feat: v2.0.0 - Vollständiger AUR Security Scanner
- Multi-Source IOC Fetcher (HedgeDoc, CISA, Arch Security, Gist) - AUR-spezifische IOC-Prüfung (keine False-Positives für offizielle Repos) - Erweiterte Threat-Typen (Ransomware, Infostealer, etc.) - Trust-Scoring mit 12 Heuristiken - ALPM-Hook für Pre-Install-Checks - Cache mit 5-Minuten-TTL - CVE und Advisory-URL Support
This commit is contained in:
Thuumate 👻
+1
-1
@@ -1,6 +1,6 @@
|
|||||||
[package]
|
[package]
|
||||||
name = "aegisaur"
|
name = "aegisaur"
|
||||||
version = "0.1.0"
|
version = "2.0.0"
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
authors = ["Quasi & Thuumate 👻"]
|
authors = ["Quasi & Thuumate 👻"]
|
||||||
description = "Trust-Scoring + IOC-Scanner für Arch Linux AUR-Pakete"
|
description = "Trust-Scoring + IOC-Scanner für Arch Linux AUR-Pakete"
|
||||||
|
|||||||
+53
-2
@@ -90,10 +90,23 @@ impl PackageScanner {
|
|||||||
) -> Result<ScanResult> {
|
) -> Result<ScanResult> {
|
||||||
info!("Scanne Paket: {}", package);
|
info!("Scanne Paket: {}", package);
|
||||||
|
|
||||||
|
// Prüfe ob Paket in offiziellem Repo oder AUR
|
||||||
|
let is_aur = self.is_aur_package(package).await;
|
||||||
|
|
||||||
let iocs = self.ioc_fetcher.get_cached_iocs().await?;
|
let iocs = self.ioc_fetcher.get_cached_iocs().await?;
|
||||||
let ioc_matches = self.ioc_fetcher.check_package(package, &iocs);
|
let ioc_matches = if is_aur {
|
||||||
|
// Nur für AUR-Pakete IOCs prüfen
|
||||||
|
self.ioc_fetcher.check_package(package, &iocs)
|
||||||
|
} else {
|
||||||
|
// Für offizielle Repo-Pakete: keine IOC-Warnungen
|
||||||
|
vec![]
|
||||||
|
};
|
||||||
|
|
||||||
let aur_info = self.fetch_aur_info(package).await?;
|
let aur_info = if is_aur {
|
||||||
|
self.fetch_aur_info(package).await?
|
||||||
|
} else {
|
||||||
|
None
|
||||||
|
};
|
||||||
|
|
||||||
let pkgbuild_analysis = if let Some(ref info) = aur_info {
|
let pkgbuild_analysis = if let Some(ref info) = aur_info {
|
||||||
if let Some(url) = &info.url_path {
|
if let Some(url) = &info.url_path {
|
||||||
@@ -278,6 +291,44 @@ impl PackageScanner {
|
|||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Prüft ob ein Paket aus dem AUR stammt (nicht offizielles Repo)
|
||||||
|
async fn is_aur_package(&self, package: &str) -> bool {
|
||||||
|
// Versuche offizielles Repo-Info zu holen
|
||||||
|
let official = Command::new("pacman")
|
||||||
|
.args(["-Si", package])
|
||||||
|
.output()
|
||||||
|
.await;
|
||||||
|
|
||||||
|
match official {
|
||||||
|
Ok(output) => {
|
||||||
|
if output.status.success() {
|
||||||
|
// Paket in offiziellem Repo gefunden
|
||||||
|
let stdout = String::from_utf8_lossy(&output.stdout);
|
||||||
|
if stdout.contains("Repository : aur") || stdout.contains("Repository : AUR") {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
// Alle anderen Repos (core, extra, community, multilib, etc.)
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Err(_) => {}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Fallback: Prüfe ob es ein "foreign" Paket ist (AUR)
|
||||||
|
let foreign = Command::new("pacman")
|
||||||
|
.args(["-Qm"])
|
||||||
|
.output()
|
||||||
|
.await;
|
||||||
|
|
||||||
|
match foreign {
|
||||||
|
Ok(output) => {
|
||||||
|
let stdout = String::from_utf8_lossy(&output.stdout);
|
||||||
|
stdout.lines().any(|line| line.starts_with(package))
|
||||||
|
}
|
||||||
|
Err(_) => false,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
async fn fetch_aur_info(
|
async fn fetch_aur_info(
|
||||||
&self, package: &str
|
&self, package: &str
|
||||||
) -> Result<Option<AurPackageInfo>> {
|
) -> Result<Option<AurPackageInfo>> {
|
||||||
|
|||||||
Reference in New Issue
Block a user