Merge pull request #1443 from m-1-k-3/little_fixes_again

Little error handling updates
e-m-b-a · Jan 24, 2025 · 2514be2 · 2514be2
2 parents 8a52fa9 + fbeb1a7
commit 2514be2
Show file tree

Hide file tree

Showing 10 changed files with 26 additions and 13 deletions.
diff --git a/check_project.sh b/check_project.sh
@@ -130,7 +130,7 @@ dockerchecker() {
   mapfile -t DOCKER_COMPS < <(find . -maxdepth 1 -iname "docker-compose*.yml")
   for DOCKER_COMP in "${DOCKER_COMPS[@]}"; do
     echo -e "\\n""${GREEN}""Run docker check on ${DOCKER_COMP}:""${NC}""\\n"
-    if docker-compose -f "${DOCKER_COMP}" config 1>/dev/null || [[ $? -ne 1 ]]; then
+    if docker compose -f "${DOCKER_COMP}" config 1>/dev/null || [[ $? -ne 1 ]]; then
       echo -e "${GREEN}""${BOLD}""==> SUCCESS""${NC}""\\n"
     else
       echo -e "\\n""${ORANGE}${BOLD}==> FIX ERRORS""${NC}""\\n"
@@ -275,7 +275,7 @@ summary() {
   fi
   if [[ "${#MODULES_TO_CHECK_ARR_DOCKER[@]}" -gt 0 ]]; then
     echo -e "\\n\\n""${GREEN}${BOLD}""SUMMARY:${NC}\\n"
-    echo -e "Modules to check (docker-compose): ${#MODULES_TO_CHECK_ARR_DOCKER[@]}\\n"
+    echo -e "Modules to check (docker compose): ${#MODULES_TO_CHECK_ARR_DOCKER[@]}\\n"
     for MODULE in "${MODULES_TO_CHECK_ARR_DOCKER[@]}"; do
       echo -e "${ORANGE}${BOLD}==> FIX MODULE: ""${MODULE}""${NC}"
     done

diff --git a/helpers/helpers_emba_dependency_check.sh b/helpers/helpers_emba_dependency_check.sh
@@ -247,7 +247,7 @@ dependency_check()
     # the update check can be disabled via NO_UPDATE_CHECK
     if [[ "${NO_UPDATE_CHECK}" -ne 1 ]]; then
       export GIT_TERMINAL_PROMPT=0
-      git clone https://github.com/EMBA-support-repos/onlinecheck "${EXT_DIR}"/onlinechecker -q
+      timeout --preserve-status --signal SIGINT 5s git clone https://github.com/EMBA-support-repos/onlinecheck "${EXT_DIR}"/onlinechecker -q
     fi
 
     if [[ -f "${EXT_DIR}"/onlinechecker/EMBA_VERSION.txt ]]; then

diff --git a/helpers/helpers_emba_html_generator.sh b/helpers/helpers_emba_html_generator.sh
@@ -609,7 +609,7 @@ generate_report_file() {
         # add anchor to file
         lA_MODUL_NAME="$(echo "${lMODUL_NAME}" | sed -e "s@\ @_@g" | tr "[:upper:]" "[:lower:]")"
         lLINE="$(echo "${TITLE_ANCHOR}" | sed -e "s@ANCHOR@${lA_MODUL_NAME}@g")""${lMODUL_NAME}""${LINK_END}"
-        sed -i -E "s@${lMODUL_NAME}@${lLINE}@" "${lTMP_FILE}"
+        sed -i -E "s@${lMODUL_NAME}@${lLINE}@" "${lTMP_FILE}" || true
         # add link to index navigation
         add_link_to_index "${lHTML_FILE}" "${lMODUL_NAME}"
         # add module anchor to navigation
@@ -626,7 +626,7 @@ generate_report_file() {
           lSUBMODUL_NAME="$( strip_color_tags "${lSUBMODUL_NAME}" | cut -d" " -f 2- )"
           lA_SUBMODUL_NAME="$(echo "${lSUBMODUL_NAME}" | sed -e "s@[^a-zA-Z0-9]@@g" | tr "[:upper:]" "[:lower:]")"
           lLINE="$(echo "${TITLE_ANCHOR}" | sed -e "s@ANCHOR@${lA_SUBMODUL_NAME}@g")""${lSUBMODUL_NAME}""${LINK_END}"
-          sed -i -E "s@${lSUBMODUL_NAME}@${lLINE}@" "${lTMP_FILE}"
+          sed -i -E "s@${lSUBMODUL_NAME}@${lLINE}@" "${lTMP_FILE}" || true
           # Add anchor to file
           lSUB_NAV_LINK="$(echo "${SUBMODUL_LINK}" | sed -e "s@LINK@#${lA_SUBMODUL_NAME}@g")"
           sed -i "${lLINE_NUMBER_REP_NAV}"'s@$@'"${lSUB_NAV_LINK}""${lSUBMODUL_NAME}""${LINK_END}"'@' "${ABS_HTML_PATH}""/""${lHTML_FILE}"

diff --git a/modules/Q02_openai_question.sh b/modules/Q02_openai_question.sh
@@ -141,7 +141,12 @@ ask_chatgpt() {
         # print_output "[*] AI-Assisted analysis for ${ORANGE}${lGPT_INPUT_FILE_}${NC}" "" "${lGPT_FILE_DIR_}/${lGPT_INPUT_FILE_mod}.log"
         print_output "[*] AI-Assisted analysis for ${lGPT_INPUT_FILE_mod}" "" "${lGPT_FILE_DIR_}/${lGPT_INPUT_FILE_mod}.log"
         print_output "$(indent "$(orange "$(print_path "${lSCRIPT_PATH_TMP_}")")")"
-        head -n -2 "${CONFIG_DIR}/gpt_template.json" > "${TMP_DIR}/chat.json"
+        head -n -2 "${CONFIG_DIR}/gpt_template.json" > "${TMP_DIR}/chat.json" || print_error "[-] Tmp file create error for ${lSCRIPT_PATH_TMP_}"
+        if [[ ! -f "${TMP_DIR}/chat.json" ]]; then
+          print_output "[-] Temp file ${TMP_DIR}/chat.json for further analysis of ${lSCRIPT_PATH_TMP_} was not created ... some Error occured"
+          return
+        fi
+
         lCHATGPT_CODE_=$(sed 's/\\//g;s/"/\\\"/g' "${lSCRIPT_PATH_TMP_}" | tr -d '[:space:]' | sed 's/\[ASK_GPT\].*//')
         if [[ "${#lCHATGPT_CODE_}" -gt 4561 ]]; then
           print_output "[*] GPT request is too big ... stripping it now" "no_log"
@@ -209,6 +214,9 @@ ask_chatgpt() {
             readarray -t Q02_OPENAI_QUESTIONS < <(sort -k 3 -t ';' -r "${CSV_DIR}/q02_openai_question.csv.tmp")
             # reset the array index to start again with the highest rated entry
             lELE_INDEX=0
+            if grep -q "Testing phase ended" "${LOG_DIR}"/"${MAIN_LOG_FILE}"; then
+              return
+            fi
             sleep 30s
             continue
           fi

diff --git a/modules/S02_UEFI_FwHunt.sh b/modules/S02_UEFI_FwHunt.sh
@@ -99,7 +99,7 @@ fwhunter_logging() {
   local lFWHUNTER_BINARY_MATCH=""
   local lFWHUNTER_BINARLY_IDs_ARR=()
 
-  mapfile -t FWHUNTER_RESULTS_ARR < <(find "${LOG_PATH_MODULE}" -type f -print0|xargs -r -0 -P 16 -I % sh -c 'grep -H "Scanner result.*FwHunt rule has been triggered" "%"')
+  mapfile -t FWHUNTER_RESULTS_ARR < <(find "${LOG_PATH_MODULE}" -type f -print0|xargs -r -0 -P 16 -I % sh -c 'grep -H "Scanner result.*FwHunt rule has been triggered" "%" || true')
   if ! [[ "${#FWHUNTER_RESULTS_ARR[@]}" -gt 0 ]]; then
     return
   fi
@@ -128,7 +128,7 @@ fwhunter_logging() {
       done
     fi
 
