cleanup

m-1-k-3 · m-1-k-3 · commit a0c3a0285684 · 2023-12-03T14:15:15.000+01:00
diff --git a/helpers/helpers_emba_dependency_check.sh b/helpers/helpers_emba_dependency_check.sh
@@ -129,8 +129,8 @@ check_git_hash(){
 check_docker_image(){
   local LOCAL_DOCKER_HASH=""
   local REMOTE_DOCKER_HASH=""
-  LOCAL_DOCKER_HASH="$(sudo docker image inspect embeddedanalyzer/emba:latest --format '{{json .RepoDigests}}' | jq . | grep "sha" | sed -E 's/.*sha256:([0-9|[a-z]+)"/\1/' || true)"
-  REMOTE_DOCKER_HASH="$(sudo docker manifest inspect embeddedanalyzer/emba:latest -v | jq . | grep "digest" | head -n1 | awk '{print $2}' | sed -E 's/"sha256:(.+)",/\1/' || true)"
+  LOCAL_DOCKER_HASH="$(docker image inspect embeddedanalyzer/emba:latest --format '{{json .RepoDigests}}' | jq . | grep "sha" | sed -E 's/.*sha256:([0-9|[a-z]+)"/\1/' || true)"
+  REMOTE_DOCKER_HASH="$(docker manifest inspect embeddedanalyzer/emba:latest -v | jq . | grep "digest" | head -n1 | awk '{print $2}' | sed -E 's/"sha256:(.+)",/\1/' || true)"
 
   if [[ "${LOCAL_DOCKER_HASH}" == "${REMOTE_DOCKER_HASH}" ]]; then
     echo -e "    Docker image version - ${GREEN}ok${NC}"
@@ -154,12 +154,6 @@ dependency_check()
   if [[ "${CONTAINER_NUMBER}" -ne 1 ]]; then
     print_output "    Internet connection - \\c" "no_log"
 
-    if [[ -n "${PROXY_SETTINGS}" ]]; then
-      export http_proxy="${PROXY_SETTINGS}"
-      export https_proxy="${PROXY_SETTINGS}"
-      print_output "[*] Info: Proxy settings detected: ${ORANGE}${PROXY_SETTINGS}${NC}" "no_log"
-    fi
-
     LATEST_EMBA_VERSION="$(curl --connect-timeout 5 -s -o - https://github.com/e-m-b-a/emba/blob/master/config/VERSION.txt | grep -w "rawLines" | sed -E 's/.*"rawLines":\["([0-9]\.[0-9]\.[0-9]).*/\1/' || true)"
     if [[ -z "${LATEST_EMBA_VERSION}" ]] ; then
       echo -e "${RED}""not ok""${NC}"
@@ -173,6 +167,13 @@ dependency_check()
         check_git_hash
       fi
     fi
+
+    if [[ -n "${PROXY_SETTINGS}" ]]; then
+      export http_proxy="${PROXY_SETTINGS}"
+      export https_proxy="${PROXY_SETTINGS}"
+      print_output "[*] Info: Proxy settings detected: ${ORANGE}${PROXY_SETTINGS}${NC}" "no_log"
+    fi
+
     if [[ -f "${CONFIG_DIR}/gpt_config.env" ]]; then
       if grep -v -q "#" "${CONFIG_DIR}/gpt_config.env"; then
         # readin gpt_config.env
diff --git a/helpers/helpers_emba_helpers.sh b/helpers/helpers_emba_helpers.sh
@@ -178,6 +178,12 @@ cleaner() {
     done < "${TMP_DIR}"/EXIT_KILL_PIDS.log
   fi
 
+  if [[ -f "${LOG_DIR}"/emba_error.log ]]; then
+    if ! [[ -s "${LOG_DIR}"/emba_error.log ]]; then
+      rm "${LOG_DIR}"/emba_error.log > /dev/null || true
+    fi
+  fi
+
   if [[ "${IN_DOCKER}" -eq 0 ]] && [[ -d "${TMP_DIR}" ]]; then
     rm -r "${TMP_DIR}" 2>/dev/null || true
   fi
diff --git a/installer.sh b/installer.sh
@@ -361,12 +361,7 @@ chmod 755 ./external
 
