From 3bfea00a876a47689bcfe0d4298221322bff7326 Mon Sep 17 00:00:00 2001 From: xiezheng-XD <141627292+xiezheng-XD@users.noreply.github.com> Date: Fri, 25 Aug 2023 21:18:44 +0800 Subject: [PATCH 01/13] Create README_EN.md --- tools/owl/README_EN.md | 123 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 123 insertions(+) create mode 100644 tools/owl/README_EN.md diff --git a/tools/owl/README_EN.md b/tools/owl/README_EN.md new file mode 100644 index 0000000000..9561246a6e --- /dev/null +++ b/tools/owl/README_EN.md @@ -0,0 +1,123 @@ +# Owl🦉 + +A dependency module feature scanning detection tool for static analysis. + +--- + +[简体中文](./README.md) | [English](./README_EN.md) + +--- + +### # Jisuo + +'Owl' is a static file feature detection tool provided by 'TCA', which can quickly find the source code file or dependency file that meets certain characteristics in the specified project directory. Why was this tool developed? For example, many times our project is too big, there are many dependent files in the project folder, such as a 'Java' project introduces a 'log4j' this' jar 'dependency, there is a circular dependency problem in a file in the project. When there is a vulnerability in a dependency package, the tool can quickly scan the suspicious dependency files in the project directory, and give the address of the dependent files to help developers quickly locate the suspicious files. + +### Reason + +The current version of the function is relatively simple, the working principle is very simple, the tool will scan a specific directory through the built-in feature code algorithm to match a specific file, and then collect the file address that matches its feature code, and then show it, it can also be redirected to a fixed 'json' file to save. + +! [](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yvkgtmbwj20lo0ca0tl.jpg) + +'Owl' is similar to anti-virus software, and the working principle of anti-virus software is similar, 'Owl' will scan the entire project according to the signature code of the dependent file, and the anti-virus library works similarly. Of course, if it is done strictly in accordance with the standard of anti-virus software, it may involve some assembler related, the current 'owl' function is not so complex, the later version will join the codeql code analysis engine, through the codeql database to do static analysis function enhancement. + +### Start fast + +How to use 'owl'? You can clone the warehouse then by the following command: + +```bash +git clone github.com:Tencent/CodeAnalysis.git +` ` ` + +Then switch the directory to 'tools\owl' as follows: + +```bash +cd CodeAnalysis/tools/owl +` ` ` + +There is a 'Makefile' file inside the repository that can quickly help you build binaries for the corresponding platform, for example: + +```bash +$: make help +make darwin | Compile executable binary for MacOS platform +make linux | Compile executable binary for Linux platform +make windows | Compile executable binary for Windows platform +make clean | Clean up executable binary +` ` ` + +** Note 📢 : ** If you do not have the 'Go' environment configured on the machine, please configure the 'Go' development environment before normal compilation, compilation cost binary you need to have 'Go' cross-compilation knowledge, if there are problems welcome to 'issued'. + + +### How to use + +The completion of the program will get a binary file, the program name is' owl ', as follows' owl 'execution effect, some subcommand parameters have been listed: + +```bash +$: ./owl + +_____ _ _ __ +(_)(\/\/)() +)(_)()()(__ +(_____)(__/\__)(____) 🦉 v0.1.3 + +A dependency module feature scanning detection tool for static analysis. + + +Usage: +owl [command] + +Available Commands: +completion Generate the autocompletion script for the specified shell +help Help about any command +hex File hex encoding +md5 Collection file md5 +run Execute the scanner +version Version information + +Flags: +-h, --help help for owl + +Use "owl [command] --help" for more information about a command. +` ` ` + +If you do not know how to use the subcommand, you can enter the '--help' parameter after the corresponding subcommand to get help information: + +! [](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yz0laxdyj22ax0u07bb.jpg) + +For example, if you want to find log4j, you first need to compute the log4j signature code through owl, as follows: + +```bash +$:. / owl md5 -- -- path = / Users/ding/Downloads/log4j - 1.2.17. Jar +` ` ` + +** Note that the calculation of the feature code here must use the algorithm of the 'owl' program, because the algorithm of the 'owl' in the large file I use the fractional data block scheme to calculate, improve the running speed of the program, so if the use of other software algorithms then there will be problems! ** + +The results are as follows: + +! [](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yz54cg72j22gm0e0af2.jpg) + +You can also use the hexadecimal string feature to find: + +```bash +$: / owl hex - path = / Users/ding/Downloads/log4j - 1.2.17. Jar +` ` ` + +The program will convert the corresponding file into a hexadecimal string display, as shown below: + +! [](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yz7v68cbj217g0u0h0x.jpg) + +Now you can use the scanner to scan, the matching mode can be specified as' md5 'or' hex ', more modes may be added in the future, the command is as follows: + +```bash +$: ./owl run --dir=/Users/ding/Downloads/ --mode=md5 --code=04a41f0a068986f0f73485cf507c0f40 +` ` ` + +Search for specific dependent files: + +! [](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yze6emx3j21yq0dajwn.jpg) + + +** If there are too many search results, you can save the results through the '--out' parameter to save in a file, the file format is' json '! ** + +### Other + +If you have any questions, you can raise 'issue' on 'TCA', and if you have questions about this tool, you can add 'owl' label on 'issue' 🤝. From 54292442771a1163cefc4fcc2b306e0bd7b25f26 Mon Sep 17 00:00:00 2001 From: xiezheng-XD <141627292+xiezheng-XD@users.noreply.github.com> Date: Fri, 25 Aug 2023 21:19:46 +0800 Subject: [PATCH 02/13] Update README_EN.md --- tools/owl/README_EN.