From 904457ce7ce6b316daee87d0905b5945d858da6b Mon Sep 17 00:00:00 2001 From: prabhu Date: Sun, 21 Apr 2024 17:44:06 +0100 Subject: [PATCH] Remove cargo auditable (#18) Signed-off-by: Prabhu Subramanian --- build-ppc64.sh | 4 +- build.ps1 | 9 --- build.sh | 5 +- packages/darwin-amd64/build-darwin-amd64.sh | 3 +- packages/darwin-arm64/build-darwin-arm64.sh | 3 +- packages/linux-arm64/build-linux-arm64.sh | 3 +- packages/ppc64/build-ppc64.sh | 3 +- packages/windows-amd64/build-windows-amd64.sh | 3 +- packages/windows-arm64/build-windows-arm64.sh | 3 +- thirdparty/cargo-auditable/.gitignore | 1 - thirdparty/cargo-auditable/Makefile | 61 ----------------- thirdparty/cargo-auditable/README.md | 3 - thirdparty/cargo-auditable/go.mod | 5 -- thirdparty/cargo-auditable/go.sum | 2 - thirdparty/cargo-auditable/main.go | 67 ------------------- 15 files changed, 8 insertions(+), 167 deletions(-) delete mode 100644 thirdparty/cargo-auditable/.gitignore delete mode 100644 thirdparty/cargo-auditable/Makefile delete mode 100644 thirdparty/cargo-auditable/README.md delete mode 100644 thirdparty/cargo-auditable/go.mod delete mode 100644 thirdparty/cargo-auditable/go.sum delete mode 100644 thirdparty/cargo-auditable/main.go diff --git a/build-ppc64.sh b/build-ppc64.sh index bd4e95e..8148471 100755 --- a/build-ppc64.sh +++ b/build-ppc64.sh @@ -1,11 +1,10 @@ #!/usr/bin/env bash rm -rf plugins/trivy -rm -rf plugins/cargo-auditable rm -rf plugins/osquery mkdir -p plugins/osquery -for plug in trivy cargo-auditable +for plug in trivy do mkdir -p plugins/$plug pushd thirdparty/$plug @@ -17,7 +16,6 @@ do done ./plugins/trivy/trivy-cdxgen-linux-ppc64le -v -./plugins/cargo-auditable/cargo-auditable-cdxgen-linux-ppc64le chmod +x packages/ppc64/build-ppc64.sh pushd packages/ppc64 diff --git a/build.ps1 b/build.ps1 index c44846e..30af8f5 100644 --- a/build.ps1 +++ b/build.ps1 @@ -1,4 +1,3 @@ -New-Item -ItemType Directory -Path plugins\cargo-auditable -Force New-Item -ItemType Directory -Path plugins\osquery -Force New-Item -ItemType Directory -Path plugins\dosai -Force @@ -17,14 +16,6 @@ set CGO_ENABLED=0 set GOOS=windows set GOARCH=amd64 -New-Item -ItemType Directory -Path plugins\cargo-auditable -Force -cd thirdparty\cargo-auditable -go build -ldflags "-H=windowsgui -s -w" -o build\cargo-auditable-windows-amd64.exe -..\..\upx-4.2.2-win64\upx.exe -9 --lzma build\cargo-auditable-windows-amd64.exe -copy build\* ..\..\plugins\cargo-auditable\ -Remove-Item build -Recurse -Force -cd ..\.. - New-Item -ItemType Directory -Path plugins\trivy -Force cd thirdparty\trivy go build -ldflags "-H=windowsgui -s -w" -o build\trivy-windows-amd64.exe diff --git a/build.sh b/build.sh index 9f44173..2bd341f 100755 --- a/build.sh +++ b/build.sh @@ -1,7 +1,6 @@ #!