/var/lib/docker" @@ -231,11 +231,11 @@ if [[ "$IN_DOCKER" -eq 0 ]]; then DDISK="/var/lib/" fi - FREE_SPACE=$(df --output=avail "$DDISK" | awk 'NR==2') - if [[ "$FREE_SPACE" -lt 13000000 ]]; then - echo -e "\\n""$ORANGE""EMBA installation in default mode needs a minimum of 13Gig for the docker image""$NC" - echo -e "\\n""$ORANGE""Please free enough space on /var/lib/docker""$NC" - echo -e "\\n""$ORANGE""Please check the documentation https://github.com/e-m-b-a/emba/wiki/Installation#prerequisites""$NC" + FREE_SPACE=$(df --output=avail "${DDISK}" | awk 'NR==2') + if [[ "${FREE_SPACE}" -lt 13000000 ]]; then + echo -e "\\n""${ORANGE}""EMBA installation in default mode needs a minimum of 13Gig for the docker image""${NC}" + echo -e "\\n""${ORANGE}""Please free enough space on /var/lib/docker""${NC}" + echo -e "\\n""${ORANGE}""Please check the documentation https://github.com/e-m-b-a/emba/wiki/Installation#prerequisites""${NC}" echo "" df -h || true echo "" @@ -243,29 +243,29 @@ if [[ "$IN_DOCKER" -eq 0 ]]; then fi TOTAL_MEMORY="$(grep MemTotal /proc/meminfo | awk '{print $2}' || true)" - if [[ "$TOTAL_MEMORY" -lt 4000000 ]]; then - echo -e "\\n""$ORANGE""EMBA installation in default mode needs a minimum of 4Gig of RAM""$NC" - echo -e "\\n""$ORANGE""Please check the documentation https://github.com/e-m-b-a/emba/wiki/Installation#prerequisites""$NC" + if [[ "${TOTAL_MEMORY}" -lt 4000000 ]]; then + echo -e "\\n""${ORANGE}""EMBA installation in default mode needs a minimum of 4Gig of RAM""${NC}" + echo -e "\\n""${ORANGE}""Please check the documentation https://github.com/e-m-b-a/emba/wiki/Installation#prerequisites""${NC}" echo "" read -p "If you know what you are doing you can press any key to continue ..." -n1 -s -r fi fi -if [[ $LIST_DEP -eq 0 ]] ; then +if [[ ${LIST_DEP} -eq 0 ]] ; then if ! [[ -d "external" ]] ; then - echo -e "\\n""$ORANGE""Created external directory: ./external""$NC" + echo -e "\\n""${ORANGE}""Created external directory: ./external""${NC}" mkdir external # currently this is needed for full install on Ubuntu # the freetz installation is running as freetzuser and needs write access: - chown "$ORIG_USER":"$ORIG_GROUP" ./external + chown "${ORIG_USER}":"${ORIG_GROUP}" ./external chmod 777 ./external else - echo -e "\\n""$ORANGE""WARNING: external directory available: ./external""$NC" - echo -e "$ORANGE""Please remove it before proceeding ... exit now""$NC" + echo -e "\\n""${ORANGE}""WARNING: external directory available: ./external""${NC}" + echo -e "${ORANGE}""Please remove it before proceeding ... exit now""${NC}" exit 1 fi - echo -e "\\n""$ORANGE""Update package lists.""$NC" + echo -e "\\n""${ORANGE}""Update package lists.""${NC}" if [[ "${SSL_REPOS}" -eq 1 ]]; then sed -i 's/deb http:\/\//deb https:\/\//g' /etc/apt/sources.list sed -i 's/deb-src http:\/\//deb-src https:\/\//g' /etc/apt/sources.list @@ -283,30 +283,30 @@ activate_pipenv "./external/emba_venv" I01_default_apps_host DOCKER_COMP_VER=$(docker-compose -v | grep version | tr '-' ' ' | awk '{print $4}' | tr -d ',' | sed 's/^v//') -if [[ $(version "$DOCKER_COMP_VER") -lt $(version "1.28.5") ]]; then - echo -e "\n${ORANGE}WARNING: compatibility of the used docker-compose version is unknown!$NC" - echo -e "\n${ORANGE}Please consider updating your docker-compose installation to version 1.28.5 or later.$NC" - echo -e "\n${ORANGE}Please check the EMBA wiki for further details: https://github.com/e-m-b-a/emba/wiki/Installation#prerequisites$NC" +if [[ $(version "${DOCKER_COMP_VER}") -lt $(version "1.28.5") ]]; then + echo -e "\n${ORANGE}WARNING: compatibility of the used docker-compose version is unknown!${NC}" + echo -e "\n${ORANGE}Please consider updating your docker-compose installation to version 1.28.5 or later.${NC}" + echo -e "\n${ORANGE}Please check the EMBA wiki for further details: https://github.com/e-m-b-a/emba/wiki/Installation#prerequisites${NC}" read -p "If you know what you are doing you can press any key to continue ..." -n1 -s -r fi -if [[ "$OTHER_OS" -eq 1 ]]; then +if [[ "${OTHER_OS}" -eq 1 ]]; then # UBUNTU - if [[ "$UBUNTU_OS" -eq 1 ]]; then + if [[ "${UBUNTU_OS}" -eq 1 ]]; then ID1_ubuntu_os fi fi INSTALL_APP_LIST=() -if [[ "$WSL" -eq 1 ]]; then +if [[ "${WSL}" -eq 1 ]]; then echo "[*] Starting dockerd manually in wsl environments:" dockerd --iptables=false & sleep 3 reset fi -if [[ "$CVE_SEARCH" -ne 1 ]] || [[ "$DOCKER_SETUP" -ne 1 ]] || [[ "$IN_DOCKER" -eq 1 ]]; then +if [[ "${CVE_SEARCH}" -ne 1 ]] || [[ "${DOCKER_SETUP}" -ne 1 ]] || [[ "${IN_DOCKER}" -eq 1 ]]; then I01_default_apps @@ -349,25 +349,25 @@ fi IF20_cve_search deactivate -cd "$HOME_PATH" || exit 1 +cd "${HOME_PATH}" || exit 1 # we reset the permissions of external from 777 back to 755: chmod 755 ./external -if [[ "$LIST_DEP" -eq 0 ]] || [[ $IN_DOCKER -eq 0 ]] || [[ $DOCKER_SETUP -eq 1 ]] || [[ $FULL -eq 1 ]]; then - echo -e "\\n""$MAGENTA""$BOLD""Installation notes:""$NC" - echo -e "\\n""$MAGENTA""INFO: The cron.daily update script for EMBA is located in config/emba_updater""$NC" - echo -e "$MAGENTA""INFO: For automatic updates it should be copied to /etc/cron.daily/""$NC" - echo -e "$MAGENTA""INFO: For manual updates just start it via sudo ./config/emba_updater""$NC" +if [[ "${LIST_DEP}" -eq 0 ]] || [[ ${IN_DOCKER} -eq 0 ]] || [[ ${DOCKER_SETUP} -eq 1 ]] || [[ ${FULL} -eq 1 ]]; then + echo -e "\\n""${MAGENTA}""${BOLD}""Installation notes:""${NC}" + echo -e "\\n""${MAGENTA}""INFO: The cron.daily update script for EMBA is located in config/emba_updater""${NC}" + echo -e "${MAGENTA}""INFO: For automatic updates it should be copied to /etc/cron.daily/""${NC}" + echo -e "${MAGENTA}""INFO: For manual updates just start it via sudo ./config/emba_updater""${NC}" - echo -e "\\n""$MAGENTA""WARNING: If you plan using the emulator (-E switch) your host and your internal network needs to be protected.""$NC" + echo -e "\\n""${MAGENTA}""WARNING: If you plan using the emulator (-E switch) your host and your internal network needs to be protected.""${NC}" - echo -e "\\n""$MAGENTA""INFO: Do not forget to checkout current development of EMBA at https://github.com/e-m-b-a.""$NC" + echo -e "\\n""${MAGENTA}""INFO: Do not forget to checkout current development of EMBA at https://github.com/e-m-b-a.""${NC}" fi -if [[ "$WSL" -eq 1 ]]; then - echo -e "\\n""$MAGENTA""INFO: In the current WSL installation the docker and mongod services started manually!""$NC" +if [[ "${WSL}" -eq 1 ]]; then + echo -e "\\n""${MAGENTA}""INFO: In the current WSL installation the docker and mongod services started manually!""${NC}" fi -if [[ "$LIST_DEP" -eq 0 ]]; then - echo -e "$GREEN""EMBA installation finished ""$NC" +if [[ "${LIST_DEP}" -eq 0 ]]; then + echo -e "${GREEN}""EMBA installation finished ""${NC}" fi diff --git a/modules/L10_system_emulation/fixImage.sh b/modules/L10_system_emulation/fixImage.sh index abb859dd7..d3f9de4e0 100755 --- a/modules/L10_system_emulation/fixImage.sh +++ b/modules/L10_system_emulation/fixImage.sh @@ -12,11 +12,11 @@ BUSYBOX="/busybox" # print input if not symlink, otherwise attempt to resolve symlink resolve_link() { - TARGET=$("$BUSYBOX" readlink "$1") - if [ -z "$TARGET" ]; then - echo "$1" + TARGET=$("${BUSYBOX}" readlink "${1}") + if [ -z "${TARGET}" ]; then + echo "${1}" fi - echo "$TARGET" + echo "${TARGET}" } if ("${FIRMAE_BOOT}"); then @@ -77,8 +77,8 @@ fi # make /dev and add default device nodes if current /dev does not have greater # than 5 device nodes mkdir -p "$(resolve_link /dev)" -FILECOUNT="$("$BUSYBOX" find /dev -maxdepth 1 -type b -o -type c -print | "$BUSYBOX" wc -l)" -if [ "$FILECOUNT" -lt "5" ]; then +FILECOUNT="$("${BUSYBOX}" find /dev -maxdepth 1 -type b -o -type c -print | "${BUSYBOX}" wc -l)" +if [ "${FILECOUNT}" -lt "5" ]; then echo "Warning: Recreating device nodes!" if ("${FIRMAE_ETC}"); then @@ -185,9 +185,9 @@ if [ "$FILECOUNT" -lt "5" ]; then fi # create a gpio file required for linksys to make the watchdog happy -if ("$BUSYBOX" grep -sq "/dev/gpio/in" /bin/gpio) || - ("$BUSYBOX" grep -sq "/dev/gpio/in" /usr/lib/libcm.so) || - ("$BUSYBOX" grep -sq "/dev/gpio/in" /usr/lib/libshared.so); then +if ("${BUSYBOX}" grep -sq "/dev/gpio/in" /bin/gpio) || + ("${BUSYBOX}" grep -sq "/dev/gpio/in" /usr/lib/libcm.so) || + ("${BUSYBOX}" grep -sq "/dev/gpio/in" /usr/lib/libshared.so); then echo "Creating /dev/gpio/in!" if ("${FIRMAE_BOOT}"); then rm /dev/gpio @@ -205,32 +205,32 @@ echo "Removing /etc/scripts/sys_resetbutton!" rm -f /etc/scripts/sys_resetbutton # add some default nvram entries -if "$BUSYBOX" grep -sq "ipv6_6to4_lan_ip" /sbin/rc; then +if "${BUSYBOX}" grep -sq "ipv6_6to4_lan_ip" /sbin/rc; then echo "Creating default ipv6_6to4_lan_ip!" echo -n "2002:7f00:0001::" > /firmadyne/libnvram.override/ipv6_6to4_lan_ip fi -if "$BUSYBOX" grep -sq "time_zone_x" /lib/libacos_shared.so; then +if "${BUSYBOX}" grep -sq "time_zone_x" /lib/libacos_shared.so; then echo "Creating default time_zone_x!" echo -n "0" > /firmadyne/libnvram.override/time_zone_x fi -if "$BUSYBOX" grep -sq "rip_multicast" /usr/sbin/httpd; then +if "${BUSYBOX}" grep -sq "rip_multicast" /usr/sbin/httpd; then echo "Creating default rip_multicast!" echo -n "0" > /firmadyne/libnvram.override/rip_multicast fi -if "$BUSYBOX" grep -sq "bs_trustedip_enable" /usr/sbin/httpd; then +if "${BUSYBOX}" grep -sq "bs_trustedip_enable" /usr/sbin/httpd; then echo "Creating default bs_trustedip_enable!" echo -n "0" > /firmadyne/libnvram.override/bs_trustedip_enable fi -if "$BUSYBOX" grep -sq "filter_rule_tbl" /usr/sbin/httpd; then +if "${BUSYBOX}" grep -sq "filter_rule_tbl" /usr/sbin/httpd; then echo "Creating default filter_rule_tbl!" echo -n "" > /firmadyne/libnvram.override/filter_rule_tbl fi -if "$BUSYBOX" grep -sq "rip_enable" /sbin/acos_service; then +if "${BUSYBOX}" grep -sq "rip_enable" /sbin/acos_service; then echo "Creating default rip_enable!" echo -n "0" > /firmadyne/libnvram.override/rip_enable fi diff --git a/modules/L10_system_emulation/inferFile.sh b/modules/L10_system_emulation/inferFile.sh index 22f1e6c02..fe5f13b17 100755 --- a/modules/L10_system_emulation/inferFile.sh +++ b/modules/L10_system_emulation/inferFile.sh @@ -16,7 +16,7 @@ if ("${FIRMAE_BOOT}"); then do # shellcheck disable=SC2016 FULL_PATH=$("${BUSYBOX}" echo "${FILE}" | "${BUSYBOX}" awk '{split($0,a,"="); print a[2]}') - "${BUSYBOX}" echo "[*] Found kernelInit $FULL_PATH" + "${BUSYBOX}" echo "[*] Found kernelInit ${FULL_PATH}" arr+=("${FULL_PATH}") done fi @@ -28,19 +28,19 @@ if ("${FIRMAE_BOOT}"); then fi for FILE in $("${BUSYBOX}" find / -name "preinitMT" -o -name "preinit" -o -name "rcS*" -o -name "rc.sysinit" -o -name "rc.local" -o -name "rc.common" -o -name "init" -o -name "linuxrc") do - "${BUSYBOX}" echo "[*] Found boot file $FILE" + "${BUSYBOX}" echo "[*] Found boot file ${FILE}" arr+=("${FILE}") done # find and parse inittab file for FILE in $("${BUSYBOX}" find / -name "inittab" -type f) do - "${BUSYBOX}" echo "[*] Found boot file $FILE" + "${BUSYBOX}" echo "[*] Found boot file ${FILE}" # sysinit entry is the one to look for # shellcheck disable=SC2016 - for STARTUP_FILE in $("${BUSYBOX}" grep "^:.*sysinit:" "$FILE" | "${BUSYBOX}" rev | "${BUSYBOX}" cut -d: -f1 | "${BUSYBOX}" rev | "${BUSYBOX}" awk '{print $1}' | "${BUSYBOX}" sort -u) + for STARTUP_FILE in $("${BUSYBOX}" grep "^:.*sysinit:" "${FILE}" | "${BUSYBOX}" rev | "${BUSYBOX}" cut -d: -f1 | "${BUSYBOX}" rev | "${BUSYBOX}" awk '{print $1}' | "${BUSYBOX}" sort -u) do - "${BUSYBOX}" echo "[*] Found possible startup file $STARTUP_FILE" + "${BUSYBOX}" echo "[*] Found possible startup file ${STARTUP_FILE}" arr+=("${STARTUP_FILE}") #if [ -e "${STARTUP_FILE}" ]; then # arr+=("${STARTUP_FILE}") @@ -59,7 +59,7 @@ if ("${FIRMAE_BOOT}"); then if [ -d "${FILE}" ]; then continue fi - if [ "$FILE" = "/firmadyne/init" ]; then + if [ "${FILE}" = "/firmadyne/init" ]; then # skip our own init continue fi @@ -72,14 +72,14 @@ if ("${FIRMAE_BOOT}"); then FILE_NAME=$("${BUSYBOX}" basename "${FILE}") if ("${BUSYBOX}" find /bin /sbin /usr/sbin /usr/sbin -type f -exec "${BUSYBOX}" grep -qr "${FILE_NAME}" {} \;); then TARGET_FILE=$("${BUSYBOX}" find /bin /sbin /usr/sbin /usr/sbin -type f -exec "${BUSYBOX}" egrep -rl "${FILE_NAME}" {} \; | "${BUSYBOX}" head -1) - "${BUSYBOX}" echo "[*] Re-creating symlink $TARGET_FILE -> $FILE" + "${BUSYBOX}" echo "[*] Re-creating symlink ${TARGET_FILE} -> ${FILE}" "${BUSYBOX}" ln -s "${TARGET_FILE}" "${FILE}" else continue fi fi if [ -e "${FILE}" ]; then - "${BUSYBOX}" echo "[*] Writing firmadyne init $FILE" + "${BUSYBOX}" echo "[*] Writing firmadyne init ${FILE}" "${BUSYBOX}" echo "${FILE}" >> /firmadyne/init_tmp fi done diff --git a/modules/L10_system_emulation/inferService.sh b/modules/L10_system_emulation/inferService.sh index 37a5926a8..d503d7c85 100755 --- a/modules/L10_system_emulation/inferService.sh +++ b/modules/L10_system_emulation/inferService.sh @@ -85,42 +85,42 @@ for BINARY in $("${BUSYBOX}" find / -name "lighttpd" -type f -o -name "upnp" -ty # check if we have a configuration available and iterate for LIGHT_CONFIG in $("${BUSYBOX}" find / -name "*lighttpd*.conf" -type f); do # write the service starter with config file - "${BUSYBOX}" echo -e "[*] Writing EMBA starter for $ORANGE${BINARY} - ${LIGHT_CONFIG}$NC" + "${BUSYBOX}" echo -e "[*] Writing EMBA starter for ${ORANGE}${BINARY} - ${LIGHT_CONFIG}${NC}" "${BUSYBOX}" echo -e -n "${BINARY} -f ${LIGHT_CONFIG}\n" >> /firmadyne/service done # fi elif [ "$("${BUSYBOX}" echo "${SERVICE_NAME}")" == "miniupnpd" ]; then if ! "${BUSYBOX}" grep -q "${SERVICE_NAME}" /firmadyne/service 2>/dev/null; then for MINIUPNPD_CONFIG in $("${BUSYBOX}" find / -name "*miniupnpd*.conf" -type f); do - "${BUSYBOX}" echo -e "[*] Writing EMBA starter for $ORANGE${BINARY} - ${MINIUPNPD_CONFIG}$NC" + "${BUSYBOX}" echo -e "[*] Writing EMBA starter for ${ORANGE}${BINARY} - ${MINIUPNPD_CONFIG}${NC}" "${BUSYBOX}" echo -e -n "${BINARY} -f ${MINIUPNPD_CONFIG}\n" >> /firmadyne/service done fi elif [ "$("${BUSYBOX}" echo "${SERVICE_NAME}")" == "wscd" ]; then if ! "${BUSYBOX}" grep -q "${SERVICE_NAME}" /firmadyne/service 2>/dev/null; then for WSCD_CONFIG in $("${BUSYBOX}" find / -name "*wscd*.conf" -type f); do - "${BUSYBOX}" echo -e "[*] Writing EMBA starter for $ORANGE${BINARY} - ${WSCD_CONFIG}$NC" + "${BUSYBOX}" echo -e "[*] Writing EMBA starter for ${ORANGE}${BINARY} - ${WSCD_CONFIG}${NC}" "${BUSYBOX}" echo -e -n "${BINARY} -c ${WSCD_CONFIG}\n" >> /firmadyne/service done fi elif [ "$("${BUSYBOX}" echo "${SERVICE_NAME}")" == "upnpd" ]; then if ! "${BUSYBOX}" grep -q "${SERVICE_NAME}" /firmadyne/service 2>/dev/null; then - "${BUSYBOX}" echo -e "[*] Writing EMBA starter for $ORANGE${BINARY}$NC" + "${BUSYBOX}" echo -e "[*] Writing EMBA starter for ${ORANGE}${BINARY}${NC}" "${BUSYBOX}" echo -e -n "${BINARY}\n" >> /firmadyne/service # let's try upnpd with a basic configuration: - "${BUSYBOX}" echo -e "[*] Writing EMBA starter for $ORANGE${BINARY} ppp0 eth0$NC" + "${BUSYBOX}" echo -e "[*] Writing EMBA starter for ${ORANGE}${BINARY} ppp0 eth0${NC}" "${BUSYBOX}" echo -e -n "${BINARY} ppp0 eth0\n" >> /firmadyne/service fi elif [ "$("${BUSYBOX}" echo "${SERVICE_NAME}")" == "ftpd" ]; then if ! "${BUSYBOX}" grep -q "${SERVICE_NAME}" /firmadyne/service 2>/dev/null; then - "${BUSYBOX}" echo -e "[*] Writing EMBA starter for $ORANGE${BINARY}$NC" + "${BUSYBOX}" echo -e "[*] Writing EMBA starter for ${ORANGE}${BINARY}${NC}" "${BUSYBOX}" echo -e -n "${BINARY} -D\n" >> /firmadyne/service fi fi # this is the default case - without config but only if the service is not already in the service file if ! "${BUSYBOX}" grep -q "${SERVICE_NAME}" /firmadyne/service 2>/dev/null; then - "${BUSYBOX}" echo -e "[*] Writing EMBA starter for $ORANGE${BINARY}$NC" + "${BUSYBOX}" echo -e "[*] Writing EMBA starter for ${ORANGE}${BINARY}${NC}" "${BUSYBOX}" echo -e -n "${BINARY}\n" >> /firmadyne/service fi diff --git a/modules/L10_system_emulation/network.sh b/modules/L10_system_emulation/network.sh index 8119d40b4..19ffbb6e4 100755 --- a/modules/L10_system_emulation/network.sh +++ b/modules/L10_system_emulation/network.sh @@ -8,7 +8,7 @@ BUSYBOX=/firmadyne/busybox ACTION=$("${BUSYBOX}" cat /firmadyne/network_type) -"${BUSYBOX}" echo "[*] Network configuration - ACTION: $ACTION" +"${BUSYBOX}" echo "[*] Network configuration - ACTION: ${ACTION}" if ("${FIRMAE_NET}"); then "${BUSYBOX}" echo "[*] Starting network configuration" @@ -16,9 +16,9 @@ if ("${FIRMAE_NET}"); then if [ "${ACTION}" = "default" ]; then IP_DEFAULT=$("${BUSYBOX}" cat /firmadyne/ip_default) - "${BUSYBOX}" echo "[*] starting network configuration br0 - $IP_DEFAULT" + "${BUSYBOX}" echo "[*] starting network configuration br0 - ${IP_DEFAULT}" "${BUSYBOX}" brctl addbr br0 - "${BUSYBOX}" ifconfig br0 "$IP_DEFAULT" + "${BUSYBOX}" ifconfig br0 "${IP_DEFAULT}" "${BUSYBOX}" echo "[*] starting network configuration eth0 - 0.0.0.0" "${BUSYBOX}" brctl addif br0 eth0 "${BUSYBOX}" ifconfig eth0 0.0.0.0 up @@ -30,7 +30,7 @@ if ("${FIRMAE_NET}"); then CNT=0 while (true); do CNT=$((CNT+1)) - echo "[*] Waiting CNT: $CNT / 40" + echo "[*] Waiting