libwebp-checker/libwebp-checker.sh at main · murphysecurity/libwebp-checker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
#!/bin/bash

# 判断参数个数
if [ "$#" -lt 1 ]; then
    echo "Usage: bash $0 --token [token] -p |-f [directory]"
    exit 1
fi

if [ "$1" = "--token" ]; then
    if [ "$#" -lt 3 ]; then # 检查是否提供了路径参数
        echo "Usage: bash $0 --token [token] -p |-f [directory]"
        exit 1
    fi

    URL="https://s.murphysec.com/vuln/maven-package-libwebp-sha1.lst"
    TOKEN="$2"
    # 请求认证 token
    AUTHORIZATION_HEADER="Authorization: Bearer $TOKEN"

    # 根据 token 下载哈希 文件
    curl -fs -H "$AUTHORIZATION_HEADER" "$URL" -o /tmp/maven-package-libwebp-sha1.lst >/dev/null 2>&1

    # 检查curl的退出状态
    if [ $? -eq 0 ]; then
        echo "File downloaded successfully."
    else
        echo "Error occurred while downloading the file."
        exit 1
    fi
fi

function check_file_hash() {
    if [ ! -n "$TOKEN" ]; then
        return 0
    fi
    local target_file="$1"
    local hash=$(sha1sum "$target_file" | awk '{print $1}')
    if grep -q "$hash" /tmp/maven-package-libwebp-sha1.lst; then
        echo "Affected file: $target_file"
        return 1
    fi
    return 0
}

function check_binary() {
    filepath="$1"
    extracted_file="$2"
    # 使用 file 命令检测文件类型
    filetype=$(file "$extracted_file" 2>/dev/null)
    if echo "$filetype" | grep -q -e "ELF" -e "executable" -e "shared object" -e "shared library"; then
        # 通过strings和fgrep搜索二进制文件
        matched_strings=$(strings "$extracted_file" | fgrep -o -e 'WebPCopyPlane' -e 'WebPCopyPixels' -e 'VP8LBuildHuffmanTable' 2>/dev/null)
        safe_strings=$(strings "$extracted_file" | fgrep -o -e 'VP8LHuffmanTablesAllocate' 2>/dev/null)
        if [[ ! -z "$matched_strings" ]] && [[ -z "$safe_strings" ]]; then
            extracted_filepath_stripped=$(echo "$extracted_file" | sed "s|^$temp_dir||")
            echo -n "Affected file: $filepath, $extracted_filepath_stripped, Matched String: "
            echo "$matched_strings" | tr '\n' ',' | sed 's/,$/\n/'
        fi
    fi
}

PARAM_OFFSET=$(($#-1))
PARAM_LEN=$#
PARAM_VALUE=${!PARAM_LEN}

# 判断参数是-p还是-f
if [ ${PARAM_VALUE} = "-p" ]; then
    echo 'Analyzing processes...'
    # 列出当前进程打开的所有文件
    for pid in $( # 使用ps -e列出所有进程ID
        ps -e | awk '{print $1}'
    ); do
        lsof -p $pid 2>/dev/null | while read -r line; do
            file=$(echo $line | awk '{print $9}')
            # 使用 file 命令检测文件类型
            filetype=$(file "$file" 2>/dev/null)
            if echo "$filetype" | grep -q -e "ELF" -e "executable" -e "shared object" -e "shared library"; then
                # 检查文件内容
                matched_strings=$(strings "$file" | fgrep -o -e 'WebPCopyPlane' -e 'WebPCopyPixels' -e 'VP8LBuildHuffmanTable' 2>/dev/null)
                safe_strings=$(strings "$file" | fgrep -o -e 'VP8LHuffmanTablesAllocate' 2>/dev/null)
                if [[ ! -z "$matched_strings" ]] && [[ -z "$safe_strings" ]]; then
                    echo -n "Affected file: $file, Matched String: "
                    echo "$matched_strings" | tr '\n' ',' | sed 's/,$/\n/'
                fi
            fi
        done
    done
elif [ ${!PARAM_OFFSET} = "-f" ]; then
    # 递归找到所有文件并检查文件内容
    if [ "$#" -lt 2 ]; then # 检查是否提供了路径参数
        echo "Usage: $0 -f directory"
        exit 1
    fi

    find "$PARAM_VALUE" -type f | while read -r file; do
        # 如果是jar则解压
        case "$file" in
        *.jar | *.war | *.aar)
            check_file_hash "$file"

            # 解压文件并检查内容
            filetype=$(file "$file" 2>/dev/null)
            if echo "$filetype" | grep -q -e "archive data"; then
                # 解压到临时路径
                basefile=$(basename "$file")
                temp_dir=$(mktemp -d -t "${basefile}-XXXXXX")
                abs_file=$(readlink -f "$file")
                (cd $temp_dir && jar -xf "$abs_file")
                find "$temp_dir" -type f | while read -r extracted_file; do
                    # 识别每个提取后的文件
                    check_binary "$file" "$extracted_file"
                    # 判断为 jar 的，比对哈希
                    if [[ "$extracted_file" == *.jar ]]; then
                        # 获取 jar 结尾的内容并进行哈希匹配
                        check_file_hash "$inner_file"
                    fi
                done

                rm -rf "$temp_dir"
            fi

            ;;
        *.rpm)
            # 提取文件名，解压文件并检查内容
            basefile=$(basename "$file")
            temp_dir=$(mktemp -d -t "${basefile}-XXXXXX")
            # 解压 RPM 文件并检查内容
            rpm2cpio "$file" | cpio -idmv -D "$temp_dir" >/dev/null 2>&1
            find "$temp_dir" -type f | while read -r extracted_file; do
                # 识别每个提取后的文件
                check_binary "$file" "$extracted_file"
            done
            rm -rf "$temp_dir"
            ;;

        *)
            check_binary "$file" "$file"
            ;;
        esac
    done
else
    echo "Invalid option: $1"
    exit 1
fi