From 74c89ae40cc2e9fe2b4b873f103d8da81f692994 Mon Sep 17 00:00:00 2001 From: BenediktMKuehne Date: Wed, 26 Feb 2025 09:21:17 +0000 Subject: [PATCH] simplify s08 array --- helpers/helpers_emba_defaults.sh | 182 +++++++++++++++++++++++++++-- installer.sh | 1 - installer/I04_default_vars.sh | 193 ------------------------------- 3 files changed, 172 insertions(+), 204 deletions(-) delete mode 100644 installer/I04_default_vars.sh diff --git a/helpers/helpers_emba_defaults.sh b/helpers/helpers_emba_defaults.sh index ea594d0d4..dd722b834 100755 --- a/helpers/helpers_emba_defaults.sh +++ b/helpers/helpers_emba_defaults.sh @@ -19,16 +19,178 @@ set_defaults() { - # read and export all vars in .env - if [[ -f "${INVOCATION_PATH}/config/.env" ]]; then - # readin .env - set -a # automatically export all variables - # shellcheck source=/dev/null - source "${INVOCATION_PATH}/config/.env" - set +a - else - echo -e "${RED}"" Missing ""${INVOCATION_PATH}/config/.env"" - check your installation""${NC}" - fi + { + # if this is a release version set RELEASE to 1, add a banner to config/banner and name the banner with the version details + echo "RELEASE=0" + echo "EMBA_VERSION=1.5.1" + echo "CLEANED=0" # used for the final cleaner function for not running it multiple times + echo "STRICT_MODE=${STRICT_MODE:-0}" + echo "DEBUG_SCRIPT=${DEBUG_SCRIPT:-0}" + echo "UPDATE=${UPDATE:-0}" + echo "ARCH_CHECK=${ARCH_CHECK:-1}" + echo "RTOS=${RTOS:-1}" # Testing RTOS based OS - 1 -> no Linux / 0 -> Linux + echo "BINARY_EXTENDED=${BINARY_EXTENDED:-0}" + echo "MAX_EXT_CHECK_BINS=${MAX_EXT_CHECK_BINS:-20}" + echo "CONTAINER_EXTRACT=${CONTAINER_EXTRACT:-0}" + echo "DISABLE_DEEP=${DISABLE_DEEP:-0}" + echo "DEEP_EXT_DEPTH=${DEEP_EXT_DEPTH:-4}" + echo "FACT_EXTRACTOR=${FACT_EXTRACTOR:-0}" + echo "FIRMWARE=${FIRMWARE:-0}" + echo "FORCE=${FORCE:-0}" + echo "FORMAT_LOG=${FORMAT_LOG:-0}" + echo "HTML=${HTML:-0}" + echo "IN_DOCKER=${IN_DOCKER:-0}" + echo "USE_DOCKER=${USE_DOCKER:-1}" + echo "KERNEL=${KERNEL:-0}" + echo "KERNEL_CONFIG=${KERNEL_CONFIG:-''}" + echo "FIRMWARE_PATH=${FIRMWARE_PATH:-''}" + echo "FIRMWARE_PATH1=${FIRMWARE_PATH1:-''}" + echo "DIFF_MODE=${DIFF_MODE:-0}" + echo "FW_VENDOR=${FW_VENDOR:-''}" + echo "FW_VERSION=${FW_VERSION:-''}" + echo "FW_DEVICE=${FW_DEVICE:-''}" + echo "FW_NOTES=${FW_NOTES:-''}" + echo "ARCH=${ARCH:-''}" + echo "EFI_ARCH=${EFI_ARCH:-''}" + echo "EXLUDE=${EXLUDE:-()}" + echo "SELECT_MODULES=${SELECT_MODULES:-()}" + echo "MODULES_EXPORTED=${MODULES_EXPORTED:-()}" + echo "MD5_DONE_DEEP=${MD5_DONE_DEEP:-()}" # for tracking the extracted files in deep extractor + echo "ROOT_PATH=${ROOT_PATH:-()}" + echo "FILE_ARR=${FILE_ARR:-()}" + echo "MAX_MODS=${MAX_MODS:-0}" + echo "MAX_MOD_THREADS=${MAX_MOD_THREADS:-0}" + echo "RESTART=${RESTART:-0}" # if we find an unfinished EMBA scan we try to only process not finished modules + echo "FINAL_FW_RM=${FINAL_FW_RM:-0}" # remove the firmware working copy after testing (do not waste too much disk space) + echo "ONLY_DEP=${ONLY_DEP:-0}" # test only