You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, analysis plugins have a version and an optional system version.
The plugin's version refers to its result schema and its code.
If a plugin additionally has a system version, this indicates that the plugin depends on some other system
to create it's results.
Consider, e.g., the file_type plugin.
It uses libmagic to tell different file types apart.
The database that contains file types is part of the ubuntu package libmagic-mgc.
Thus, in principle, the plugin can yield different results on different versions of ubuntu.
The system version keeps track of the database's version.
Currently, the following plugins have a system version (After #1317):
crypto_hints.py [Yara version through addons.Yara]
crypto_material.py [Yara version addons.Yara]
file_type.py [Version of https://github.com/fkie-cad/firmware-magic-database]
cve_lookup.py [Tag of https://github.com/fkie-cad/nvd-json-data-feeds]
ip_and_uri_finder.py [Version of https://github.com/fkie-cad/common_analysis_ip_and_uri]
IIuc the system version of crypto_hints and crypto_material is unnecessary and can be replaced by proper dependency management.
If the FACT installer ensures a specific yara version is installed the system version does not convey any information.
The system version of the remaining plugins can not be replaced that easily.
They do not version a tool but rather the underlying data for the analysis.
The update intervals are as follows:
If the underlying data of a plugin changes all files have to be reanalyzed with the new data in place.
My proposal is to remove the system version from all plugins but cve_lookup.
For file_type and ip_and_uri_finder the system version would be part of the plugin's version.
The text was updated successfully, but these errors were encountered:
Currently, analysis plugins have a version and an optional system version.
The plugin's version refers to its result schema and its code.
If a plugin additionally has a system version, this indicates that the plugin depends on some other system
to create it's results.
Consider, e.g., the file_type plugin.
It uses libmagic to tell different file types apart.
The database that contains file types is part of the ubuntu package libmagic-mgc.
Thus, in principle, the plugin can yield different results on different versions of ubuntu.
The system version keeps track of the database's version.
Currently, the following plugins have a system version (After #1317):
IIuc the system version of crypto_hints and crypto_material is unnecessary and can be replaced by proper dependency management.
If the FACT installer ensures a specific yara version is installed the system version does not convey any information.
The system version of the remaining plugins can not be replaced that easily.
They do not version a tool but rather the underlying data for the analysis.
The update intervals are as follows:
If the underlying data of a plugin changes all files have to be reanalyzed with the new data in place.
My proposal is to remove the system version from all plugins but cve_lookup.
For file_type and ip_and_uri_finder the system version would be part of the plugin's version.
The text was updated successfully, but these errors were encountered: