fix: default policy expression and manifest file for binary analysis …

…plugin
mitre · Oct 30, 2024 · b2d4020 · b2d4020
1 parent 186ca5d
commit b2d4020
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 7 deletions.
diff --git a/hipcheck/src/plugin/retrieval.rs b/hipcheck/src/plugin/retrieval.rs
@@ -28,11 +28,10 @@ use xz2::read::XzDecoder;
 use super::get_current_arch;
 
 /// The plugins currently are not delegated via the `plugin` system and are still part of `hipcheck` core
-pub const MITRE_LEGACY_PLUGINS: [&str; 6] = [
+pub const MITRE_LEGACY_PLUGINS: [&str; 5] = [
 	"activity",
 	"entropy",
 	"affiliation",
-	"binary",
 	"churn",
 	"typo",
 ];

diff --git a/plugins/binary/plugin.kdl b/plugins/binary/plugin.kdl
@@ -3,8 +3,8 @@ name "binary"
 version "0.1.0"
 license "Apache-2.0"
 entrypoint {
-  on arch="aarch64-apple-darwin" "./hc-mitre-binary"
-  on arch="x86_64-apple-darwin" "./hc-mitre-binary"
-  on arch="x86_64-unknown-linux-gnu" "./hc-mitre-binary"
-  on arch="x86_64-pc-windows-msvc" "./hc-mitre-binary"
+  on arch="aarch64-apple-darwin" "./target/debug/binary"
+  on arch="x86_64-apple-darwin" "./target/debug/binary"
+  on arch="x86_64-unknown-linux-gnu" "./target/debug/binary"
+  on arch="x86_64-pc-windows-msvc" "./target/debug/binary"
 }
diff --git a/plugins/binary/src/main.rs b/plugins/binary/src/main.rs
@@ -17,7 +17,9 @@ pub static DETECTOR: OnceLock<BinaryFileDetector> = OnceLock::new();
 
 #[derive(Deserialize)]
 struct RawConfig {
+	#[serde(rename = "binary-file")]
 	binary_file: Option<PathBuf>,
+	#[serde(rename = "binary-file-threshold")]
 	binary_file_threshold: Option<u64>,
 }
 
@@ -101,7 +103,7 @@ impl Plugin for BinaryPlugin {
 			// If no policy vars, we have no default expr
 			Some(None) => Ok("".to_owned()),
 			// Use policy config vars to construct a default expr
-			Some(Some(policy_conf)) => Ok(format!("(lte $ {}))", policy_conf)),
+			Some(Some(policy_conf)) => Ok(format!("(lte (count $) {})", policy_conf)),
 		}
 	}