shell detection enhancements for xray

2025-06-03 04:00:23 +00:00 · 2021-06-10 02:24:22 -07:00 · 2021-06-10 02:24:22 -07:00 · 5ac34b5581
commit 5ac34b5581
parent 10c72982ce
2 changed files with 34 additions and 13 deletions
--- a/pkg/app/master/commands/xray/handler.go
+++ b/pkg/app/master/commands/xray/handler.go
@ -877,6 +877,16 @@ func printImagePackage(
 	}

 	for _, info := range pkg.OSShells {
+		xc.Out.Info("image.shells",
+			ovars{
+				"full_name":  info.FullName,
+				"short_name": info.ShortName,
+				"exe_path":   info.ExePath,
+				"link_path":  info.LinkPath,
+				"reference":  info.Reference,
+				"verified":   info.Verified,
+			})
+
 		cmdReport.ImageReport.OSShells = append(cmdReport.ImageReport.OSShells, info)
 	}

--- a/pkg/docker/dockerimage/dockerimage.go
+++ b/pkg/docker/dockerimage/dockerimage.go
@ -599,6 +599,18 @@ func LoadPackage(archivePath string,
 				case ChangeDelete:
 					object.History.Delete = &changeInfo
 				}
+
+				if object.Change == ChangeAdd ||
+					object.Change == ChangeModify {
+					if shellInfo, found := pkg.OSShells[object.Name]; found {
+						if exeInfo, rfound := layer.References[shellInfo.ExePath]; rfound {
+							shellInfo.Verified = true
+							if exeInfo.LinkTarget != "" {
+								shellInfo.LinkPath = exeInfo.LinkTarget
+							}
+						}
+					}
+				}
 			}

 			if utf8Detector != nil {
@ -696,6 +708,18 @@ func LoadPackage(archivePath string,
 						}
 					}
 				}
+
+				if object.Change == ChangeAdd ||
+					object.Change == ChangeModify {
+					if shellInfo, found := pkg.OSShells[object.Name]; found {
+						if exeInfo, rfound := layer.References[shellInfo.ExePath]; rfound {
+							shellInfo.Verified = true
+							if exeInfo.LinkTarget != "" {
+								shellInfo.LinkPath = exeInfo.LinkTarget
+							}
+						}
+					}
+				}
 			}
 			if utf8Detector != nil {
 				layer.Stats.UTF8SizeHuman = humanize.Bytes(layer.Stats.UTF8Size)
@ -884,12 +908,6 @@ func layerFromStream(
 			if isDeleted {
 				layer.Stats.DeletedLinkCount++
 				pkg.Stats.DeletedLinkCount++
-			} else {
-				if shellInfo, found := pkg.OSShells[object.Name]; found {
-					if shellInfo.ExePath == object.Name {
-						shellInfo.LinkPath = object.LinkTarget
-					}
-				}
 			}
 		case tar.TypeReg:
 			layer.Stats.FileCount++
@ -916,13 +934,6 @@ func layerFromStream(
 					pkg.Stats.StickyCount++
 				}

-				if shellInfo, found := pkg.OSShells[object.Name]; found {
-					if shellInfo.ExePath == object.Name {
-						//not ideal, need to verify Reference and LinkPath too
-						shellInfo.Verified = true
-					}
-				}
-
 				err = inspectFile(
 					object,
 					tr,