For IQ where we can identify files based on sha1, why not do that with stuff we find under paths in PATH? This can potentially identify items that were installed using curl/wget and gets a list of all the executable things in your PATH, which is where we find the majority of issues anyways with stuff installed on a baseos
This pull request makes the following changes:
Adds Hasher stuff (stolen from Sage, WOOF WOOF)
Pins to a newer version of go-sona-types for ability to do so (we'd want to merge that stuff before we merge this)
Calls this hash stuff from the IQ path
Moves the packages Interface towards PURL objects (was a requirement for what I'm using upstream)
For IQ where we can identify files based on sha1, why not do that with stuff we find under paths in PATH? This can potentially identify items that were installed using curl/wget and gets a list of all the executable things in your PATH, which is where we find the majority of issues anyways with stuff installed on a baseos
This pull request makes the following changes:
go-sona-typesfor ability to do so (we'd want to merge that stuff before we merge this)cc @bhamail / @DarthHater