这是indexloc提供的服务,不要输入任何密码
Skip to content

Exploit mitigations #74

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Feb 28, 2018
Merged

Exploit mitigations #74

merged 9 commits into from
Feb 28, 2018

Conversation

@0xricksanchez
Copy link
Contributor

@0xricksanchez 0xricksanchez commented Feb 22, 2018

fixed acceptance test

@codecov-io
Copy link

codecov-io commented Feb 22, 2018
edited
Loading

Codecov Report

Merging #74 into master will increase coverage by 0.12%.
The diff coverage is 99.11%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master      #74      +/-   ##
==========================================
+ Coverage   93.62%   93.75%   +0.12%     
==========================================
  Files         269      269              
  Lines       12730    12933     +203     
==========================================
+ Hits        11919    12125     +206     
+ Misses        811      808       -3
Impacted Files Coverage Δ
...ins/analysis/checksec/test/test_plugin_checksec.py 100% <100%> (ø) ⬆️
src/test/integration/statistic/test_update.py 100% <100%> (ø) ⬆️
src/statistic/update.py 98.19% <100%> (+0.79%) ⬆️
src/plugins/analysis/checksec/code/checksec.py 86.11% <100%> (ø) ⬆️
src/test/unit/web_interface/test_filter.py 100% <100%> (ø) ⬆️
src/web_interface/components/jinja_filter.py 86.66% <100%> (+0.14%) ⬆️
src/web_interface/filter.py 87.09% <91.3%> (+2.88%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5105e97...c91a732. Read the comment docs.

dorpvom
dorpvom requested changes Feb 22, 2018
View reviewed changes
Copy link
Member

@dorpvom dorpvom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please apply changes

src/plugins/analysis/checksec/code/checksec.py
dict_res.update({'PIE': 'DSO'})
else:
dict_sum.update({'PIE - Not a valid ELF file': file_path})
dict_res.update({'PIE': 'Not a valid ELF file'})
Copy link
Member

@dorpvom dorpvom Feb 22, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please increase the plugin version on every change (e.g. to 0.1.1 or 0.2)

src/statistic/update.py
stats['malware'] = self._clean_malware_list(result)
return stats

def _get_exploit_mitigations_stats(self):
Copy link
Member

@dorpvom dorpvom Feb 22, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please refactor to shorten method and increase readability

src/web_interface/filter.py

def set_limit_for_data_to_chart(label_list, limit, value_list):
if limit and len(label_list) > limit:
label_list = label_list[:limit]
Copy link
Member

@dorpvom dorpvom Feb 22, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Untested code

src/statistic/update.py
stats['exploit_mitigations'].append((0, 0, 0))

def round(self, exploit_mitigation_stat, total_amount_of_files):
rounded_value = round(exploit_mitigation_stat[0][1] / total_amount_of_files, 5)
Copy link
Member

@dorpvom dorpvom Feb 22, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Untested code

src/statistic/update.py

def set_stats(self, exploit_mitigation, stats, total_amount_of_files):
if len(exploit_mitigation) > 0:
stats['exploit_mitigations'].append((exploit_mitigation[0][0],
Copy link
Member

@dorpvom dorpvom Feb 22, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Untested

src/web_interface/templates/show_statistic.html

{# ------ Exploit Mitigation Stats ------ #}

{% if stats["exploit_mitigations_stats"] %}
Copy link
Member

@dorpvom dorpvom Feb 22, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some of the bars are too long (> 100 %) breaking the tooltips.
Don't know where the error is.

src/statistic/update.py
self.db.update_statistic('exploit_mitigations', self._get_exploit_mitigations_stats())
# should always be the last, because of the benchmark
self.db.update_statistic('general', self.get_general_stats())

Copy link
Member

@dorpvom dorpvom Feb 22, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Update script failed on first execution. Since updating some of the analysis results, the script works fine.

@tbarabosch tbarabosch merged commit 3ca4ad2 into master Feb 28, 2018
@weidenba weidenba deleted the exploit-mitigations branch April 25, 2018 09:38
weidenba pushed a commit that referenced this pull request Oct 22, 2018
@tbarabosch
Merge pull request #74 from fkie-cad/exploit-mitigations
604c5a4 
Exploit mitigations
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dorpvom dorpvom dorpvom requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@0xricksanchez @codecov-io @dorpvom @tbarabosch