CNT: ${CNT} / 40" "${BUSYBOX}" sleep 5 if ("${BUSYBOX}" brctl show | "${BUSYBOX}" grep -sq "${NET_BRIDGE}"); then break @@ -47,10 +47,10 @@ if ("${FIRMAE_NET}"); then # shellcheck disable=SC2016 if ("${BUSYBOX}" ip addr show "${NET_BRIDGE}" | "${BUSYBOX}" grep -m1 "inet\b" | "${BUSYBOX}" awk '{print $2}' | "${BUSYBOX}" cut -d/ -f1); then IP=$("${BUSYBOX}" ip addr show "${NET_BRIDGE}" | "${BUSYBOX}" grep -m1 "inet\b" | "${BUSYBOX}" awk '{print $2}' | "${BUSYBOX}" cut -d/ -f1) - "${BUSYBOX}" echo "[*] Identified IP address: $IP" + "${BUSYBOX}" echo "[*] Identified IP address: ${IP}" else IP=$("${BUSYBOX}" cat /firmadyne/ip_default) - "${BUSYBOX}" echo "[*] Setting default IP address: $IP" + "${BUSYBOX}" echo "[*] Setting default IP address: ${IP}" fi # tplink TL-WA860RE_EU_UK_US__V5_171116 "${BUSYBOX}" ifconfig "${NET_BRIDGE}" "${IP}" @@ -72,10 +72,10 @@ if ("${FIRMAE_NET}"); then # shellcheck disable=SC2016 if ("${BUSYBOX}" ip addr show "${NET_BRIDGE}" | "${BUSYBOX}" grep -m1 "inet\b" | "${BUSYBOX}" awk '{print $2}' | "${BUSYBOX}" cut -d/ -f1); then IP=$("${BUSYBOX}" ip addr show "${NET_BRIDGE}" | "${BUSYBOX}" grep -m1 "inet\b" | "${BUSYBOX}" awk '{print $2}' | "${BUSYBOX}" cut -d/ -f1) - "${BUSYBOX}" echo "[*] Identified IP address: $IP" + "${BUSYBOX}" echo "[*] Identified IP address: ${IP}" else IP=$("${BUSYBOX}" cat /firmadyne/ip_default) - "${BUSYBOX}" echo "[*] Setting default IP address: $IP" + "${BUSYBOX}" echo "[*] Setting default IP address: ${IP}" fi "${BUSYBOX}" ifconfig "${NET_BRIDGE}" "${IP}" diff --git a/modules/L10_system_emulation/run_service.sh b/modules/L10_system_emulation/run_service.sh index aae07bd64..927eaa1c8 100755 --- a/modules/L10_system_emulation/run_service.sh +++ b/modules/L10_system_emulation/run_service.sh @@ -26,7 +26,7 @@ if ("${FIRMAE_ETC}"); then BINARY_NAME=$("${BUSYBOX}" echo "${_BINARY}" | "${BUSYBOX}" cut -d\ -f1) BINARY_NAME=$("${BUSYBOX}" basename "${BINARY_NAME}") if ( ! ("${BUSYBOX}" ps | "${BUSYBOX}" grep -v grep | "${BUSYBOX}" grep -sqi "${BINARY_NAME}") ); then - "${BUSYBOX}" echo "[*] Starting $BINARY_NAME service ..." + "${BUSYBOX}" echo "[*] Starting ${BINARY_NAME} service ..." #BINARY variable could be something like: binary parameter parameter ... ${_BINARY} & "${BUSYBOX}" sleep 5 diff --git a/modules/S09_firmware_base_version_check.sh b/modules/S09_firmware_base_version_check.sh index 6aaaf970b..3745f7149 100755 --- a/modules/S09_firmware_base_version_check.sh +++ b/modules/S09_firmware_base_version_check.sh @@ -29,77 +29,77 @@ S09_firmware_base_version_check() { module_title "Static binary firmware versions detection" pre_module_reporter "${FUNCNAME[0]}" - EXTRACTOR_LOG="$LOG_DIR"/p60_firmware_bin_extractor.txt + EXTRACTOR_LOG="${LOG_DIR}"/p60_firmware_bin_extractor.txt print_output "[*] Static version detection running ..." "no_log" | tr -d "\n" write_csv_log "binary/file" "version_rule" "version_detected" "csv_rule" "license" "static/emulation" TYPE="static" while read -r VERSION_LINE; do - if safe_echo "$VERSION_LINE" | grep -v -q "^[^#*/;]"; then + if safe_echo "${VERSION_LINE}" | grep -v -q "^[^#*/;]"; then continue fi - if safe_echo "$VERSION_LINE" | grep -q ";no_static;"; then + if safe_echo "${VERSION_LINE}" | grep -q ";no_static;"; then continue fi - if safe_echo "$VERSION_LINE" | grep -q ";live;"; then + if safe_echo "${VERSION_LINE}" | grep -q ";live;"; then continue fi print_dot - STRICT="$(safe_echo "$VERSION_LINE" | cut -d\; -f2)" - LIC="$(safe_echo "$VERSION_LINE" | cut -d\; -f3)" - BIN_NAME="$(safe_echo "$VERSION_LINE" | cut -d\; -f1)" - CSV_REGEX="$(echo "$VERSION_LINE" | cut -d\; -f5)" + STRICT="$(safe_echo "${VERSION_LINE}" | cut -d\; -f2)" + LIC="$(safe_echo "${VERSION_LINE}" | cut -d\; -f3)" + BIN_NAME="$(safe_echo "${VERSION_LINE}" | cut -d\; -f1)" + CSV_REGEX="$(echo "${VERSION_LINE}" | cut -d\; -f5)" - # VERSION_IDENTIFIER="$(echo "$VERSION_LINE" | cut -d\; -f4 | sed s/^\"// | sed s/\"$//)" - VERSION_IDENTIFIER="$(safe_echo "$VERSION_LINE" | cut -d\; -f4)" + # VERSION_IDENTIFIER="$(echo "${VERSION_LINE}" | cut -d\; -f4 | sed s/^\"// | sed s/\"$//)" + VERSION_IDENTIFIER="$(safe_echo "${VERSION_LINE}" | cut -d\; -f4)" VERSION_IDENTIFIER="${VERSION_IDENTIFIER/\"}" VERSION_IDENTIFIER="${VERSION_IDENTIFIER%\"}" - if [[ "$STRICT" == *"strict"* ]]; then + if [[ "${STRICT}" == *"strict"* ]]; then # strict mode # use the defined regex only on a binary called BIN_NAME (field 1) - [[ "$RTOS" -eq 1 ]] && continue + [[ "${RTOS}" -eq 1 ]] && continue - mapfile -t STRICT_BINS < <(find "$OUTPUT_DIR" -xdev -executable -type f -name "$BIN_NAME" -exec md5sum {} \; 2>/dev/null | sort -u -k1,1 | cut -d\ -f3) + mapfile -t STRICT_BINS < <(find "${OUTPUT_DIR}" -xdev -executable -type f -name "${BIN_NAME}" -exec md5sum {} \; 2>/dev/null | sort -u -k1,1 | cut -d\ -f3) for BIN in "${STRICT_BINS[@]}"; do # as the STRICT_BINS array could also include executable scripts we have to check for ELF files now: - if file "$BIN" | grep -q ELF ; then - VERSION_FINDER=$(strings "$BIN" | grep -E "$VERSION_IDENTIFIER" | sort -u || true) - if [[ -n $VERSION_FINDER ]]; then + if file "${BIN}" | grep -q ELF ; then + VERSION_FINDER=$(strings "${BIN}" | grep -E "${VERSION_IDENTIFIER}" | sort -u || true) + if [[ -n ${VERSION_FINDER} ]]; then print_ln "no_log" - print_output "[+] Version information found ${RED}$BIN_NAME $VERSION_FINDER${NC}${GREEN} in binary $ORANGE$(print_path "$BIN")$GREEN (license: $ORANGE$LIC$GREEN) (${ORANGE}static - strict$GREEN)." - get_csv_rule "$VERSION_FINDER" "$CSV_REGEX" - write_csv_log "$BIN" "$BIN_NAME" "$VERSION_FINDER" "$CSV_RULE" "$LIC" "$TYPE" + print_output "[+] Version information found ${RED}${BIN_NAME} ${VERSION_FINDER}${NC}${GREEN} in binary ${ORANGE}$(print_path "${BIN}")${GREEN} (license: ${ORANGE}${LIC}${GREEN}) (${ORANGE}static - strict${GREEN})." + get_csv_rule "${VERSION_FINDER}" "${CSV_REGEX}" + write_csv_log "${BIN}" "${BIN_NAME}" "${VERSION_FINDER}" "${CSV_RULE}" "${LIC}" "${TYPE}" continue fi fi done print_dot - elif [[ "$STRICT" == "zgrep" ]]; then + elif [[ "${STRICT}" == "zgrep" ]]; then # zgrep mode: # search for files with identifier in field 1 # use regex (VERSION_IDENTIFIER) via zgrep on these files # use csv-regex to get the csv-search string for csv lookup - mapfile -t SPECIAL_FINDS < <(find "$FIRMWARE_PATH" -xdev -type f -name "$BIN_NAME" -exec zgrep -H "$VERSION_IDENTIFIER" {} \; || true) + mapfile -t SPECIAL_FINDS < <(find "${FIRMWARE_PATH}" -xdev -type f -name "${BIN_NAME}" -exec zgrep -H "${VERSION_IDENTIFIER}" {} \; || true) for SFILE in "${SPECIAL_FINDS[@]}"; do - BIN_PATH=$(safe_echo "$SFILE" | cut -d ":" -f1) - BIN_NAME="$(basename "$(safe_echo "$SFILE" | cut -d ":" -f1)")" - # CSV_REGEX=$(echo "$VERSION_LINE" | cut -d\; -f5 | sed s/^\"// | sed s/\"$//) - CSV_REGEX="$(echo "$VERSION_LINE" | cut -d\; -f5)" + BIN_PATH=$(safe_echo "${SFILE}" | cut -d ":" -f1) + BIN_NAME="$(basename "$(safe_echo "${SFILE}" | cut -d ":" -f1)")" + # CSV_REGEX=$(echo "${VERSION_LINE}" | cut -d\; -f5 | sed s/^\"// | sed s/\"$//) + CSV_REGEX="$(echo "${VERSION_LINE}" | cut -d\; -f5)" CSV_REGEX="${CSV_REGEX/\"}" CSV_REGEX="${CSV_REGEX%\"}" - VERSION_FINDER=$(safe_echo "$SFILE" | cut -d ":" -f2-3 | tr -dc '[:print:]') - get_csv_rule "$VERSION_FINDER" "$CSV_REGEX" - print_output "[+] Version information found ${RED}""$VERSION_FINDER""${NC}${GREEN} in binary $ORANGE$(print_path "$BIN_PATH")$GREEN (license: $ORANGE$LIC$GREEN) (${ORANGE}static - zgrep$GREEN)." - write_csv_log "$BIN_PATH" "$BIN_NAME" "$VERSION_FINDER" "$CSV_RULE" "$LIC" "$TYPE" + VERSION_FINDER=$(safe_echo "${SFILE}" | cut -d ":" -f2-3 | tr -dc '[:print:]') + get_csv_rule "${VERSION_FINDER}" "${CSV_REGEX}" + print_output "[+] Version information found ${RED}""${VERSION_FINDER}""${NC}${GREEN} in binary ${ORANGE}$(print_path "${BIN_PATH}")${GREEN} (license: ${ORANGE}${LIC}${GREEN}) (${ORANGE}static - zgrep${GREEN})." + write_csv_log "${BIN_PATH}" "${BIN_NAME}" "${VERSION_FINDER}" "${CSV_RULE}" "${LIC}" "${TYPE}" done print_dot @@ -108,46 +108,46 @@ S09_firmware_base_version_check() { # This is default mode! # check binwalk files sometimes we can find kernel version information or something else in it - VERSION_FINDER=$(grep -o -a -E "$VERSION_IDENTIFIER" "$EXTRACTOR_LOG" 2>/dev/null | head -1 2>/dev/null || true) - if [[ -n $VERSION_FINDER ]]; then + VERSION_FINDER=$(grep -o -a -E "${VERSION_IDENTIFIER}" "${EXTRACTOR_LOG}" 2>/dev/null | head -1 2>/dev/null || true) + if [[ -n ${VERSION_FINDER} ]]; then print_ln "no_log" - print_output "[+] Version information found ${RED}""$VERSION_FINDER""${NC}${GREEN} in binwalk logs (license: $ORANGE$LIC$GREEN) (${ORANGE}static$GREEN)." - get_csv_rule "$VERSION_FINDER" "$CSV_REGEX" - write_csv_log "binwalk logs" "$BIN_NAME" "$VERSION_FINDER" "$CSV_RULE" "$LIC" "$TYPE" + print_output "[+] Version information found ${RED}""${VERSION_FINDER}""${NC}${GREEN} in binwalk logs (license: ${ORANGE}${LIC}${GREEN}) (${ORANGE}static${GREEN})." + get_csv_rule "${VERSION_FINDER}" "${CSV_REGEX}" + write_csv_log "binwalk logs" "${BIN_NAME}" "${VERSION_FINDER}" "${CSV_RULE}" "${LIC}" "${TYPE}" print_dot fi print_dot - if [[ $FIRMWARE -eq 0 || -f $FIRMWARE_PATH ]]; then - VERSION_FINDER=$(find "$FIRMWARE_PATH" -xdev -type f -print0 2>/dev/null | xargs -0 strings | grep -o -a -E "$VERSION_IDENTIFIER" | head -1 2>/dev/null || true) + if [[ ${FIRMWARE} -eq 0 || -f ${FIRMWARE_PATH} ]]; then + VERSION_FINDER=$(find "${FIRMWARE_PATH}" -xdev -type f -print0 2>/dev/null | xargs -0 strings | grep -o -a -E "${VERSION_IDENTIFIER}" | head -1 2>/dev/null || true) - if [[ -n $VERSION_FINDER ]]; then + if [[ -n ${VERSION_FINDER} ]]; then print_ln "no_log" - print_output "[+] Version information found ${RED}""$VERSION_FINDER""${NC}${GREEN} in original firmware file (license: $ORANGE$LIC$GREEN) (${ORANGE}static$GREEN)." - get_csv_rule "$VERSION_FINDER" "$CSV_REGEX" - write_csv_log "firmware" "$BIN_NAME" "$VERSION_FINDER" "$CSV_RULE" "$LIC" "$TYPE" + print_output "[+] Version information found ${RED}""${VERSION_FINDER}""${NC}${GREEN} in original firmware file (license: ${ORANGE}${LIC}${GREEN}) (${ORANGE}static${GREEN})." + get_csv_rule "${VERSION_FINDER}" "${CSV_REGEX}" + write_csv_log "firmware" "${BIN_NAME}" "${VERSION_FINDER}" "${CSV_RULE}" "${LIC}" "${TYPE}" fi print_dot fi - if [[ $RTOS -eq 1 ]]; then + if [[ ${RTOS} -eq 1 ]]; then # in RTOS mode we also test the original firmware file VERSION_FINDER=$(find "${FIRMWARE_PATH_BAK}" -xdev -type f -print0 2>/dev/null | xargs -0 strings | grep -o -a -E "${VERSION_IDENTIFIER}" | head -1 2>/dev/null || true) - if [[ -n $VERSION_FINDER ]]; then + if [[ -n ${VERSION_FINDER} ]]; then print_ln "no_log" print_output "[+] Version information found ${RED}""${VERSION_FINDER}""${NC}${GREEN} in original firmware file (license: ${ORANGE}${LIC}${GREEN}) (${ORANGE}static${GREEN})." - get_csv_rule "$VERSION_FINDER" "$CSV_REGEX" - write_csv_log "firmware" "$BIN_NAME" "$VERSION_FINDER" "$CSV_RULE" "$LIC" "$TYPE" + get_csv_rule "${VERSION_FINDER}" "${CSV_REGEX}" + write_csv_log "firmware" "${BIN_NAME}" "${VERSION_FINDER}" "${CSV_RULE}" "${LIC}" "${TYPE}" fi fi - if [[ "$THREADED" -eq 1 ]]; then + if [[ "${THREADED}" -eq 1 ]]; then # this will burn the CPU but in most cases the time of testing is cut into half bin_string_checker & local TMP_PID="$!" - store_kill_pids "$TMP_PID" - WAIT_PIDS_S09+=( "$TMP_PID" ) + store_kill_pids "${TMP_PID}" + WAIT_PIDS_S09+=( "${TMP_PID}" ) else bin_string_checker fi @@ -156,62 +156,62 @@ S09_firmware_base_version_check() { fi - if [[ "$THREADED" -eq 1 ]]; then - if [[ "${#WAIT_PIDS_S09[@]}" -gt "$MAX_MOD_THREADS" ]]; then + if [[ "${THREADED}" -eq 1 ]]; then + if [[ "${#WAIT_PIDS_S09[@]}" -gt "${MAX_MOD_THREADS}" ]]; then recover_wait_pids "${WAIT_PIDS_S09[@]}" - if [[ "${#WAIT_PIDS_S09[@]}" -gt "$MAX_MOD_THREADS" ]]; then - max_pids_protection "$MAX_MOD_THREADS" "${WAIT_PIDS_S09[@]}" + if [[ "${#WAIT_PIDS_S09[@]}" -gt "${MAX_MOD_THREADS}" ]]; then + max_pids_protection "${MAX_MOD_THREADS}" "${WAIT_PIDS_S09[@]}" fi fi fi - done < "$CONFIG_DIR"/bin_version_strings.cfg + done < "${CONFIG_DIR}"/bin_version_strings.cfg print_dot - [[ "$THREADED" -eq 1 ]] && wait_for_pid "${WAIT_PIDS_S09[@]}" + [[ "${THREADED}" -eq 1 ]] && wait_for_pid "${WAIT_PIDS_S09[@]}" - VERSIONS_DETECTED=$(grep -c "Version information found" "$LOG_FILE" || true) + VERSIONS_DETECTED=$(grep -c "Version information found" "${LOG_FILE}" || true) - module_end_log "${FUNCNAME[0]}" "$VERSIONS_DETECTED" + module_end_log "${FUNCNAME[0]}" "${VERSIONS_DETECTED}" } bin_string_checker() { for BIN in "${FILE_ARR[@]}"; do - if [[ $RTOS -eq 0 ]]; then - BIN_FILE=$(file "$BIN" || true) + if [[ ${RTOS} -eq 0 ]]; then + BIN_FILE=$(file "${BIN}" || true) # as the FILE_ARR array also includes non binary stuff we have to check for relevant files now: - if ! [[ "$BIN_FILE" == *uImage* || "$BIN_FILE" == *Kernel\ Image* || "$BIN_FILE" == *ELF* ]] ; then + if ! [[ "${BIN_FILE}" == *uImage* || "${BIN_FILE}" == *Kernel\ Image* || "${BIN_FILE}" == *ELF* ]] ; then continue fi - if [[ "$BIN_FILE" == *ELF* ]] ; then - VERSION_FINDER=$(strings "$BIN" | grep -o -a -E "$VERSION_IDENTIFIER" | head -1 2> /dev/null || true) - if [[ -n $VERSION_FINDER ]]; then + if [[ "${BIN_FILE}" == *ELF* ]] ; then + VERSION_FINDER=$(strings "${BIN}" | grep -o -a -E "${VERSION_IDENTIFIER}" | head -1 2> /dev/null || true) + if [[ -n ${VERSION_FINDER} ]]; then print_ln "no_log" - print_output "[+] Version information found ${RED}$VERSION_FINDER${NC}${GREEN} in binary $ORANGE$(print_path "$BIN")$GREEN (license: $ORANGE$LIC$GREEN) (${ORANGE}static${GREEN})." - get_csv_rule "$VERSION_FINDER" "$CSV_REGEX" - write_csv_log "$BIN" "$BIN_NAME" "$VERSION_FINDER" "$CSV_RULE" "$LIC" "$TYPE" + print_output "[+] Version information found ${RED}${VERSION_FINDER}${NC}${GREEN} in binary ${ORANGE}$(print_path "${BIN}")${GREEN} (license: ${ORANGE}${LIC}${GREEN}) (${ORANGE}static${GREEN})." + get_csv_rule "${VERSION_FINDER}" "${CSV_REGEX}" + write_csv_log "${BIN}" "${BIN_NAME}" "${VERSION_FINDER}" "${CSV_RULE}" "${LIC}" "${TYPE}" continue fi - elif [[ "$BIN_FILE" == *uImage* || "$BIN_FILE" == *Kernel\ Image* ]] ; then - VERSION_FINDER=$(strings "$BIN" | grep -o -a -E "$VERSION_IDENTIFIER" | head -1 2> /dev/null || true) - if [[ -n $VERSION_FINDER ]]; then + elif [[ "${BIN_FILE}" == *uImage* || "${BIN_FILE}" == *Kernel\ Image* ]] ; then + VERSION_FINDER=$(strings "${BIN}" | grep -o -a -E "${VERSION_IDENTIFIER}" | head -1 2> /dev/null || true) + if [[ -n ${VERSION_FINDER} ]]; then print_ln "no_log" - print_output "[+] Version information found ${RED}$VERSION_FINDER${NC}${GREEN} in kernel image $ORANGE$(print_path "$BIN")$GREEN (license: $ORANGE$LIC$GREEN) (${ORANGE}static${GREEN})." - get_csv_rule "$VERSION_FINDER" "$CSV_REGEX" - write_csv_log "$BIN" "$BIN_NAME" "$VERSION_FINDER" "$CSV_RULE" "$LIC" "$TYPE" + print_output "[+] Version information found ${RED}${VERSION_FINDER}${NC}${GREEN} in kernel image ${ORANGE}$(print_path "${BIN}")${GREEN} (license: ${ORANGE}${LIC}${GREEN}) (${ORANGE}static${GREEN})." + get_csv_rule "${VERSION_FINDER}" "${CSV_REGEX}" + write_csv_log "${BIN}" "${BIN_NAME}" "${VERSION_FINDER}" "${CSV_RULE}" "${LIC}" "${TYPE}" continue fi fi else # this is RTOS mode # echo "Testing $BIN - $VERSION_IDENTIFIER" - VERSION_FINDER="$(strings "$BIN" | grep -o -a -E "$VERSION_IDENTIFIER" | head -1 2> /dev/null || true)" - if [[ -n $VERSION_FINDER ]]; then + VERSION_FINDER="$(strings "${BIN}" | grep -o -a -E "${VERSION_IDENTIFIER}" | head -1 2> /dev/null || true)" + if [[ -n ${VERSION_FINDER} ]]; then print_ln "no_log" - print_output "[+] Version information found ${RED}$VERSION_FINDER${NC}${GREEN} in binary $ORANGE$(print_path "$BIN")$GREEN (license: $ORANGE$LIC$GREEN) (${ORANGE}static${GREEN})." - get_csv_rule "$VERSION_FINDER" "$CSV_REGEX" - write_csv_log "$BIN" "$BIN_NAME" "$VERSION_FINDER" "$CSV_RULE" "$LIC" "$TYPE" + print_output "[+] Version information found ${RED}${VERSION_FINDER}${NC}${GREEN} in binary ${ORANGE}$(print_path "${BIN}")${GREEN} (license: ${ORANGE}${LIC}${GREEN}) (${ORANGE}static${GREEN})." + get_csv_rule "${VERSION_FINDER}" "${CSV_REGEX}" + write_csv_log "${BIN}" "${BIN_NAME}" "${VERSION_FINDER}" "${CSV_RULE}" "${LIC}" "${TYPE}" continue fi fi @@ -224,8 +224,8 @@ recover_wait_pids() { # check for really running PIDs and re-create the array for PID in "${WAIT_PIDS_S09[@]}"; do # print_output "[*] max pid protection: ${#WAIT_PIDS[@]}" - if [[ -e /proc/"$PID" ]]; then - TEMP_PIDS+=( "$PID" ) + if [[ -e /proc/"${PID}" ]]; then + TEMP_PIDS+=( "${PID}" ) fi done # print_output "[!] S09 - really running pids: ${#TEMP_PIDS[@]}" diff --git a/modules/S24_kernel_bin_identifier.sh b/modules/S24_kernel_bin_identifier.sh index dec335718..b3fe53754 100755 --- a/modules/S24_kernel_bin_identifier.sh +++ b/modules/S24_kernel_bin_identifier.sh @@ -29,7 +29,7 @@ S24_kernel_bin_identifier() local CFG_MD5="" export KCFG_MD5=() - prepare_file_arr_limited "$FIRMWARE_PATH_CP" + prepare_file_arr_limited "${FIRMWARE_PATH_CP}" write_csv_log "Kernel version orig" "Kernel version stripped" "file" "generated elf" "identified init" "config extracted" "kernel symbols" "architecture" "endianness" @@ -43,41 +43,41 @@ S24_kernel_bin_identifier() local K_ARCH="NA" local K_ARCH_END="NA" - if file "$FILE" | grep -q "ASCII text"; then + if file "${FILE}" | grep -q "ASCII text"; then # reduce false positive rate continue fi - K_VER=$(strings "$FILE" 2>/dev/null | grep -E "^Linux version [0-9]+\.[0-9]+" | sort -u || true) + K_VER=$(strings "${FILE}" 2>/dev/null | grep -E "^Linux version [0-9]+\.[0-9]+" | sort -u || true) - if [[ "$K_VER" =~ Linux\ version\ .* ]]; then + if [[ "${K_VER}" =~ Linux\ version\ .* ]]; then print_ln - print_output "[+] Possible Linux Kernel found: $ORANGE$FILE$NC" + print_output "[+] Possible Linux Kernel found: ${ORANGE}${FILE}${NC}" print_ln - print_output "$(indent "$(orange "$K_VER")")" + print_output "$(indent "$(orange "${K_VER}")")" print_ln # not perfect, but not too bad for now: - mapfile -t K_INITS < <(strings "$FILE" 2>/dev/null | grep -E "init=\/" | sed 's/.*rdinit/rdinit/' | sed 's/.*\ init/init/' | awk '{print $1}' | tr -d '"' | sort -u || true) + mapfile -t K_INITS < <(strings "${FILE}" 2>/dev/null | grep -E "init=\/" | sed 's/.*rdinit/rdinit/' | sed 's/.*\ init/init/' | awk '{print $1}' | tr -d '"' | sort -u || true) for K_INIT in "${K_INITS[@]}"; do - if [[ "$K_INIT" =~ init=\/.* ]]; then - print_output "[+] Init found in Linux kernel file $ORANGE$FILE$NC" + if [[ "${K_INIT}" =~ init=\/.* ]]; then + print_output "[+] Init found in Linux kernel file ${ORANGE}${FILE}${NC}" print_ln - print_output "$(indent "$(orange "$K_INIT")")" + print_output "$(indent "$(orange "${K_INIT}")")" print_ln else K_INIT="NA" fi done - if [[ -e "$EXT_DIR"/vmlinux-to-elf/vmlinux-to-elf ]]; then - print_output "[*] Testing possible Linux kernel file $ORANGE$FILE$NC with ${ORANGE}vmlinux-to-elf:$NC" + if [[ -e "${EXT_DIR}"/vmlinux-to-elf/vmlinux-to-elf ]]; then + print_output "[*] Testing possible Linux kernel file ${ORANGE}${FILE}${NC} with ${ORANGE}vmlinux-to-elf:${NC}" print_ln - "$EXT_DIR"/vmlinux-to-elf/vmlinux-to-elf "$FILE" "$FILE".elf 2>/dev/null | tee -a "$LOG_FILE" || true - if [[ -f "$FILE".elf ]]; then - K_ELF=$(file "$FILE".elf) - if [[ "$K_ELF" == *"ELF "* ]]; then + "${EXT_DIR}"/vmlinux-to-elf/vmlinux-to-elf "${FILE}" "${FILE}".elf 2>/dev/null | tee -a "${LOG_FILE}" || true + if [[ -f "${FILE}".elf ]]; then + K_ELF=$(file "${FILE}".elf) + if [[ "${K_ELF}" == *"ELF "* ]]; then print_ln - print_output "[+] Successfully generated Linux kernel elf file: $ORANGE$FILE.elf$NC" + print_output "[+] Successfully generated Linux kernel elf file: ${ORANGE}${FILE}.elf${NC}" else print_ln print_output "[-] No Linux kernel elf file was created." @@ -86,39 +86,39 @@ S24_kernel_bin_identifier() print_ln fi - disable_strict_mode "$STRICT_MODE" 0 - extract_kconfig "$FILE" - enable_strict_mode "$STRICT_MODE" 0 + disable_strict_mode "${STRICT_MODE}" 0 + extract_kconfig "${FILE}" + enable_strict_mode "${STRICT_MODE}" 0 # double check we really have a Kernel config extracted - if [[ -f "$KCONFIG_EXTRACTED" ]] && [[ $(grep -c CONFIG_ "$KCONFIG_EXTRACTED") -gt 50 ]]; then - CFG_CNT=$(grep -c CONFIG_ "$KCONFIG_EXTRACTED") - print_output "[+] Extracted kernel configuration ($ORANGE$CFG_CNT configuration entries$GREEN) from $ORANGE$(basename "$FILE")$NC" "" "$KCONFIG_EXTRACTED" - check_kconfig "$KCONFIG_EXTRACTED" + if [[ -f "${KCONFIG_EXTRACTED}" ]] && [[ $(grep -c CONFIG_ "${KCONFIG_EXTRACTED}") -gt 50 ]]; then + CFG_CNT=$(grep -c CONFIG_ "${KCONFIG_EXTRACTED}") + print_output "[+] Extracted kernel configuration (${ORANGE}${CFG_CNT} configuration entries${GREEN}) from ${ORANGE}$(basename "${FILE}")${NC}" "" "${KCONFIG_EXTRACTED}" + check_kconfig "${KCONFIG_EXTRACTED}" fi K_VER_TMP="${K_VER/Linux version /}" - demess_kv_version "$K_VER_TMP" + demess_kv_version "${K_VER_TMP}" # -> KV_ARR - if [[ "$K_ELF" == *"ELF "* ]]; then - K_ELF="$(echo "$K_ELF" | cut -d: -f1)" - K_SYMBOLS="$(readelf -s "$K_ELF" | grep -c "FUNC\|OBJECT" || true)" - K_FILE="$(file "$K_ELF" | cut -d: -f2-)" - - [[ "$K_FILE" == *"LSB"* ]] && K_ARCH_END="EL" - [[ "$K_FILE" == *"MSB"* ]] && K_ARCH_END="EB" - - [[ "$K_FILE" == *"MIPS"* ]] && K_ARCH="MIPS" - [[ "$K_FILE" == *"ARM"* ]] && K_ARCH="ARM" - [[ "$K_FILE" == *"80386"* ]] && K_ARCH="x86" - [[ "$K_FILE" == *"x86-64"* ]] && K_ARCH="x64" - [[ "$K_FILE" == *"PowerPC"* ]] && K_ARCH="PPC" - [[ "$K_FILE" == *"UCB RISC-V"* ]] && K_ARCH="RISCV" - [[ "$K_FILE" == *"QUALCOMM DSP6"* ]] && K_ARCH="QCOM_DSP6" + if [[ "${K_ELF}" == *"ELF "* ]]; then + K_ELF="$(echo "${K_ELF}" | cut -d: -f1)" + K_SYMBOLS="$(readelf -s "${K_ELF}" | grep -c "FUNC\|OBJECT" || true)" + K_FILE="$(file "${K_ELF}" | cut -d: -f2-)" + + [[ "${K_FILE}" == *"LSB"* ]] && K_ARCH_END="EL" + [[ "${K_FILE}" == *"MSB"* ]] && K_ARCH_END="EB" + + [[ "${K_FILE}" == *"MIPS"* ]] && K_ARCH="MIPS" + [[ "${K_FILE}" == *"ARM"* ]] && K_ARCH="ARM" + [[ "${K_FILE}" == *"80386"* ]] && K_ARCH="x86" + [[ "${K_FILE}" == *"x86-64"* ]] && K_ARCH="x64" + [[ "${K_FILE}" == *"PowerPC"* ]] && K_ARCH="PPC" + [[ "${K_FILE}" == *"UCB RISC-V"* ]] && K_ARCH="RISCV" + [[ "${K_FILE}" == *"QUALCOMM DSP6"* ]] && K_ARCH="QCOM_DSP6" else # fallback - K_ARCH=$(grep "Guessed architecture" "$LOG_FILE" | cut -d: -f2 | awk '{print $1}' || true) + K_ARCH=$(grep "Guessed architecture" "${LOG_FILE}" | cut -d: -f2 | awk '{print $1}' || true) [[ "${K_ARCH: -2}" == "le" ]] && K_ARCH_END="EL" [[ "${K_ARCH: -2}" == "be" ]] && K_ARCH_END="EB" fi @@ -127,34 +127,34 @@ S24_kernel_bin_identifier() for K_VER_CLEAN in "${KV_ARR[@]}"; do if [[ "${#K_INITS[@]}" -gt 0 ]]; then for K_INIT in "${K_INITS[@]}"; do - if [[ "$CFG_CNT" -lt 50 ]]; then + if [[ "${CFG_CNT}" -lt 50 ]]; then KCONFIG_EXTRACTED="NA" fi - write_csv_log "$K_VER" "$K_VER_CLEAN" "$FILE" "$K_ELF" "$K_INIT" "$KCONFIG_EXTRACTED" "$K_SYMBOLS" "$K_ARCH" "$K_ARCH_END" + write_csv_log "${K_VER}" "${K_VER_CLEAN}" "${FILE}" "${K_ELF}" "${K_INIT}" "${KCONFIG_EXTRACTED}" "${K_SYMBOLS}" "${K_ARCH}" "${K_ARCH_END}" done else - write_csv_log "$K_VER" "$K_VER_CLEAN" "$FILE" "$K_ELF" "NA" "$KCONFIG_EXTRACTED" "$K_SYMBOLS" "$K_ARCH" "$K_ARCH_END" + write_csv_log "${K_VER}" "${K_VER_CLEAN}" "${FILE}" "${K_ELF}" "NA" "${KCONFIG_EXTRACTED}" "${K_SYMBOLS}" "${K_ARCH}" "${K_ARCH_END}" fi done NEG_LOG=1 # ASCII kernel config files: - elif file "$FILE" | grep -q "ASCII"; then - CFG_MD5=$(md5sum "$FILE" | awk '{print $1}') + elif file "${FILE}" | grep -q "ASCII"; then + CFG_MD5=$(md5sum "${FILE}" | awk '{print $1}') if [[ ! " ${KCFG_MD5[*]} " =~ ${CFG_MD5} ]]; then - K_CON_DET=$(strings "$FILE" 2>/dev/null | grep -E "^# Linux.*[0-9]{1}\.[0-9]{1,2}\.[0-9]{1,2}.* Kernel Configuration" || true) - if [[ "$K_CON_DET" =~ \ Kernel\ Configuration ]]; then + K_CON_DET=$(strings "${FILE}" 2>/dev/null | grep -E "^# Linux.*[0-9]{1}\.[0-9]{1,2}\.[0-9]{1,2}.* Kernel Configuration" || true) + if [[ "${K_CON_DET}" =~ \ Kernel\ Configuration ]]; then print_ln - print_output "[+] Found kernel configuration file: $ORANGE$FILE$NC" - check_kconfig "$FILE" + print_output "[+] Found kernel configuration file: ${ORANGE}${FILE}${NC}" + check_kconfig "${FILE}" NEG_LOG=1 - KCFG_MD5+=("$CFG_MD5") + KCFG_MD5+=("${CFG_MD5}") fi fi fi done - module_end_log "${FUNCNAME[0]}" "$NEG_LOG" + module_end_log "${FUNCNAME[0]}" "${NEG_LOG}" } extract_kconfig() { @@ -173,24 +173,24 @@ extract_kconfig() { export IMG="${1:-}" export KCONFIG_EXTRACTED="" - if ! [[ -f "$IMG" ]]; then - print_output "[-] No kernel file to analyze here - $ORANGE$IMG$NC" + if ! [[ -f "${IMG}" ]]; then + print_output "[-] No kernel file to analyze here - ${ORANGE}${IMG}${NC}" return fi - print_output "[*] Trying to extract kernel configuration from $ORANGE$IMG$NC" + print_output "[*] Trying to extract kernel configuration from ${ORANGE}${IMG}${NC}" export CF1='IKCFG_ST\037\213\010' export CF2='0123456789' # Prepare temp files: - export TMP1="$TMP_DIR"/ikconfig$$.1 - export TMP2="$TMP_DIR"/ikconfig$$.2 + export TMP1="${TMP_DIR}"/ikconfig$$.1 + export TMP2="${TMP_DIR}"/ikconfig$$.2 # shellcheck disable=SC2064 - trap "rm -f $TMP1 $TMP2" 0 + trap "rm -f ${TMP1} ${TMP2}" 0 # Initial attempt for uncompressed images or objects: - dump_config "$IMG" + dump_config "${IMG}" [[ $? -eq 4 ]] && return # That didn't work, so retry after decompression. @@ -221,32 +221,32 @@ dump_config() { local IMG_="${1:-}" local CFG_MD5="" - if ! [[ -f "$IMG_" ]]; then - print_output "[-] No kernel file to analyze here - $ORANGE$IMG_$NC" + if ! [[ -f "${IMG_}" ]]; then + print_output "[-] No kernel file to analyze here - ${ORANGE}${IMG_}${NC}" return fi - if POS=$(tr "$CF1\n$CF2" "\n$CF2=" < "$IMG_" | grep -abo "^$CF2"); then + if POS=$(tr "${CF1}\n${CF2}" "\n${CF2}=" < "${IMG_}" | grep -abo "^${CF2}"); then POS=${POS%%:*} - tail -c+"$((POS + 8))" "$IMG_" | zcat > "$TMP1" 2> /dev/null + tail -c+"$((POS + 8))" "${IMG_}" | zcat > "${TMP1}" 2> /dev/null if [[ $? != 1 ]]; then # exit status must be 0 or 2 (trailing garbage warning) - [[ "$STRICT_MODE" -eq 1 ]] && set +e + [[ "${STRICT_MODE}" -eq 1 ]] && set +e - if ! [[ -f "$TMP1" ]]; then + if ! [[ -f "${TMP1}" ]]; then return fi - CFG_MD5=$(md5sum "$TMP1" | awk '{print $1}') + CFG_MD5=$(md5sum "${TMP1}" | awk '{print $1}') if [[ ! " ${KCFG_MD5[*]} " =~ ${CFG_MD5} ]]; then - KCONFIG_EXTRACTED="$LOG_PATH_MODULE/kernel_config_extracted_$(basename "$IMG_").log" - cp "$TMP1" "$KCONFIG_EXTRACTED" - KCFG_MD5+=("$CFG_MD5") + KCONFIG_EXTRACTED="${LOG_PATH_MODULE}/kernel_config_extracted_$(basename "${IMG_}").log" + cp "${TMP1}" "${KCONFIG_EXTRACTED}" + KCFG_MD5+=("${CFG_MD5}") # return value of 4 means we are done and we are going back to the main function of this module for the next file return 4 else - print_output "[*] Firmware binary $ORANGE$IMG$NC already analyzed .. skipping" + print_output "[*] Firmware binary ${ORANGE}${IMG}${NC} already analyzed .. skipping" return 4 fi fi @@ -255,10 +255,10 @@ dump_config() { try_decompress() { # Source: https://raw.githubusercontent.com/torvalds/linux/master/scripts/extract-ikconfig - for POS in $(tr "$1\n$2" "\n$2=" < "$IMG" | grep -abo "^$2"); do + for POS in $(tr "$1\n$2" "\n$2=" < "${IMG}" | grep -abo "^$2"); do POS=${POS%%:*} - tail -c+"$POS" "$IMG" | "$3" > "$TMP2" 2> /dev/null - dump_config "$TMP2" + tail -c+"${POS}" "${IMG}" | "${3}" > "${TMP2}" 2> /dev/null + dump_config "${TMP2}" [[ $? -eq 4 ]] && return 4 done } @@ -272,20 +272,20 @@ check_kconfig() { return fi - if ! [[ -f "$KCONFIG_FILE" ]]; then + if ! [[ -f "${KCONFIG_FILE}" ]]; then return fi - print_output "[*] Testing kernel configuration file $ORANGE$KCONFIG_FILE$NC with kconfig-hardened-check" + print_output "[*] Testing kernel configuration file ${ORANGE}${KCONFIG_FILE}${NC} with kconfig-hardened-check" local KCONF_LOG="" - KCONF_LOG="$LOG_PATH_MODULE/kconfig_hardening_check_$(basename "$KCONFIG_FILE").log" - "$KCONF_HARD_CHECKER" -c "$KCONFIG_FILE" | tee -a "$KCONF_LOG" || true - if [[ -f "$KCONF_LOG" ]]; then - FAILED_KSETTINGS=$(grep -c "FAIL: " "$KCONF_LOG" || true) - if [[ "$FAILED_KSETTINGS" -gt 0 ]]; then - print_output "[+] Found $ORANGE$FAILED_KSETTINGS$GREEN security related kernel settings which should be reviewed - $ORANGE$(print_path "$KCONFIG_FILE")$NC" "" "$KCONF_LOG" + KCONF_LOG="${LOG_PATH_MODULE}/kconfig_hardening_check_$(basename "${KCONFIG_FILE}").log" + "${KCONF_HARD_CHECKER}" -c "${KCONFIG_FILE}" | tee -a "${KCONF_LOG}" || true + if [[ -f "${KCONF_LOG}" ]]; then + FAILED_KSETTINGS=$(grep -c "FAIL: " "${KCONF_LOG}" || true) + if [[ "${FAILED_KSETTINGS}" -gt 0 ]]; then + print_output "[+] Found ${ORANGE}${FAILED_KSETTINGS}${GREEN} security related kernel settings which should be reviewed - ${ORANGE}$(print_path "${KCONFIG_FILE}")${NC}" "" "${KCONF_LOG}" print_ln - write_log "[*] Statistics:$FAILED_KSETTINGS" + write_log "[*] Statistics:${FAILED_KSETTINGS}" fi fi } diff --git a/modules/S99_grepit.sh b/modules/S99_grepit.sh index 8b250e3ee..88c21e953 100755 --- a/modules/S99_grepit.sh +++ b/modules/S99_grepit.sh @@ -68,11 +68,11 @@ S99_grepit() { export ENABLE_LEAST_LIKELY=0 mapfile -t GREPIT_MODULES < <(grep -E "^grepit_module.*\(\) " "${MOD_DIR}"/"${FUNCNAME[0]}".sh | sed -e 's/()\ .*//g' | sort -u) - print_output "[*] Loaded $ORANGE${#GREPIT_MODULES[@]}$NC grepit modules\n" + print_output "[*] Loaded ${ORANGE}${#GREPIT_MODULES[@]}${NC} grepit modules\n" write_csv_log "Grepit test" "Number of results" "Used args for grep" "Regex used" "Grepit comment" - if [[ $THREADED -eq 1 ]]; then + if [[ ${THREADED} -eq 1 ]]; then for GREPIT_MODULE in "${GREPIT_MODULES[@]}"; do "${GREPIT_MODULE}" & local TMP_PID="$!" @@ -86,13 +86,13 @@ S99_grepit() { done fi - [[ $THREADED -eq 1 ]] && wait_for_pid "${WAIT_PIDS_S99[@]}" + [[ ${THREADED} -eq 1 ]] && wait_for_pid "${WAIT_PIDS_S99[@]}" grepit_reporter GREPIT_RESULTS=$(grep -v -c -E "\ Searching\ \(" "${LOG_PATH_MODULE}"/[0-9]_* | cut -d: -f2 | paste -sd+ | bc) print_ln - print_output "[*] Found $ORANGE$GREPIT_RESULTS$NC results via grepit." + print_output "[*] Found ${ORANGE}${GREPIT_RESULTS}${NC} results via grepit." module_end_log "${FUNCNAME[0]}" "${GREPIT_RESULTS}" } @@ -116,7 +116,7 @@ grepit_reporter() { COMMENT=$(echo "${RESULT}" | cut -d\; -f3) OUTFILE="${CURRENT_TEST}".txt - print_output "[*] $ORANGE$LINES_OF_OUTPUT$NC results of grepit module $ORANGE$CURRENT_TEST$NC ($ORANGE$COMMENT$NC)." "" "$LOG_PATH_MODULE/$OUTFILE" + print_output "[*] ${ORANGE}${LINES_OF_OUTPUT}${NC} results of grepit module ${ORANGE}${CURRENT_TEST}${NC} (${ORANGE}${COMMENT}${NC})." "" "${LOG_PATH_MODULE}/${OUTFILE}" done fi } @@ -137,44 +137,44 @@ grepit_search() { fi if [[ "${ENABLE_LEAST_LIKELY}" -eq 0 ]] && [[ "${OUTFILE}" == 9_* ]]; then - print_output "[-] Skipping searching for $OUTFILE with regex $SEARCH_REGEX. Set ENABLE_LEAST_LIKELY in the module options to 1 if you would like to." "no_log" + print_output "[-] Skipping searching for ${OUTFILE} with regex ${SEARCH_REGEX}. Set ENABLE_LEAST_LIKELY in the module options to 1 if you would like to." "no_log" else - write_log "[*] Searching (args for grep: $ORANGE${ARGS_FOR_GREP[*]}$NC) for $ORANGE$SEARCH_REGEX$NC." "$LOG_PATH_MODULE/$OUTFILE" + write_log "[*] Searching (args for grep: ${ORANGE}${ARGS_FOR_GREP[*]}${NC}) for ${ORANGE}${SEARCH_REGEX}${NC}." "${LOG_PATH_MODULE}/${OUTFILE}" if [[ "${LOG_DETAILS}" -eq 1 ]]; then - write_log "[*] Grepit state info - comment: $ORANGE$COMMENT$NC" "$LOG_PATH_MODULE/$OUTFILE" - write_log "[*] Grepit state info - Filename $ORANGE$OUTFILE$NC" "$LOG_PATH_MODULE/$OUTFILE" - write_log "[*] Grepit state info - Example: $ORANGE$EXAMPLE$NC" "$LOG_PATH_MODULE/$OUTFILE" - write_log "[*] Grepit state info - False positive example: $ORANGE$FALSE_POSITIVES_EXAMPLE$NC" "$LOG_PATH_MODULE/$OUTFILE" - write_log "[*] Grepit state info - Grep args: $ORANGE${ARGS_FOR_GREP[*]}$NC" "$LOG_PATH_MODULE/$OUTFILE" - write_log "[*] Grepit state info - Search regex: $ORANGE$SEARCH_REGEX$NC" "$LOG_PATH_MODULE/$OUTFILE" - write_log "" "$LOG_PATH_MODULE/$OUTFILE" + write_log "[*] Grepit state info - comment: ${ORANGE}${COMMENT}${NC}" "${LOG_PATH_MODULE}/${OUTFILE}" + write_log "[*] Grepit state info - Filename ${ORANGE}${OUTFILE}${NC}" "${LOG_PATH_MODULE}/${OUTFILE}" + write_log "[*] Grepit state info - Example: ${ORANGE}${EXAMPLE}${NC}" "${LOG_PATH_MODULE}/${OUTFILE}" + write_log "[*] Grepit state info - False positive example: ${ORANGE}${FALSE_POSITIVES_EXAMPLE}${NC}" "${LOG_PATH_MODULE}/${OUTFILE}" + write_log "[*] Grepit state info - Grep args: ${ORANGE}${ARGS_FOR_GREP[*]}${NC}" "${LOG_PATH_MODULE}/${OUTFILE}" + write_log "[*] Grepit state info - Search regex: ${ORANGE}${SEARCH_REGEX}${NC}" "${LOG_PATH_MODULE}/${OUTFILE}" + write_log "" "${LOG_PATH_MODULE}/${OUTFILE}" fi ulimit -Sv "${MEM_LIMIT}" - "${GREP_COMMAND}" "${ARGS_FOR_GREP[@]}" "${STANDARD_GREP_ARGUMENTS[@]}" -- "${SEARCH_REGEX}" "${FIRMWARE_PATH}" >> "$LOG_PATH_MODULE/$OUTFILE" 2>&1 || true + "${GREP_COMMAND}" "${ARGS_FOR_GREP[@]}" "${STANDARD_GREP_ARGUMENTS[@]}" -- "${SEARCH_REGEX}" "${FIRMWARE_PATH}" >> "${LOG_PATH_MODULE}/${OUTFILE}" 2>&1 || true ulimit -Sv unlimited if [[ "${LOG_DETAILS}" -eq 1 ]]; then - if [[ -f "$LOG_PATH_MODULE/$OUTFILE" ]] && ! [[ $(grep -v -c -E "\ Searching\ \(" "$LOG_PATH_MODULE/$OUTFILE" 2>/dev/null) -gt 7 ]]; then - rm "$LOG_PATH_MODULE/$OUTFILE" 2>/dev/null + if [[ -f "${LOG_PATH_MODULE}/${OUTFILE}" ]] && ! [[ $(grep -v -c -E "\ Searching\ \(" "${LOG_PATH_MODULE}/${OUTFILE}" 2>/dev/null) -gt 7 ]]; then + rm "${LOG_PATH_MODULE}/${OUTFILE}" 2>/dev/null fi else - if [[ -f "$LOG_PATH_MODULE/$OUTFILE" ]] && ! [[ $(grep -v -c -E "\ Searching\ \(" "$LOG_PATH_MODULE/$OUTFILE" 2>/dev/null) -gt 0 ]]; then - rm "$LOG_PATH_MODULE/$OUTFILE" 2>/dev/null + if [[ -f "${LOG_PATH_MODULE}/${OUTFILE}" ]] && ! [[ $(grep -v -c -E "\ Searching\ \(" "${LOG_PATH_MODULE}/${OUTFILE}" 2>/dev/null) -gt 0 ]]; then + rm "${LOG_PATH_MODULE}/${OUTFILE}" 2>/dev/null fi fi - if [[ -f "$LOG_PATH_MODULE/$OUTFILE" ]]; then + if [[ -f "${LOG_PATH_MODULE}/${OUTFILE}" ]]; then if [[ "${LOG_DETAILS}" -eq 1 ]]; then - LINES_OF_OUTPUT=$(( "$(wc -l "$LOG_PATH_MODULE/$OUTFILE" | awk '{print $1}')" -8 )) + LINES_OF_OUTPUT=$(( "$(wc -l "${LOG_PATH_MODULE}/${OUTFILE}" | awk '{print $1}')" -8 )) else - LINES_OF_OUTPUT=$(( "$(wc -l "$LOG_PATH_MODULE/$OUTFILE" | awk '{print $1}')" -1 )) + LINES_OF_OUTPUT=$(( "$(wc -l "${LOG_PATH_MODULE}/${OUTFILE}" | awk '{print $1}')" -1 )) fi CURRENT_TEST=$(basename -s .txt "${OUTFILE}") # this is the output to the terminal. For the final report we wait till all tests are finished and then we # parse the csv output file and sort it according the test priority - 1-9, where 1 is more interesting # (low false positive rate, certainty of "vulnerability") and 9 is only "you might want to have a look when you are desperately looking for vulns") - print_output "[*] $ORANGE$LINES_OF_OUTPUT$NC results of grepit module $ORANGE$CURRENT_TEST$NC." "no_log" + print_output "[*] ${ORANGE}${LINES_OF_OUTPUT}${NC} results of grepit module ${ORANGE}${CURRENT_TEST}${NC}." "no_log" write_csv_log "${CURRENT_TEST}" "${LINES_OF_OUTPUT}" "${ARGS_FOR_GREP[*]}" "${SEARCH_REGEX}" "${COMMENT}" fi fi @@ -203,7 +203,7 @@ grepit_module_java() { grepit_search "Bouncycastle is a common Java crypto provider" \ 'import org.bouncycastle.bla;' \ 'FALSE_POSITIVES_EXAMPLE_PLACEHOLDER' \ - "bouncy.