Update: Reachability Plugin #426
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
for more information, see https://pre-commit.ci
for more information, see https://pre-commit.ci
Co-authored-by: Ryan Mast <[email protected]>
Angrimportfixes
for more information, see https://pre-commit.ci
for more information, see https://pre-commit.ci
Collaborator
Author
|
Ok, now it should be working, thanks for being patient with all of the failed pull requests. |
for more information, see https://pre-commit.ci
for more information, see https://pre-commit.ci
WorkingRobot
approved these changes
Jul 17, 2025
nightlark
reviewed
Jul 24, 2025
| authors = [ | ||
| {name = "Seth Bredbenner", email = "[email protected]"}, | ||
| ] | ||
| description = "Surfactant plugin for running grype on files" |
Collaborator
There was a problem hiding this comment.
Description here needs updating
nightlark
reviewed
Jul 24, 2025
| ## Important Licensing Information | ||
| Main Project License (Surfactant): MIT License. | ||
|
|
||
| Plugin License: MIT License, but it includes and uses cve-bin-tool, which is GPL-3.0 licensed. |
Collaborator
There was a problem hiding this comment.
cve-bin-tool line here does not apply to this plugin.
nightlark
reviewed
Jul 24, 2025
Comment on lines
+11
to
+15
| After installing the plugin, run Surfactant to generate an SBOM as usual and entries for ELF | ||
| and PE files will contain a metadata object with the information that checksec.py was able | ||
| to get about security related features. | ||
|
|
||
| After the plugin installation, run Surfactant as you normally would to create an SBOM. For binary files analyzed by this plugin, additional JSON files will be generated containing vulnerability data extracted from the binaries. If there are duplicate hashed files, the extractor will check if they have the exported functions entries and skip remaking the output file if so. |
Collaborator
There was a problem hiding this comment.
These lines don't describe the reachability plugin.
nightlark
reviewed
Jul 24, 2025
Comment on lines
+17
to
+31
| Example: | ||
| Output Filename: `reachability.json` | ||
|
|
||
| ```json | ||
| { | ||
| "filename": { | ||
| "exp_func": { | ||
| "library": [ | ||
| "imp_func1", | ||
| "imp_func2" | ||
| ] | ||
| } | ||
| } | ||
| } | ||
| ``` |
Collaborator
There was a problem hiding this comment.
I don't think this description is accurate either -- the json blob looks slightly different if I'm remembering correctly, and is added to the metadata list for software entries rather than being in a separate file.
nightlark
reviewed
Jul 24, 2025
| } | ||
| ``` | ||
|
|
||
| The plugin's functionality can be toggled via Surfactant's plugin management features, using the plugin name `surfactantplugin_reachability.py` as defined in the `pyproject.toml` under the `project.entry-points."surfactant"` section. |
Collaborator
There was a problem hiding this comment.
The plugin name to enable/disable it is surfactantplugin_reachability, without the .py suffix.
✅ No SBOM Changes DetectedFor commit 2f95acc (Run 16634709950) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
a plugin that finds the reachability of imported functions from exported functions
If merged this pull request will
Proposed changes
This is the 1.0 of the plugin. It returns a python dictionary of the imported functions reachable by the exported function of every binary.