@@ -82,7 +82,8 @@ def run_modules_scanners(
8282 kernel_name : str ,
8383 run_hidden_modules : bool = True ,
8484 ) -> Dict [str , List [extensions .module ]]:
85- """Run module scanning plugins and aggregate the results.
85+ """Run module scanning plugins and aggregate the results. It is designed
86+ to not operate any inter-plugin results triage.
8687
8788 Args:
8889 run_hidden_modules: specify if the hidden_modules plugin should be run
@@ -128,46 +129,50 @@ def run_modules_scanners(
128129 def _generator (self ):
129130 kernel_name = self .config ["kernel" ]
130131 run_results = self .run_modules_scanners (self .context , kernel_name )
131- modules_offsets = {}
132- for key in ["lsmod" , "check_modules" , "hidden_modules" ]:
133- modules_offsets [key ] = set (module .vol .offset for module in run_results [key ])
134-
135- seen_addresses = set ()
136- for modules_list in run_results .values ():
137- for module in modules_list :
138- if module .vol .offset in seen_addresses :
139- continue
140- seen_addresses .add (module .vol .offset )
132+ aggregated_modules = {}
133+ # We want to be explicit on the plugins results we are interested in
134+ for plugin_name in ["lsmod" , "check_modules" , "hidden_modules" ]:
135+ # Iterate over each recovered module
136+ for module in run_results [plugin_name ]:
137+ # Use offsets as unique keys, whether a module
138+ # appears in many plugin runs or not
139+ if aggregated_modules .get (module .vol .offset ):
140+ # Append the plugin to the list of originating plugins
141+ aggregated_modules [module .vol .offset ][1 ].append (plugin_name )
142+ else :
143+ aggregated_modules [module .vol .offset ] = (module , [plugin_name ])
141144
142- if self .config .get ("plain_taints" ):
143- taints = tainting .Tainting .get_taints_as_plain_string (
145+ for module_offset , (module , originating_plugins ) in aggregated_modules .items ():
146+ # Tainting parsing capabilities applied to the module
147+ if self .config .get ("plain_taints" ):
148+ taints = tainting .Tainting .get_taints_as_plain_string (
149+ self .context ,
150+ kernel_name ,
151+ module .taints ,
152+ True ,
153+ )
154+ else :
155+ taints = "," .join (
156+ tainting .Tainting .get_taints_parsed (
144157 self .context ,
145158 kernel_name ,
146159 module .taints ,
147160 True ,
148161 )
149- else :
150- taints = "," .join (
151- tainting .Tainting .get_taints_parsed (
152- self .context ,
153- kernel_name ,
154- module .taints ,
155- True ,
156- )
157- )
158-
159- yield (
160- 0 ,
161- (
162- module .get_name () or NotAvailableValue (),
163- format_hints .Hex (module .vol .offset ),
164- module .vol .offset in modules_offsets ["lsmod" ],
165- module .vol .offset in modules_offsets ["check_modules" ],
166- module .vol .offset in modules_offsets ["hidden_modules" ],
167- taints or NotAvailableValue (),
168- ),
169162 )
170163
164+ yield (
165+ 0 ,
166+ (
167+ module .get_name () or NotAvailableValue (),
168+ format_hints .Hex (module_offset ),
169+ "lsmod" in originating_plugins ,
170+ "check_modules" in originating_plugins ,
171+ "hidden_modules" in originating_plugins ,
172+ taints or NotAvailableValue (),
173+ ),
174+ )
175+
171176 def run (self ):
172177 columns = [
173178 ("Name" , str ),
0 commit comments