tstromberg
commented
3 days ago @egibs - any chance you can help with this? I'm confident you can fix this far better and faster than I can.
Closed tstromberg closed 12 hours ago
tstromberg
commented
3 days ago @egibs - any chance you can help with this? I'm confident you can fix this far better and faster than I can.
tstromberg
commented
3 days ago It looks like there is at least one example where diff get's things right:
m diff ../bincapz-samples/linux/clean/ls.x86_64 ../bincapz-samples/macOS/clean/ls 695ms Sat Nov 2 10:45:37 2024
Changed: ../bincapz-samples/macOS/clean/ls [⚠️ MEDIUM → ✅ LOW]
+++ ADDED: 1 behavior(s) +++
---------------------------------------------------------------------------
RISK KEY DESCRIPTION EVIDENCE
---------------------------------------------------------------------------
+LOW fs/directory/traverse traverse filesystem hierarchy _fts_children
_fts_close
_fts_open
_fts_read
_fts_set
---------------------------------------------------------------------------
--- REMOVED: 3 behavior(s) ---
-------------------------------------------------------------------------------------------------------------------------------
RISK KEY DESCRIPTION EVIDENCE
-------------------------------------------------------------------------------------------------------------------------------
-LOW discover/system/hostname/get get computer host name gethostname
-LOW net/url/embedded contains embedded HTTPS URLs https://gnu.org/licenses/gpl.html
https://translationproject.org/team/
https://wiki.xiph.org/MIME_Types_and_File_Extensions
https://www.gnu.org/software/coreutils/
-MED process/name/set get or set the current process name __progname
-------------------------------------------------------------------------------------------------------------------------------Some weirdness: if I use a relative path, diff works:
% cd /tmp
% mal diff old new
├─ 🛑 Changed: new/lottie-player.min.js [MEDIUM → CRITICAL]
│ ▲ anti-static [NONE → MEDIUM]
++ 🟡 obfuscation/generic/hex_conversion — converts hex data to ASCII: toString("hex");
│ ▲ command & control [NONE → MEDIUM]
++ 🟡 addr/ip — hardcoded IP address:
++ 114.243.154.69, 13.182.181.343, 13.23.32.42, 14.22.33.243, 14.52.54.92, 146.288.257.686, 15.15.34.34, 15.21.28.36, …If I specify absolute paths, it reverts to the deleted+added bug:
% cd /tmp
% mal diff /tmp/old /tmp/new
├─ 🟡 Deleted: ../../private/tmp/old/lottie-player.min.js [MEDIUM]
│ ≡ data [LOW]
│ 🟢 encoding/json_decode — Decodes JSON messages: JSON.parse
│ 🟢 encoding/json_encode — encodes JSON: JSON.stringify
│ ≡ execution [MEDIUM]
│ 🟢 plugin — references a 'plugin':
│ function installPlugin, getExpressionsPlugin, plugins, return expressionsPlugin, setExpressionsPlugin
│ 🟡 remote_commands/code_eval — evaluate code dynamically using eval(): eval("
│ ≡ networking [MEDIUM]
│ 🟡 download — download files: download_
│ 🟢 url/embedded — contains embedded HTTPS URLs: https://www.jsdelivr.com/using-sri-with-dynamic-files
│ 🟢 url/parse — Handles URL strings: new URL
│ ≡ operating-system [MEDIUM]
│ 🟡 time/clock_sleep — uses setInterval to wait: setInterval(
│
├─ 🛑 Added: ../../private/tmp/new/lottie-player.min.js [CRITICAL]
egibs
commented
2 days ago Interesting. I'll look into this first thing tomorrow.
I'm not sure when this happened (some time before v1.0.0), but I noticed that
mal diffis basically broken. Given two directories:If I run
mal diff /tmp/old /tmp/new, it sees it as one file deleted and another one added, rather than a single file that changed:The same happens if I use specify the files by path name:
Here is the output of v0.10.0, showing the expected behavior (except that the filename is "."):
However we fix this, we need to add a test as our diff code is really difficult to understand and fragile.