/usr/bin/env bash rm -rf plugins/trivy -rm -rf plugins/cargo-auditable rm -rf plugins/osquery rm -rf plugins/dosai mkdir -p plugins/osquery plugins/dosai @@ -18,7 +17,7 @@ curl -L https://github.com/owasp-dep-scan/dosai/releases/latest/download/Dosai - chmod +x plugins/dosai/dosai-linux-amd64 sha256sum plugins/dosai/dosai-linux-amd64 > plugins/dosai/dosai-linux-amd64.sha256 -for plug in trivy cargo-auditable +for plug in trivy do mkdir -p plugins/$plug pushd thirdparty/$plug @@ -32,8 +31,6 @@ done ./plugins/osquery/osqueryi-linux-amd64 --help upx -9 --lzma ./plugins/trivy/trivy-cdxgen-linux-amd64 ./plugins/trivy/trivy-cdxgen-linux-amd64 -v -upx -9 --lzma ./plugins/cargo-auditable/cargo-auditable-cdxgen-linux-amd64 -./plugins/cargo-auditable/cargo-auditable-cdxgen-linux-amd64 ./plugins/dosai/dosai-linux-amd64 --help for flavours in windows-amd64 linux-arm64 windows-arm64 darwin-arm64 darwin-amd64 ppc64 diff --git a/packages/darwin-amd64/build-darwin-amd64.sh b/packages/darwin-amd64/build-darwin-amd64.sh index dfb7959..5d0b8a8 100755 --- a/packages/darwin-amd64/build-darwin-amd64.sh +++ b/packages/darwin-amd64/build-darwin-amd64.sh @@ -1,7 +1,6 @@ #!/usr/bin/env bash rm -rf plugins/trivy -rm -rf plugins/cargo-auditable rm -rf plugins/osquery rm -rf plugins/dosai mkdir -p plugins/osquery plugins/dosai @@ -16,7 +15,7 @@ curl -L https://github.com/owasp-dep-scan/dosai/releases/latest/download/Dosai-o chmod +x plugins/dosai/dosai-darwin-amd64 sha256sum plugins/dosai/dosai-darwin-amd64 > plugins/dosai/dosai-darwin-amd64.sha256 -for plug in trivy cargo-auditable +for plug in trivy do mkdir -p plugins/$plug mv ../../plugins/$plug/*darwin-amd64* plugins/$plug/ diff --git a/packages/darwin-arm64/build-darwin-arm64.sh b/packages/darwin-arm64/build-darwin-arm64.sh index d6be485..906ec91 100755 --- a/packages/darwin-arm64/build-darwin-arm64.sh +++ b/packages/darwin-arm64/build-darwin-arm64.sh @@ -1,7 +1,6 @@ #!/usr/bin/env bash rm -rf plugins/trivy -rm -rf plugins/cargo-auditable rm -rf plugins/osquery rm -rf plugins/dosai mkdir -p plugins/osquery plugins/dosai @@ -10,7 +9,7 @@ curl -L https://github.com/owasp-dep-scan/dosai/releases/latest/download/Dosai-o chmod +x plugins/dosai/dosai-darwin-arm64 sha256sum plugins/dosai/dosai-darwin-arm64 > plugins/dosai/dosai-darwin-arm64.sha256 -for plug in trivy cargo-auditable +for plug in trivy do mkdir -p plugins/$plug mv ../../plugins/$plug/*darwin-arm64* plugins/$plug/ diff --git a/packages/linux-arm64/build-linux-arm64.sh b/packages/linux-arm64/build-linux-arm64.sh index f3f1a0a..06afdd6 100755 --- a/packages/linux-arm64/build-linux-arm64.sh +++ b/packages/linux-arm64/build-linux-arm64.sh @@ -1,7 +1,6 @@ #!/usr/bin/env bash rm -rf plugins/trivy -rm -rf plugins/cargo-auditable rm -rf plugins/osquery rm -rf plugins/dosai mkdir -p plugins/osquery plugins/dosai @@ -18,7 +17,7 @@ curl -L https://github.com/owasp-dep-scan/dosai/releases/latest/download/Dosai-l chmod +x plugins/dosai/dosai-linux-arm64 sha256sum plugins/dosai/dosai-linux-arm64 > plugins/dosai/dosai-linux-arm64.sha256 -for plug in trivy cargo-auditable +for plug in trivy do mkdir -p plugins/$plug mv ../../plugins/$plug/*linux-arm64* plugins/$plug/ diff --git a/packages/ppc64/build-ppc64.sh b/packages/ppc64/build-ppc64.sh index 6b2d7b3..7984bda 100755 --- a/packages/ppc64/build-ppc64.sh +++ b/packages/ppc64/build-ppc64.sh @@ -1,9 +1,8 @@ #!/usr/bin/env bash rm -rf plugins/trivy -rm -rf plugins/cargo-auditable -for plug in trivy cargo-auditable +for plug in trivy do mkdir -p plugins/$plug mv ../../plugins/$plug/*ppc64* plugins/$plug/ diff --git a/packages/windows-amd64/build-windows-amd64.sh b/packages/windows-amd64/build-windows-amd64.sh index 6c9bf09..cbcddf6 100755 --- a/packages/windows-amd64/build-windows-amd64.sh +++ b/packages/windows-amd64/build-windows-amd64.sh @@ -1,7 +1,6 @@ #!