 if [[ "${LIST_DEP}" -eq 0 ]] || [[ ${IN_DOCKER} -eq 0 ]] || [[ ${DOCKER_SETUP} -eq 1 ]] || [[ ${FULL} -eq 1 ]]; then
   echo -e "\\n""${MAGENTA}""${BOLD}""Installation notes:""${NC}"
-  echo -e "\\n""${MAGENTA}""INFO: The cron.daily update script for EMBA is located in config/emba_updater""${NC}"
-  echo -e "${MAGENTA}""INFO: For automatic updates it should be copied to /etc/cron.daily/""${NC}"
-  echo -e "${MAGENTA}""INFO: For manual updates just start it via sudo ./config/emba_updater""${NC}"
-
   echo -e "\\n""${MAGENTA}""WARNING: If you plan using the emulator (-E switch) your host and your internal network needs to be protected.""${NC}"
-
   echo -e "\\n""${MAGENTA}""INFO: Do not forget to checkout current development of EMBA at https://github.com/e-m-b-a.""${NC}"
 fi
 if [[ "${WSL}" -eq 1 ]]; then
diff --git a/modules/F20_vul_aggregator.sh b/modules/F20_vul_aggregator.sh
@@ -495,15 +495,26 @@ cve_db_lookup_version() {
   # BIN_VERSION_ is something like "binary:1.2.3"
   # function writes log files to "${LOG_PATH_MODULE}"/"${VERSION_PATH}".txt
   local BIN_VERSION_="${1:-}"
+
   local CVE_ID=""
   local BIN_NAME=""
-
+  BIN_NAME=$(echo "${BIN_VERSION_}" | cut -d':' -f1)
   # we create something like "binary_1.2.3" for log paths
-  local VERSION_PATH="${BIN_VERSION_//:/_}"
+  # remove last : if it is there
+  local VERSION_PATH="${BIN_VERSION_%:}"
+  VERSION_PATH="${VERSION_PATH//:/_}"
+
+  # if we did the CVE analysis already in module s26, we can just use these results for our further analysis
+  # -> we skip the complete CVE analysis here:
+  if [[ "${BIN_NAME}" == *"linux_kernel"* ]] && [[ -s "${LOG_DIR}"/s26_kernel_vuln_verifier/"${VERSION_PATH}".txt ]]; then
+    print_output "[*] Detected kernel vulnerability details from module S26 - going to use these details"
+    cp "${LOG_DIR}"/s26_kernel_vuln_verifier/"${VERSION_PATH}".txt "${LOG_PATH_MODULE}" || (print_output "[-] S26 kernel vulns file found, but something was going wrong")
+    cve_extractor "${BIN_VERSION_}"
+    return
+  fi
   # we test for the binary_name:version and for binary_name:*:
-  print_output "[*] CVE database lookup with version information: ${ORANGE}${BIN_VERSION_}${NC}" "no_log"
+  print_output "[*] CVE database lookup with version information: ${ORANGE}${BIN_VERSION_}${NC}"
 
-  BIN_NAME=$(echo "${BIN_VERSION_}" | cut -d':' -f1)
   mapfile -t CVE_VER_SOURCES_ARR < <(grep -l -r "cpe:[0-9]\.[0-9]:[a-z]:.*${BIN_VERSION_}:\|cpe:[0-9]\.[0-9]:[a-z]:.*${BIN_NAME}:\*:" "${NVD_DIR}" | sort -u || true)
 
   if [[ "${BIN_VERSION_}" == *"dlink"* ]]; then
@@ -844,7 +855,9 @@ cve_extractor() {
       BINARY="$(echo "${VERSION_orig}" | cut -d ":" -f2)"
       VERSION="$(echo "${VERSION_orig}" | cut -d ":" -f3-)"
     fi
-    local VERSION_PATH="${VERSION_orig//:/_}"
+    local VERSION_PATH="${VERSION_orig%:}"
+    VERSION_PATH="${VERSION_PATH//:/_}"
+    # remove last : if it is there
     AGG_LOG_FILE="${VERSION_PATH}".txt
   else
     AGG_LOG_FILE="${VERSION_orig}".txt
@@ -1135,17 +1148,17 @@ cve_extractor_thread_actor() {
     if [[ -f "${S26_LOG_DIR}"/cve_results_kernel_"${VERSION}".csv ]]; then
       # check if the current CVE is a verified kernel CVE from s26 module
       if grep -q ";${CVE_VALUE};.*;.*;1;1" "${S26_LOG_DIR}"/cve_results_kernel_"${VERSION}".csv; then
-        print_output "[+] ${ORANGE}INFO:${GREEN} Vulnerability ${ORANGE}${CVE_VALUE}${GREEN} is a verified kernel vulnerability (${ORANGE}kernel symbols and kernel configuration${GREEN})!"
+        print_output "[+] ${ORANGE}INFO:${GREEN} Vulnerability ${ORANGE}${CVE_VALUE}${GREEN} is a verified kernel vulnerability (${ORANGE}kernel symbols and kernel configuration${GREEN})!" "no_log"
         ((KERNEL_VERIFIED_VULN+=1))
         KERNEL_VERIFIED="yes"
       fi
       if grep -q ";${CVE_VALUE};.*;.*;1;0" "${S26_LOG_DIR}"/cve_results_kernel_"${VERSION}".csv; then
-        print_output "[+] ${ORANGE}INFO:${GREEN} Vulnerability ${ORANGE}${CVE_VALUE}${GREEN} is a verified kernel vulnerability (${ORANGE}kernel symbols${GREEN})!"
+        print_output "[+] ${ORANGE}INFO:${GREEN} Vulnerability ${ORANGE}${CVE_VALUE}${GREEN} is a verified kernel vulnerability (${ORANGE}kernel symbols${GREEN})!" "no_log"
         ((KERNEL_VERIFIED_VULN+=1))
         KERNEL_VERIFIED="yes"
       fi
       if grep -q ";${CVE_VALUE};.*;.*;0;1" "${S26_LOG_DIR}"/cve_results_kernel_"${VERSION}".csv; then
-        print_output "[+] ${ORANGE}INFO:${GREEN} Vulnerability ${ORANGE}${CVE_VALUE}${GREEN} is a verified kernel vulnerability (${ORANGE}kernel configuration${GREEN})!"
+        print_output "[+] ${ORANGE}INFO:${GREEN} Vulnerability ${ORANGE}${CVE_VALUE}${GREEN} is a verified kernel vulnerability (${ORANGE}kernel configuration${GREEN})!" "no_log"
         ((KERNEL_VERIFIED_VULN+=1))
         KERNEL_VERIFIED="yes"
       fi
