forked from mandiant/capa-rules
-
Notifications
You must be signed in to change notification settings - Fork 0
/
linked-against-go-static-asset-library.yml
46 lines (46 loc) · 1.65 KB
/
linked-against-go-static-asset-library.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
rule:
meta:
name: linked against Go static asset library
namespace: executable/resource
authors:
description: Detects if the Go file includes an static assets.
scope: file
references:
- https://github.com/rakyll/statik
- https://github.com/gobuffalo/packr
- https://github.com/gobuffalo/packr
- https://github.com/GeertJohan/go.rice
- https://github.com/kevinburke/go-bindata
- https://github.com/lu4p/binclude
- https://github.com/lu4p/binclude
- https://github.com/omeid/go-resources
- https://github.com/pyros2097/go-embed
features:
- and:
- match: compiled with Go
- or:
- or:
- string: "github.com/rakyll/statik/fs.IsDefaultNamespace"
- string: "github.com/rakyll/statik/fs.RegisterWithNamespace"
- string: "github.com/rakyll/statik/fs.NewWithNamespace"
- string: "github.com/rakyll/statik/fs.Register"
- and:
- string: "github.com/gobuffalo/packr.NewBox"
- or:
- string: "github.com/markbates/pkger.Open"
- string: "github.com/markbates/pkger.Include"
- string: "github.com/markbates/pkger.Parse"
- or:
- string: "github.com/GeertJohan/go.rice.FindBox"
- string: "github.com/GeertJohan/go.rice.MustFindBox"
- and:
- substring: "/bindata.go"
description: go-bindata
- substring: ".Asset"
- and:
- string: "github.com/lu4p/binclude.Include"
- and:
- string: "github.com/omeid/go-resources"
- and:
- string: "github.com/pyros2097/go-embed"