Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ScanBITS Failing to Import #305

Closed
ryanohoro opened this issue Feb 1, 2023 · 2 comments
Closed

ScanBITS Failing to Import #305

ryanohoro opened this issue Feb 1, 2023 · 2 comments
Assignees
@phutelmyer
Labels
bug Something isn't working

Comments

@ryanohoro
Copy link
Collaborator

Describe the bug

ScanBITS cannot import the bits module and fails.

Steps to reproduce

docker-compose -f build/docker-compose.yaml exec backend bash
strelka@b6fb027d1ac2:/$  python -m strelka.scanners.scan_bits
Traceback (most recent call last):
  File "/usr/lib/python3.10/runpy.py", line 196, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "/usr/lib/python3.10/runpy.py", line 86, in _run_code
    exec(code, run_globals)
  File "/usr/local/lib/python3.10/dist-packages/strelka-0.0.0-py3.10.egg/strelka/scanners/scan_bits.py", line 9, in <module>
ModuleNotFoundError: No module named 'bits'

Expected behavior

Importing the scanner should not throw any exceptions.

strelka@b6fb027d1ac2:/$ python -m strelka.scanners.scan_bits
strelka@b6fb027d1ac2:/$

Screenshots
If applicable, add screenshots to help explain your problem.

Release

  • Release: 0.23.01.07

Additional context
@ryanohoro ryanohoro mentioned this issue Feb 1, 2023
Merged
5 tasks
@phutelmyer
Copy link
Contributor

phutelmyer commented Feb 2, 2023
edited
Loading

The dependency bits_parser was not set in requirements.txt.
By adding this dependency, the following dependency conflict is thrown:

#0 32.19 ERROR: Cannot install -r /strelka/requirements.txt (line 5) and construct==2.10.67 because these package versions have conflicting dependencies.
#0 32.19 
#0 32.19 The conflict is caused by:
#0 32.19     The user requested construct==2.10.67
#0 32.19     bits-parser 1.0.1 depends on construct==2.8.12
#0 32.19 
#0 32.19 To fix this you could try to:
#0 32.19 1. loosen the range of package versions you've specified
#0 32.19 2. remove package versions to allow pip attempt to solve the dependency conflict

While downgrading construct to 2.8.12 does fix this issue, ScanLNK will begin fail to parse files properly on that version of construct.

To fix this, the source package bits_parser needs to be updated to support more recent versions of construct.
This source repository has not been updated in five years.

With these dependency issues, we are left with the following options:

  • Identify / create new BITS parsing libraries to prevent downgrade need for construct
  • Identify / create new LNK parsing libraries to allow downgrade of construct
  • Remove ScanBits and associated libraries

As the BITS parser is not a critical scanner, comes with significant overhead, and would take quite some effort to rewrite, I am recommending the removal of this scanner.

This was referenced Feb 2, 2023
Closed
Merged
@phutelmyer phutelmyer added the bug Something isn't working label Feb 6, 2023
@phutelmyer phutelmyer self-assigned this Feb 6, 2023
@phutelmyer
Copy link
Contributor

Closing per #305 (comment)

Please reopen if you have additional comments, or would like to discuss reinstating this scanner with fixes in mind.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@phutelmyer phutelmyer

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ryanohoro @phutelmyer