dependency + echo "PHP_CHECK=${PHP_CHECK:-1}" + echo "PRE_CHECK=${PRE_CHECK:-0}" # test and extract binary files with binwalk afterwards do a default EMBA scan + echo "SKIP_PRE_CHECKERS=${SKIP_PRE_CHECKERS:-0}" # we can set this to 1 to skip all further pre-checkers (WARNING: use this with caution!!!) + echo "PYTHON_CHECK=${PYTHON_CHECK:-1}" + # enable L10_DEBUG_MODE in scan profile or default config for further debugging capabilities: + # * create_emulation_archive for all attempts + # * do not stop after 2 detected network services + echo "L10_DEBUG_MODE=${L10_DEBUG_MODE:-0}" + echo "FULL_EMULATION=${FULL_EMULATION:-0}" # full system emulation - set it via command line parameter -Q + echo "QEMULATION=${QEMULATION:-0}" # user-mode emulation - set it via command line parameter -E + # some processes are running long and logging a lot + # to protect the host we are going to kill them on a QEMU_KILL_SIZE limit + echo "QEMU_KILL_SIZE=${QEMU_KILL_SIZE:-'10M'}" + echo "L10_KERNEL_V_LONG=${L10_KERNEL_V_LONG:-'4.1.52'}" + echo "L10_BB_VER=${L10_BB_VER:-'1.36.1'}" + # with this variable we can control the behavior of s16 and s120 -> 0 is default an tests only + # non Linux binaries (binaries not listed in config/linux_common_files.txt. 1 means we test every + # binary which results in long runtimes + echo "FULL_TEST=${FULL_TEST:-0}" + # to get rid of all the running stuff we are going to kill it after RUNTIME + echo "QRUNTIME=${QRUNTIME:-'20s'}" + echo "SHELLCHECK=${SHELLCHECK:-1}" + echo "QUEST_CONTAINER=${QUEST_CONTAINER:-''}" + echo "GPT_OPTION=${GPT_OPTION:-0}" # 0 -> off 1-> unpayed plan 2 -> no rate-limit + echo "GPT_QUESTION=${GPT_QUESTION:-'For the following code I need you to tell me how an attacker could exploit it and point out all vulnerabilities:'}" + echo "MINIMUM_GPT_PRIO=${MINIMUM_GPT_PRIO:-1}" # everything above this value gets checked + echo "SHORT_PATH=${SHORT_PATH:-0}" # short paths in cli output + echo "THREADED=${THREADED:-1}" # 0 -> single thread, 1 -> multi threaded + echo "YARA=${YARA:-0}" # default: disable yara tests + echo "OVERWRITE_LOG=${OVERWRITE_LOG:-0}" # automaticially overwrite log directory, if necessary + echo "MAX_EXT_SPACE=${MAX_EXT_SPACE:-110000}" # ensure we do not stop on extraction. If you are running into disk space issues you can adjust this variable + # Important directories + LOG_DIR="${INVOCATION_PATH:=.}/logs" # !set innvocation path if unset + echo "LOG_DIR=${LOG_DIR}" + # echo "ERROR_LOG=${LOG_DIR}/emba_error.log" + echo "TMP_DIR=${LOG_DIR}/tmp" + echo "CSV_DIR=${LOG_DIR}/csv_log" + echo "JSON_DIR=${LOG_DIR}/json_logs" + echo "MAIN_LOG_FILE=${MAIN_LOG_FILE:-'emba.log'}" + CONFIG_DIR="${INVOCATION_PATH}/config" + echo "CONFIG_DIR=${CONFIG_DIR}" + EXT_DIR="${INVOCATION_PATH}/external" + echo "EXT_DIR=${EXT_DIR}" + HELP_DIR="${INVOCATION_PATH}/helpers" + echo "HELP_DIR=${HELP_DIR}" + echo "MOD_DIR=${INVOCATION_PATH:-''}/modules" + echo "MOD_DIR_LOCAL=${INVOCATION_PATH:-''}/EMBA-Non-free/modules_local" + echo "PID_LOGGING=${PID_LOGGING:-0}" + # this