search

ossf / package-analysis

Open Source Package Analysis
Apache License 2.0
727 stars 50 forks source link

Detect environment variable accesses #45

Open oliverchang opened 3 years ago

oliverchang commented 3 years ago

This isn't supported by Falco/sysdig, and would require some kind of userspace/libc interception.

calebbrown commented 1 year ago

Doing this via dynamic analysis will be hard as it requires instrumenting various runtimes to intercept the request.

This is quicker achieved by using static analysis.

However, eventually we may want dynamic analysis support as it will still detect access from obfuscated code.

maxfisher-g commented 1 year ago

Depends on #519