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/tools/owl/README_EN.md b/tools/owl/README_EN.md index 9561246a6e..8cbf4292b9 100644 --- a/tools/owl/README_EN.md +++ b/tools/owl/README_EN.md @@ -10,31 +10,31 @@ A dependency module feature scanning detection tool for static analysis. ### # Jisuo -'Owl' is a static file feature detection tool provided by 'TCA', which can quickly find the source code file or dependency file that meets certain characteristics in the specified project directory. Why was this tool developed? For example, many times our project is too big, there are many dependent files in the project folder, such as a 'Java' project introduces a 'log4j' this' jar 'dependency, there is a circular dependency problem in a file in the project. When there is a vulnerability in a dependency package, the tool can quickly scan the suspicious dependency files in the project directory, and give the address of the dependent files to help developers quickly locate the suspicious files. +`Owl` is a static file feature detection tool provided by `TCA`, which can quickly find the source code file or dependency file that meets certain characteristics in the specified project directory. Why was this tool developed? For example, many times our project is too big, there are many dependent files in the project folder, such as a `Java` project introduces a `log4j` this` jar `dependency, there is a circular dependency problem in a file in the project. When there is a vulnerability in a dependency package, the tool can quickly scan the suspicious dependency files in the project directory, and give the address of the dependent files to help developers quickly locate the suspicious files. ### Reason -The current version of the function is relatively simple, the working principle is very simple, the tool will scan a specific directory through the built-in feature code algorithm to match a specific file, and then collect the file address that matches its feature code, and then show it, it can also be redirected to a fixed 'json' file to save. +The current version of the function is relatively simple, the working principle is very simple, the tool will scan a specific directory through the built-in feature code algorithm to match a specific file, and then collect the file address that matches its feature code, and then show it, it can also be redirected to a fixed `json` file to save. ! [](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yvkgtmbwj20lo0ca0tl.jpg) -'Owl' is similar to anti-virus software, and the working principle of anti-virus software is similar, 'Owl' will scan the entire project according to the signature code of the dependent file, and the anti-virus library works similarly. Of course, if it is done strictly in accordance with the standard of anti-virus software, it may involve some assembler related, the current 'owl' function is not so complex, the later version will join the codeql code analysis engine, through the codeql database to do static analysis function enhancement. +`Owl` is similar to anti-virus software, and the working principle of anti-virus software is similar, `Owl` will scan the entire project according to the signature code of the dependent file, and the anti-virus library works similarly. Of course, if it is done strictly in accordance with the standard of anti-virus software, it may involve some assembler related, the current `owl` function is not so complex, the later version will join the codeql code analysis engine, through the codeql database to do static analysis function enhancement. ### Start fast -How to use 'owl'? You can clone the warehouse then by the following command: +How to use `owl`? You can clone the warehouse then by the following command: ```bash git clone github.com:Tencent/CodeAnalysis.git ` ` ` -Then switch the directory to 'tools\owl' as follows: +Then switch the directory to `tools\owl` as follows: ```bash cd CodeAnalysis/tools/owl ` ` ` -There is a 'Makefile' file inside the repository that can quickly help you build binaries for the corresponding platform, for example: +There is a `Makefile` file inside the repository that can quickly help you build binaries for the corresponding platform, for example: ```bash $: make help @@ -44,12 +44,12 @@ make windows | Compile executable binary for Windows platform make clean | Clean up executable binary ` ` ` -** Note 📢 : ** If you do not have the 'Go' environment configured on the machine, please configure the 'Go' development environment before normal compilation, compilation cost binary you need to have 'Go' cross-compilation knowledge, if there are problems welcome to 'issued'. +** Note 📢 : ** If you do not have the `Go` environment configured on the machine, please configure the `Go` development environment before normal compilation, compilation cost binary you need to have `Go` cross-compilation knowledge, if