Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DiscouragedFunctionUnitTest.inc Security Flag #460

Open
drinkingsouls opened this issue Aug 1, 2023 · 5 comments · May be fixed by #461
Open

DiscouragedFunctionUnitTest.inc Security Flag #460

drinkingsouls opened this issue Aug 1, 2023 · 5 comments · May be fixed by #461
Assignees

Comments

@drinkingsouls
Copy link

I've noticed recently that the file DiscouragedFunctionUnitTest.inc file is being flagged by Maldetect scan on Linux.

malware hit {CAV}Php.Backdoor.Generic-10006641-0 found for /vendor/magento/magento-coding-standard/Magento2/Tests/Functions/DiscouragedFunctionUnitTest.inc

maldet(7084): {hit} malware hit {CAV}Php.Backdoor.Generic-10006641-0 found for /.cache/composer/files/magento/magento-coding-standard/5cf0da126fda162c53eba8037babc7efd1dae3a9.zip

My file matches the original file here in code and size. I reinstalled the entire vendor folder and rescanned and it still flags in Maldetect. Looks like a false positive to me?

@m2-assistant
Copy link

m2-assistant bot commented Aug 1, 2023

Hi @drinkingsouls. Thank you for your report.
To speed up processing of this issue, make sure that you provided sufficient information.
Add a comment to assign the issue: @magento I am working on this


Join Magento Community Engineering Slack and ask your questions in #github channel.

@fredden
Copy link
Member

fredden commented Aug 1, 2023

Yes, that's a false positive alert. I've opened #461 to avoid this going forward.

@drinkingsouls
Copy link
Author

drinkingsouls commented Aug 1, 2023

@fredden thanks for confirming 👍
Odd one to diagnose from my end. My live site flags this file via Maldetect but my clone does not. Different Ubuntu versions but otherwise the same code. Also, the file was not previously flagged but has started to as of the past couple days.
Any thoughts on this?
Thank you.

@fredden
Copy link
Member

fredden commented Aug 1, 2023

@drinkingsouls that sounds like a question for the provider of that scanning tool.

@drinkingsouls
Copy link
Author

@fredden good idea, I'll have a dig with Maldetect and see if they can pinpoint. Viewing the file, I can definitely see why it would flag base64 decode etc. As long as we're sure it's a false flag!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants