Security Policy violation Binary Artifacts

Question

Security Policy violation Binary Artifacts

allstar-app opened this issue 2 years ago · comments

This issue was automatically created by Allstar.

Security Policy Violation
Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

Artifacts Found

grr/core/executables/windows/GRRNanny_Win32.exe
grr/core/executables/windows/GRRNanny_x64.exe
grr/core/executables/windows/templates/unzipsfx/unzipsfx-amd64.exe
grr/core/executables/windows/templates/unzipsfx/unzipsfx-i386.exe
grr/test/grr_response_test/test_data/fingerprint/SoftwareUpdate.exe
grr/test/grr_response_test/test_data/fingerprint/pciide.sys
grr/test/grr_response_test/test_data/fingerprint/simple
grr/test/grr_response_test/test_data/linux_hello
grr/test/grr_response_test/test_data/win_hello.exe

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

Allstar has been installed on all Google managed GitHub orgs. Policies are gradually being rolled out and enforced by the GOSST and OSPO teams. Learn more at http://go/allstar

This issue will auto resolve when the policy is in compliance.

Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.

allstar-app · Answer 1 · Sat Jun 04 2022 05:58:19 GMT+0800 (China Standard Time)

Updating issue after ping interval. Status:
Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

Artifacts Found

grr/core/executables/windows/GRRNanny_Win32.exe
grr/core/executables/windows/GRRNanny_x64.exe
grr/core/executables/windows/templates/unzipsfx/unzipsfx-amd64.exe
grr/core/executables/windows/templates/unzipsfx/unzipsfx-i386.exe
grr/test/grr_response_test/test_data/fingerprint/SoftwareUpdate.exe
grr/test/grr_response_test/test_data/fingerprint/pciide.sys
grr/test/grr_response_test/test_data/fingerprint/simple
grr/test/grr_response_test/test_data/linux_hello
grr/test/grr_response_test/test_data/win_hello.exe

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

mbushkov · Answer 2 · Sat Jun 04 2022 16:08:46 GMT+0800 (China Standard Time)

Mentioned binaries are not build artifacts, but are used for client building and tests.

allstar-app · Answer 3 · Mon Jun 06 2022 12:34:34 GMT+0800 (China Standard Time)

Reopening issue. Status:
Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

Artifacts Found

grr/core/executables/windows/GRRNanny_Win32.exe
grr/core/executables/windows/GRRNanny_x64.exe
grr/core/executables/windows/templates/unzipsfx/unzipsfx-amd64.exe
grr/core/executables/windows/templates/unzipsfx/unzipsfx-i386.exe
grr/test/grr_response_test/test_data/fingerprint/SoftwareUpdate.exe
grr/test/grr_response_test/test_data/fingerprint/pciide.sys
grr/test/grr_response_test/test_data/fingerprint/simple
grr/test/grr_response_test/test_data/linux_hello
grr/test/grr_response_test/test_data/win_hello.exe

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

allstar-app · Answer 4 · Wed Jun 08 2022 22:47:58 GMT+0800 (China Standard Time)

Updating issue after ping interval. Status:
Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

Artifacts Found

grr/core/executables/windows/GRRNanny_Win32.exe
grr/core/executables/windows/GRRNanny_x64.exe
grr/core/executables/windows/templates/unzipsfx/unzipsfx-amd64.exe
grr/core/executables/windows/templates/unzipsfx/unzipsfx-i386.exe
grr/test/grr_response_test/test_data/fingerprint/SoftwareUpdate.exe
grr/test/grr_response_test/test_data/fingerprint/pciide.sys
grr/test/grr_response_test/test_data/fingerprint/simple
grr/test/grr_response_test/test_data/linux_hello
grr/test/grr_response_test/test_data/win_hello.exe

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

allstar-app · Answer 5 · Sat Jun 11 2022 16:21:35 GMT+0800 (China Standard Time)

Updating issue after ping interval. Status:
Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

Artifacts Found

grr/core/executables/windows/GRRNanny_Win32.exe
grr/core/executables/windows/GRRNanny_x64.exe
grr/core/executables/windows/templates/unzipsfx/unzipsfx-amd64.exe
grr/core/executables/windows/templates/unzipsfx/unzipsfx-i386.exe
grr/test/grr_response_test/test_data/fingerprint/SoftwareUpdate.exe
grr/test/grr_response_test/test_data/fingerprint/pciide.sys
grr/test/grr_response_test/test_data/fingerprint/simple
grr/test/grr_response_test/test_data/linux_hello
grr/test/grr_response_test/test_data/win_hello.exe

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

google-allstar-prod · Answer 6 · Wed Nov 29 2023 19:45:57 GMT+0800 (China Standard Time)

Reopening issue. See its status below.

Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

Artifacts Found

grr/test/grr_response_test/test_data/fingerprint/SoftwareUpdate.exe
grr/test/grr_response_test/test_data/fingerprint/pciide.sys
grr/test/grr_response_test/test_data/fingerprint/simple
grr/test/grr_response_test/test_data/linux_hello
grr/test/grr_response_test/test_data/win_hello.exe

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

google-allstar-prod · Answer 7 · Fri Dec 01 2023 18:54:43 GMT+0800 (China Standard Time)

Updating issue after ping interval. See its status below.

Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

Artifacts Found

grr/test/grr_response_test/test_data/fingerprint/SoftwareUpdate.exe
grr/test/grr_response_test/test_data/fingerprint/pciide.sys
grr/test/grr_response_test/test_data/fingerprint/simple
grr/test/grr_response_test/test_data/linux_hello
grr/test/grr_response_test/test_data/win_hello.exe

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

google-allstar-prod · Answer 8 · Sun Dec 03 2023 18:52:01 GMT+0800 (China Standard Time)

Updating issue after ping interval. See its status below.

Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

Artifacts Found

grr/test/grr_response_test/test_data/fingerprint/SoftwareUpdate.exe
grr/test/grr_response_test/test_data/fingerprint/pciide.sys
grr/test/grr_response_test/test_data/fingerprint/simple
grr/test/grr_response_test/test_data/linux_hello
grr/test/grr_response_test/test_data/win_hello.exe

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

google-allstar-prod · Answer 9 · Mon Dec 04 2023 18:24:51 GMT+0800 (China Standard Time)

Policy is now in compliance. Closing issue.

google-allstar-prod · Answer 10 · Sat Dec 09 2023 09:34:28 GMT+0800 (China Standard Time)

Reopening issue. See its status below.

Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

Artifacts Found

grr/test/grr_response_test/test_data/fingerprint/SoftwareUpdate.exe
grr/test/grr_response_test/test_data/fingerprint/pciide.sys
grr/test/grr_response_test/test_data/fingerprint/simple
grr/test/grr_response_test/test_data/linux_hello
grr/test/grr_response_test/test_data/win_hello.exe

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

google-allstar-prod · Answer 11 · Sun Dec 10 2023 18:46:14 GMT+0800 (China Standard Time)

Updating issue after ping interval. See its status below.

Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

Artifacts Found

grr/test/grr_response_test/test_data/fingerprint/SoftwareUpdate.exe
grr/test/grr_response_test/test_data/fingerprint/pciide.sys
grr/test/grr_response_test/test_data/fingerprint/simple
grr/test/grr_response_test/test_data/linux_hello
grr/test/grr_response_test/test_data/win_hello.exe

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.