-
Notifications
You must be signed in to change notification settings - Fork 199
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Additional x509 banners #305
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See comments.
@tsellers-r7 we should probably add tests against the fields for the files in the 'identifiers' dir of this project (such as hw_product.txt). Also, I know R7 VM expects explicit vendor/product names to trigger downstream checks, so there may be some additional integration testing necessary so these additions/changes don't regress functionality there. |
@dabdine - Yup, after we move the tests from Travis-CI (tests that take 18+ hours to run aren't useful) we can just have it run |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like we still need to port
- VMWare - we have os.family values, and looks like one regex match is missing
- iLo - some existing ones but do not look like they match ours
…into Puffins/Story/DCA-21047
Hello! The EMAILADDRESS change is problematic today because the x509 representation differs by implementation. For example, Go is putting the email address at the end of the line and using the OID instead "EMAILADDRESS". This comment is relevant:
Supporting EMAILADDRESS (and other attributes is great), but we need to agree on how to represent them first and make sure Go, Ruby, Python, Java all agree when building the string. |
The relevant Go code for extra name handling:
In practice this looks like:
1.2.840.113549.1.9.1 is the OID of the EMAILADDRESS attribute. The value includes the DER bytes, including the Type and Length before the value ([email protected]). |
Go also places these LAST where the example above has the EMAILADDRESS first. Anywho, this gets tricky because we normally use ^ anchors and this will different by language. |
@@ -475,7 +483,7 @@ | |||
</fingerprint> | |||
|
|||
<fingerprint pattern="^CN=([a-zA-Z0-9\.\-\_]+),OU=VMware ESX Server Default Certificate,O=VMware\\, Inc,L=Palo Alto,ST=California,C=US$"> | |||
<description>VMware ESX</description> | |||
<description>VMWare ESX</description> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This PR will likely be closed, but note for self - this change is incorrect. VMware
is correct.
<param pos="0" name="os.device" value="Hypervisor"/> | ||
<param pos="0" name="os.cpe23" value="cpe:/o:vmware:esx:-"/> | ||
<param pos="1" name="host.name"/> | ||
</fingerprint> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Already landed elsewhere
Closing this pull request since x.509 normalization has not been worked out. See issue #360. |
Description
Recog updated with fingerprints from Jess
Motivation and Context
More functionality
How Has This Been Tested?
Types of changes
Checklist: