clean up

malice-plugins · Nov 12, 2017 · 0921543 · 0921543
1 parent ff97988
commit 0921543
Show file tree

Hide file tree

Showing 12 changed files with 155 additions and 51 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -3,15 +3,16 @@ jobs:
   build:
     working_directory: /app
     docker:
-      - image: docker:17.07.0-ce-git
+      - image: docker:17.10.0-ce
     steps:
       - checkout
       - setup_remote_docker:
-          version: 17.07.0-ce
+          version: 17.10.0-ce
       - run:
           name: Install dependencies
           command: |
-            apk add --no-cache jq curl
+            apk add --no-cache curl jq
+      - restore_cache:
           keys:
             - v1-{{ .Branch }}
           paths:
@@ -49,7 +50,7 @@ jobs:
             curl -L -o /tmp/sample https://github.com/maliceio/malice-av/raw/master/samples/befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
             docker create -v /malware --name malvol alpine:3.6 /bin/true
             docker cp /tmp/sample malvol:/malware
-            docker run --rm --volumes-from malvol app -t sample            
+            docker run --rm --volumes-from malvol app -t sample
             docker run --rm --volumes-from malvol app -V sample | jq .
       - run:
           name: Run update test

diff --git a/.dockerignore b/.dockerignore
@@ -1,12 +1,18 @@
 # Ignore .git folder
 .git*
-
-Dockerfile*
-docker-compose*
-.dockerignore
-.git
 .gitignore
+
+docs*
+.circleci*
+.vscode*
+
 README.md
+README.md.bu
+NOTES.md
 LICENSE
-.vscode
+Makefile
+CHANGELOG.md
+
 *.tar
+seccomp.json
+Vagrantfile
diff --git a/.gitignore b/.gitignore
@@ -12,8 +12,9 @@
 
 # Project-local glide cache, RE: https://github.com/Masterminds/glide/issues/736
 .glide/
+
 *.bu
 *.tar
 .vagrant
 befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
-.circleci/build_num
+.circleci/build_num
diff --git a/Dockerfile b/Dockerfile
@@ -5,9 +5,9 @@ LABEL maintainer "https://github.com/blacktop"
 LABEL malice.plugin.repository = "https://github.com/malice-plugins/windows-defender.git"
 LABEL malice.plugin.category="av"
 LABEL malice.plugin.mime="*"
-LABEL malice.plugin.docker.engine="linux"
+LABEL malice.plugin.docker.engine="*"
 
-ENV GO_VERSION 1.8.3
+ENV GO_VERSION 1.9.2
 
 COPY . /go/src/github.com/maliceio/malice-windows-defender
 RUN buildDeps='ca-certificates \

diff --git a/Makefile b/Makefile
@@ -1,43 +1,92 @@
 REPO=malice-plugins/windows-defender
 ORG=malice
 NAME=windows-defender
+CATEGORY=av
 VERSION=$(shell cat VERSION)
+MALWARE="befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408"
 
-all: build size test
 
-dev:
-	docker build -t $(ORG)/$(NAME):dev -f Dockerfile.dev .
+all: build size test test-markdown
 
-build:
+build: ## Build docker image
 	docker build -t $(ORG)/$(NAME):$(VERSION) .
 
-size:
-	sed -i.bu 's/docker image-.*-blue/docker image-$(shell docker images --format "{{.Size}}" $(ORG)/$(NAME):$(VERSION))-blue/' README.md
+.PHONY: dev
+dev: ## Build dev docker image
+	docker build -f Dockerfile.dev -t $(ORG)/$(NAME):dev .
 