{0,$WILDCARD_SHORT}castle" \ + "bouncy.{0,${WILDCARD_SHORT}}}castle" \ "8_java_crypto_bouncycastle.txt" \ "-i" @@ -274,31 +274,31 @@ grepit_module_java() { grepit_search "String comparisons have to be done with .equals() in Java, not with == (won't work). Attention: False positives often occur if you used a decompiler to get the Java code, additionally it's allowed in JavaScript." \ ' toString( ) ==' \ 'FALSE_POSITIVES_EXAMPLE_PLACEHOLDER' \ - "toString\(\s{0,$WILDCARD_SHORT}\)\s{0,$WILDCARD_SHORT}==" \ + "toString\(\s{0,${WILDCARD_SHORT}}}\)\s{0,${WILDCARD_SHORT}}}==" \ "9_java_string_comparison1.txt" grepit_search "String comparisons have to be done with .equals() in Java, not with == (won't work). Attention: False positives often occur if you used a decompiler to get the Java code, additionally it's allowed in JavaScript." \ ' == toString() ' \ 'FALSE_POSITIVES_EXAMPLE_PLACEHOLDER' \ - "==\s{0,$WILDCARD_SHORT}toString\(\s{0,$WILDCARD_SHORT}\)" \ + "==\s{0,${WILDCARD_SHORT}}}toString\(\s{0,${WILDCARD_SHORT}}}\)" \ "9_java_string_comparison2.txt" grepit_search "String comparisons have to be done with .equals() in Java, not with == (won't work). Attention: False positives often occur if you used a decompiler to get the Java code, additionally it's allowed in JavaScript." \ ' == "' \ 'FALSE_POSITIVES_EXAMPLE_PLACEHOLDER' \ - "==\s{0,$WILDCARD_SHORT}\"" \ + "==\s{0,${WILDCARD_SHORT}}}\"" \ "9_java_string_comparison3.txt" grepit_search "Problem with equals and equalsIgnoreCase for checking user supplied passwords or Hashes or HMACs or XYZ is that it is not a time-consistent method, therefore allowing timing attacks." \ '.equals(hash_from_request)' \ 'FALSE_POSITIVES_EXAMPLE_PLACEHOLDER' \ - "equals\(.{0,$WILDCARD_SHORT}[Hh][Aa][Ss][Hh]" \ + "equals\(.{0,${WILDCARD_SHORT}}}[Hh][Aa][Ss][Hh]" \ "2_java_string_comparison_equals_hash.txt" grepit_search "Problem with equals and equalsIgnoreCase for checking user supplied passwords or Hashes or HMACs or XYZ is that it is not a time-consistent method, therefore allowing timing attacks." \ '.equalsIgnoreCase(hash_from_request' \ 'FALSE_POSITIVES_EXAMPLE_PLACEHOLDER' \ - "equalsIgnoreCase\(.{0,$WILDCARD_SHORT}[Hh][Aa][Ss][Hh]" \ + "equalsIgnoreCase\(.{0,${WILDCARD_SHORT}}}[Hh][Aa][Ss][Hh]" \ "2_java_string_comparison_equalsIgnoreCase_hash.txt" grepit_search "String comparisons: Filters and conditional decisions on user input should better be done with .equalsIgnoreCase() in Java in most cases, so that the clause doesn't miss something (e.g. think about string comparison in filters) or long switch case. Another problem with equals and equalsIgnoreCase for checking user supplied passwords or Hashes or HMACs or XYZ is that it is not a time-consistent method, therefore allowing timing attacks. Then there is also the question of different systems handling/doing Unicode Normalization (see for example https://gosecure.github.io/unicode-pentester-cheatsheet/ and https://www.gosecure.net/blog/2020/08/04/unicode-for-security-professionals/) or not: B\xC3\xBCcher and B\x75\xcc\x88cher is both UTF-8, but one is the character for a real Unicode u-Umlaut while the other is u[COMBINING DIAERESIS]. If the backend normalizes it could be that identifiers clash." \ @@ -316,13 +316,13 @@ grepit_module_java() { grepit_search "The syntax for SQL executions start with execute and this should as well catch generic execute calls." \ 'executeBlaBla(' \ 'FALSE_POSITIVES_EXAMPLE_PLACEHOLDER' \ - "execute.{0,$WILDCARD_SHORT}\(" \ + "execute.{0,${WILDCARD_SHORT}}}\(" \ "6_java_sql_execute.txt" grepit_search "If a developer catches SQL exceptions, this could mean that she tries to hide SQL injections or similar." \ 'SQLSyntaxErrorException' \ 'FALSE_POSITIVES_EXAMPLE_PLACEHOLDER' \ - "SQL.{0,$WILDCARD_SHORT}Exception" \ + "SQL.{0,${WILDCARD_SHORT}}}Exception" \ "6_java_sql_exception.txt" grepit_search "SQL syntax" \ @@ -418,19 +418,19 @@ grepit_module_java() { grepit_search "Java generic parameter fetching" \ '.getParameterBlabla(' \ 'FALSE_POSITIVES_EXAMPLE_PLACEHOLDER' \ - "\.getParameter.{0,$WILDCARD_SHORT}\(" \ + "\.getParameter.{0,${WILDCARD_SHORT}}}\(" \ "7_java_http_getParameter.txt" grepit_search "Potential tainted input in string format." \ 'String.format("bla-%s"+taintedInput, variable);' \ 'FALSE_POSITIVES_EXAMPLE_PLACEHOLDER' \ - "String\.format\(\s{0,$WILDCARD_SHORT}\"[^\"]{1,$WILDCARD_LONG}\"\s{0,$WILDCARD_SHORT}\+" \ + "String\.format\(\s{0,${WILDCARD_SHORT}}}\"[^\"]{1,${WILDCARD_LONG}}\"\s{0,${WILDCARD_SHORT}}}\+" \ "4_java_format_string1.txt" grepit_search "Potential tainted input in string format." \ 'String.format(variable)' \ 'FALSE_POSITIVES_EXAMPLE_PLACEHOLDER' \ - "String\.format\(\s{0,$WILDCARD_SHORT}[^\"]" \ + "String\.format\(\s{0,${WILDCARD_SHORT}}}[^\"]" \ "5_java_format_string2.txt" grepit_search "Java ProcessBuilder" \ @@ -499,63 +499,63 @@ grepit_module_java() { grepit_search "Especially for high security applications. From http://docs.oracle.com/javase/1.5.0/docs/guide/security/jce/JCERefGuide.html#PBEEx : \"It would seem logical to collect and store the password in an object of type java.lang.String. However, here's the caveat: Objects of type String are immutable, i.e., there are no methods defined that allow you to change (overwrite) or zero out the contents of a String after usage. This feature makes String objects unsuitable for storing security sensitive information such as user passwords. You should always collect and store security sensitive information in a char array instead.\" " \ 'String password' \ 'FALSE_POSITIVES_EXAMPLE_PLACEHOLDER' \ - "string .{0,$WILDCARD_SHORT}password" \ + "string .{0,${WILDCARD_SHORT}}}password" \ "7_java_confidential_data_in_strings_password.txt" \ "-i" grepit_search "Especially for high security applications. From http://docs.oracle.com/javase/1.5.0/docs/guide/security/jce/JCERefGuide.html#PBEEx : \"It would seem logical to collect and store the password in an object of type java.lang.String. However, here's the caveat: Objects of type String are immutable, i.e., there are no methods defined that allow you to change (overwrite) or zero out the contents of a String after usage. This feature makes String objects unsuitable for storing security sensitive information such as user passwords. You should always collect and store security sensitive information in a char array instead.\" " \ 'String secret' \ 'FALSE_POSITIVES_EXAMPLE_PLACEHOLDER' \ - "string .{0,$WILDCARD_SHORT}secret" \ + "string .{0,${WILDCARD_SHORT}}}secret" \ "7_java_confidential_data_in_strings_secret.txt" \ "-i" grepit_search "Especially for high security applications. From http://docs.oracle.com/javase/1.5.0/docs/guide/security/jce/JCERefGuide.html#PBEEx : \"It would seem logical to collect and store the password in an object of type java.lang.String. However, here's the caveat: Objects of type String are immutable, i.e., there are no methods defined that allow you to change (overwrite) or zero out the contents of a String after usage. This feature makes String objects unsuitable for storing security sensitive information such as user passwords. You should always collect and store security sensitive information in a char array instead.\" " \ 'String key' \ 'FALSE_POSITIVES_EXAMPLE_PLACEHOLDER' \ - "string .