Merge branch 'refs/heads/main' into release-2.5

# Conflicts:
#	go.mod
#	go.sum

Author: ramanan-ravi

Dockerfile

@@ -2,11 +2,11 @@ ARG VECTORSCAN_IMG_TAG=latest
 ARG VECTORSCAN_IMAGE_REPOSITORY=deepfenceio
 FROM $VECTORSCAN_IMAGE_REPOSITORY/deepfence_vectorscan_build:$VECTORSCAN_IMG_TAG AS vectorscan
 
-FROM golang:1.23-alpine3.20 AS builder
-MAINTAINER DeepFence
+FROM golang:1.25-alpine3.23 AS builder
+LABEL maintainer="DeepFence"
 
 RUN apk update  \
-    && apk add --upgrade gcc musl-dev pkgconfig g++ make git
+    && apk add --upgrade gcc musl-dev pkgconfig g++ make git curl
 
 RUN apk add --no-cache \
     git \
@@ -38,48 +38,62 @@ RUN apk add --no-cache -t .build-deps py-setuptools \
     libmagic-static \
     linux-headers
 
-RUN cd /root && wget https://github.com/VirusTotal/yara/archive/refs/tags/v4.3.2.tar.gz \
-    && tar -zxf v4.3.2.tar.gz \
-    && cd yara-4.3.2 \
+RUN cd /root && wget https://github.com/VirusTotal/yara/archive/refs/tags/v4.5.5.tar.gz \
+    && tar -zxf v4.5.5.tar.gz \
+    && cd yara-4.5.5 \
     && ./bootstrap.sh \
     && ./configure --prefix=/usr/local/yara --disable-dotnet --enable-magic --enable-cuckoo --disable-shared --enable-static\
     && make \
     && make install \
     && cd /usr/local/ \
     && tar -czf yara.tar.gz yara
 
+# Copy YaraHunter first (for local replace directive)
+WORKDIR /home/deepfence/src
+COPY YaraHunter/ YaraHunter/
+
 WORKDIR /home/deepfence/src/SecretScanner
-COPY . .
+COPY SecretScanner/ .
 RUN make clean && make all
 
-FROM alpine:3.20
-MAINTAINER DeepFence
+# Download rules and convert to yar format
+RUN mkdir -p /home/deepfence/rules \
+    && curl -fsSL https://artifacts.threatmapper.org/threat-intel/secret/secret_v2.5.8.tar.gz \
+    -o /tmp/secret_rules.tar.gz \
+    && tar -xzf /tmp/secret_rules.tar.gz -C /home/deepfence/rules --strip-components=1 \
+    && rm /tmp/secret_rules.tar.gz
+
+# Build and run the converter
+WORKDIR /home/deepfence/src/SecretScanner
+RUN go run ./cmd/convert-rules/main.go /home/deepfence/rules/df-secret.json /home/deepfence/rules/secret.yar
+
+
+FROM alpine:3.23
+LABEL maintainer="DeepFence"
 LABEL deepfence.role=system
 
 ENV MGMT_CONSOLE_URL=deepfence-internal-router \
     MGMT_CONSOLE_PORT=443
 
 ARG TARGETARCH
 
-RUN apk add --no-cache --upgrade tar libstdc++ libgcc docker skopeo bash podman
+RUN apk add --no-cache --upgrade tar libstdc++ libgcc docker skopeo bash podman curl
 
 RUN <<EOF
 set -eux
 
-apk update && apk add --no-cache --upgrade curl
-
-NERDCTL_VERSION=1.7.7
+NERDCTL_VERSION=2.2.0
 curl -fsSLO https://github.com/containerd/nerdctl/releases/download/v${NERDCTL_VERSION}/nerdctl-${NERDCTL_VERSION}-linux-${TARGETARCH}.tar.gz
 tar Cxzvvf /usr/local/bin nerdctl-${NERDCTL_VERSION}-linux-${TARGETARCH}.tar.gz
 rm nerdctl-${NERDCTL_VERSION}-linux-${TARGETARCH}.tar.gz
 
-apk del curl
 EOF
 
 WORKDIR /home/deepfence/usr
 COPY --from=builder /home/deepfence/src/SecretScanner/SecretScanner .
 COPY --from=builder /home/deepfence/src/SecretScanner/config.yaml .
+COPY --from=builder /home/deepfence/rules/secret.yar .
 WORKDIR /home/deepfence/output
 
-ENTRYPOINT ["/home/deepfence/usr/SecretScanner", "-config-path", "/home/deepfence/usr"]
+ENTRYPOINT ["/home/deepfence/usr/SecretScanner", "-config-path", "/home/deepfence/usr", "-rules-path", "/home/deepfence/usr"]
 CMD ["-h"]

