Closed erik-lab closed 5 months ago
Hi @erik-lab,
This error means you must provide libtbb.so.12
as a buildInput
for patchelf
to be able to find it.
Here are some nixpkgs packages related to tbb: https://search.nixos.org/packages?channel=23.11&from=0&size=50&sort=relevance&type=packages&query=tbb
Please provide relevant code so we can further assist you.
I am more than a bit lost. I am trying to complete a static scan for initial Google app validation. I was following the instructions provided to build then run a docker image of FluidAttacks on my Windows 10 dev machine against a Python/Flask repo. The Docker built fine, but the run failed. I have no idea what the scanner software is doing specifically, have little experience monitoring a docker image, and am not sure what the things are you suggest that I provide (or how to provide them, or why). (really sorry for the newbiness !)
This is the run command I used: docker run -v D:\edahl\Documents\eme_code_scan\eme_vector:/repo/eme_vector ghcr.io/fluidattacks/makes/amd64:latest m gitlab:fluidattacks/universe@trunk /sorts /repo/eme_vector
The run started, followed by several hundred rows of output and finally the error pasted above.
I shared my private Repo to you (https://github.com/erik-lab/eme_vector.git). Is there anything else that would help? Like the full log of the aborted run?
Thanks for your patience! :-)
Hi @erik-lab,
I am curious about where you found that command.
If you want to scan your app for CASA Tier 2 compliance, you should follow this official guide: CASA Tier 2 Compliance Guide.
If you could let us know where you found a guide that recommends that specific command that you are using, it would help us prevent further misinformation.
The Google notification I received during validation included a link to the App Defense Alliance site (https://appdefensealliance.dev/casa) which includes instructions on performing static and dynamic scans. I tried to follow the static scan guide to get to this point.
I have been underwater for a bit, but I skimmed the Compliance guide site you shared and it seemed clearer. I will give it a try tonight when I resurface. Back to the day job for now.
Erik
Hi @jgomezb11 , Thanks for the updated instructions!! I have worked through them and run the scanner, but I am not seeing any response from the commands (I have tried several variations). The command runs (apparently) but there are no errors no logging or other indicators that something is happening. I waited about 10 minutes for something but now have to assume that nothing is happening. Any thoughts on what I did wrong, or should I just be more patient :-) ?
Below is the command I used and my local directory structure. I am running windows 10 pro.
Command: docker run -v D:\edahl\Documents\eme_code_scan:/eme_vector_scan fluidattacks/cli:amd64 skims scan /eme_vector_scan/fluid-config.yaml
I run the command while in the eme_code_scan directory with the yaml file.
My Directory structure:
D:\edahl\Documents
- eme_code_scan
- eme_vector
- eme_package
- run_eme.py
etc
- fluid-config.yaml
fluid-config.yaml contains:
# Description:
# Pick a name you like, normally the name of the repository.
# Example:
namespace: eme_vector_scan
# Description:
# Omit if you want pretty-printed results,
# Set to a path if you want CSV results.
# Optional:
# Yes
# Example:
output:
file_path: /eme_vector_scan/EME-Fluid-Attacks-Results.csv
format: CSV
# Description:
# Working directory, normally used as the path to the repository.
# Example:
working_dir: /eme_vector_scan/eme_vector
# Description:
# SAST for source code.
# Example:
path:
# Description:
# Target files used in the analysis.
# Example:
include:
# Absolute path
- .
# Relative path to `working_dir`
- .
sast:
include:
- .
# Description:
# Reversing checks for Android APKs.
apk:
# Description:
# Target files used in the analysis.
# Example:
include:
# Absolute paths
# - /app/app-arm-debug-Android5.apk
# - /app/app-arm-debug.apk
# - /app/app-x86-debug-Android5.apk
# - /app/app-x86-debug.apk
- glob(**/*.apk)
exclude:
- glob(**/node_modules/**)
sca:
include:
- .
# Description:
# Language to use, valid values are: EN, ES.
# Optional:
# Yes, defaults to: EN.
language: EN
Hi @erik-lab
With the information you have provided, I am not able to pinpoint a specific issue. If you could kindly share the output generated by the command, I will gladly help you out.
The only thing I noticed is that you are not using the config.yaml
file we recommended in the guide. It is not a problem per se, but you should use it as is (changing only the path you defined) because it has the correct exclusions that could enhance the scan performance.
Note: If the output reaches a point and shows something like this:
and stays there for a while, it means the scan is in progress, and you should wait a bit longer.
If it takes too much or your code base is big enough, I recommend you to make use of the recursion-limit
key as described here. https://help.fluidattacks.com/portal/en/kb/articles/configure-the-tests-by-the-standalone-scanner#sast
Hi @jgomezb11 - I reverted to the default config, I modified the sast recursion-limit
to be 1000 and turned off the file_size_limit
after I saw errors with a couple large js files I had included, and the scan ran (woo hoo) - it took a while but I got my results. While I am not thrilled with 99 vulnerabilities, at least I have a path forward now. Thank you for your help! I may be back after I digest the vulnerabilities, I am sure I will need some help remediating some of them.
Attempting to run against my python/flask repo - after lots of log output with no errors, I get to the following: I am complete newbie at this so not sure where to turn:
. . . error: auto-patchelf could not satisfy dependency libtbb.so.12 wanted by /nix/store/iih2zsnv5iy24ziqbnkh8d7pjwx9zgkk-python3.11-numba-0.59.1/lib/python3.11/site-packages/numba/np/ufunc/tbbpool.cpython-311-x86_64-linux-gnu.so auto-patchelf failed to find all the required dependencies. Add the missing dependencies to --libs or use
--ignore-missing="foo.so.1 bar.so etc.so"
. /nix/store/v5irq7wvkr7kih0hhnch5nnv2dcq8c4f-stdenv-linux/setup: line 74: pop_var_context: head of shell_variables not a function context /nix/store/v5irq7wvkr7kih0hhnch5nnv2dcq8c4f-stdenv-linux/setup: line 1454: pop_var_context: head of shell_variables not a function context /nix/store/v5irq7wvkr7kih0hhnch5nnv2dcq8c4f-stdenv-linux/setup: line 1557: pop_var_context: head of shell_variables not a function context error: builder for '/nix/store/m93245gk21712an8ljxb9lyla6msx5d2-python3.11-numba-0.59.1.drv' failed with exit code 1 error: 1 dependencies of derivation '/nix/store/cj20w56pqqvlimx6n67sbd5biss7siwv-python3-3.11.7-env.drv' failed to build error: 1 dependencies of derivation '/nix/store/xh7fd7d13fiq4k5bcsdv5js3azjyd39f-make-template-for-make-search-paths.drv' failed to build error: 1 dependencies of derivation '/nix/store/p9qkhi75fq8jywvx0w8hrjpdldp2kg7l-make-template-for-make-search-paths.drv' failed to build error: 1 dependencies of derivation '/nix/store/2jb36d2hm6hnhy7ndrvd4581j227svmv-make-template-for-sorts-config-runtime.drv' failed to build error: 1 dependencies of derivation '/nix/store/7j27dar00l20067gf53rz2rf7hkansfn-make-template-for-make-search-paths.drv' failed to build error: 1 dependencies of derivation '/nix/store/2wa2wddig9gmvvbpnxicy7c712crwj2d-make-template-for-make-script-for-sorts.drv' failed to build error: 1 dependencies of derivation '/nix/store/gfs7vim0hbak41ppsb85h633657hf0ch-sorts.drv' failed to build───────────────────────── 🐛 Failed with exit code 100 ─────────────────────────