malcontent/1.6.0 package update #36451
Merged
Octo STS / elastic-build
succeeded
Dec 12, 2024 in 4m 23s
APKs built successfully
Build ID: 5c939f13-7f26-440a-97b1-d5247668fa32
Details
x86_64 Logs
Click to expand
dsandbox.controller.v1.podsandbox type=io.containerd.podsandbox.controller.v1
time="2024-12-12T02:55:23.053501237Z" level=info msg="loading plugin" id=io.containerd.sandbox.controller.v1.shim type=io.containerd.sandbox.controller.v1
time="2024-12-12T02:55:23.053651128Z" level=info msg="loading plugin" id=io.containerd.grpc.v1.sandbox-controllers type=io.containerd.grpc.v1
time="2024-12-12T02:55:23.053686808Z" level=info msg="loading plugin" id=io.containerd.grpc.v1.sandboxes type=io.containerd.grpc.v1
time="2024-12-12T02:55:23.053701417Z" level=info msg="loading plugin" id=io.containerd.grpc.v1.snapshots type=io.containerd.grpc.v1
time="2024-12-12T02:55:23.053710497Z" level=info msg="loading plugin" id=io.containerd.streaming.v1.manager type=io.containerd.streaming.v1
time="2024-12-12T02:55:23.053722488Z" level=info msg="loading plugin" id=io.containerd.grpc.v1.streaming type=io.containerd.grpc.v1
time="2024-12-12T02:55:23.053736577Z" level=info msg="loading plugin" id=io.containerd.grpc.v1.tasks type=io.containerd.grpc.v1
time="2024-12-12T02:55:23.053752257Z" level=info msg="loading plugin" id=io.containerd.transfer.v1.local type=io.containerd.transfer.v1
time="2024-12-12T02:55:23.053776208Z" level=info msg="loading plugin" id=io.containerd.grpc.v1.transfer type=io.containerd.grpc.v1
time="2024-12-12T02:55:23.053789217Z" level=info msg="loading plugin" id=io.containerd.grpc.v1.version type=io.containerd.grpc.v1
time="2024-12-12T02:55:23.053804877Z" level=info msg="loading plugin" id=io.containerd.monitor.container.v1.restart type=io.containerd.monitor.container.v1
time="2024-12-12T02:55:23.053888588Z" level=info msg="loading plugin" id=io.containerd.tracing.processor.v1.otlp type=io.containerd.tracing.processor.v1
time="2024-12-12T02:55:23.053914217Z" level=info msg="skip loading plugin" error="skip plugin: tracing endpoint not configured" id=io.containerd.tracing.processor.v1.otlp type=io.containerd.tracing.processor.v1
time="2024-12-12T02:55:23.053921977Z" level=info msg="loading plugin" id=io.containerd.internal.v1.tracing type=io.containerd.internal.v1
time="2024-12-12T02:55:23.053930148Z" level=info msg="skip loading plugin" error="skip plugin: tracing endpoint not configured" id=io.containerd.internal.v1.tracing type=io.containerd.internal.v1
time="2024-12-12T02:55:23.053936637Z" level=info msg="loading plugin" id=io.containerd.ttrpc.v1.otelttrpc type=io.containerd.ttrpc.v1
time="2024-12-12T02:55:23.053947488Z" level=info msg="loading plugin" id=io.containerd.grpc.v1.healthcheck type=io.containerd.grpc.v1
time="2024-12-12T02:55:23.053969928Z" level=info msg="loading plugin" id=io.containerd.nri.v1.nri type=io.containerd.nri.v1
time="2024-12-12T02:55:23.054000128Z" level=info msg="runtime interface created"
time="2024-12-12T02:55:23.054011797Z" level=info msg="created NRI interface"
time="2024-12-12T02:55:23.054515087Z" level=info msg=serving... address=/var/run/docker/containerd/containerd-debug.sock
time="2024-12-12T02:55:23.054609367Z" level=info msg=serving... address=/var/run/docker/containerd/containerd.sock.ttrpc
time="2024-12-12T02:55:23.054685297Z" level=info msg=serving... address=/var/run/docker/containerd/containerd.sock
time="2024-12-12T02:55:23.054734267Z" level=info msg="containerd successfully booted in 0.050410s"
time="2024-12-12T02:55:25.309313434Z" level=info msg="Loading containers: start."
time="2024-12-12T02:55:25.928556910Z" level=info msg="Loading containers: done."
time="2024-12-12T02:55:28.571650447Z" level=info msg="Docker daemon" commit=92a83937d0280dcbea92099b01e01aa4251c1777 containerd-snapshotter=false storage-driver=overlay2 version=dev
time="2024-12-12T02:55:28.571877517Z" level=info msg="Daemon has completed initialization"
time="2024-12-12T02:55:28.818770860Z" level=info msg="API listen on /var/run/docker.sock"
evaluating pipelines for package requirements
building test workspace in: '/tmp/melange-guest-1398125271-main' with apko
Error: rpc error: code = NotFound desc = federate identity: rpc error: code = NotFound desc = no identity found for (https://accounts.google.com, 109346087047205543085)
Error running `chainctl auth token`: exit status 1
2024/12/12 02:55:29 [DEBUG] GET https://apk.cgr.dev/wolfi-presubmit/3b925ea4ff098c51ba1f46377fd595595a80fe64/apk-configuration
2024/12/12 02:55:29 [DEBUG] GET https://packages.wolfi.dev/os/apk-configuration
setting apk repositories: [https://apk.cgr.dev/wolfi-presubmit/3b925ea4ff098c51ba1f46377fd595595a80fe64 https://packages.wolfi.dev/os]
image configuration:
contents:
build repositories: []
runtime repositories: []
keyring: []
packages: [openssl crane malcontent]
installing ca-certificates-bundle (20241010-r2)
installing crane (0.20.2-r1)
installing wolfi-baselayout (20230201-r15)
installing glibc (2.40-r3)
installing ld-linux (2.40-r3)
installing libgcc (14.2.0-r6)
installing glibc-locale-posix (2.40-r3)
installing libmagic (5.46-r0)
installing libcrypto3 (3.4.0-r4)
installing yara (4.5.2-r2)
installing malcontent (1.6.0-r0)
installing libssl3 (3.4.0-r4)
installing openssl (3.4.0-r4)
installing wolfi-keys (1-r8)
installing zlib (1.3.1-r4)
installing apk-tools (2.14.4-r1)
installing libxcrypt (4.4.36-r8)
installing libcrypt1 (2.40-r3)
installing busybox (1.37.0-r0)
installing wolfi-base (1-r6)
built image layer tarball as /tmp/apko-temp-3804909945/apko-x86_64.tar.gz
using /tmp/apko-temp-3804909945/apko-x86_64.tar.gz for image layer
OCI layer digest: sha256:71eb851a16771910741a34f6a9efad5ace94de8a4388e7e6362031963ccf72c0
OCI layer diffID: sha256:a1ad64cd3f16648660b20871a5a830bd11cc108d6c5f3c12af3f4caf8c0621e6
saving OCI image locally: apko.local/cache:ae636a8005c3308ba4ba88c2482965c39691733019b23ccc1cb8bcda528db9c8
skipping local domain tagging apko.local/cache:ae636a8005c3308ba4ba88c2482965c39691733019b23ccc1cb8bcda528db9c8 as index.docker.io/library/melange:latest
populating workspace /tmp/melange-workspace-420288891 from malcontent
ImgRef = apko.local/cache:ae636a8005c3308ba4ba88c2482965c39691733019b23ccc1cb8bcda528db9c8
time="2024-12-12T02:55:57.656333629Z" level=info msg="connecting to shim f604cb977c8afd1d2e7c148947ee7390c6e836418935d2667adb83e54e974f3a" address="unix:///run/containerd/s/7a40bb0f9900aaa98ec93d857ab2d535bf5e3665e727b2fee6206fe9d732858b" namespace=moby protocol=ttrpc version=3
running the main test pipeline
running step "Verify malcontent version"
malcontent version v1.6.0
NAME:
malcontent - Detect malicious program behaviors
USAGE:
mal <flags> [diff, scan] <path>
VERSION:
v1.6.0
COMMANDS:
analyze fully interrogate a path
diff scan and diff two paths
refresh Refresh test data
scan tersely scan a path and return findings of the highest severity
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--all Ignore nothing within a provided scan path (default: false)
--exit-first-miss Exit with error if scan source has no matching capabilities (default: false)
--exit-first-hit Exit with error if scan source has matching capabilities (default: false)
--format value Output format (interactive, json, markdown, simple, strings, terminal, yaml) (default: "auto")
--ignore-self Ignore the malcontent binary (default: true)
--ignore-tags value Rule tags to ignore (default: "false_positive,ignore")
--include-data-files Include files that are detected as non-program (binary or source) files (default: false)
--jobs value, -j value Concurrently scan files within target scan paths (default: 64)
--min-file-level value Obsoleted by --min-file-risk (default: -1)
--min-file-risk value Only show results for files which meet the given risk level (any, low, medium, high, critical) (default: "low")
--min-level value Obsoleted by --min-risk (default: -1)
--min-risk value Only show results which meet the given risk level (any, low, medium, high, critical) (default: "low")
--output value, -o value Write output to specified file instead of stdout
--profile, -p Generate profile and trace files (default: false)
--quantity-increases-risk Increase file risk score based on behavior quantity (default: true)
--stats, -s Show scan statistics (default: false)
--third-party Include third-party rules which may have licensing restrictions (default: true)
--verbose Emit verbose logging messages to stderr (default: false)
--help, -h show help
--version, -v print the version
running step "Verify malcontent on yara"
├─ 🔵 /usr/bin/yara [LOW]
│ ≡ filesystem [LOW]
│ ≡ operating-system [LOW]
│ ≡ process [LOW]
running step "Verify malcontent on openssl"
├─ 🟡 /usr/bin/openssl [MEDIUM]
│ ≡ collection [MEDIUM]
│ ≡ command & control [MEDIUM]
│ ≡ cryptography [MEDIUM]
│ ≡ execution [MEDIUM]
│ ≡ filesystem [MEDIUM]
│ ≡ networking [MEDIUM]
running step "Verify malcontent on crane"
├─ 🟡 /usr/bin/crane [MEDIUM]
│ ≡ collection [MEDIUM]
│ ≡ command & control [MEDIUM]
│ ≡ credential [MEDIUM]
│ ≡ cryptography [MEDIUM]
│ ≡ data [MEDIUM]
│ ≡ discovery [MEDIUM]
│ ≡ execution [MEDIUM]
│ ≡ filesystem [MEDIUM]
│ ≡ networking [MEDIUM]
│ ≡ suspicious text [MEDIUM]
running step "Verify malcontent diff"
│+ 🟡 archives/zip — Works with zip files: archive/zip
time="2024-12-12T02:56:17.500512888Z" level=info msg="shim disconnected" id=f604cb977c8afd1d2e7c148947ee7390c6e836418935d2667adb83e54e974f3a namespace=moby
time="2024-12-12T02:56:17.500545398Z" level=warning msg="cleaning up after shim disconnected" id=f604cb977c8afd1d2e7c148947ee7390c6e836418935d2667adb83e54e974f3a namespace=moby
time="2024-12-12T02:56:17.500552248Z" level=info msg="cleaning up dead shim" namespace=moby
time="2024-12-12T02:56:17.500577878Z" level=info msg="ignoring event" container=f604cb977c8afd1d2e7c148947ee7390c6e836418935d2667adb83e54e974f3a module=libcontainerd namespace=moby topic=/tasks/delete type="*events.TaskDelete"
aarch64 Logs
Click to expand
"2024-12-12T02:55:09.571631278Z" level=info msg="loading plugin" id=io.containerd.sandbox.controller.v1.shim type=io.containerd.sandbox.controller.v1
time="2024-12-12T02:55:09.571801518Z" level=info msg="loading plugin" id=io.containerd.grpc.v1.sandbox-controllers type=io.containerd.grpc.v1
time="2024-12-12T02:55:09.571833238Z" level=info msg="loading plugin" id=io.containerd.grpc.v1.sandboxes type=io.containerd.grpc.v1
time="2024-12-12T02:55:09.571847678Z" level=info msg="loading plugin" id=io.containerd.grpc.v1.snapshots type=io.containerd.grpc.v1
time="2024-12-12T02:55:09.571861918Z" level=info msg="loading plugin" id=io.containerd.streaming.v1.manager type=io.containerd.streaming.v1
time="2024-12-12T02:55:09.571880958Z" level=info msg="loading plugin" id=io.containerd.grpc.v1.streaming type=io.containerd.grpc.v1
time="2024-12-12T02:55:09.571895158Z" level=info msg="loading plugin" id=io.containerd.grpc.v1.tasks type=io.containerd.grpc.v1
time="2024-12-12T02:55:09.571910998Z" level=info msg="loading plugin" id=io.containerd.transfer.v1.local type=io.containerd.transfer.v1
time="2024-12-12T02:55:09.571944318Z" level=info msg="loading plugin" id=io.containerd.grpc.v1.transfer type=io.containerd.grpc.v1
time="2024-12-12T02:55:09.571968358Z" level=info msg="loading plugin" id=io.containerd.grpc.v1.version type=io.containerd.grpc.v1
time="2024-12-12T02:55:09.571982558Z" level=info msg="loading plugin" id=io.containerd.monitor.container.v1.restart type=io.containerd.monitor.container.v1
time="2024-12-12T02:55:09.572037398Z" level=info msg="loading plugin" id=io.containerd.tracing.processor.v1.otlp type=io.containerd.tracing.processor.v1
time="2024-12-12T02:55:09.572057238Z" level=info msg="skip loading plugin" error="skip plugin: tracing endpoint not configured" id=io.containerd.tracing.processor.v1.otlp type=io.containerd.tracing.processor.v1
time="2024-12-12T02:55:09.572068598Z" level=info msg="loading plugin" id=io.containerd.internal.v1.tracing type=io.containerd.internal.v1
time="2024-12-12T02:55:09.572080878Z" level=info msg="skip loading plugin" error="skip plugin: tracing endpoint not configured" id=io.containerd.internal.v1.tracing type=io.containerd.internal.v1
time="2024-12-12T02:55:09.572091598Z" level=info msg="loading plugin" id=io.containerd.ttrpc.v1.otelttrpc type=io.containerd.ttrpc.v1
time="2024-12-12T02:55:09.572104078Z" level=info msg="loading plugin" id=io.containerd.grpc.v1.healthcheck type=io.containerd.grpc.v1
time="2024-12-12T02:55:09.572124278Z" level=info msg="loading plugin" id=io.containerd.nri.v1.nri type=io.containerd.nri.v1
time="2024-12-12T02:55:09.572162158Z" level=info msg="runtime interface created"
time="2024-12-12T02:55:09.572171238Z" level=info msg="created NRI interface"
time="2024-12-12T02:55:09.572438398Z" level=info msg=serving... address=/var/run/docker/containerd/containerd-debug.sock
time="2024-12-12T02:55:09.572514398Z" level=info msg=serving... address=/var/run/docker/containerd/containerd.sock.ttrpc
time="2024-12-12T02:55:09.572571278Z" level=info msg=serving... address=/var/run/docker/containerd/containerd.sock
time="2024-12-12T02:55:09.572605718Z" level=info msg="containerd successfully booted in 0.059333s"
time="2024-12-12T02:55:11.600003956Z" level=info msg="Loading containers: start."
time="2024-12-12T02:55:11.875827459Z" level=info msg="Loading containers: done."