-    mapfile -t lFWHUNTER_BINARY_MATCH_ARR < <(basename "$(grep "Running FwHunt on" "${lFWHUNTER_RESULT_FILE}" | cut -d\  -f5-)" | sort -u)
+    mapfile -t lFWHUNTER_BINARY_MATCH_ARR < <(basename "$(grep "Running FwHunt on" "${lFWHUNTER_RESULT_FILE}" | cut -d\  -f5-)" | sort -u || true)
     if [[ "${lFWHUNTER_RESULT}" == *"rule has been triggered and threat detected"* ]]; then
       if [[ "${#lCVE_RESULTS_BINARLY_ARR[@]}" -gt 0 ]]; then
         for lBINARLY_ID_CVE in "${lCVE_RESULTS_BINARLY_ARR[@]}"; do

diff --git a/modules/S09_firmware_base_version_check.sh b/modules/S09_firmware_base_version_check.sh
@@ -760,7 +760,10 @@ bin_string_checker() {
   # print_output "[*] Testing version identifier ${lVERSION_IDENTIFIERS_ARR[*]} against ${#FILE_ARR[@]} files" "no_log"
 
   for lBIN in "${FILE_ARR[@]}"; do
-    # print_output "[*] Testing ${lBIN} for versions"
+    if [[ ! -f "${lBIN}" ]]; then
+      print_output "[*] Binary ${lBIN} not found - Not testing for versions"
+      continue
+    fi
     lMD5_SUM="$(md5sum "${lBIN}")"
     lMD5_SUM="${lMD5_SUM/\ *}"
     local lBIN_NAME_REAL=""

diff --git a/modules/S107_deep_password_search.sh b/modules/S107_deep_password_search.sh
@@ -34,7 +34,7 @@ S107_deep_password_search()
     write_csv_log "PW_PATH" "PW_HASH"
     while read -r lPW_HASH; do
       lPW_PATH="${lPW_HASH/:*}"
-      mapfile -t lPW_HASHES_ARR < <(strings "${lPW_PATH}" | grep --color -a -E -f "${lPW_HASH_CONFIG}")
+      mapfile -t lPW_HASHES_ARR < <(strings "${lPW_PATH}" | grep --color -a -E -f "${lPW_HASH_CONFIG}" || true)
       for lPW_HASH in "${lPW_HASHES_ARR[@]}"; do
         print_output "[+] PATH: ${ORANGE}$(print_path "${lPW_PATH}")${GREEN}\t-\tHash: ${ORANGE}${lPW_HASH}${GREEN}."
         write_csv_log "NA" "${lPW_PATH}" "${lPW_HASH}"

diff --git a/modules/S118_busybox_verifier.sh b/modules/S118_busybox_verifier.sh
@@ -183,7 +183,9 @@ S118_busybox_verifier()
   done
 
   for lBB_RESULT_FILE in "${LOG_PATH_MODULE}"/tmp/*; do
-    tee -a "${LOG_FILE}" < "${lBB_RESULT_FILE}"
+    if [[ -f "${lBB_RESULT_FILE}" ]]; then
+      tee -a "${LOG_FILE}" < "${lBB_RESULT_FILE}"
+    fi
   done
 
   if [[ -d "${LOG_PATH_MODULE}/tmp" ]]; then

diff --git a/modules/S36_lighttpd.sh b/modules/S36_lighttpd.sh
@@ -169,7 +169,7 @@ lighttpd_binary_analysis() {
   print_ln
   print_output "[*] Testing lighttpd binaries for binary protection mechanisms:\\n"
   for lLIGHT_BIN in "${lLIGHTTP_BIN_ARR[@]}" ; do
-    print_output "$("${EXT_DIR}"/checksec --file="${lLIGHT_BIN}")"
+    print_output "$("${EXT_DIR}"/checksec --file="${lLIGHT_BIN}" || true)"
   done
 
   print_ln

diff --git a/scan-profiles/default-scan-gpt.emba b/scan-profiles/default-scan-gpt.emba
@@ -27,7 +27,7 @@ export GPT_OPTION=1
 export BINARY_EXTENDED=1
 
 # disable long running modules - enable them if needed
-export MODULE_BLACKLIST+=( "S10_binaries_basic_check" "S15_radare_decompile_checks" "S99_grepit" "S110_yara_check" )
+export MODULE_BLACKLIST+=( "S10_binaries_basic_check" "S15_radare_decompile_checks" "S26_kernel_vuln_verifier" "S99_grepit" "S110_yara_check" )
 
 # enable silent mode and status bar
 export DISABLE_STATUS_BAR=0