-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add machometa unit #36
Conversation
…, handle fat binaries
…de signature data
…E cannot be parsed
) | ||
|
||
@classmethod | ||
def parse_pkcs7_signature(cls, data: bytearray) -> dict: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is almost exactly the same as the function of the same name in the pemeta
unit; feel free to refactor and combine these into one function.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will most likely do that, since I hate code duplication to the point of an unhealthy obsession, but this is nothing you need to concern yourself with.
self.log_warn(f"Could not parse the data in CSSLOT_CMS_SIGNATURE as valid PKCS7 data: {pkcs7_parse_error!s}") | ||
|
||
if macho_image.codesign_info.req_dat is not None: | ||
# TODO: Parse the requirements blob, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let me know if you prefer to not have TODO
comments in the code. Happy to file an issue to keep track of this instead.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not an avid user of TODO
comments, but I am not strictly opposed to them either. If it starts bugging me, I'll simply remove it. It's not like anyone reviews my PRs! 🤪
@huettenhain It looks like unit tests are failing due to a missing Malshare API key. Is this expected for unit tests running via GitHub actions? Should I submit a PR against https://github.com/binref/refinery-test-data with the samples instead? |
It should work without the Malshare API key, that's just a fallback. However, GitHub has recently been a little flaky and I had tests failing before. I'll figure out what's wrong. |
I was a little slow there to understand what's going on. Yes, the samples need to be in that repository, but I can add them myself. |
Also: This is probably the most pristine PR I have ever seen. 🙇 |
@@ -2,6 +2,7 @@ | |||
requires = [ | |||
"colorama", | |||
"defusedxml", | |||
"k2l", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a minor comment, and you don't have to change this, I will take care of it later: The requirements list here is reserved for "global" requirements, i.e. things that the refinery framework (and libraries) require. Requirements that are "local" to individual units can be specified in that unit itself, an example would be the pyperclip dependency in emit.
Codecov Report
@@ Coverage Diff @@
## master #36 +/- ##
==========================================
- Coverage 83.76% 83.61% -0.15%
==========================================
Files 332 336 +4
Lines 25754 26071 +317
==========================================
+ Hits 21572 21799 +227
- Misses 4182 4272 +90
|
Merged this with rebase; thank you very much for your contribution! |
As per the discussion in #35, this adds a new unit,
machometa
, which extracts similar metadata from Mach-O files as the existingpemeta
unit.Example output
This also adds the
k2l
library as a dependency to Refinery.New unit tests have been added in
test/units/formats/macho/test_machometa.py
. The following samples, which are used in the unit tests, have been uploaded to Malshare:UpdateAgent
binary from North Korean supply chain compromise of 3CX software9e9a5f8d86356796162cee881c843cde9eaedfb3
)2d15286d25f0e0938823dcd742bc928e78199b3d
)libffmpeg
binary from North Korean supply chain compromise of 3CX software769383fc65d1386dd141c960c9970114547da0c2
tasker
binary component of SilverSparrowb370191228fef82635e39a137be470af
)Please feel free to directly make edits as needed.