/usr/bin/env bash rm -rf plugins/trivy -rm -rf plugins/cargo-auditable rm -rf plugins/osquery rm -rf plugins/dosai mkdir -p plugins/osquery plugins/dosai @@ -17,7 +16,7 @@ rm osquery-5.11.0.windows_x86_64.zip curl -L https://github.com/owasp-dep-scan/dosai/releases/latest/download/Dosai.exe -o plugins/dosai/dosai-windows-amd64.exe sha256sum plugins/dosai/dosai-windows-amd64.exe > plugins/dosai/dosai-windows-amd64.exe.sha256 -for plug in trivy cargo-auditable +for plug in trivy do mkdir -p plugins/$plug mv ../../plugins/$plug/*windows-amd64* plugins/$plug/ diff --git a/packages/windows-arm64/build-windows-arm64.sh b/packages/windows-arm64/build-windows-arm64.sh index 70d82ce..d60ba93 100755 --- a/packages/windows-arm64/build-windows-arm64.sh +++ b/packages/windows-arm64/build-windows-arm64.sh @@ -1,7 +1,6 @@ #!/usr/bin/env bash rm -rf plugins/trivy -rm -rf plugins/cargo-auditable rm -rf plugins/osquery rm -rf plugins/dosai mkdir -p plugins/osquery plugins/dosai @@ -16,7 +15,7 @@ rm osquery-5.11.0.windows_arm64.zip curl -L https://github.com/owasp-dep-scan/dosai/releases/latest/download/Dosai-windows-arm64.exe -o plugins/dosai/dosai-windows-arm64.exe sha256sum plugins/dosai/dosai-windows-arm64.exe > plugins/dosai/dosai-windows-arm64.exe.sha256 -for plug in trivy cargo-auditable +for plug in trivy do mkdir -p plugins/$plug mv ../../plugins/$plug/*windows-arm64* plugins/$plug/ diff --git a/thirdparty/cargo-auditable/.gitignore b/thirdparty/cargo-auditable/.gitignore deleted file mode 100644 index d163863..0000000 --- a/thirdparty/cargo-auditable/.gitignore +++ /dev/null @@ -1 +0,0 @@ -build/ \ No newline at end of file diff --git a/thirdparty/cargo-auditable/Makefile b/thirdparty/cargo-auditable/Makefile deleted file mode 100644 index 2568443..0000000 --- a/thirdparty/cargo-auditable/Makefile +++ /dev/null @@ -1,61 +0,0 @@ -PATH := $(PATH):/usr/local/go/bin:$HOME/go/bin: -appname := cargo-auditable-cdxgen -sources := main.go - -build = CGO_ENABLED=0 GOOS=$(1) GOARCH=$(2) go build -ldflags "-s -w -extldflags=-Wl,-z,now,-z,relro" -o build/$(appname)-$(1)-$(2)$(3) -sha = cd build && sha256sum $(appname)-$(1)-$(2)$(3) > $(appname)-$(1)-$(2)$(3).sha256 - -.PHONY: all windows darwin linux clean - -all: windows linux darwin - -clean: rm -rf build/ - -##### LINUX BUILDS ##### -linux: build/linux_amd64 build/linux_arm64 build/linux_ppc64le - -build/linux_386: $(sources) - $(call build,linux,386,) - $(call sha,linux,386,) - -build/linux_amd64: $(sources) - $(call build,linux,amd64,) - $(call sha,linux,amd64,) - -build/linux_arm: $(sources) - $(call build,linux,arm,) - $(call sha,linux,arm,) - -build/linux_arm64: $(sources) - $(call build,linux,arm64,) - $(call sha,linux,arm64,) - -build/linux_ppc64le: $(sources) - $(call build,linux,ppc64le,) - $(call sha,linux,ppc64le,) - -##### DARWIN (MAC) BUILDS ##### -darwin: build/darwin_amd64 build/darwin_arm64 - -build/darwin_amd64: $(sources) - $(call build,darwin,amd64,) - $(call sha,darwin,amd64,) - -build/darwin_arm64: $(sources) - $(call build,darwin,arm64,) - $(call