{0,$WILDCARD_SHORT}key" \ + "string .{0,${WILDCARD_SHORT}}}key" \ "7_java_confidential_data_in_strings_key.txt" \ "-i" grepit_search "Especially for high security applications. From http://docs.oracle.com/javase/1.5.0/docs/guide/security/jce/JCERefGuide.html#PBEEx : \"It would seem logical to collect and store the password in an object of type java.lang.String. However, here's the caveat: Objects of type String are immutable, i.e., there are no methods defined that allow you to change (overwrite) or zero out the contents of a String after usage. This feature makes String objects unsuitable for storing security sensitive information such as user passwords. You should always collect and store security sensitive information in a char array instead.\" " \ 'String cvv' \ 'FALSE_POSITIVES_EXAMPLE_PLACEHOLDER' \ - "string .{0,$WILDCARD_SHORT}cvv" \ + "string .{0,${WILDCARD_SHORT}}}cvv" \ "7_java_confidential_data_in_strings_cvv.txt" \ "-i" grepit_search "Especially for high security applications. From http://docs.oracle.com/javase/1.5.0/docs/guide/security/jce/JCERefGuide.html#PBEEx : \"It would seem logical to collect and store the password in an object of type java.lang.String. However, here's the caveat: Objects of type String are immutable, i.e., there are no methods defined that allow you to change (overwrite) or zero out the contents of a String after usage. This feature makes String objects unsuitable for storing security sensitive information such as user passwords. You should always collect and store security sensitive information in a char array instead.\" " \ 'String user' \ 'FALSE_POSITIVES_EXAMPLE_PLACEHOLDER' \ - "string .{0,$WILDCARD_SHORT}user" \ + "string .{0,${WILDCARD_SHORT}}}user" \ "7_java_confidential_data_in_strings_user.txt" \ "-i" grepit_search "Especially for high security applications. From http://docs.oracle.com/javase/1.5.0/docs/guide/security/jce/JCERefGuide.html#PBEEx : \"It would seem logical to collect and store the password in an object of type java.lang.String. However, here's the caveat: Objects of type String are immutable, i.e., there are no methods defined that allow you to change (overwrite) or zero out the contents of a String after usage. This feature makes String objects unsuitable for storing security sensitive information such as user passwords. You should always collect and store security sensitive information in a char array instead.\" " \ 'String passcode' \ 'FALSE_POSITIVES_EXAMPLE_PLACEHOLDER' \ - "string .{0,$WILDCARD_SHORT}passcode" \ + "string .{0,${WILDCARD_SHORT}}}passcode" \ "7_java_confidential_data_in_strings_passcode.txt" \ "-i" grepit_search "Especially for high security applications. From http://docs.oracle.com/javase/1.5.0/docs/guide/security/jce/JCERefGuide.html#PBEEx : \"It would seem logical to collect and store the password in an object of type java.lang.String. However, here's the caveat: Objects of type String are immutable, i.e., there are no methods defined that allow you to change (overwrite) or zero out the contents of a String after usage. This feature makes String objects unsuitable for storing security sensitive information such as user passwords. You should always collect and store security sensitive information in a char array instead.\" " \ 'String passphrase' \ 'FALSE_POSITIVES_EXAMPLE_PLACEHOLDER' \ - "string .{0,$WILDCARD_SHORT}passphrase" \ + "string .{0,${WILDCARD_SHORT}}}passphrase" \ "7_java_confidential_data_in_strings_passphrase.txt" \ "-i" grepit_search "Especially for high security applications. From http://docs.oracle.com/javase/1.5.0/docs/guide/security/jce/JCERefGuide.html#PBEEx : \"It would seem logical to collect and store the password in an object of type java.lang.String. However, here's the caveat: Objects of type String are immutable, i.e., there are no methods defined that allow you to change (overwrite) or zero out the contents of a String after usage. This feature makes String objects unsuitable for storing security sensitive information such as user passwords. You should always collect and store security sensitive information in a char array instead.\" " \ 'String pin' \ 'FALSE_POSITIVES_EXAMPLE_PLACEHOLDER' \ - "string .{0,$WILDCARD_SHORT}pin" \ + "string .{0,${WILDCARD_SHORT}}}pin" \ "7_java_confidential_data_in_strings_pin.txt" \ "-i" grepit_search "Especially for high security applications. From http://docs.oracle.com/javase/1.5.0/docs/guide/security/jce/JCERefGuide.html#PBEEx : \"It would seem logical to collect and store the password in an object of type java.lang.String. However, here's the caveat: Objects of type String are immutable, i.e., there are no methods defined that allow you to change (overwrite) or zero out the contents of a String after usage. This feature makes String objects unsuitable for storing security sensitive information such as user passwords. You should always collect and store security sensitive information in a char array instead.\" " \ 'String creditcard_number' \ 'FALSE_POSITIVES_EXAMPLE_PLACEHOLDER' \ - "string .{0,$WILDCARD_SHORT}credit" \ + "string .{0,${WILDCARD_SHORT}}}credit" \ "7_java_confidential_data_in_strings_credit.txt" \ "-i" @@ -617,7 +617,7 @@ grepit_module_java() { grepit_search "A search for Process p = r.exec()" \ 'Process p = r.exec(args1);' \ 'FALSE_POSITIVES_EXAMPLE_PLACEHOLDER' \ - "Process.{0,$WILDCARD_SHORT}\.exec\(" \ + "Process.{0,${WILDCARD_SHORT}}}\.exec\(" \ "6_java_runtime_exec_2.txt" grepit_search "The function openProcess is included in apache commons and does a getRuntime().exec" \ @@ -771,7 +771,7 @@ grepit_module_java() { grepit_search 'Servlet methods that throw exceptions might reveal sensitive information, see https://sonarqube.com/coding_rules#types=VULNERABILITY|languages=java' \ 'public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException' \ 'FALSE_POSITIVES_EXAMPLE_PLACEHOLDER' \ - "void do.{0,$WILDCARD_LONG}throws.{0,$WILDCARD_LONG}ServletException" \ + "void do.{0,${WILDCARD_LONG}}throws.{0,${WILDCARD_LONG}}ServletException" \ "5_java_servlet_exception.txt" grepit_search 'Security decisions should not be done based on the HTTP referer header as it is attacker chosen, see https://sonarqube.com/coding_rules#types=VULNERABILITY|languages=java' \ @@ -783,13 +783,13 @@ grepit_module_java() { grepit_search 'Usually it is a bad idea to subclass cryptographic implementation, developers might break the implementation, see https://sonarqube.com/coding_rules#types=VULNERABILITY|languages=java' \ 'MyCryptographicAlgorithm extends MessageDigest {' \ 'FALSE_POSITIVES_EXAMPLE_PLACEHOLDER' \ - "extends.{0,$WILDCARD_LONG}MessageDigest" \ + "extends.{0,${WILDCARD_LONG}}MessageDigest" \ "5_java_extends_MessageDigest.txt" grepit_search 'Usually it is a bad idea to subclass cryptographic implementation, developers might break the implementation, see https://sonarqube.com/coding_rules#types=VULNERABILITY|languages=java' \ 'MyCryptographicAlgorithm extends WhateverCipher {' \ 'FALSE_POSITIVES_EXAMPLE_PLACEHOLDER' \ - "extends.{0,$WILDCARD_LONG}cipher" \ + "extends.{0,${WILDCARD_LONG}}cipher" \ "5_java_extends_cipher.txt" \ "-i" @@ -854,21 +854,21 @@ grepit_module_jsp() { grepit_search "Can introduce XSS" \ 'escape=false' \ 'FALSE_POSITIVES_EXAMPLE_PLACEHOLDER' \ - "escape\s{0,$WILDCARD_SHORT}=\s{0,$WILDCARD_SHORT}'?\"?\s{0,$WILDCARD_SHORT}false" \ + "escape\s{0,${WILDCARD_SHORT}}}=\s{0,${WILDCARD_SHORT}}}'?\"?\s{0,${WILDCARD_SHORT}}}false" \ "2_java_jsp_xss_escape.txt" \ "-i" grepit_search "Can introduce XSS" \ 'escapeXml=false' \ 'FALSE_POSITIVES_EXAMPLE_PLACEHOLDER' \ - "escapeXml\s{0,$WILDCARD_SHORT}=\s{0,$WILDCARD_SHORT}'?\"?\s{0,$WILDCARD_SHORT}false" \ + "escapeXml\s{0,${WILDCARD_SHORT}}}=\s{0,${WILDCARD_SHORT}}}'?\"?\s{0,${WILDCARD_SHORT}}}false" \ "2_java_jsp_xss_escapexml.txt" \ "-i" grepit_search "Can introduce XSS when simply writing a bean property to HTML without escaping. Attention: there are now client-side JavaScript libraries using the same tags for templates!" \ '<%=bean.getName()%>' \ 'Attention: there are now client-side JavaScript libraries using the same tags for templates!' \ - "<%=\s{0,$WILDCARD_SHORT}[A-Za-z0-9_]{1,$WILDCARD_LONG}.get[A-Za-z0-9_]{1,$WILDCARD_LONG}\(" \ + "<%=\s{0,${WILDCARD_SHORT}}}[A-Za-z0-9_]{1,${WILDCARD_LONG}}.get[A-Za-z0-9_]{1,${WILDCARD_LONG}}\(" \ "1_java_jsp_property_to_html_xss.txt" \ "-i" @@ -882,7 +882,7 @@ grepit_module_jsp() { grepit_search "Can introduce XSS when simply writing a bean property to HTML without escaping." \ 'out.print("