Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

auditbeat/module/file_integrity: remove garbled PE executable test file #35724

Merged
merged 1 commit into from
Jun 12, 2023

Conversation

efd6
Copy link
Contributor

@efd6 efd6 commented Jun 8, 2023

What does this PR do?

This file is detected by some malware detection systems as malicious likely due to the source obfuscation that garble does to it. The testing of the underlying library already tests the infrastucture, so removing the test here does not harm coverage.

The executable itself is a garble built compilation of the file at https://github.com/elastic/toutoumomoma/blob/dev/testdata/main.go. In that repository the executable is built on the fly during testing rather than being retained as an asset.

Why is it important?

Impacts on UX.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Use cases

Screenshots

Logs

@efd6 efd6 self-assigned this Jun 8, 2023
@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Jun 8, 2023
This file is detected by some malware detection systems as malicious
likely due to the source obfuscation that garble does to it. The testing
of the underlying library already tests the infrastucture, so removing
the test here does not harm coverage.

The executable itself is a garble built compilation of the file at
https://github.com/elastic/toutoumomoma/blob/dev/testdata/main.go. In
that repository the executable is built on the fly during testing rather
than being retained as an asset.
@mergify
Copy link
Contributor

mergify bot commented Jun 8, 2023

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @efd6? 🙏.
For such, you'll need to label your PR with:

  • The upcoming major version of the Elastic Stack
  • The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-06-08T21:35:35.608+0000

  • Duration: 40 min 24 sec

Test stats 🧪

Test Results
Failed 0
Passed 839
Skipped 109
Total 948

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@efd6 efd6 marked this pull request as ready for review June 8, 2023 22:42
@efd6 efd6 requested a review from a team as a code owner June 8, 2023 22:42
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

Copy link
Member

@ebeahan ebeahan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@efd6 efd6 merged commit 7ad2548 into elastic:main Jun 12, 2023
mergify bot pushed a commit that referenced this pull request Jun 12, 2023
…le (#35724)

This file is detected by some malware detection systems as malicious
likely due to the source obfuscation that garble does to it. The testing
of the underlying library already tests the infrastucture, so removing
the test here does not harm coverage.

The executable itself is a garble built compilation of the file at
https://github.com/elastic/toutoumomoma/blob/dev/testdata/main.go. In
that repository the executable is built on the fly during testing rather
than being retained as an asset.

(cherry picked from commit 7ad2548)
efd6 added a commit that referenced this pull request Jun 13, 2023
…le (#35724) (#35753)

This file is detected by some malware detection systems as malicious
likely due to the source obfuscation that garble does to it. The testing
of the underlying library already tests the infrastucture, so removing
the test here does not harm coverage.

The executable itself is a garble built compilation of the file at
https://github.com/elastic/toutoumomoma/blob/dev/testdata/main.go. In
that repository the executable is built on the fly during testing rather
than being retained as an asset.

(cherry picked from commit 7ad2548)

Co-authored-by: Dan Kortschak <90160302+efd6@users.noreply.github.com>
@reakaleek reakaleek mentioned this pull request Jul 19, 2023
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

TestExeObjParser/executableObject_pe_garble can fail on Windows
3 participants