Skip to content

feat: report known malware for all ecosystems#922

Merged
behnazh-w merged 2 commits into
stagingfrom
behnazh/check-known-mal
Nov 22, 2024
Merged

feat: report known malware for all ecosystems#922
behnazh-w merged 2 commits into
stagingfrom
behnazh/check-known-mal

Conversation

@behnazh-w

@behnazh-w behnazh-w commented Nov 19, 2024

Copy link
Copy Markdown
Member

If a package is already known to be malicious, this PR reports it as part of the mcn_detect_malicious_metadata_1 check. Additionally, two new integration tests for known Python and npm malware have been added.

@behnazh-w behnazh-w requested a review from tromai as a code owner November 19, 2024 04:15
@oracle-contributor-agreement oracle-contributor-agreement Bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label Nov 19, 2024
@behnazh-w behnazh-w force-pushed the behnazh/check-known-mal branch from 5fd7cb4 to 688af68 Compare November 19, 2024 04:24
@behnazh-w behnazh-w requested a review from nicallen November 19, 2024 04:29
@behnazh-w behnazh-w force-pushed the behnazh/check-known-mal branch 3 times, most recently from 426767b to b76afe2 Compare November 19, 2024 05:03
@behnazh-w behnazh-w requested a review from art1f1c3R November 20, 2024 01:03
nicallen
nicallen reviewed Nov 20, 2024
View reviewed changes
Comment thread src/macaron/slsa_analyzer/checks/detect_malicious_metadata_check.py Outdated
nicallen
nicallen reviewed Nov 20, 2024
View reviewed changes
Comment thread src/macaron/util.py
tromai
tromai reviewed Nov 21, 2024
View reviewed changes
Comment thread src/macaron/util.py
@behnazh-w
feat: report known malware for all ecosystems
af0cc7c 
Signed-off-by: behnazh-w <behnaz.hassanshahi@oracle.com>
@behnazh-w
chore: address PR comment
eaf0ace 
Signed-off-by: behnazh-w <behnaz.hassanshahi@oracle.com>
@behnazh-w behnazh-w force-pushed the behnazh/check-known-mal branch from a61bb94 to eaf0ace Compare November 22, 2024 05:36
@behnazh-w behnazh-w merged commit b5afe0d into staging Nov 22, 2024
art1f1c3R pushed a commit that referenced this pull request Nov 29, 2024
@behnazh-w
feat: report known malware for all ecosystems (#922)
1722f82 
If a package is already known to be malicious, this PR reports it as part of the mcn_detect_malicious_metadata_1 check. Additionally, two new integration tests for known Python and npm malware have been added.

Signed-off-by: behnazh-w <behnaz.hassanshahi@oracle.com>
@behnazh-w behnazh-w deleted the behnazh/check-known-mal branch December 4, 2024 08:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nicallen nicallen nicallen approved these changes

+2 more reviewers

@tromai tromai tromai approved these changes

@art1f1c3R art1f1c3R art1f1c3R approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

OCA Verified All contributors have signed the Oracle Contributor Agreement.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@behnazh-w @nicallen @tromai @art1f1c3R