Updating vendor regex

wietze · Mar 31, 2024 · 2c7d2c0 · 2c7d2c0
1 parent f34ca52
commit 2c7d2c0
Show file tree

Hide file tree

Showing 2 changed files with 83 additions and 1 deletion.
diff --git a/.github/schema/pychecks.py b/.github/schema/pychecks.py
@@ -0,0 +1,82 @@
+from pydantic import BaseModel, constr, ValidationError, HttpUrl, conlist
+from typing import Optional, List
+from datetime import date
+import sys
+import glob
+import yaml
+
+
+str_non_empty = constr(strip_whitespace=True, min_length=1, pattern=r"[^ ]+", strict=True)
+
+class Acknowledgement(BaseModel):
+    Name: constr(pattern=r"^\w[\w\s\-'']+\w$")
+    Twitter: Optional[constr(pattern=r"^@(\w){1,15}$")] = None
+
+class VersionInformation(BaseModel):
+    CompanyName: str_non_empty = None
+    FileDescription: str_non_empty = None
+    FileVersion: str_non_empty = None
+    InternalName: str_non_empty = None
+    LegalCopyright: str_non_empty = None
+    OriginalFilename: str_non_empty = None
+    ProductName: str_non_empty = None
+    ProductVersion: str_non_empty = None
+
+class SignatureInformation(BaseModel):
+    Subject: constr(pattern=r'^(?i)((CN|C|O|L|C|OU|S|ST|STREET|PostalCode|SERIALNUMBER|OID(\.\d+)+)=(".+?"|''.+?''|([^,]|\\,)+?)(,\s*|$))+$') = None
+    Issuer: constr(pattern=r'^(?i)((CN|C|O|L|C|OU|S|ST|STREET|PostalCode|SERIALNUMBER|OID(\.\d+)+)=(".+?"|''.+?''|([^,]|\\,)+?)(,\s*|$))+$') = None
+    Type: constr(pattern=r"^(Authenticode|Catalog)$")
+
+class VulnerableExecutables(BaseModel):
+    Path: constr(pattern=r"^[ a-zA-Z0-9&_\-\\%\.\(\)]+$")
+    Type: constr(pattern=r"^(Sideloading|Phantom|Search Order|Environment Variable)$")
+    AutoElevate: bool = None
+    PrivilegeEscalation: bool = None
+    Condition: str_non_empty = None
+    SHA256: conlist(constr(pattern=r"^[a-zA-Z0-9]{64}$")) = None
+    Variable: str_non_empty = None
+    ExpectedVersionInformation: Optional[conlist(VersionInformation)] = None
+    ExpectedSignatureInformation: conlist(SignatureInformation) = None
+
+
+class Entry(BaseModel):
+    Name: constr(pattern=r"^[a-z0-9_\-\.]+\.(dll|ocx|cpl)$")
+    Author: constr(pattern=r"^\w[\w\s\-'']+\w$")
+    Created: date
+    Vendor: constr(pattern=r"^\w[\w|\s|\-]*\w$")
+    CVE: Optional[constr(pattern=r"^CVE-\d{4}-\d{3,}$")] = None
+
+    ExpectedVersionInformation: Optional[conlist(VersionInformation)] = None
+    ExpectedSignatureInformation: conlist(SignatureInformation) = None
+
+    ExpectedLocations: Optional[conlist(constr(pattern=r"^[%cC][ a-zA-Z0-9&_\-\\%\.\(\):]+[^\\]$"))] = None
+
+    VulnerableExecutables: conlist(VulnerableExecutables)
+
+    Resources: Optional[List[HttpUrl]] = None
+    Acknowledgements: Optional[List[Acknowledgement]] = None
+
+    class Config:
+        extra = 'forbid'
+
+if __name__ == "__main__":
+    if len(sys.argv) != 2:
+        raise Exception("Unexpected argument count")
+    path = sys.argv[1]
+    for x in glob.glob(sys.argv[1], recursive=True):
+        with open(x, encoding='utf-8') as f:
+            try:
+                data = yaml.safe_load(f)
+            except:
+                raise Exception("Could not parse YAML")
+
+            try:
+                Entry.model_validate(data, strict=True)
+            except ValidationError as e:
+                error_messages = []
+                for error in e.errors():
+                    error_messages.append(f"{error['msg']}: {'.'.join(str(y) for y in error['loc'])}")
+                print("> {}".format(x))
+                print(data)
+                print(f"ERROR: {', '.join(error_messages)}")
+                sys.exit(-1)
diff --git a/.github/schema/schema.yml b/.github/schema/schema.yml
@@ -20,7 +20,7 @@ mapping:
 
   Vendor:
     type: str
-    pattern: '^\w[\w|\s|\-]*\w$'
+    pattern: '^\w[\w|\s|\-|\+]*\w$'
     required: true
 
   CVE: