Skip to content

Commit

Permalink
Merge pull request #30 from CybercentreCanada/revert-28-revert-27-upd…
Browse files Browse the repository at this point in the history 
…ate/viper-heurs

Revert 28 revert 27 update/viper heurs [dev]
  • Loading branch information
@cccs-kevin
cccs-kevin authored Dec 7, 2023
2 parents 68ff5a4 + 3444a30 commit 0a92e26
Show file tree
Hide file tree
Showing 14 changed files with 134 additions and 1,416 deletions.
64 changes: 16 additions & 48 deletions elf/elf.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,26 +15,8 @@ class ELF(ServiceBase):
def add_header(self):
res = ResultSection("Headers")
res.add_line(f"Entrypoint: {hex(self.elf.entrypoint)}")

# Inspired by https://github.com/viper-framework/viper-modules/blob/ 00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L334
if not self.lief_binary.header.entrypoint:
heur = Heuristic(5)
ResultSection(heur.name, heuristic=heur, parent=res)

res.add_line(f"Machine: {self.elf.header['machine_type']}")

# Inspired by https://github.com/viper-framework/viper-modules/blob/ 00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L351
if not self.lief_binary.header.machine_type:
heur = Heuristic(6)
ResultSection(heur.name, heuristic=heur, parent=res)

res.add_line(f"File Type: {self.elf.header['file_type']}")

# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L314
if not self.lief_binary.header.file_type:
heur = Heuristic(4)
ResultSection(heur.name, heuristic=heur, parent=res)

res.add_line(f"Identity Class: {self.elf.header['identity_class']}")
res.add_line(f"Endianness: {self.elf.header['identity_data']}")
res.add_line(f"Virtual Size: {self.elf.virtual_size}")
Expand All @@ -51,11 +33,6 @@ def add_header(self):
res.add_line(f"Interpreter: {self.elf.interpreter}")
res.add_tag("file.elf.interpreter", self.elf.interpreter)

# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L374
if not self.lief_binary.has_interpreter:
heur = Heuristic(7)
ResultSection(heur.name, heuristic=heur, parent=res)

overlay = bytes.fromhex(self.elf.overlay)
res.add_line(f"Overlay size: {len(overlay)}")
if len(overlay) > 0:
Expand Down Expand Up @@ -117,8 +94,8 @@ def add_segments(self):

def add_libraries(self):
# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L401
if len(self.lief_binary.libraries) == 0:
heur = Heuristic(8)
if len(self.elf.libraries) == 0:
heur = Heuristic(4)
ResultSection(heur.name, heuristic=heur, parent=self.file_res)
return

Expand All @@ -129,10 +106,9 @@ def add_libraries(self):
self.file_res.add_section(res)

def add_notes(self):
# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L562
if not hasattr(self.elf, "notes") or len(self.elf.notes) == 0:
heur = Heuristic(10)
ResultSection(heur.name, heuristic=heur, parent=self.file_res)
if not hasattr(self.elf, "notes"):
return
if len(self.elf.notes) == 0:
return

res = ResultSection("Notes")
Expand Down Expand Up @@ -175,45 +151,39 @@ def add_hash(self):
def check_symbols(self):
# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L426
if not self.lief_binary.symbols:
heur = Heuristic(9)
ResultSection(heur.name, heuristic=heur, parent=self.file_res)
ResultSection("No symbol found", parent=self.file_res)
else:
# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L782
if not self.lief_binary.exported_symbols:
heur = Heuristic(12)
ResultSection(heur.name, heuristic=heur, parent=self.file_res)
ResultSection("No exported symbol found", parent=self.file_res)

# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L820
if not self.lief_binary.imported_symbols:
heur = Heuristic(14)
ResultSection(heur.name, heuristic=heur, parent=self.file_res)
ResultSection("No imported symbol found", parent=self.file_res)

# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L820
if not self.lief_binary.dynamic_symbols:
heur = Heuristic(18)
ResultSection(heur.name, heuristic=heur, parent=self.file_res)
ResultSection("No dynamic symbol found", parent=self.file_res)

# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L1560
if not self.lief_binary.static_symbols:
heur = Heuristic(19)
ResultSection(heur.name, heuristic=heur, parent=self.file_res)
ResultSection("No static symbol found", parent=self.file_res)

# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L1064
# and https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L1075
def check_relocations(self):
# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L1073
if not self.lief_binary.object_relocations:
heur = Heuristic(15)
ResultSection(heur.name, heuristic=heur, parent=self.file_res)
ResultSection("No object relocation found", parent=self.file_res)

# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L1075
if not self.lief_binary.relocations:
heur = Heuristic(16)
ResultSection(heur.name, heuristic=heur, parent=self.file_res)
ResultSection("No relocation found", parent=self.file_res)

def check_dynamic_entries(self):
# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L1538
if not self.elf.dynamic_entries:
heur = Heuristic(17)
heur = Heuristic(5)
ResultSection(heur.name, heuristic=heur, parent=self.file_res)

def add_symbols_version(self):
Expand All @@ -230,16 +200,14 @@ def add_functions(self):
self.file_res.add_section(res)
else:
# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L798
heur = Heuristic(13)
ResultSection(heur.name, heuristic=heur, parent=self.file_res)
ResultSection("No imported function found", parent=self.file_res)
if hasattr(self.elf, "exported_functions") and self.elf.exported_functions:
res = ResultSection("Exported Functions")
res.set_body(json.dumps(self.elf.exported_functions), BODY_FORMAT.JSON)
self.file_res.add_section(res)
else:
# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L760
heur = Heuristic(11)
ResultSection(heur.name, heuristic=heur, parent=self.file_res)
ResultSection("No exported function found", parent=self.file_res)

def execute(self, request: ServiceRequest):
request.result = Result()
Expand Down
106 changes: 4 additions & 102 deletions service_manifest.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,117 +41,19 @@ heuristics:
name: LOAD without section mappings
score: 100

# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L314
- description: Lief could not determine the file type
filetype: "executable/linux/.*"
heur_id: 4
name: No file type found
score: 0

# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L334
- description: Lief could not determine the entrypoint
filetype: "executable/linux/.*"
heur_id: 5
name: No entrypoint found
score: 0

# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L351
- description: Lief could not determine the architecture
filetype: "executable/linux/.*"
heur_id: 6
name: No architecture found
score: 0

# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L374
- description: Lief could not determine the interpreter
filetype: "executable/linux/.*"
heur_id: 7
name: No interpreter found
score: 0

# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L401
- description: Lief could not find a dynamic library
filetype: "executable/linux/.*"
heur_id: 8
heur_id: 4
name: No dynamic library found
score: 0

# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L426
- description: Lief could not find a symbol
filetype: "executable/linux/.*"
heur_id: 9
name: No symbol found
score: 0

# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L562
- description: Lief could not find notes
filetype: "executable/linux/.*"
heur_id: 10
name: No note found
score: 0

# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L760
- description: Lief could not find an exported function
filetype: "executable/linux/.*"
heur_id: 11
name: No exported function found
score: 0

# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L782
- description: Lief could not find an exported symbol
filetype: "executable/linux/.*"
heur_id: 12
name: No exported symbol found
score: 0

# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L782
- description: Lief could not find an imported function
filetype: "executable/linux/.*"
heur_id: 13
name: No imported function found
score: 0

# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L820
- description: Lief could not find an imported symbol
filetype: "executable/linux/.*"
heur_id: 14
name: No imported symbol found
score: 0

# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L1073
- description: Lief could not find an object relocation
filetype: "executable/linux/.*"
heur_id: 15
name: No object relocation found
score: 0

# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L1098
- description: Lief could not find a relocation
filetype: "executable/linux/.*"
heur_id: 16
name: No relocation found
score: 0
score: 100

# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L1538
- description: Lief could not find a dynamic entry
filetype: "executable/linux/.*"
heur_id: 17
heur_id: 5
name: No dynamic entry found
score: 0

# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L1549
- description: Lief could not find a dynamic symbol
filetype: "executable/linux/.*"
heur_id: 18
name: No dynamic symbol found
score: 0

# Inspired by https://github.com/viper-framework/viper-modules/blob/00ee6cd2b2ad4ed278279ca9e383e48bc23a2555/lief.py#L1560
- description: Lief could not find a static symbol
filetype: "executable/linux/.*"
heur_id: 19
name: No static symbol found
score: 0
score: 100

docker_config:
image: ${REGISTRY}cccs/assemblyline-service-elf:$SERVICE_TAG
Expand Down
Loading

0 comments on commit 0a92e26

Please sign in to comment.