-
Notifications
You must be signed in to change notification settings - Fork 49
OSS Defog
Gabe Stocco edited this page Mar 31, 2022
·
2 revisions
OSS Defog examines a package's contents for obfuscated text -- specifically, text that is either Base-64- or Hex-encoded. Most packages do not contain such content, and even the ones that do are usually safe. However, obfuscation has been used to hide malicious code in open source projects.
Usage information from --help
:
Usage: oss-defog [options] package-url...
positional arguments:
package-url package url to analyze (required, multiple allowed), or directory.
The package-url specifier is described at https://github.com/package-url/purl-spec:
pkg:cargo/rand The latest version of Rand (via crates.io)
pkg:cocoapods/AFNetworking The latest version of AFNetworking (via cocoapods.org)
pkg:composer/Smarty/Smarty The latest version of Smarty (via Composer/ Packagist)
pkg:cpan/Apache-ACEProxy The latest version of Apache::ACEProxy (via cpan.org)
pkg:cran/ACNE@0.8.0 Version 0.8.0 of ACNE (via cran.r-project.org)
pkg:gem/rubytree@* All versions of RubyTree (via rubygems.org)
pkg:golang/sigs.k8s.io/yaml The latest version of sigs.k8s.io/yaml (via proxy.golang.org)
pkg:github/Microsoft/DevSkim The latest release of DevSkim (via GitHub)
pkg:hackage/a50@* All versions of a50 (via hackage.haskell.org)
pkg:maven/org.apdplat/deep-qa The latest version of org.apdplat.deep-qa (via repo1.maven.org)
pkg:npm/express The latest version of Express (via npm.org)
pkg:nuget/Newtonsoft.JSON The latest version of Newtonsoft.JSON (via nuget.org)
pkg:pypi/django@1.11.1 Version 1.11.1 fo Django (via pypi.org)
pkg:ubuntu/zerofree The latest version of zerofree from Ubuntu (via packages.ubuntu.com)
pkg:vsm/MLNET/07 The latest version of MLNET.07 (from marketplace.visualstudio.com)
pkg:url/foo@1.0?url=<URL> The direct URL <URL>
optional arguments:
--download-directory the directory to download the package to
--report-blobs if set, blobs which cannot be determined to be strings, archives or binaries will be reported on (noisy)
--minimum-hex-length if set, overrides the default hex string detection length (default 8 pairs)
--minimum-base64-length if set, overrides the default base64 minimum string length (default 1 quad)
--save-found-binaries-to if set, encoded binaries which were found will be saved to this directory
--save-archives-to if set, encoded compressed files will be saved to this directory
--save-blobs-to if set, encoded blobs of indeterminate type will be saved to this directory
--use-cache do not download the package if it is already present in the destination directory
--help show this help message and exit
--version show version number
root@d6adcf35f75b:/usr/src/app# SECRET=$(echo "Hello, my name is Michael." | base64)
root@d6adcf35f75b:/usr/src/app# echo $SECRET
SGVsbG8sIG15IG5hbWUgaXMgTWljaGFlbC4K
root@d6adcf35f75b:/usr/src/app# mkdir tests
root@d6adcf35f75b:/usr/src/app# echo "SECRET=$SECRET" > tests/foo
root@d6adcf35f75b:/usr/src/app# cat tests/foo
SECRET=SGVsbG8sIG15IG5hbWUgaXMgTWljaGFlbC4K
root@d6adcf35f75b:/usr/src/app# oss-defog tests
____ _____ _____ _____ _ _
/ __ \ / ____/ ____| / ____| | | | |
| | | | (___| (___ | | __ __ _ __| | __ _ ___| |_
| | | |\___ \\___ \ | | |_ |/ _` |/ _` |/ _` |/ _ \ __|
| |__| |____) |___) | | |__| | (_| | (_| | (_| | __/ |_
\____/|_____/_____/ \_____|\__,_|\__,_|\__, |\___|\__|
__/ |
|___/
OSS Gadget - oss-defog 0.1.317+55078cf84c - github.com/Microsoft/OSSGadget
INFO - [String] tests/foo: SGVsbG8sIG15IG5hbWUgaXMgTWljaGFlbC4K -> Hello, my name is Michael.
The output shows that the string Hello, my name is Michael.
was found in the tests directory.