+.PHONY: size
+size: build ## Get built image size
+	sed -i.bu 's/docker%20image-.*-blue/docker%20image-$(shell docker images --format "{{.Size}}" $(ORG)/$(NAME):$(VERSION)| cut -d' ' -f1)-blue/' README.md
+
+.PHONY: tags
 tags:
 	docker images --format "table {{.Repository}}\t{{.Tag}}\t{{.Size}}" $(ORG)/$(NAME)
 
+.PHONY: tar
 tar: build
-	docker save $(ORG)/$(NAME):$(VERSION) -o wdef.tar
-
-update:
-	@docker run  --rm $(ORG)/$(NAME):$(VERSION) update
-
-test:
-	docker run --init --rm $(ORG)/$(NAME):$(VERSION) --help
-	test -f befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408 || wget https://github.com/maliceio/malice-av/raw/master/samples/befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
-	docker run --init --rm -v $(PWD):/malware $(ORG)/$(NAME):$(VERSION) -t befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408 > SAMPLE.md
-	docker run --init --rm -v $(PWD):/malware $(ORG)/$(NAME):$(VERSION) -V befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408 > results.json
-	cat results.json | jq .
-	rm befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
+	@docker save $(ORG)/$(NAME):$(VERSION) -o wdef.tar
 
+.PHONY: vagrant
 vagrant: tar
 	@vagrant up
 	@vagrant ssh
 
-circle:
-	http https://circleci.com/api/v1.1/project/github/${REPO} | jq '.[0].build_num' > .circleci/build_num
-	http "$(shell http https://circleci.com/api/v1.1/project/github/${REPO}/$(shell cat .circleci/build_num)/artifacts${CIRCLE_TOKEN} | jq '.[].url')" > .circleci/SIZE
-	sed -i.bu 's/docker%20image-.*-blue/docker%20image-$(shell cat .circleci/SIZE)-blue/' README.md
+test:
+	@echo "===> Starting elasticsearch"
+	@docker rm -f elasticsearch || true
+	@docker run --init -d --name elasticsearch -p 9200:9200 blacktop/elasticsearch
+	@echo "===> ${NAME} --help"
+	@sleep 10; docker run --rm $(ORG)/$(NAME):$(VERSION)
+	@echo "===> ${NAME} malware test"
+	@test -f $(MALWARE) || wget https://github.com/maliceio/malice-av/raw/master/samples/$(MALWARE)
+	@docker run --rm --link elasticsearch -v $(PWD):/malware $(ORG)/$(NAME):$(VERSION) -V $(MALWARE) | jq . > docs/results.json
+	@cat docs/results.json | jq .
+
+.PHONY: test-markdown
+test-markdown:
+	@echo "===> ${NAME} pull MarkDown from elasticsearch results"
+	@http localhost:9200/malice/_search | jq . > docs/elastic.json
+	@cat docs/elastic.json | jq '.hits.hits[] ._source.plugins.${CATEGORY}' | jq -r '.["${NAME}"].markdown' > docs/SAMPLE.md
+	@docker rm -f elasticsearch
+
+.PHONY: run
+run: stop ## Run docker container
+	@docker run --init -d --name $(NAME) -p 9200:9200 $(ORG)/$(NAME):$(VERSION)
+
+.PHONY: ssh
+ssh: ## SSH into docker image
+	@docker run -it --rm --entrypoint=sh $(ORG)/$(NAME):$(VERSION)
+
+.PHONY: ssh-dev
+ssh-dev: ## SSH into docker image
+	@docker run -it --rm --entrypoint=sh $(ORG)/$(NAME):dev
+
+.PHONY: stop
+stop: ## Kill running docker containers
+	@docker rm -f $(NAME) || true
+
+circle: ci-size
+	@sed -i.bu 's/docker%20image-.*-blue/docker%20image-$(shell cat .circleci/SIZE)-blue/' README.md
+	@echo "===> Image size is: $(shell cat .circleci/SIZE)"
+
+ci-build:
+	@echo "===> Getting CircleCI build number"
+	@http https://circleci.com/api/v1.1/project/github/${REPO} | jq '.[0].build_num' > .circleci/build_num
+
+ci-size: ci-build
+	@echo "===> Getting image build size from CircleCI"
+	@http "$(shell http https://circleci.com/api/v1.1/project/github/${REPO}/$(shell cat .circleci/build_num)/artifacts${CIRCLE_TOKEN} | jq '.[].url')" > .circleci/SIZE
+
+clean: ## Clean docker image and stop all running containers
+	docker-clean stop
+	docker rmi $(ORG)/$(NAME):$(VERSION) || true
+	docker rmi $(ORG)/$(NAME):dev || true
+	rm $(MALWARE) || true
+	rm README.md.bu || true
+
+# Absolutely awesome: http://marmelab.com/blog/2016/02/29/auto-documented-makefile.html
+help:
+	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
 