will be in TMP_DIR/pid_notes.log + echo "PID_LOG_FILE=${PID_LOG_FILE:-'pid_notes.log'}" + echo "BASE_LINUX_FILES=${INVOCATION_PATH:-''}/config/linux_common_files.txt" + if [[ -f "${CONFIG_DIR}/known_exploited_vulnerabilities.csv" ]]; then + echo "KNOWN_EXP_CSV=${CONFIG_DIR}/known_exploited_vulnerabilities.csv" + fi + if [[ -f "${CONFIG_DIR}/msf_cve-db.txt" ]]; then + echo "MSF_DB_PATH=${CONFIG_DIR}/msf_cve-db.txt" + fi + echo "MSF_INSTALL_PATH=${MSF_INSTALL_PATH:-'/usr/share/metasploit-framework'}" + if [[ -f "${CONFIG_DIR}/trickest_cve-db.txt" ]]; then + echo "TRICKEST_DB_PATH=${CONFIG_DIR}/trickest_cve-db.txt" + fi + echo "GTFO_CFG=${CONFIG_DIR}/gtfobins_urls.cfg" # gtfo urls + echo "SILENT=${SILENT:-0}" + echo "DISABLE_STATUS_BAR=${DISABLE_STATUS_BAR:-1}" + # as we encounter issues with the status bar on other system we disable it for non Kali systems + if [[ -f "/etc/debian_version" ]] && grep -q kali-rolling /etc/debian_version; then + echo "DISABLE_NOTIFICATIONS=${DISABLE_NOTIFICATIONS:-0}" # disable notifications and further desktop experience + else + echo "DISABLE_NOTIFICATIONS=${DISABLE_NOTIFICATIONS:-1}" # disable notifications and further desktop experience + fi + echo "NOTIFICATION_ID=${NOTIFICATION_ID:-0}" # initial notification id - needed for notification overlay/replacement + echo "EMBA_ICON=${HELP_DIR}/emba.svg" + echo "WSL=${WSL:-0}" # wsl environment detected + echo "UNBLOB=${UNBLOB:-1}" # additional extraction with unblob - https://github.com/onekey-sec/unblob + # currently the extracted results are not further used. The current implementation + # is for evaluation purposes + echo "CVE_BLACKLIST=${CONFIG_DIR}/cve-blacklist.txt" # include the blacklisted CVE values to this file + echo "CVE_WHITELIST=${CONFIG_DIR}/cve-whitelist.txt" # include the whitelisted CVE values to this file + echo "NVD_DIR=${EXT_DIR}/nvd-json-data-feeds" + echo "EPSS_DATA_PATH=${EXT_DIR}/EPSS-data/EPSS_CVE_data" + if [[ -f "${CONFIG_DIR}/module_blacklist.txt" ]]; then + readarray -t MODULE_BLACKLIST < "${CONFIG_DIR}/module_blacklist.txt" + echo "MODULE_BLACKLIST=${MODULE_BLACKLIST:-()}" + fi + # usually no memory limit is needed, but some modules/tools are wild and we need to protect our system + echo "TOTAL_MEMORY=$(grep MemTotal /proc/meminfo | awk '{print $2}' || true)" + echo "Q_MOD_PID=${Q_MOD_PID:-''}" + echo "UEFI_VERIFIED=${UEFI_VERIFIED:-0}" + echo "MAIN_CONTAINER=${MAIN_CONTAINER:-''}" + echo "QUEST_CONTAINER=${QUEST_CONTAINER:-''}" + echo "DISABLE_DOTS=${DISABLE_DOTS:-0}" # set to 1 to disable dotting for showing EMBA is alive + echo "CPE_VERSION=${CPE_VERSION:-'2.3'}" + # we limit the maximal file log of our SBOM -> change this in the scanning profile + echo "SBOM_MAX_FILE_LOG=${SBOM_MAX_FILE_LOG:-200}" + echo "SBOM_MINIMAL=${SBOM_MINIMAL:-0}" + echo "SBOM_UNTRACKED_FILES=${SBOM_UNTRACKED_FILES:-1}" + echo "VEX_METRICS=${VEX_METRICS:-1}" + # usually we test firmware that is already out in the field + # if this changes this option can be adjusted in the