Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE bin tool integration, VEX support -> F20 replacement #1452

Merged
merged 53 commits into from
Feb 14, 2025
Merged

CVE bin tool integration, VEX support -> F20 replacement #1452

merged 53 commits into from
Feb 14, 2025

Conversation

m-1-k-3
Copy link
Member

@m-1-k-3 m-1-k-3 commented Feb 2, 2025
edited
Loading

  • What kind of change does this PR introduce? (Bug fix, feature, docs update, ...)

Feature

  • What is the current behavior? (You can also link to an open issue here)

F20 quite slow
No VEX support

  • What is the new behavior (if this is a feature change)? If possible add a screenshot.
  • cve-bin-tool main integration - closes cve-bin-tool supported #1439
  • temp patching of cve-bin-tool (see https://github.com/EMBA-support-repos/cve-bin-tool)
  • installer integration
  • build new docker base image
  • JSON builder for VEX
  • s118 integration
  • s26 fixes and integration
  • VEX integration into main SBOM
  • Make our VEX BSI compliant
  • further VEX and F17 configuration via scan profiles (enable/disable addon metrics like EPSS, KEV, Exploits)
  • remove F20 completely
  • os_detector function from F50 is based on F20 results
  • s36 module is based on F20
  • Does this PR introduce a breaking change? (What changes might users need to make in their application due to this PR?)

This will replace the current F20 module

  • Other information:

docker base image 1.5.1d needed
Currently work in progress
read only filesystem of our current docker base image is currently not working with cve-bin-tool

@m-1-k-3 m-1-k-3 added enhancement New feature or request docker docker related things EMBArk Installation Installation issues cve-search Some cve-search question/issue in progress Someone is working on this EMBA SBOM SBOM related issues labels Feb 2, 2025
@m-1-k-3 m-1-k-3 mentioned this pull request Feb 3, 2025
Closed
@m-1-k-3
Copy link
Member Author

m-1-k-3 commented Feb 4, 2025

initial test results:

[*] Tue Feb  4 08:44:38 CET 2025 - F17_cve_bin_tool starting
[*] Tue Feb  4 09:20:07 CET 2025 - F17_cve_bin_tool finished
[*] Tue Feb  4 09:20:07 CET 2025 - F20_vul_aggregator starting
[*] Tue Feb  4 11:00:00 CET 2025 - F20_vul_aggregator finished

35minutes vs 1h:40minutes ... Feel free to test

github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 4, 2025
View reviewed changes
@m-1-k-3
Copy link
Member Author

m-1-k-3 commented Feb 4, 2025

VEX data can be viewed in the SBOM directory:

└─$ jq . ~/firmware-analysis/emba_logs_test1/SBOM/EMBA_sbom_vex_only.json

Currently it is not integrated into the final SBOM. Will come soon.

image

@m-1-k-3 m-1-k-3 removed the in progress Someone is working on this label Feb 11, 2025
@m-1-k-3
Copy link
Member Author

m-1-k-3 commented Feb 11, 2025

I think everything is in place to find further bugs ... please give it a try @BenediktMKuehne @beruhan @torabi12 @hands0meware @busby666 and others :)

@m-1-k-3 m-1-k-3 marked this pull request as ready for review February 11, 2025 15:30
@m-1-k-3
Copy link
Member Author

m-1-k-3 commented Feb 11, 2025

The main performance boost can be seen if you enable/disable the VEX_METRICS parameter in the scan profiles:

  • VEX_METRICS=1:
[*] Tue Feb 11 22:08:08 CET 2025 - F17_cve_bin_tool starting
[*] Tue Feb 11 22:18:22 CET 2025 - F17_cve_bin_tool finished
[!] Tue Feb 11 22:18:27 CET 2025 - Test ended on Tue Feb 11 22:18:27 CET 2025 and took about 0 days and 00:19:32
  • VEX_METRICS=0:
[*] Tue Feb 11 21:37:16 CET 2025 - F17_cve_bin_tool starting
[*] Tue Feb 11 21:38:53 CET 2025 - F17_cve_bin_tool finished
[!] Tue Feb 11 21:38:55 CET 2025 - Test ended on Tue Feb 11 21:38:55 CET 2025 and took about 0 days and 00:07:43

On the other hand you will loose all the exploit details.

@m-1-k-3
Copy link
Member Author

m-1-k-3 commented Feb 13, 2025

let's review this and bring it to master :) VEX SBOM and cve-bin-tool ahead ...

@torabi12
Copy link

torabi12 commented Feb 13, 2025
edited
Loading

I did an installation and it was perfect and did a default-scan.emba with an older DVR firmware from here:

https://www.up-4ever.net /ecs3xzneqmnw/Firmware_DVR_8CH_China_AHB6008R-MS_8MB.rar

kép

VEX data was available in the report.
Thank you for the great update of emba. :)

The entire scan lasted for 00:27:08, super fast!

@m-1-k-3
Copy link
Member Author

m-1-k-3 commented Feb 13, 2025

@torabi12 thank you for your testing effort

@m-1-k-3 m-1-k-3 merged commit 5d2c10f into e-m-b-a:master Feb 14, 2025
14 checks passed
@m-1-k-3 m-1-k-3 mentioned this pull request Feb 14, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BenediktMKuehne BenediktMKuehne Awaiting requested review from BenediktMKuehne

@HoxhaEndri HoxhaEndri Awaiting requested review from HoxhaEndri

Assignees
No one assigned
Labels
cve-search Some cve-search question/issue docker docker related things EMBA EMBArk enhancement New feature or request Installation Installation issues SBOM SBOM related issues
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@m-1-k-3 @torabi12