sha,darwin,arm64,) - -##### WINDOWS BUILDS ##### -windows: build/windows_amd64 build/windows_arm64 - -build/windows_386: $(sources) - $(call build,windows,386,.exe) - $(call sha,windows,386,.exe) - -build/windows_amd64: $(sources) - $(call build,windows,amd64,.exe) - $(call sha,windows,amd64,.exe) - -build/windows_arm64: $(sources) - $(call build,windows,arm64,.exe) - $(call sha,windows,arm64,.exe) diff --git a/thirdparty/cargo-auditable/README.md b/thirdparty/cargo-auditable/README.md deleted file mode 100644 index 10a3782..0000000 --- a/thirdparty/cargo-auditable/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# Introduction - -The files here were copied from https://github.com/microsoft/go-rustaudit. Minimal changes was made to make the project compile. diff --git a/thirdparty/cargo-auditable/go.mod b/thirdparty/cargo-auditable/go.mod deleted file mode 100644 index d9bb569..0000000 --- a/thirdparty/cargo-auditable/go.mod +++ /dev/null @@ -1,5 +0,0 @@ -module cargo-auditable - -go 1.19 - -require github.com/microsoft/go-rustaudit v0.0.0-20220808201409-204dfee52032 // indirect diff --git a/thirdparty/cargo-auditable/go.sum b/thirdparty/cargo-auditable/go.sum deleted file mode 100644 index 2ae6653..0000000 --- a/thirdparty/cargo-auditable/go.sum +++ /dev/null @@ -1,2 +0,0 @@ -github.com/microsoft/go-rustaudit v0.0.0-20220808201409-204dfee52032 h1:TLygBUBxikNJJfLwgm+Qwdgq1FtfV8Uh7bcxRyTzK8s= -github.com/microsoft/go-rustaudit v0.0.0-20220808201409-204dfee52032/go.mod h1:vYT9HE7WCvL64iVeZylKmCsWKfE+JZ8105iuh2Trk8g= diff --git a/thirdparty/cargo-auditable/main.go b/thirdparty/cargo-auditable/main.go deleted file mode 100644 index 900c5e4..0000000 --- a/thirdparty/cargo-auditable/main.go +++ /dev/null @@ -1,67 +0,0 @@ -package main - -import ( - "fmt" - "github.com/microsoft/go-rustaudit" - "io/fs" - "os" - "runtime" - "strings" -) - -func main() { - os.Exit(run(os.Args[1:])) -} - -func run(args []string) int { - if len(args) == 0 { - fmt.Printf("cargo-auditable %s %s/%s\n", runtime.Version(), runtime.GOOS, runtime.GOARCH) - return 0 - } - exitStatus := 0 - for _, arg := range args { - info, err := os.Stat(arg) - if err != nil { - fmt.Fprintf(os.Stderr, "%v\n", err) - exitStatus = 1 - continue - } - scanFile(arg, info) - } - return exitStatus -} - -// isExe reports whether the file should be considered executable. -func isExe(file string, info fs.FileInfo) bool { - if runtime.GOOS == "windows" { - return strings.HasSuffix(strings.ToLower(file), ".exe") - } - return info.Mode().IsRegular() && info.Mode()&0111 != 0 -} - -func scanFile(file string, info fs.FileInfo) { - if info.Mode()&fs.ModeSymlink != 0 { - // Accept file symlinks only. - i, err := os.Stat(file) - if err != nil || !i.Mode().IsRegular() { - fmt.Fprintf(os.Stderr, "%s: symlink\n", file) - return - } - info = i - } - - if !isExe(file, info) { - fmt.Fprintf(os.Stderr, "%s: not executable file\n", file) - return - } - - r, err := os.Open(file) - if err != nil { - fmt.Fprintf(os.Stderr, "%s: not executable file\n", file) - return - } - versionInfo, err := rustaudit.GetDependencyInfo(r) - for _, dep := range versionInfo.Packages { - fmt.Printf("%s\t%s\t%s\n", dep.Name, dep.Version, dep.Source) - } -}