Feature/actionmods (#34)

cerrussell · web-flow · commit ddd406212fbe · 2023-07-08T01:04:35.000-04:00
* Enabled multiple sources to be specified and Docker (#33) * Enabled multiple sources to be specified * Require report directory to be specified if multiple input sources * Created Dockerfile * Add Docker build and release * Only use GHCR Signed-off-by: Caroline Russell <caroline@appthreat.dev> * Removed extraneous lines Signed-off-by: Caroline Russell <caroline@appthreat.dev> * Actionmods (#35) * Fixed find_exe and modified report dir * Fixed src_dir error --------- Signed-off-by: Caroline Russell <caroline@appthreat.dev> * Update dockerfile version Signed-off-by: Caroline Russell <caroline@appthreat.dev> * bump version Signed-off-by: Caroline Russell <caroline@appthreat.dev> --------- Signed-off-by: Caroline Russell <caroline@appthreat.dev>
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -87,4 +87,4 @@ jobs:
           tag_name: ${{ github.ref }}
           release_name: Release ${{ github.ref }}
           draft: false
-          prerelease: false
+          prerelease: false
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,49 @@
+FROM almalinux:9.2-minimal
+
+LABEL maintainer="appthreat" \
+      org.opencontainers.image.authors="Team AppThreat <cloud@appthreat.com>" \
+      org.opencontainers.image.source="https://github.com/AppThreat/blint" \
+      org.opencontainers.image.url="https://github.com/AppThreat/blint" \
+      org.opencontainers.image.version="1.0.31" \
+      org.opencontainers.image.vendor="AppThreat" \
+      org.opencontainers.image.licenses="Apache-2.0" \
+      org.opencontainers.image.title="blint" \
+      org.opencontainers.image.description="BLint is a Binary Linter to check the security properties, and capabilities in your executables. It is powered by lief." \
+      org.opencontainers.docker.cmd="docker run --rm -it -v /tmp:/tmp -v $(pwd):/app:rw -w /app -t ghcr.io/appthreat/blint"
+
+ARG TARGETPLATFORM
+ARG JAVA_VERSION=22.3.r19-grl
+ARG SBT_VERSION=1.9.0
+ARG MAVEN_VERSION=3.9.2
+ARG GRADLE_VERSION=8.1.1
+
+ENV GOPATH=/opt/app-root/go \
+    GO_VERSION=1.20.4 \
+    JAVA_VERSION=$JAVA_VERSION \
+    SBT_VERSION=$SBT_VERSION \
+    MAVEN_VERSION=$MAVEN_VERSION \
+    GRADLE_VERSION=$GRADLE_VERSION \
+    GRADLE_OPTS="-Dorg.gradle.daemon=false" \
+    JAVA_HOME="/opt/java/${JAVA_VERSION}" \
+    MAVEN_HOME="/opt/maven/${MAVEN_VERSION}" \
+    GRADLE_HOME="/opt/gradle/${GRADLE_VERSION}" \
+    SBT_HOME="/opt/sbt/${SBT_VERSION}" \
+    COMPOSER_ALLOW_SUPERUSER=1 \
+    PYTHONUNBUFFERED=1 \
+    PYTHONIOENCODING="utf-8"
+ENV PATH=${PATH}:${JAVA_HOME}/bin:${MAVEN_HOME}/bin:${GRADLE_HOME}/bin:${SBT_HOME}/bin:${GOPATH}/bin:/usr/local/go/bin:/usr/local/bin/:/root/.local/bin:
+
+COPY . /opt/blint
+
+RUN microdnf install -y python3.11 python3.11-pip \
+    && alternatives --install /usr/bin/python3 python /usr/bin/python3.11 1 \
+    && python3 --version \
+    && python3 -m pip install --upgrade pip \
+    && cd /opt/blint \
+    && python3 -m pip install -e . \
+    && chmod a-w -R /opt \
+    && microdnf clean all
+
+WORKDIR /app
+
+ENTRYPOINT [ "blint" ]
diff --git a/blint/analysis.py b/blint/analysis.py
@@ -390,12 +390,12 @@ def run_prefuzz(f, metadata):
 
 
 def start(args, src, reports_dir):
-    files = [src]
+    files = src
     findings = []
     reviews = []
     fuzzables = []
-    if os.path.isdir(src):
-        files = find_exe_files(src)
+    for i in src:
+        files += find_exe_files(i)
     with Progress(
         transient=True,
         redirect_stderr=True,
diff --git a/blint/cli.py b/blint/cli.py
@@ -28,7 +28,9 @@ def build_args():
         "-i",
         "--src",
         dest="src_dir_image",
-        help="Source directory or container image or binary file. Defaults to current directory.",
+        action="extend",
+        nargs="+",
+        help="Source directories, container images or binary files. Defaults to current directory.",
     )
     parser.add_argument(
         "-o",
@@ -72,19 +74,20 @@ def main():
     if not args.no_banner:
         print(blint_logo)
     src_dir = args.src_dir_image
-    if not src_dir:
-        src_dir = os.getcwd()
-        reports_base_dir = src_dir
+    if args.reports_dir:
+        reports_dir = args.reports_dir
+    elif not src_dir:
+        reports_base_dir, src_dir= os.getcwd(), [os.getcwd()]
+        reports_dir = os.path.join(reports_base_dir, "reports")
+    elif len(src_dir) == 1:
+        reports_dir = os.path.dirname(src_dir[0])
     else:
-        reports_base_dir = os.path.dirname(src_dir)
-    reports_dir = (
-        args.reports_dir
-        if args.reports_dir
-        else os.path.join(reports_base_dir, "reports")
-    )
-    if not os.path.exists(src_dir):
-        print(f"{src_dir} is an invalid file or directory!")
-        return
+        print("You must use the -o option to specify a reports output directory when scanning multiple sources.")
+        exit()
+    for dir in src_dir:
+        if not os.path.exists(dir):
+            print(f"{src_dir} is an invalid file or directory!")
+            return
     # Create reports directory
     if reports_dir and not os.path.exists(reports_dir):
         os.makedirs(reports_dir)
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "blint"
-version = "1.0.30"
+version = "1.0.31"
 description = "Linter for binary files powered by lief"
 authors = ["Prabhu Subramanian <prabhu@appthreat.com>"]
 license = "Apache-2.0"
@@ -45,4 +45,4 @@ pyinstaller = "^5.10.1"
 
 [build-system]
 requires = ["poetry-core>=1.0.0"]
-build-backend = "poetry.core.masonry.api"
+build-backend = "poetry.core.masonry.api"
