Closed tstromberg closed 4 months ago
We should check that this rule is working as expected:
packages/x86_64/cassandra-reaper-3.6/usr/local/lib/cassandra-reaper.jar ∴ assets/deps.js [🚨 CRITICAL] --------------------------------------------------------------------------------------------------------- RISK KEY DESCRIPTION EVIDENCE --------------------------------------------------------------------------------------------------------- CRIT evasion/base64/php_functions References multiple PHP functions in base64 form VtcHR5::$empty ZW1wdH::$empty dW5saW5r::$unlink lbXB0e::$empty --------------------------------------------------------------------------------------------------------- packages/x86_64/dotty-3.4/usr/share/scala/lib/scala3-library_3-3.4.1-bin-SNAPSHOT.jar ∴ scala/quoted/ToExpr$ArrayOfBooleanToExpr$.class [🚨 CRITICAL] ------------------------------------------------------------------------------------------------------ RISK KEY DESCRIPTION EVIDENCE ------------------------------------------------------------------------------------------------------ CRIT evasion/base64/php_functions References multiple PHP functions in base64 form BcnJhe::$Array FycmF5::$Array QXJyYX::$Array VtcHR5::$empty ------------------------------------------------------------------------------------------------------
This alert should probably only fire if there is some base64 decoding going on.
Still exists in bincapz v0.13.2.
We should check that this rule is working as expected: