Skip to content

Commit 5998611

Browse files
egibsegibs
committed
Refresh test data
Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>
1 parent 015dcf5 commit 5998611

File tree

8 files changed

+287
-191
lines changed

8 files changed

+287
-191
lines changed

tests/linux/2024.vncjew/__min__c.json

Lines changed: 42 additions & 49 deletions
Original file line numberDiff line numberDiff line change
@@ -34,11 +34,11 @@
3434
{
3535
"Description": "mentions an IP and port",
3636
"MatchStrings": [
37-
"IP",
38-
"lIp",
3937
"lookupPort",
38+
"parsePort",
39+
"lIp",
4040
"oIp",
41-
"parsePort"
41+
"IP"
4242
],
4343
"RiskScore": 2,
4444
"RiskLevel": "MEDIUM",
@@ -60,10 +60,10 @@
6060
{
6161
"Description": "references a specific architecture",
6262
"MatchStrings": [
63+
"http://",
6364
"AMD64",
6465
"amd64",
6566
"arm64",
66-
"http://",
6767
"x86"
6868
],
6969
"RiskScore": 1,
@@ -167,8 +167,8 @@
167167
{
168168
"Description": "references a 'public key'",
169169
"MatchStrings": [
170-
"PublicKey",
171170
"public key",
171+
"PublicKey",
172172
"publicKey"
173173
],
174174
"RiskScore": 1,
@@ -179,10 +179,6 @@
179179
},
180180
{
181181
"Description": "RC4 key scheduling algorithm",
182-
"MatchStrings": [
183-
"$cmp_e_x_256",
184-
"$cmp_r_x_256"
185-
],
186182
"RiskScore": 1,
187183
"RiskLevel": "LOW",
188184
"RuleURL": "https://github.com/chainguard-dev/malcontent/blob/main/rules/crypto/rc4.yara#rc4_ksa",
@@ -193,9 +189,9 @@
193189
{
194190
"Description": "tls",
195191
"MatchStrings": [
196-
"TLS13",
197192
"TLSVersion",
198-
"crypto/tls"
193+
"crypto/tls",
194+
"TLS13"
199195
],
200196
"RiskScore": 1,
201197
"RiskLevel": "LOW",
@@ -298,8 +294,8 @@
298294
{
299295
"Description": "Looks up the HOME directory for the current user",
300296
"MatchStrings": [
301-
"HOME",
302-
"getenv"
297+
"getenv",
298+
"HOME"
303299
],
304300
"RiskScore": 1,
305301
"RiskLevel": "LOW",
@@ -311,8 +307,8 @@
311307
{
312308
"Description": "Looks up the USER name of the current user",
313309
"MatchStrings": [
314-
"USER",
315-
"getenv"
310+
"getenv",
311+
"USER"
316312
],
317313
"RiskScore": 1,
318314
"RiskLevel": "LOW",
@@ -336,9 +332,9 @@
336332
{
337333
"Description": "Appends rules to a iptables chain",
338334
"MatchStrings": [
339-
"-A",
335+
"iptables",
340336
"INPUT",
341-
"iptables"
337+
"-A"
342338
],
343339
"RiskScore": 2,
344340
"RiskLevel": "MEDIUM",
@@ -393,8 +389,8 @@
393389
{
394390
"Description": "reads files",
395391
"MatchStrings": [
396-
"ReadFile",
397-
"os.(*File).Read"
392+
"os.(*File).Read",
393+
"ReadFile"
398394
],
399395
"RiskScore": 1,
400396
"RiskLevel": "LOW",
@@ -418,21 +414,21 @@
418414
"Description": "path reference within /etc",
419415
"MatchStrings": [
420416
"/etc/apache/mime.types/etc/ssl/ca-bun",
421-
"/etc/hosts/setgroups",
422-
"/etc/httpd/conf/mime.types",
423-
"/etc/mdns.allow/etc/mime.types",
424-
"/etc/nsswitch.conf/etc/pki/tls/certs",
425-
"/etc/passwd/index.html",
426417
"/etc/pki/ca-trust/extracted/pem/tls-c",
427-
"/etc/pki/tls/cacert.pem",
428-
"/etc/pki/tls/certs/ca-bundle.crt",
429-
"/etc/protocols/etc/ssl/certs",
430-
"/etc/resolv.conf",
431418
"/etc/security/cacerts/usr/local/share",
432-
"/etc/services",
433419
"/etc/ssl/ca-bundle.pem/lib/time/zonei",
420+
"/etc/nsswitch.conf/etc/pki/tls/certs",
421+
"/etc/ssl/certs/ca-certificates.crt",
422+
"/etc/pki/tls/certs/ca-bundle.crt",
423+
"/etc/mdns.allow/etc/mime.types",
424+
"/etc/protocols/etc/ssl/certs",
425+
"/etc/httpd/conf/mime.types",
426+
"/etc/pki/tls/cacert.pem",
427+
"/etc/passwd/index.html",
428+
"/etc/hosts/setgroups",
434429
"/etc/ssl/cert.pem",
435-
"/etc/ssl/certs/ca-certificates.crt"
430+
"/etc/resolv.conf",
431+
"/etc/services"
436432
],
437433
"RiskScore": 1,
438434
"RiskLevel": "LOW",
@@ -513,8 +509,8 @@
513509
"Description": "vncjew, a VNC scanner",
514510
"MatchStrings": [
515511
"iptables",
516-
"masscan",
517-
"readVNCs"
512+
"readVNCs",
513+
"masscan"
518514
],
519515
"RiskScore": 4,
520516
"RiskLevel": "CRITICAL",
@@ -526,8 +522,8 @@
526522
"Description": "Uses DNS (Domain Name Service)",
527523
"MatchStrings": [
528524
"CNAMEResource",
529-
"SetEDNS0",
530-
"dnsmessage"
525+
"dnsmessage",
526+
"SetEDNS0"
531527
],
532528
"RiskScore": 1,
533529
"RiskLevel": "LOW",
@@ -561,8 +557,8 @@
561557
{
562558
"Description": "accepts JSON files via HTTP",
563559
"MatchStrings": [
564-
"Accept",
565-
"application/json"
560+
"application/json",
561+
"Accept"
566562
],
567563
"RiskScore": 1,
568564
"RiskLevel": "LOW",
@@ -636,9 +632,9 @@
636632
{
637633
"Description": "makes HTTP requests",
638634
"MatchStrings": [
635+
"User-Agent",
639636
"HTTP/1.",
640-
"Referer",
641-
"User-Agent"
637+
"Referer"
642638
],
643639
"RiskScore": 1,
644640
"RiskLevel": "LOW",
@@ -814,8 +810,8 @@
814810
{
815811
"Description": "Sends UDP packets",
816812
"MatchStrings": [
817-
"DialUDP",
818-
"WriteMsgUDP"
813+
"WriteMsgUDP",
814+
"DialUDP"
819815
],
820816
"RiskScore": 1,
821817
"RiskLevel": "LOW",
@@ -859,8 +855,8 @@
859855
{
860856
"Description": "transfer data between file descriptors",
861857
"MatchStrings": [
862-
"sendfile",
863-
"syscall.Sendfile"
858+
"syscall.Sendfile",
859+
"sendfile"
864860
],
865861
"RiskScore": 1,
866862
"RiskLevel": "LOW",
@@ -922,9 +918,6 @@
922918
},
923919
{
924920
"Description": "multiple ELF binaries within an ELF binary",
925-
"MatchStrings": [
926-
"$elf_head"
927-
],
928921
"RiskScore": 2,
929922
"RiskLevel": "MEDIUM",
930923
"RuleURL": "https://github.com/chainguard-dev/malcontent/blob/main/rules/anti-static/elf/multiple.yara#multiple_elf",
@@ -935,8 +928,8 @@
935928
"Description": "Linux ELF binary packed with UPX",
936929
"MatchStrings": [
937930
"This file is packed",
938-
"UPX!",
939-
"executable packer"
931+
"executable packer",
932+
"UPX!"
940933
],
941934
"RiskScore": 3,
942935
"RiskLevel": "HIGH",
@@ -969,8 +962,8 @@
969962
{
970963
"Description": "references a specific architecture",
971964
"MatchStrings": [
972-
"amd64",
973-
"http://"
965+
"http://",
966+
"amd64"
974967
],
975968
"RiskScore": 1,
976969
"RiskLevel": "LOW",

0 commit comments

Comments
 (0)