Deep Container Inspection
JamesLaverack opened this issue · comments
Look for certs in more interesting places than just "files that end in .crt". This could be inside bash scripts, or in the strings of binaries.
Maybe this needs gating behind a --deep
flag or something similar, if it's gonna take a while.
Copying from #4
We should build a more sophisticated parser that takes no/little assumptions about the shape and location of certificates in an image file system. This will make the tool more robust, and give users a higher degree of confidence of the correctness of the results.
Certs come it different forms- either as '.pem'/'.crt' files, echos in bash scripts, and even hard coded strings in binaries.
The parser should approach parsing files in a "sliding window" strategy, by reading a stream of bytes from the file and attempting to match that against what a certificate looks like; accounting for different encodings (base64, DER/PEM, PKCS#x), as well as string escaping (namely new lines ('/n' '/r').
Largely implemented by #36. We can add more issues for additional parsers.