-.PHONY: build size tags test tar circle vagrant
+.DEFAULT_GOAL := all
diff --git a/README.md b/README.md
@@ -5,15 +5,17 @@ malice-windows-defender
 [![License](http://img.shields.io/:license-mit-blue.svg)](http://doge.mit-license.org)
 [![Docker Stars](https://img.shields.io/docker/stars/malice/windows-defender.svg)](https://store.docker.com/community/images/malice/windows-defender)
 [![Docker Pulls](https://img.shields.io/docker/pulls/malice/windows-defender.svg)](https://store.docker.com/community/images/malice/windows-defender)
-[![Docker Image](https://img.shields.io/badge/docker%20image-288MB-blue.svg)](https://store.docker.com/community/images/malice/windows-defender)
+[![Docker Image](https://img.shields.io/badge/docker%20image-267MB-blue.svg)](https://store.docker.com/community/images/malice/windows-defender)
 
-This repository contains a **Dockerfile** of [Windows Defender](https://www.microsoft.com/en-us/windows/windows-defender) for [Docker](https://www.docker.io/)'s [trusted build](https://store.docker.com/community/images/malice/windows-defender) published to the public [DockerHub](https://hub.docker.com).
+> This repository contains a **Dockerfile** of [Windows Defender](https://www.microsoft.com/en-us/windows/windows-defender) for the malice plugin **malice/windows-defender**..
 
-> :warning: **NOTE:** Will not work on **Docker for Mac** because `CONFIG_MODIFY_LDT_SYSCALL` is not enabled :warning:  
+:warning: **NOTE:** Will not work on **Docker for Mac** because `CONFIG_MODIFY_LDT_SYSCALL` is not enabled :warning:  
+
+___
 
 ### Dependencies
 
--	[ubuntu (*118 MB*\)](https://hub.docker.com/_/ubuntu/)
+-	[ubuntu:xenial (*118 MB*\)](https://hub.docker.com/_/ubuntu/)
 
 ### Installation
 
@@ -35,7 +37,7 @@ Usage: windows-defender [OPTIONS] COMMAND [arg...]
 
 Malice Windows Defender AntiVirus Plugin
 
-Version: v0.1.0, BuildTime: 20170527
+Version: v0.1.0, BuildTime: 20171112
 
 Author:
   blacktop - <https://github.com/blacktop>
@@ -70,28 +72,28 @@ This will output to stdout and POST to malice results API webhook endpoint.
     "infected": true,
     "result": "Virus:DOS/EICAR_Test_File",
     "engine": "0.1.0",
-    "updated": "20170527"
+    "updated": "20171112"
   }
 }
 ```
 
-### STDOUT (Markdown Table):
+### Markdown:
 
 ---
 
 #### Windows Defender
 
 | Infected | Result                    | Engine | Updated  |
-| -------- | ------------------------- | ------ | -------- |
-| true     | Virus:DOS/EICAR_Test_File | 0.1.0  | 20170527 |
+|:---------|:--------------------------|:-------|:---------|
+| true     | Virus:DOS/EICAR_Test_File | 0.1.0  | 20171112 |
 
 ---
 
 Documentation
 -------------
 
 -	[To write results to ElasticSearch](https://github.com/maliceio/malice-windows-defender/blob/master/docs/elasticsearch.md)
--	[To create a Bitdefender scan micro-service](https://github.com/maliceio/malice-windows-defender/blob/master/docs/web.md)
+-	[To create a Windows Defender scan micro-service](https://github.com/maliceio/malice-windows-defender/blob/master/docs/web.md)
 -	[To post results to a webhook](https://github.com/maliceio/malice-windows-defender/blob/master/docs/callback.md)
 -	[To update the AV definitions](https://github.com/maliceio/malice-windows-defender/blob/master/docs/update.md)
 

diff --git a/Vagrantfile b/Vagrantfile
@@ -81,7 +81,7 @@ Vagrant.configure("2") do |config|
     sudo apt-get install -y docker-engine
     sudo usermod -aG docker vagrant
     echo "Installing docker-compose ======================="
-    curl -L https://github.com/docker/compose/releases/download/1.14.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
+    curl -L https://github.com/docker/compose/releases/download/1.17.1/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
     chmod +x /usr/local/bin/docker-compose
     echo "Installing docker-clean ========================="
     curl -s https://raw.githubusercontent.com/ZZROTDesign/docker-clean/v2.0.4/docker-clean | sudo tee /usr/local/bin/docker-clean > /dev/null

diff --git a/SAMPLE.md → docs/SAMPLE.md b/SAMPLE.md → docs/SAMPLE.md
@@ -1,4 +1,5 @@
 #### Windows Defender
 | Infected      | Result      | Engine      | Updated      |
 |:-------------:|:-----------:|:-----------:|:------------:|
-| true | Backdoor:Win32/Lecna!dha | 0.1.0 | 20170910 |
+| true | Backdoor:Win32/Lecna!dha | 0.1.0 | 20171112 |
+
diff --git a/docs/elastic.json b/docs/elastic.json
@@ -0,0 +1,35 @@
+{
+  "took": 3,
+  "timed_out": false,
+  "_shards": {
+    "total": 1,
+    "successful": 1,
+    "failed": 0
+  },
+  "hits": {
+    "total": 1,
+    "max_score": 1,
+    "hits": [
+      {
+        "_index": "malice",
+        "_type": "samples",
+        "_id": "AV-xuG9JCZYeIXix6PqY",
+        "_score": 1,
+        "_source": {
+          "plugins": {
+            "av": {
+              "windows-defender": {
+                "engine": "0.1.0",
+                "infected": true,
+                "markdown": "#### Windows Defender\n| Infected      | Result      | Engine      | Updated      |\n|:-------------:|:-----------:|:-----------:|:------------:|\n| true | Backdoor:Win32/Lecna!dha | 0.1.0 | 20171112 |\n",
+                "result": "Backdoor:Win32/Lecna!dha",
+                "updated": "20171112"
+              }
+            }
+          },
+          "scan_date": "2017-11-12T19:32:55.223188Z"
+        }
+      }
+    ]
+  }
+}
diff --git a/docs/results.json b/docs/results.json
@@ -0,0 +1,8 @@
+{
+  "windows-defender": {
+    "infected": true,
+    "result": "Backdoor:Win32/Lecna!dha",
+    "engine": "0.1.0",
+    "updated": "20171112"
+  }
+}
diff --git a/results.json b/results.json
diff --git a/update.sh b/update.sh
@@ -2,11 +2,13 @@
 
 echo "===> Installing deps..."
 apt-get update -qq && apt-get install -yq wget cabextract
+
 echo "===> Download 32-bit antimalware update file.."
 wget --progress=bar:force "https://go.microsoft.com/fwlink/?LinkID=121721&arch=x86" -O /loadlibrary/engine/mpam-fe.exe
 cd /loadlibrary/engine
 cabextract mpam-fe.exe
+
 echo "===> Clean up unnecessary files..."
-apt-get purge -y --auto-remove wget cabextract $(apt-mark showauto)
+apt-get purge -y --auto-remove wget cabextract "$(apt-mark showauto)"
 apt-get clean \
-rm -rf /var/lib/apt/lists/* /var/cache/apt/archives /tmp/* /var/tmp/* mpam-fe.exe
+rm -rf /var/lib/apt/lists/* /var/cache/apt/archives /tmp/* /var/tmp/* mpam-fe.exe