sbom output

Signed-off-by: Prabhu Subramanian <[email protected]> Retrieve apk summary and features Signed-off-by: Prabhu Subramanian <[email protected]> aab support Signed-off-by: Prabhu Subramanian <[email protected]>
owasp-dep-scan · Feb 4, 2024 · 1e9f7f4 · 1e9f7f4
1 parent 4a2e24c
commit 1e9f7f4
Show file tree

Hide file tree

Showing 20 changed files with 6,860 additions and 276 deletions.
diff --git a/.github/workflows/pytests.yml b/.github/workflows/pytests.yml
@@ -8,7 +8,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest, macos-latest, windows-latest]
-        python-version: ['3.8', '3.9', '3.10', '3.11']
+        python-version: ['3.10', '3.11']
     steps:
     - uses: actions/checkout@v3
     - name: Set up Python

diff --git a/Dockerfile b/Dockerfile
@@ -1,53 +1,47 @@
-FROM almalinux:9.2-minimal
+FROM almalinux:9.3-minimal
 
 LABEL maintainer="appthreat" \
       org.opencontainers.image.authors="Team AppThreat <[email protected]>" \
-      org.opencontainers.image.source="https://github.com/AppThreat/blint" \
-      org.opencontainers.image.url="https://github.com/AppThreat/blint" \
-      org.opencontainers.image.version="1.0.35" \
+      org.opencontainers.image.source="https://github.com/owasp-dep-scan/blint" \
+      org.opencontainers.image.url="https://github.com/owasp-dep-scan/blint" \
+      org.opencontainers.image.version="2.0.x" \
       org.opencontainers.image.vendor="AppThreat" \
       org.opencontainers.image.licenses="Apache-2.0" \
       org.opencontainers.image.title="blint" \
-      org.opencontainers.image.description="BLint is a Binary Linter to check the security properties, and capabilities in your executables. It is powered by lief." \
-      org.opencontainers.docker.cmd="docker run --rm -it -v /tmp:/tmp -v $(pwd):/app:rw -w /app -t ghcr.io/appthreat/blint"
+      org.opencontainers.image.description="BLint is a Binary Linter and SBOM generator." \
+      org.opencontainers.docker.cmd="docker run --rm -it -v /tmp:/tmp -v $(pwd):/app:rw -w /app -t ghcr.io/owasp-dep-scan/blint"
 
 ARG TARGETPLATFORM
-ARG JAVA_VERSION=22.3.r19-grl
-ARG SBT_VERSION=1.9.0
-ARG MAVEN_VERSION=3.9.2
-ARG GRADLE_VERSION=8.1.1
+ARG JAVA_VERSION=21.0.2-tem
 ARG ARCH_NAME=x86_64
 
-ENV GOPATH=/opt/app-root/go \
-    GO_VERSION=1.20.4 \
-    JAVA_VERSION=$JAVA_VERSION \
-    SBT_VERSION=$SBT_VERSION \
-    MAVEN_VERSION=$MAVEN_VERSION \
-    GRADLE_VERSION=$GRADLE_VERSION \
-    GRADLE_OPTS="-Dorg.gradle.daemon=false" \
-    JAVA_HOME="/opt/java/${JAVA_VERSION}" \
-    MAVEN_HOME="/opt/maven/${MAVEN_VERSION}" \
-    GRADLE_HOME="/opt/gradle/${GRADLE_VERSION}" \
-    SBT_HOME="/opt/sbt/${SBT_VERSION}" \
-    COMPOSER_ALLOW_SUPERUSER=1 \
+ENV COMPOSER_ALLOW_SUPERUSER=1 \
+    ANDROID_HOME=/opt/android-sdk-linux \
     PYTHONUNBUFFERED=1 \
     PYTHONIOENCODING="utf-8"
-ENV PATH=${PATH}:${JAVA_HOME}/bin:${MAVEN_HOME}/bin:${GRADLE_HOME}/bin:${SBT_HOME}/bin:${GOPATH}/bin:/usr/local/go/bin:/usr/local/bin/:/root/.local/bin:
+ENV PATH=${PATH}:/usr/local/bin/:/root/.local/bin:${ANDROID_HOME}/cmdline-tools/latest/bin:${ANDROID_HOME}/tools:${ANDROID_HOME}/tools/bin:${ANDROID_HOME}/platform-tools:
 