scanning profile + echo "SBOM_LIFECYCLE_PHASE=${SBOM_LIFECYCLE_PHASE:-'operations'}" + # we can enable/disable the s08 submodules with the following array configuration + # -> just comment the submodule that should not be used + # usually this should be done via a scan-profile + echo "S08_MODULES_ARR=( "\ + 'S08_submodule_debian_pkg_mgmt_parser '\ + 'S08_submodule_deb_package_parser '\ + 'S08_submodule_openwrt_pkg_mgmt_parser '\ + 'S08_submodule_openwrt_ipk_package_parser '\ + 'S08_submodule_rpm_pkg_mgmt_parser '\ + 'S08_submodule_rpm_package_parser '\ + 'S08_submodule_bsd_package_parser '\ + 'S08_submodule_python_pip_package_mgmt_parser '\ + 'S08_submodule_python_requirements_parser '\ + 'S08_submodule_python_poetry_lock_parser '\ + 'S08_submodule_java_archives_parser '\ + 'S08_submodule_ruby_gem_archive_parser '\ + 'S08_submodule_alpine_apk_package_parser '\ + 'S08_submodule_windows_exifparser '\ + 'S08_submodule_rust_cargo_lock_parser '\ + 'S08_submodule_node_js_package_lock_parser '\ + 'S08_submodule_c_conanfile_txt_parser '\ + ")" + } > "${INVOCATION_PATH}/config/.env" 2>/dev/null # store that into env file + # readin .env + set -a # automatically export all variables + # shellcheck source=/dev/null + source "${INVOCATION_PATH}/config/.env" + set +a } set_log_paths() { diff --git a/installer.sh b/installer.sh index 8e40e395f..0c4f103a5 100755 --- a/installer.sh +++ b/installer.sh @@ -343,7 +343,6 @@ fi # initial installation of the host environment: I01_default_apps_host -I01_default_vars # writes config/.env if [[ "${OTHER_OS}" -eq 1 ]]; then # UBUNTU diff --git a/installer/I04_default_vars.sh b/installer/I04_default_vars.sh deleted file mode 100644 index 3020f2eac..000000000 --- a/installer/I04_default_vars.sh +++ /dev/null @@ -1,193 +0,0 @@ -#!/bin/bash -p - -# EMBA - EMBEDDED LINUX ANALYZER -# -# Copyright 2025 Siemens Energy AG -# -# EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are -# welcome to redistribute it under the terms of the GNU General Public License. -# See LICENSE file for usage of this software. -# -# EMBA is licensed under GPLv3 -# SPDX-License-Identifier: GPL-3.0-only -# -# Author(s): Benedikt Kuehne - -# Description: writes default values for EMBA in env file - -I01_default_vars() { - module_title "${FUNCNAME[0]}" - - echo -e "\\nTo use EMBA, environment variables have to be set." - { - # if this is a release version set RELEASE to 1, add a banner to config/banner and name the banner with the version details - echo "RELEASE=0" - echo "EMBA_VERSION=1.5.1" - echo "CLEANED=0" # used for the final cleaner function for not running it multiple times - echo "STRICT_MODE=${STRICT_MODE:-0}" - echo "DEBUG_SCRIPT=${DEBUG_SCRIPT:-0}" - echo "UPDATE=${UPDATE:-0}" - echo "ARCH_CHECK=${ARCH_CHECK:-1}" - echo "RTOS=${RTOS:-1}" # Testing RTOS based OS - 1 -> no Linux / 0 -> Linux - echo "BINARY_EXTENDED=${BINARY_EXTENDED:-0}" - echo "MAX_EXT_CHECK_BINS=${MAX_EXT_CHECK_BINS:-20}" - echo "CONTAINER_EXTRACT=${CONTAINER_EXTRACT:-0}" - echo "DISABLE_DEEP=${DISABLE_DEEP:-0}" - echo "DEEP_EXT_DEPTH=${DEEP_EXT_DEPTH:-4}" - echo "FACT_EXTRACTOR=${FACT_EXTRACTOR:-0}" - echo "FIRMWARE=${FIRMWARE:-0}" - echo "FORCE=${FORCE:-0}" - echo "FORMAT_LOG=${FORMAT_LOG:-0}" - echo "HTML=${HTML:-0}" - echo "IN_DOCKER=${IN_DOCKER:-0}" - echo "USE_DOCKER=${USE_DOCKER:-1}" - echo "KERNEL=${KERNEL:-0}" - echo "KERNEL_CONFIG=${KERNEL_CONFIG:-''}" - echo "FIRMWARE_PATH=${FIRMWARE_PATH:-''}" - echo "FIRMWARE_PATH1=${FIRMWARE_PATH1:-''}" - echo "DIFF_MODE=${DIFF_MODE:-0}" - echo "FW_VENDOR=${FW_VENDOR:-''}" - echo "FW_VERSION=${FW_VERSION:-''}" - echo "FW_DEVICE=${FW_DEVICE:-''}" - echo "FW_NOTES=${FW_NOTES:-''}" - echo "ARCH=${ARCH:-''}" - echo "EFI_ARCH=${EFI_ARCH:-''}" - echo "EXLUDE=${EXLUDE:-()}" - echo "SELECT_MODULES=${SELECT_MODULES:-()}" - echo "MODULES_EXPORTED=${MODULES_EXPORTED:-()}" - echo "MD5_DONE_DEEP=${MD5_DONE_DEEP:-()}" # for tracking the extracted files in deep extractor - echo "ROOT_PATH=${ROOT_PATH:-()}" - echo "FILE_ARR=${FILE_ARR:-()}" - echo "MAX_MODS=${MAX_MODS:-0}" - echo "MAX_MOD_THREADS=${MAX_MOD_THREADS:-0}" - echo "RESTART=${RESTART:-0}" # if we find an unfinished EMBA scan we try to only process not finished modules - echo "FINAL_FW_RM=${FINAL_FW_RM:-0}" # remove the firmware working copy after testing (do not waste too much disk space) - echo "ONLY_DEP=${ONLY_DEP:-0}" # test only dependency - echo "PHP_CHECK=${PHP_CHECK:-1}" - echo "PRE_CHECK=${PRE_CHECK:-0}" # test and extract binary files with binwalk afterwards do a default EMBA scan - echo "SKIP_PRE_CHECKERS=${SKIP_PRE_CHECKERS:-0}" # we can set this to 1 to skip all further pre-checkers (WARNING: use this with caution!!!) - echo "PYTHON_CHECK=${PYTHON_CHECK:-1}" - # enable L10_DEBUG_MODE in scan profile or default config for further debugging capabilities: - # * create_emulation_archive for all attempts - # * do not stop after 2 detected network services - echo "L10_DEBUG_MODE=${L10_DEBUG_MODE:-0}" - echo "FULL_EMULATION=${FULL_EMULATION:-0}" # full system emulation - set it via command line parameter -Q - echo "QEMULATION=${QEMULATION:-0}" # user-mode emulation - set it via command line parameter -E - # some processes are running long and logging a lot - # to protect the host we are going to kill them on a QEMU_KILL_SIZE limit - echo "QEMU_KILL_SIZE=${QEMU_KILL_SIZE:-'10M'}" - echo "L10_KERNEL_V_LONG=${L10_KERNEL_V_LONG:-'4.1.52'}" - echo "L10_BB_VER=${L10_BB_VER:-'1.36.1'}" - # with this variable we can control the behavior of s16 and s120 -> 0 is default an tests only - # non Linux binaries (binaries not listed in config/linux_common_files.txt. 1 means we test every - # binary which results in long runtimes - echo "FULL_TEST=${FULL_TEST:-0}" - # to get rid of all the running stuff we are going to kill it after RUNTIME - echo "QRUNTIME=${QRUNTIME:-'20s'}" - echo "SHELLCHECK=${SHELLCHECK:-1}" - echo "QUEST_CONTAINER=${QUEST_CONTAINER:-''}" - echo "GPT_OPTION=${GPT_OPTION:-0}" # 0 -> off 1-> unpayed plan 2 -> no rate-limit - echo "GPT_QUESTION=${GPT_QUESTION:-'For