time="2024-12-12T02:55:12.553960219Z" level=info msg="Docker daemon" commit=92a83937d0280dcbea92099b01e01aa4251c1777 containerd-snapshotter=false storage-driver=overlay2 version=dev
time="2024-12-12T02:55:12.554120819Z" level=info msg="Daemon has completed initialization"
time="2024-12-12T02:55:12.618537655Z" level=info msg="API listen on /var/run/docker.sock"
evaluating pipelines for package requirements
building test workspace in: '/tmp/melange-guest-1403348709-main' with apko
Error: rpc error: code = NotFound desc = federate identity: rpc error: code = NotFound desc = no identity found for (https://accounts.google.com, 109346087047205543085)
Error running `chainctl auth token`: exit status 1
2024/12/12 02:55:12 [DEBUG] GET https://apk.cgr.dev/wolfi-presubmit/3b925ea4ff098c51ba1f46377fd595595a80fe64/apk-configuration
2024/12/12 02:55:13 [DEBUG] GET https://packages.wolfi.dev/os/apk-configuration
setting apk repositories: [https://apk.cgr.dev/wolfi-presubmit/3b925ea4ff098c51ba1f46377fd595595a80fe64 https://packages.wolfi.dev/os]
image configuration:
contents:
build repositories: []
runtime repositories: []
keyring: []
packages: [openssl crane malcontent]
installing ca-certificates-bundle (20241010-r2)
installing crane (0.20.2-r1)
installing wolfi-baselayout (20230201-r15)
installing glibc (2.40-r3)
installing libgcc (14.2.0-r6)
installing ld-linux (2.40-r3)
installing glibc-locale-posix (2.40-r3)
installing libmagic (5.46-r0)
installing libcrypto3 (3.4.0-r4)
installing yara (4.5.2-r2)
installing malcontent (1.6.0-r0)
installing libssl3 (3.4.0-r4)
installing openssl (3.4.0-r4)
installing wolfi-keys (1-r8)
installing zlib (1.3.1-r4)
installing apk-tools (2.14.4-r1)
installing libxcrypt (4.4.36-r8)
installing libcrypt1 (2.40-r3)
installing busybox (1.37.0-r0)
installing wolfi-base (1-r6)
built image layer tarball as /tmp/apko-temp-2543561750/apko-aarch64.tar.gz
using /tmp/apko-temp-2543561750/apko-aarch64.tar.gz for image layer
OCI layer digest: sha256:bd1cba3ddc7e89fa2531ee195ce4e7a8e8e82227edc9b7783aeaf374da531e80
OCI layer diffID: sha256:3ac323ba09a226026ef7f00f4ae5bcfc92164fc74522c7c88fe40beb6a40a360
saving OCI image locally: apko.local/cache:5e34f5ba55e35127582d43aaa78da3347223e18df481e2ce15b39da483922aca
skipping local domain tagging apko.local/cache:5e34f5ba55e35127582d43aaa78da3347223e18df481e2ce15b39da483922aca as index.docker.io/library/melange:latest
populating workspace /tmp/melange-workspace-2962469749 from malcontent
ImgRef = apko.local/cache:5e34f5ba55e35127582d43aaa78da3347223e18df481e2ce15b39da483922aca
time="2024-12-12T02:55:20.979438307Z" level=info msg="connecting to shim bc4e92faca7c6bdd949aecb01b340f25ca3d90023df7c7fbc18fc410dab47989" address="unix:///run/containerd/s/cf6bd5724ce46d982c8f0d21162ee7ab9d39522da6d69d9290bccf09f705efd2" namespace=moby protocol=ttrpc version=3
running the main test pipeline
running step "Verify malcontent version"
malcontent version v1.6.0
NAME:
malcontent - Detect malicious program behaviors
USAGE:
mal <flags> [diff, scan] <path>
VERSION:
v1.6.0
COMMANDS:
analyze fully interrogate a path
diff scan and diff two paths
refresh Refresh test data
scan tersely scan a path and return findings of the highest severity
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--all Ignore nothing within a provided scan path (default: false)
--exit-first-miss Exit with error if scan source has no matching capabilities (default: false)
