From fe84375140251ae54232102010fa2e806e5a5b6e Mon Sep 17 00:00:00 2001 From: Wietze Date: Sun, 31 Mar 2024 19:52:12 +0100 Subject: [PATCH] Adding variable --- .github/schema/pychecks.py | 82 --------------------------- yml/3rd_party/notepad++/mimetools.yml | 2 +- 2 files changed, 1 insertion(+), 83 deletions(-) delete mode 100644 .github/schema/pychecks.py diff --git a/.github/schema/pychecks.py b/.github/schema/pychecks.py deleted file mode 100644 index b2f64972..00000000 --- a/.github/schema/pychecks.py +++ /dev/null @@ -1,82 +0,0 @@ -from pydantic import BaseModel, constr, ValidationError, HttpUrl, conlist -from typing import Optional, List -from datetime import date -import sys -import glob -import yaml - - -str_non_empty = constr(strip_whitespace=True, min_length=1, pattern=r"[^ ]+", strict=True) - -class Acknowledgement(BaseModel): - Name: constr(pattern=r"^\w[\w\s\-'']+\w$") - Twitter: Optional[constr(pattern=r"^@(\w){1,15}$")] = None - -class VersionInformation(BaseModel): - CompanyName: str_non_empty = None - FileDescription: str_non_empty = None - FileVersion: str_non_empty = None - InternalName: str_non_empty = None - LegalCopyright: str_non_empty = None - OriginalFilename: str_non_empty = None - ProductName: str_non_empty = None - ProductVersion: str_non_empty = None - -class SignatureInformation(BaseModel): - Subject: constr(pattern=r'^(?i)((CN|C|O|L|C|OU|S|ST|STREET|PostalCode|SERIALNUMBER|OID(\.\d+)+)=(".+?"|''.+?''|([^,]|\\,)+?)(,\s*|$))+$') = None - Issuer: constr(pattern=r'^(?i)((CN|C|O|L|C|OU|S|ST|STREET|PostalCode|SERIALNUMBER|OID(\.\d+)+)=(".+?"|''.+?''|([^,]|\\,)+?)(,\s*|$))+$') = None - Type: constr(pattern=r"^(Authenticode|Catalog)$") - -class VulnerableExecutables(BaseModel): - Path: constr(pattern=r"^[ a-zA-Z0-9&_\-\\%\.\(\)]+$") - Type: constr(pattern=r"^(Sideloading|Phantom|Search Order|Environment Variable)$") - AutoElevate: bool = None - PrivilegeEscalation: bool = None - Condition: str_non_empty = None - SHA256: conlist(constr(pattern=r"^[a-zA-Z0-9]{64}$")) = None - Variable: str_non_empty = None - ExpectedVersionInformation: Optional[conlist(VersionInformation)] = None - ExpectedSignatureInformation: conlist(SignatureInformation) = None - - -class Entry(BaseModel): - Name: constr(pattern=r"^[a-z0-9_\-\.]+\.(dll|ocx|cpl)$") - Author: constr(pattern=r"^\w[\w\s\-'']+\w$") - Created: date - Vendor: constr(pattern=r"^\w[\w|\s|\-]*\w$") - CVE: Optional[constr(pattern=r"^CVE-\d{4}-\d{3,}$")] = None - - ExpectedVersionInformation: Optional[conlist(VersionInformation)] = None - ExpectedSignatureInformation: conlist(SignatureInformation) = None - - ExpectedLocations: Optional[conlist(constr(pattern=r"^[%cC][ a-zA-Z0-9&_\-\\%\.\(\):]+[^\\]$"))] = None - - VulnerableExecutables: conlist(VulnerableExecutables) - - Resources: Optional[List[HttpUrl]] = None - Acknowledgements: Optional[List[Acknowledgement]] = None - - class Config: - extra = 'forbid' - -if __name__ == "__main__": - if len(sys.argv) != 2: - raise Exception("Unexpected argument count") - path = sys.argv[1] - for x in glob.glob(sys.argv[1], recursive=True): - with open(x, encoding='utf-8') as f: - try: - data = yaml.safe_load(f) - except: - raise Exception("Could not parse YAML") - - try: - Entry.model_validate(data, strict=True) - except ValidationError as e: - error_messages = [] - for error in e.errors(): - error_messages.append(f"{error['msg']}: {'.'.join(str(y) for y in error['loc'])}") - print("> {}".format(x)) - print(data) - print(f"ERROR: {', '.join(error_messages)}") - sys.exit(-1) diff --git a/yml/3rd_party/notepad++/mimetools.yml b/yml/3rd_party/notepad++/mimetools.yml index 3dfa8109..2cbcb7a5 100644 --- a/yml/3rd_party/notepad++/mimetools.yml +++ b/yml/3rd_party/notepad++/mimetools.yml @@ -17,7 +17,7 @@ ExpectedSignatureInformation: Issuer: CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US Type: Authenticode VulnerableExecutables: -- Path: 'C:\Program Files\Notepad++\notepad++.exe' +- Path: '%PROGRAMFILES%\Notepad++\notepad++.exe' Type: Sideloading ExpectedVersionInformation: - CompanyName: Don HO don.h@free.fr