-COPY . /opt/blint
-
-RUN microdnf install -y python3.11 python3.11-devel python3.11-pip \
+RUN microdnf install -y python3.11 python3.11-devel python3.11-pip java-21-openjdk-headless which tar gzip zip unzip sudo ncurses \
     && alternatives --install /usr/bin/python3 python /usr/bin/python3.11 1 \
     && python3 --version \
     && python3 -m pip install --upgrade pip \
     && python3 -m pip install setuptools --upgrade \
-    && python3 -m pip install poetry
-
+    && python3 -m pip install poetry \
+    && microdnf install -y epel-release \
+    && mkdir -p ${ANDROID_HOME}/cmdline-tools \
+    && curl -L https://dl.google.com/android/repository/commandlinetools-linux-11076708_latest.zip -o ${ANDROID_HOME}/cmdline-tools/android_tools.zip \
+    && unzip ${ANDROID_HOME}/cmdline-tools/android_tools.zip -d ${ANDROID_HOME}/cmdline-tools/ \
+    && rm ${ANDROID_HOME}/cmdline-tools/android_tools.zip \
+    && mv ${ANDROID_HOME}/cmdline-tools/cmdline-tools ${ANDROID_HOME}/cmdline-tools/latest \
+    && yes | /opt/android-sdk-linux/cmdline-tools/latest/bin/sdkmanager --licenses --sdk_root=/opt/android-sdk-linux \
+    && /opt/android-sdk-linux/cmdline-tools/latest/bin/sdkmanager 'platform-tools' --sdk_root=/opt/android-sdk-linux \
+    && /opt/android-sdk-linux/cmdline-tools/latest/bin/sdkmanager 'platforms;android-34' --sdk_root=/opt/android-sdk-linux \
+    && /opt/android-sdk-linux/cmdline-tools/latest/bin/sdkmanager 'build-tools;34.0.0' --sdk_root=/opt/android-sdk-linux
+COPY . /opt/blint
 RUN cd /opt/blint \
     && poetry config virtualenvs.create false \
     && poetry install --no-cache --without dev \
     && chmod a-w -R /opt \
     && microdnf clean all
 
-
 ENTRYPOINT [ "blint" ]
diff --git a/README.md b/README.md
@@ -8,6 +8,7 @@ BLint is a Binary Linter to check the security properties, and capabilities in y
 
 Supported binary formats:
 
+- Android (apk, aab)
 - ELF (GNU, musl)
 - PE (exe, dll)
 - Mach-O (x64, arm64)
@@ -42,21 +43,42 @@ You can download single binary builds from the [blint-bin releases](https://gith
 
 ## Usage
 
-```bash
-usage: blint [-h] [-i SRC_DIR_IMAGE] [-o REPORTS_DIR] [--no-error] [--no-banner] [--no-reviews]
+```shell
+usage: blint [-h] [-i SRC_DIR_IMAGE [SRC_DIR_IMAGE ...]] [-o REPORTS_DIR] [--no-error] [--no-banner]
+             [--no-reviews] [--suggest-fuzzable]
+             {sbom} ...
 
-Linting tool for binary files powered by lief.
+Binary linter and SBOM generator.
 
-optional arguments:
+options:
   -h, --help            show this help message and exit
   -i SRC_DIR_IMAGE [SRC_DIR_IMAGE ...], --src SRC_DIR_IMAGE [SRC_DIR_IMAGE ...]
                         Source directories, container images or binary files. Defaults to current directory.
   -o REPORTS_DIR, --reports REPORTS_DIR
-                        Reports directory
-  --no-error            Continue on error to prevent build from breaking
-  --no-banner           Do not display banner
-  --no-reviews          Do not perform method reviews
-  --suggest-fuzzable    Suggest functions and symbols for fuzzing based on a dictionary
+                        Reports directory. Defaults to reports.
+  --no-error            Continue on error to prevent build from breaking.
+  --no-banner           Do not display banner.
+  --no-reviews          Do not perform method reviews.
+  --suggest-fuzzable    Suggest functions and symbols for fuzzing based on a dictionary.
+
+sub-commands:
+  Additional sub-commands
+
+  {sbom}
+    sbom                Command to generate SBOM for supported binaries.
+```
+
+### SBOM sub-command
+
+```shell
+usage: blint sbom [-h] [-i SRC_DIR_IMAGE [SRC_DIR_IMAGE ...]] [--output-file SBOM_OUTPUT]
+
+options:
+  -h, --help            show this help message and exit
+  -i SRC_DIR_IMAGE [SRC_DIR_IMAGE ...], --src SRC_DIR_IMAGE [SRC_DIR_IMAGE ...]
+                        Source directories, container images or binary files. Defaults to current directory.
+  --output-file SBOM_OUTPUT
+                        SBOM output file. Defaults to bom.json in current directory.
 ```
 
 To test any binary including default commands

diff --git a/blint/analysis.py b/blint/analysis.py
@@ -17,8 +17,13 @@
 
 from blint.binary import parse
 from blint.logger import LOG, console
-from blint.utils import (find_exe_files, is_exe, is_fuzzable_name,
-                         is_ignored_file, parse_pe_manifest)
+from blint.utils import (
+    find_exe_files,
+    is_exe,
+    is_fuzzable_name,
+    is_ignored_file,
+    parse_pe_manifest,
+)
 
 try:
     import importlib.resources