--exit-first-hit Exit with error if scan source has matching capabilities (default: false)
--format value Output format (interactive, json, markdown, simple, strings, terminal, yaml) (default: "auto")
--ignore-self Ignore the malcontent binary (default: true)
--ignore-tags value Rule tags to ignore (default: "false_positive,ignore")
--include-data-files Include files that are detected as non-program (binary or source) files (default: false)
--jobs value, -j value Concurrently scan files within target scan paths (default: 32)
--min-file-level value Obsoleted by --min-file-risk (default: -1)
--min-file-risk value Only show results for files which meet the given risk level (any, low, medium, high, critical) (default: "low")
--min-level value Obsoleted by --min-risk (default: -1)
--min-risk value Only show results which meet the given risk level (any, low, medium, high, critical) (default: "low")
--output value, -o value Write output to specified file instead of stdout
--profile, -p Generate profile and trace files (default: false)
--quantity-increases-risk Increase file risk score based on behavior quantity (default: true)
--stats, -s Show scan statistics (default: false)
--third-party Include third-party rules which may have licensing restrictions (default: true)
--verbose Emit verbose logging messages to stderr (default: false)
--help, -h show help
--version, -v print the version
running step "Verify malcontent on yara"
├─ 🔵 /usr/bin/yara [LOW]
│ ≡ filesystem [LOW]
│ ≡ operating-system [LOW]
│ ≡ process [LOW]
running step "Verify malcontent on openssl"
├─ 🟡 /usr/bin/openssl [MEDIUM]
│ ≡ collection [MEDIUM]
│ ≡ command & control [MEDIUM]
│ ≡ cryptography [MEDIUM]
│ ≡ execution [MEDIUM]
│ ≡ filesystem [MEDIUM]
│ ≡ networking [MEDIUM]
running step "Verify malcontent on crane"
├─ 🟡 /usr/bin/crane [MEDIUM]
│ ≡ collection [MEDIUM]
│ ≡ command & control [MEDIUM]
│ ≡ credential [MEDIUM]
│ ≡ cryptography [MEDIUM]
│ ≡ data [MEDIUM]
│ ≡ discovery [MEDIUM]
│ ≡ execution [MEDIUM]
│ ≡ filesystem [MEDIUM]
│ ≡ networking [MEDIUM]
│ ≡ suspicious text [MEDIUM]
running step "Verify malcontent diff"
│+ 🟡 archives/zip — Works with zip files: archive/zip
time="2024-12-12T02:55:46.631978457Z" level=info msg="shim disconnected" id=bc4e92faca7c6bdd949aecb01b340f25ca3d90023df7c7fbc18fc410dab47989 namespace=moby
time="2024-12-12T02:55:46.632021217Z" level=warning msg="cleaning up after shim disconnected" id=bc4e92faca7c6bdd949aecb01b340f25ca3d90023df7c7fbc18fc410dab47989 namespace=moby
time="2024-12-12T02:55:46.632051457Z" level=info msg="cleaning up dead shim" namespace=moby
time="2024-12-12T02:55:46.632091097Z" level=info msg="ignoring event" container=bc4e92faca7c6bdd949aecb01b340f25ca3d90023df7c7fbc18fc410dab47989 module=libcontainerd namespace=moby topic=/tasks/delete type="*events.TaskDelete"
pod bc4e92faca7c6bdd949aecb01b340f25ca3d90023df7c7fbc18fc410dab47989 terminated
Indexes
https://apk.cgr.dev/wolfi-presubmit/3b925ea4ff098c51ba1f46377fd595595a80fe64
Packages
- ✅ malcontent (success | 2m1s | x86_64 logs | aarch64 logs)
Tests
- ✅ malcontent (success | 1m20s | x86_64 logs | aarch64 logs)
More Observability
Command
cg build log \
--build-id 5c939f13-7f26-440a-97b1-d5247668fa32 \
--project prod-wolfi-os \
--cluster elastic-pre-a \
--namespace pre-wolfi \
--start 2024-12-12T02:52:01Z \
--end 2024-12-12T03:06:26Z \
--attrs pkg,arch
Loading