MAINTAINERS.md

@@ -1,5 +1,5 @@
 export IMAGE_REPOSITORY?=quay.io/deepfenceio
-export DF_IMG_TAG?=2.5.7
+export DF_IMG_TAG?=2.5.8
 
 all: SecretScanner
 

Makefile

@@ -1,12 +1,10 @@
 # SecretScanner
 
-[![Documentation](https://img.shields.io/badge/documentation-read-green)](https://community.deepfence.io/docs/secretscanner/)
+[![Documentation](https://img.shields.io/badge/documentation-read-green)](https://threatmapper.org/docs/secretscanner/)
 [![GitHub license](https://img.shields.io/github/license/deepfence/SecretScanner)](https://github.com/deepfence/SecretScanner/blob/master/LICENSE)
 [![GitHub stars](https://img.shields.io/github/stars/deepfence/SecretScanner)](https://github.com/deepfence/SecretScanner/stargazers)
-[![Hacktoberfest](https://img.shields.io/github/hacktoberfest/2022/deepfence/SecretScanner)](https://github.com/deepfence/SecretScanner/issues)
 [![GitHub issues](https://img.shields.io/github/issues/deepfence/SecretScanner)](https://github.com/deepfence/SecretScanner/issues)
 [![Slack](https://img.shields.io/badge/slack-@deepfence-blue.svg?logo=slack)](https://join.slack.com/t/deepfence-community/shared_invite/zt-podmzle9-5X~qYx8wMaLt9bGWwkSdgQ)
-[![Twitter](https://img.shields.io/twitter/url?style=social&url=https%3A%2F%2Fgithub.com%2Fdeepfence%2FSecretScanner)](https://twitter.com/intent/tweet?text=Check%20this%20out%3A&url=https%3A%2F%2Fgithub.com%2Fdeepfence%2FSecretScanner)
 
 # SecretScanner
 
@@ -29,7 +27,7 @@ Use SecretScanner if you need a lightweight, efficient method to scan container
 
 ## Quick Start
 
-For full instructions, refer to the [SecretScanner Documentation](https://community.deepfence.io/docs/secretscanner/).
+For full instructions, refer to the [SecretScanner Documentation](https://threatmapper.org/docs/secretscanner/).
 
 ![SecretScanner QuickStart](docs/docs/secretscanner/img/secretscanner.svg)
 
@@ -38,19 +36,12 @@ Install docker and run SecretScanner on a container image using the following in
 * Build SecretScanner:
 ```shell
 ./bootstrap.sh
-docker build --rm=true --tag=quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.7 -f Dockerfile .
+docker build --rm=true --tag=quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.8 -f Dockerfile .
 ```
 
 * Or, pull the latest build from docker hub by doing:
 ```shell
-docker pull quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.7
-```
-
-### Generate License Key
-
-Run this command to generate a license key. Work/official email id has to be used.
-```shell
-curl https://license.deepfence.io/threatmapper/generate-license?first_name=<FIRST_NAME>&last_name=<LAST_NAME>&email=<EMAIL>&company=<ORGANIZATION_NAME>&resend_email=true
+docker pull quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.8
 ```
 
