added container for doing static analysis of files

2023-09-19 08:37:12 +02:00 · 2023-09-19 08:37:12 +02:00 · 87f9e02685
parent f169d81775
commit 87f9e02685
5 changed files with 102 additions and 15 deletions
--- a/.woodpecker/builder.yml
+++ b/.woodpecker/builder.yml
@ -0,0 +1,28 @@
 # Build and publish Docker images for multible architectures.
 # 
 # Pushing an image to codeberg as container registry,
 # package owner will be the repo owner.
 #
 # this config also shows usage of yaml aliases and
 # was taken from https://codeberg.org/6543/docker-images/src/commit/37e29c227717c1c07d2776cddcf14725bf952875/.woodpecker/hello.yml
 when:
  branch: main
 steps:
  publish-builder:
    image: woodpeckerci/plugin-docker-buildx
    settings:
      dockerfile: builder/Dockerfile
      platforms: linux/arm64/v8,linux/amd64
      repo: git.jmbit.de/filegate/utility-containers
      registry: git.jmbit.de
      tags: 
        - builder-latest
        - builder
      username: jmb
      password:
        from_secret: forgejo_token
    when:
      event: push
--- a/.woodpecker/static-analysis.yml
+++ b/.woodpecker/static-analysis.yml
@ -0,0 +1,28 @@
 # Build and publish Docker images for multible architectures.
 # 
 # Pushing an image to codeberg as container registry,
 # package owner will be the repo owner.
 #
 # this config also shows usage of yaml aliases and
 # was taken from https://codeberg.org/6543/docker-images/src/commit/37e29c227717c1c07d2776cddcf14725bf952875/.woodpecker/hello.yml
 when:
  branch: main
 steps:
  publish-builder:
    image: woodpeckerci/plugin-docker-buildx
    settings:
      dockerfile: staticanalysis/Dockerfile
      platforms: linux/arm64/v8,linux/amd64
      repo: git.jmbit.de/filegate/utility-containers
      registry: git.jmbit.de
      tags: 
        - staticanalysis-latest
        - staticanalysis
      username: jmb
      password:
        from_secret: forgejo_token
    when:
      event: push
--- a/.woodpecker/vm-builder.yml
+++ b/.woodpecker/vm-builder.yml
@ -10,21 +10,6 @@ when:
  branch: main
 steps:
  publish-builder:
    image: woodpeckerci/plugin-docker-buildx
    settings:
      dockerfile: builder/Dockerfile
      platforms: linux/arm64/v8,linux/amd64
      repo: git.jmbit.de/filegate/utility-containers
      registry: git.jmbit.de
      tags: 
        - builder-latest
        - builder
      username: jmb
      password:
        from_secret: forgejo_token
    when:
      event: push
  publish-vm-builder:
    image: woodpeckerci/plugin-docker-buildx
    settings:
--- a/staticanalysis/Dockerfile
+++ b/staticanalysis/Dockerfile
@ -0,0 +1,44 @@
 FROM debian:latest
 LABEL authors="Johannes Bülow <johannes.buelow@jmbit.de>"
 WORKDIR /tmp/crap
 RUN export DEBIAN_FRONTEND="noninteractive" \
  && apt-get update \
  && apt-get upgrade -y \
  && apt-get install --no-install-recommends -y bash wget curl yara zip unzip git file binutils msitools exif coreutils \
     python3-pip libsqlite3-dev
 ## TRID  
 RUN wget https://mark0.net/download/trid_linux_64.zip \
 	 && unzip trid_linux_64.zip \
 	 && chmod +x trid \
 	 && mv trid /usr/local/bin/trid
 ## YARA
 COPY ./yara-rules /usr/local/bin/yara-rules 
 RUN git clone https://github.com/Yara-Rules/rules.git /usr/local/src/yara-rules
 ## Detect-It-Easy
 RUN wget https://github.com/horsicq/DIE-engine/releases/download/3.08/die_3.08_Debian_12_amd64.deb -O die.deb\
 	 && apt-get install --no-install-recommends -y ./die.deb
 ##  PiP stuff	
 #RUN pip3 install stringsifter pyelftools dotnetfile peframe-ds flare-floss oletools
 RUN pip3 install stringsifter pyelftools dotnetfile flare-floss oletools
 ## Manalyze
 RUN apt-get install -y libboost-regex-dev libboost-program-options-dev libboost-system-dev libboost-filesystem-dev libssl-dev build-essential cmake git python3-dev \
    && git clone https://github.com/JusticeRage/Manalyze.git && cd Manalyze \
 	 && cmake . \
 	 && make -j5 \
 	 && make install \
 	 && cd /tmp/crap
 ## dllcharacteristics
 RUN wget https://raw.githubusercontent.com/accidentalrebel/dllcharacteristics.py/master/dllcharacteristics.py -O /usr/local/bin/dllcharacteristics.py \
 	 && chmod +x /usr/local/bin/dllcharacteristics.py
 ## Malchive
 RUN git clone https://github.com/MITRECND/malchive.git && cd malchive && pip install . && cd /tmp/crap
 ## CAPA
 RUN wget https://github.com/mandiant/capa/releases/download/v6.1.0/capa-v6.1.0-linux.zip -O capa.zip \
    && unzip capa.zip && chmod +x capa && mv capa /usr/local/bin/
 ## CLEANUP
 RUN apt-get -y autoremove \
 	 && apt-get clean -y \
 	 && unset DEBIAN_FRONTEND \
 	 && rm -rf /tmp/crap
--- a/staticanalysis/yara-rules
+++ b/staticanalysis/yara-rules
@ -0,0 +1,2 @@
 #!/bin/bash
 yara -w /usr/local/src/yara-rules/index.yar "${*}"
		`@ -0,0 +1,2 @@`
							`#!/bin/bash`
							`yara -w /usr/local/src/yara-rules/index.yar "${*}"`