the following code I need you to tell me how an attacker could exploit it and point out all vulnerabilities:'}" - echo "MINIMUM_GPT_PRIO=${MINIMUM_GPT_PRIO:-1}" # everything above this value gets checked - echo "SHORT_PATH=${SHORT_PATH:-0}" # short paths in cli output - echo "THREADED=${THREADED:-1}" # 0 -> single thread, 1 -> multi threaded - echo "YARA=${YARA:-0}" # default: disable yara tests - echo "OVERWRITE_LOG=${OVERWRITE_LOG:-0}" # automaticially overwrite log directory, if necessary - echo "MAX_EXT_SPACE=${MAX_EXT_SPACE:-110000}" # ensure we do not stop on extraction. If you are running into disk space issues you can adjust this variable - # Important directories - LOG_DIR="${INVOCATION_PATH:=.}/logs" # !set innvocation path if unset - echo "LOG_DIR=${LOG_DIR}" - # echo "ERROR_LOG=${LOG_DIR}/emba_error.log" - echo "TMP_DIR=${LOG_DIR}/tmp" - echo "CSV_DIR=${LOG_DIR}/csv_log" - echo "JSON_DIR=${LOG_DIR}/json_logs" - echo "MAIN_LOG_FILE=${MAIN_LOG_FILE:-'emba.log'}" - CONFIG_DIR="${INVOCATION_PATH}/config" - echo "CONFIG_DIR=${CONFIG_DIR}" - EXT_DIR="${INVOCATION_PATH}/external" - echo "EXT_DIR=${EXT_DIR}" - HELP_DIR="${INVOCATION_PATH}/helpers" - echo "HELP_DIR=${HELP_DIR}" - echo "MOD_DIR=${INVOCATION_PATH:-''}/modules" - echo "MOD_DIR_LOCAL=${INVOCATION_PATH:-''}/EMBA-Non-free/modules_local" - echo "PID_LOGGING=${PID_LOGGING:-0}" - # this will be in TMP_DIR/pid_notes.log - echo "PID_LOG_FILE=${PID_LOG_FILE:-'pid_notes.log'}" - echo "BASE_LINUX_FILES=${INVOCATION_PATH:-''}/config/linux_common_files.txt" - if [[ -f "${CONFIG_DIR}/known_exploited_vulnerabilities.csv" ]]; then - echo "KNOWN_EXP_CSV=${CONFIG_DIR}/known_exploited_vulnerabilities.csv" - fi - if [[ -f "${CONFIG_DIR}/msf_cve-db.txt" ]]; then - echo "MSF_DB_PATH=${CONFIG_DIR}/msf_cve-db.txt" - fi - echo "MSF_INSTALL_PATH=${MSF_INSTALL_PATH:-'/usr/share/metasploit-framework'}" - if [[ -f "${CONFIG_DIR}/trickest_cve-db.txt" ]]; then - echo "TRICKEST_DB_PATH=${CONFIG_DIR}/trickest_cve-db.txt" - fi - echo "GTFO_CFG=${CONFIG_DIR}/gtfobins_urls.cfg" # gtfo urls - echo "SILENT=${SILENT:-0}" - echo "DISABLE_STATUS_BAR=${DISABLE_STATUS_BAR:-1}" - # as we encounter issues with the status bar on other system we disable it for non Kali systems - if [[ -f "/etc/debian_version" ]] && grep -q kali-rolling /etc/debian_version; then - echo "DISABLE_NOTIFICATIONS=${DISABLE_NOTIFICATIONS:-0}" # disable notifications and further desktop experience - else - echo "DISABLE_NOTIFICATIONS=${DISABLE_NOTIFICATIONS:-1}" # disable notifications and further desktop experience - fi - echo "NOTIFICATION_ID=${NOTIFICATION_ID:-0}" # initial notification id - needed for notification overlay/replacement - echo "EMBA_ICON=${HELP_DIR}/emba.svg" - echo "WSL=${WSL:-0}" # wsl environment detected - echo "UNBLOB=${UNBLOB:-1}" # additional extraction with unblob - https://github.com/onekey-sec/unblob - # currently the extracted results are not further used. The current implementation - # is for evaluation purposes - echo "CVE_BLACKLIST=${CONFIG_DIR}/cve-blacklist.txt" # include the blacklisted CVE values to this file - echo "CVE_WHITELIST=${CONFIG_DIR}/cve-whitelist.txt" # include the whitelisted CVE values to this file - echo "NVD_DIR=${EXT_DIR}/nvd-json-data-feeds" - echo "EPSS_DATA_PATH=${EXT_DIR}/EPSS-data/EPSS_CVE_data" - if [[ -f "${CONFIG_DIR}/module_blacklist.txt" ]]; then - readarray -t MODULE_BLACKLIST < "${CONFIG_DIR}/module_blacklist.txt" - echo "MODULE_BLACKLIST=${MODULE_BLACKLIST:-()}" - fi - # usually no memory limit is needed, but some modules/tools are wild and we need to protect our system - echo "TOTAL_MEMORY=$(grep MemTotal /proc/meminfo | awk '{print $2}' || true)" - echo "Q_MOD_PID=${Q_MOD_PID:-''}" - echo "UEFI_VERIFIED=${UEFI_VERIFIED:-0}" - echo "MAIN_CONTAINER=${MAIN_CONTAINER:-''}" - echo "QUEST_CONTAINER=${QUEST_CONTAINER:-''}" - echo "DISABLE_DOTS=${DISABLE_DOTS:-0}" # set to 1 to disable dotting for showing EMBA is alive - echo "CPE_VERSION=${CPE_VERSION:-'2.3'}" - # we limit the maximal file log of our SBOM -> change this in the scanning profile - echo "SBOM_MAX_FILE_LOG=${SBOM_MAX_FILE_LOG:-200}" - echo "SBOM_MINIMAL=${SBOM_MINIMAL:-0}" - echo "SBOM_UNTRACKED_FILES=${SBOM_UNTRACKED_FILES:-1}" - echo "VEX_METRICS=${VEX_METRICS:-1}" - # usually we test firmware that is already out in the field - # if this changes this option can be adjusted in the scanning profile - echo "SBOM_LIFECYCLE_PHASE=${SBOM_LIFECYCLE_PHASE:-'operations'}" - # we can enable/disable the s08 submodules with the following array configuration - # -> just comment the submodule that should not be used - # usually this should be done via a scan-profile - S08_MODULES_ARR=( "S08_submodule_debian_pkg_mgmt_parser" ) - S08_MODULES_ARR+=( "S08_submodule_deb_package_parser" ) - S08_MODULES_ARR+=( "S08_submodule_openwrt_pkg_mgmt_parser" ) - S08_MODULES_ARR+=( "S08_submodule_openwrt_ipk_package_parser" ) - S08_MODULES_ARR+=( "S08_submodule_rpm_pkg_mgmt_parser" ) - S08_MODULES_ARR+=( "S08_submodule_rpm_package_parser" ) - S08_MODULES_ARR+=( "S08_submodule_bsd_package_parser" ) - S08_MODULES_ARR+=( "S08_submodule_python_pip_package_mgmt_parser" ) - S08_MODULES_ARR+=( "S08_submodule_python_requirements_parser" ) - S08_MODULES_ARR+=( "S08_submodule_python_poetry_lock_parser" ) - S08_MODULES_ARR+=( "S08_submodule_java_archives_parser" ) - S08_MODULES_ARR+=( "S08_submodule_ruby_gem_archive_parser" ) - S08_MODULES_ARR+=( "S08_submodule_alpine_apk_package_parser" ) - S08_MODULES_ARR+=( "S08_submodule_windows_exifparser" ) - S08_MODULES_ARR+=( "S08_submodule_rust_cargo_lock_parser" ) - S08_MODULES_ARR+=( "S08_submodule_node_js_package_lock_parser" ) - S08_MODULES_ARR+=( "S08_submodule_c_conanfile_txt_parser" ) - echo "S08_MODULES_ARR=""( ""${S08_MODULES_ARR[@]}"" )" - } > "${INVOCATION_PATH:-.}/config/.env" 2>/dev/null # store that into env file - # read and export all vars in .env - set -a # automatically export all variables - # shellcheck source=/dev/null - source "${INVOCATION_PATH}/config/.env" - set +a -} \ No newline at end of file