 ### Scan
@@ -60,30 +51,15 @@ curl https://license.deepfence.io/threatmapper/generate-license?first_name=<FIRS
 docker pull node:8.11
 ```
 
-* Set Product and Licence and scan it::
+* Scan it:
 ```shell
 docker run -i --rm --name=deepfence-secretscanner \
-    -e DEEPFENCE_PRODUCT=<ThreatMapper or ThreatStryker> \
-    -e DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key> \
     -v /var/run/docker.sock:/var/run/docker.sock \
-    quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.7 \
+    quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.8 \
     --image-name node:8.11 \
     --output json > node.json
 ```
 
-Rules can also be cached to use next run by mounting a seperate path and passing `rules-path` argument
-```shell
-docker run -i --rm --name=deepfence-yarahunter \
-     -e DEEPFENCE_PRODUCT=<ThreatMapper or ThreatStryker> \
-     -e DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key> \
-     -v /var/run/docker.sock:/var/run/docker.sock \
-     -v /tmp/rules:/tmp/rules \
-     quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.7 \
-     --image-name node:8.11 \
-     --rules-path=/tmp/rules \
-     --output json > node.json
-```
-
 # Credits
 
 We have built upon the configuration file from [shhgit](https://github.com/eth0izzle/shhgit) project.
@@ -92,11 +68,10 @@ We have built upon the configuration file from [shhgit](https://github.com/eth0i
 
 Thank you for using SecretScanner.
 
- * [<img src="https://img.shields.io/badge/documentation-read-green">](https://community.deepfence.io/docs/secretscanner/) Start with the documentation
+ * [<img src="https://img.shields.io/badge/documentation-read-green">](https://threatmapper.org/docs/secretscanner/) Start with the documentation
  * [<img src="https://img.shields.io/badge/slack-@deepfence-blue.svg?logo=slack">](https://join.slack.com/t/deepfence-community/shared_invite/zt-podmzle9-5X~qYx8wMaLt9bGWwkSdgQ) Got a question, need some help?  Find the Deepfence team on Slack
  * [![GitHub issues](https://img.shields.io/github/issues/deepfence/SecretScanner)](https://github.com/deepfence/SecretScanner/issues) Got a feature request or found a bug? Raise an issue
  * [productsecurity *at* deepfence *dot* io](SECURITY.md): Found a security issue? Share it in confidence
- * Find out more at [deepfence.io](https://deepfence.io/)
 
 ## Security and Support
 

README.md

@@ -0,0 +1,38 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+
+	"github.com/deepfence/YaraHunter/pkg/threatintel"
+)
+
+func main() {
+	if len(os.Args) != 3 {
+		fmt.Println("Usage: convert-rules <input.json> <output.yar>")
+		os.Exit(1)
+	}
+
+	inputFile := os.Args[1]
+	outputFile := os.Args[2]
+
+	data, err := os.ReadFile(inputFile)
+	if err != nil {
+		fmt.Printf("Error reading file: %v\n", err)
+		os.Exit(1)
+	}
+
+	var fb threatintel.FeedsBundle
+	if err := json.Unmarshal(data, &fb); err != nil {
+		fmt.Printf("Error parsing JSON: %v\n", err)
+		os.Exit(1)
+	}
+
+	if err := threatintel.ExportYaraRules(outputFile, fb.ScannerFeeds.SecretRules, fb.Extra); err != nil {
+		fmt.Printf("Error exporting rules: %v\n", err)
+		os.Exit(1)
+	}
+
+	fmt.Printf("Successfully converted %d rules to %s\n", len(fb.ScannerFeeds.SecretRules), outputFile)
+}

agent-plugins-grpc

@@ -11,10 +11,6 @@ import (
 
 func Test_ConfigMerge(t *testing.T) {
 	config := &core.Config{
-		BlacklistedStrings:           []string{"base"},
-		BlacklistedExtensions:        []string{"base"},
-		BlacklistedPaths:             []string{"base"},
-		BlacklistedEntropyExtensions: []string{"base"},
 		Signatures: []core.ConfigSignature{
 			{
 				Name:          "base",
@@ -42,10 +38,6 @@ func Test_ConfigMerge(t *testing.T) {
 	}
 
 	config.Merge(&core.Config{
-		BlacklistedStrings:           []string{"merge"},
-		BlacklistedExtensions:        []string{"merge", "base"},
-		BlacklistedPaths:             []string{"base", "merge"},
-		BlacklistedEntropyExtensions: []string{"base"},
 		Signatures: []core.ConfigSignature{
 			{
 				Name:          "merge",
@@ -73,10 +65,6 @@ func Test_ConfigMerge(t *testing.T) {
 	})
 
 	expected := &core.Config{
-		BlacklistedStrings:           []string{"base", "merge"},
-		BlacklistedExtensions:        []string{"base", "merge"},
-		BlacklistedPaths:             []string{"base", "merge"},
-		BlacklistedEntropyExtensions: []string{"base"},
 		Signatures: []core.ConfigSignature{
 			{
 				Name:          "base",

cmd/convert-rules/main.go

@@ -4,7 +4,7 @@ import (
 	"os"
 	"path/filepath"
 
-	log "github.com/sirupsen/logrus"
+	"github.com/rs/zerolog/log"
 )
 
 type MatchFile struct {
@@ -19,43 +19,22 @@ func NewMatchFile(path string) MatchFile {
 	path = filepath.ToSlash(path)
 	_, filename := filepath.Split(path)
 	extension := filepath.Ext(path)
-	// contents, _ := ioutil.ReadFile(path)
 
 	return MatchFile{
 		Path:      path,
 		Filename:  filename,
 		Extension: extension,
-		Contents:  []byte(""), // contents,
+		Contents:  []byte(""),
 	}
 }
 
-//// GetMatchingFiles Return the list of all applicable files inside the given directory for scanning
-// func GetMatchingFiles(dir string, baseDir string) (*bytes.Buffer, *bytes.Buffer, error) {
-//	findCmd := "find " + dir
-//	for _, skippableExt := range session.Config.BlacklistedExtensions {
-//		findCmd += " -not -name \"*" + skippableExt + "\""
-//	}
-//	hostMountPath := *session.Options.HostMountPath
-//	if hostMountPath != "" {
-//		baseDir = hostMountPath
-//	}
-//	for _, skippablePathIndicator := range session.Config.BlacklistedPaths {
-//		findCmd += " -path " + baseDir + skippablePathIndicator + " -prune -o"
-//	}
-//	maxFileSize := strconv.FormatUint(uint64(*session.Options.MaximumFileSize), 10)
-//	findCmd += " -type f -size " + maxFileSize + "M"
-//	log.Info("find command: %s", findCmd)
-//
-//	return ExecuteCommand(findCmd)
-//}
-
 // UpdateDirsPermissionsRW Update permissions for dirs in container images, so that they can be properly deleted
 func UpdateDirsPermissionsRW(dir string) {
 	_ = filepath.WalkDir(dir, func(path string, f os.DirEntry, err error) error {
 		if f.IsDir() {
 			err := os.Chmod(path, 0700)
 			if err != nil {
-				log.Errorf("Failed to change dir %s permission: %s", path, err)
+				log.Error().Err(err).Str("path", path).Msg("Failed to change dir permission")
 			}
 		}
 		return nil