Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve JS/Python malware detection based on NPM/PyPI samples #456

Merged
merged 6 commits into from
Sep 16, 2024
Merged

Improve JS/Python malware detection based on NPM/PyPI samples #456

merged 6 commits into from
Sep 16, 2024

Conversation

tstromberg
Copy link
Collaborator

These changes are based on studying the samples in https://github.com/StacklokLabs/jail

Related samples PR: chainguard-dev/malcontent-samples#5

@egibs
Copy link
Member

egibs commented Sep 16, 2024

Does this need a test data refresh once #450 merges?

@tstromberg
Copy link
Collaborator Author

tstromberg commented Sep 16, 2024 via email

@tstromberg tstromberg merged commit 9609282 into chainguard-dev:main Sep 16, 2024
6 checks passed
egibs added a commit to egibs/malcontent that referenced this pull request Sep 25, 2024
@tstromberg @egibs
Improve JS/Python malware detection based on NPM/PyPI samples (chaing…
0e52d9f 
…uard-dev#456)

* npm preinstall detection

* Improved JS/Py detection based on NPM/PyPI samples

* make refresh-sample-testdata

* reduce false positives for high entropy and char_to_int

* Update scan_archive testdata

---------

Co-authored-by: Evan Gibler <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@egibs egibs egibs approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tstromberg @egibs