generated from oracle/template-repo
-
Notifications
You must be signed in to change notification settings - Fork 23
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: report known malware for all ecosystems (#922)
If a package is already known to be malicious, this PR reports it as part of the mcn_detect_malicious_metadata_1 check. Additionally, two new integration tests for known Python and npm malware have been added. Signed-off-by: behnazh-w <[email protected]>
- Loading branch information
Showing
8 changed files
with
180 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ | ||
/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ | ||
|
||
#include "prelude.dl" | ||
|
||
Policy("check-malicious-package", component_id, "Check the malicious package.") :- | ||
check_failed(component_id, "mcn_detect_malicious_metadata_1"). | ||
|
||
apply_policy_to("check-malicious-package", component_id) :- | ||
is_component(component_id, "pkg:npm/tautoak4-hello-world"). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
# Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. | ||
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. | ||
|
||
description: | | ||
Analyzing a known malicious package. | ||
tags: | ||
- macaron-python-package | ||
- macaron-docker-image | ||
|
||
steps: | ||
- name: Run macaron analyze | ||
kind: analyze | ||
options: | ||
command_args: | ||
- -purl | ||
- pkg:npm/tautoak4-hello-world | ||
- name: Run macaron verify-policy to verify that the malicious metadata check fails. | ||
kind: verify | ||
options: | ||
policy: policy.dl |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ | ||
/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ | ||
|
||
#include "prelude.dl" | ||
|
||
Policy("check-malicious-package", component_id, "Check the malicious package.") :- | ||
check_failed(component_id, "mcn_detect_malicious_metadata_1"). | ||
|
||
apply_policy_to("check-malicious-package", component_id) :- | ||
is_component(component_id, "pkg:pypi/type-extension"). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
# Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. | ||
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. | ||
|
||
description: | | ||
Analyzing a known malicious package. | ||
tags: | ||
- macaron-python-package | ||
- macaron-docker-image | ||
|
||
steps: | ||
- name: Run macaron analyze | ||
kind: analyze | ||
options: | ||
command_args: | ||
- -purl | ||
- pkg:pypi/type-extension | ||
- name: Run macaron verify-policy to verify that the malicious metadata check fails. | ||
kind: verify | ||
options: | ||
policy: policy.dl |