there are problems welcome to `issued`. ### How to use -The completion of the program will get a binary file, the program name is' owl ', as follows' owl 'execution effect, some subcommand parameters have been listed: +The completion of the program will get a binary file, the program name is` owl `, as follows` owl `execution effect, some subcommand parameters have been listed: ```bash $: ./owl @@ -79,7 +79,7 @@ Flags: Use "owl [command] --help" for more information about a command. ` ` ` -If you do not know how to use the subcommand, you can enter the '--help' parameter after the corresponding subcommand to get help information: +If you do not know how to use the subcommand, you can enter the `--help` parameter after the corresponding subcommand to get help information: ! [](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yz0laxdyj22ax0u07bb.jpg) @@ -89,7 +89,7 @@ For example, if you want to find log4j, you first need to compute the log4j sign $:. / owl md5 -- -- path = / Users/ding/Downloads/log4j - 1.2.17. Jar ` ` ` -** Note that the calculation of the feature code here must use the algorithm of the 'owl' program, because the algorithm of the 'owl' in the large file I use the fractional data block scheme to calculate, improve the running speed of the program, so if the use of other software algorithms then there will be problems! ** +** Note that the calculation of the feature code here must use the algorithm of the `owl` program, because the algorithm of the `owl` in the large file I use the fractional data block scheme to calculate, improve the running speed of the program, so if the use of other software algorithms then there will be problems! ** The results are as follows: @@ -105,7 +105,7 @@ The program will convert the corresponding file into a hexadecimal string displa ! [](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yz7v68cbj217g0u0h0x.jpg) -Now you can use the scanner to scan, the matching mode can be specified as' md5 'or' hex ', more modes may be added in the future, the command is as follows: +Now you can use the scanner to scan, the matching mode can be specified as` md5 `or` hex `, more modes may be added in the future, the command is as follows: ```bash $: ./owl run --dir=/Users/ding/Downloads/ --mode=md5 --code=04a41f0a068986f0f73485cf507c0f40 @@ -116,8 +116,8 @@ Search for specific dependent files: ! [](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yze6emx3j21yq0dajwn.jpg) -** If there are too many search results, you can save the results through the '--out' parameter to save in a file, the file format is' json '! ** +** If there are too many search results, you can save the results through the `--out` parameter to save in a file, the file format is` json `! ** ### Other -If you have any questions, you can raise 'issue' on 'TCA', and if you have questions about this tool, you can add 'owl' label on 'issue' 🤝. +If you have any questions, you can raise `issue` on `TCA`, and if you have questions about this tool, you can add `owl` label on `issue` 🤝. From 184a627d4744e9a418b44f36202fee7fe8dd25f0 Mon Sep 17 00:00:00 2001 From: xiezheng-XD <141627292+xiezheng-XD@users.noreply.github.com> Date: Fri, 25 Aug 2023 21:20:46 +0800 Subject: [PATCH 03/13] Update README_EN.md --- tools/owl/README_EN.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/owl/README_EN.md b/tools/owl/README_EN.md index 8cbf4292b9..8a29552625 100644 --- a/tools/owl/README_EN.md +++ b/tools/owl/README_EN.md @@ -8,7 +8,7 @@ A dependency module feature scanning detection tool for static analysis. --- -### # Jisuo +### Introduction `Owl` is a static file feature detection tool provided by `TCA`, which can quickly find the source code file or dependency file that meets certain characteristics in the specified project directory. Why was this tool developed? For example, many times our project is too big, there are many dependent files in the project folder, such as a `Java` project introduces a `log4j` this` jar `dependency, there is a circular dependency problem in a file in the project. When there is a vulnerability in a dependency package, the tool can quickly scan the suspicious dependency files in the project directory, and give the address of the dependent files to help developers quickly locate the suspicious files. From a75117c3fad88a17d4994073f065b56b759efa2c Mon Sep 17 00:00:00 2001 From: xiezheng-XD <141627292+xiezheng-XD@users.noreply.github.com> Date: Fri, 25 Aug 2023 21:51:59 +0800 Subject: [PATCH 04/13] Update README_EN.md --- tools/owl/README_EN.md | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/tools/owl/README_EN.md b/tools/owl/README_EN.md index 8a29552625..697591c77e 100644 --- a/tools/owl/README_EN.md +++ b/tools/owl/README_EN.md @@ -10,31 +10,31 @@ A dependency module feature scanning detection tool for static analysis. ### Introduction -`Owl` is a static file feature detection tool provided by `TCA`, which can quickly find the source code file or dependency file that meets certain characteristics in the specified project directory. Why was this tool developed? For example, many times our project is too big, there are many dependent files in the project folder, such as a `Java` project introduces a `log4j` this` jar `dependency, there is a circular dependency problem in a file in the project. When there is a vulnerability in a dependency package, the tool can quickly scan the suspicious dependency files in the project directory, and give the address of the dependent files to help developers quickly locate the suspicious files. +`Owl` is a static file feature detection tool provided by `TCA`, which can quickly find the source code file or dependency files that meet certain characteristics in the specified project directory. Why was this tool developed? For example, many times our projects are large, and there are many dependency files in the project folder. For instance, in a Java project, let’s say we have imported the `log4j` jar dependency, and there is a circular dependency issue in one of the project files. When a vulnerability is found in a particular dependency package, this tool can quickly scan the suspicious dependency files in the project directory and provide the location of the dependency file, helping developers to quickly locate the suspicious file. -### Reason +### Principle -The current version of the function is relatively simple, the working principle is very simple, the tool will scan a specific directory through the built-in feature code algorithm to match a specific file, and then collect the file address that matches its feature code, and then show it, it can also be redirected to a fixed `json` file to save. +The current version of the tool has relatively simple functionality, and the working principle is straightforward. The tool scans a specific directory and matches specific files through a built-in feature code algorithm. It then collects the file addresses that match their feature codes and displays them or redirects them to a fixed JSON file for storage. ! [](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yvkgtmbwj20lo0ca0tl.jpg) -`Owl` is similar to anti-virus software, and the working principle of anti-virus software is similar, `Owl` will scan the entire project according to the signature code of the dependent file, and the anti-virus library works similarly. Of course, if it is done strictly in accordance with the standard of anti-virus software, it may involve some assembler related, the current `owl` function is not so complex, the later version will join the codeql code analysis engine, through the codeql database to do static analysis function enhancement. +`Owl` is similar to antivirus software in that it works on the principle of antivirus software. `Owl` scans the entire project based on the feature codes of the dependency files, similar to the working principle of an antivirus virus library. Of course, if it strictly follows the standards of antivirus software, it may involve some assembly-related components. Currently, the functionality of `owl` is not that complex, but future versions will include the `codeql` code analysis engine to enhance the static analysis functionality using CodeQL's database. -### Start fast +### Quick Start -How to use `owl`? You can clone the warehouse then by the following command: +How to use `owl`? You can clone the repository and then use the following command: ```bash git clone github.com:Tencent/CodeAnalysis.git ` ` ` -Then switch the directory to `tools\owl` as follows: +Then navigate to the `tools\owl` directory, like this: ```bash cd CodeAnalysis/tools/owl ` ` ` -There is a `Makefile` file inside the repository that can quickly help you build binaries for the corresponding platform, for example: +Inside the repository, there is a `Makefile` that can help you quickly build the binary file for the corresponding platform, for example: ```bash $: make help @@ -44,12 +44,11 @@ make windows | Compile executable binary for Windows platform make clean | Clean up executable binary ` ` ` -** Note 📢 : ** If you do not have the `Go` environment configured on the machine, please configure the `Go` development environment before normal compilation, compilation cost binary you need to have `Go` cross-compilation knowledge, if there are problems welcome to `issued`. - +** Note 📢 : ** If you do not have the `Go` environment configured on the machine, please configure the `Go` development environment before executing the compilation. To compile into a local binary file, you need to have the knowledge of `Go` cross-compilation. If there are problems welcome to `issues`. ### How to use -The completion of the program will get a binary file, the program name is` owl `, as follows` owl `execution effect, some subcommand parameters have been listed: +After building the program, you will get a binary file named ` owl `. The following shows the execution result of ` owl `, with some subcommand parameters listed: ```bash $: ./owl @@ -83,25 +82,25 @@ If you do not know how to use the subcommand, you can enter the `--help` paramet ! [](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yz0laxdyj22ax0u07bb.jpg) -For example, if you want to find log4j, you first need to compute the log4j signature code through owl, as follows: +For example, if you want to search for `log4j`, firstly you need to calculate the feature code of `log4j` using `owl`. The command is as follows: ```bash $:. / owl md5 -- -- path = / Users/ding/Downloads/log4j - 1.2.17. Jar ` ` ` -** Note that the calculation of the feature code here must use the algorithm of the `owl` program, because the algorithm of the `owl` in the large file I use the fractional data block scheme to calculate, improve the running speed of the program, so if the use of other software algorithms then there will be problems! ** +** Note that the feature code calculation here must use the algorithm provided by the `owl` program. The algorithm in `owl` is designed for handling large files using a data block-based approach to improve program execution speed. So if you use algorithms from other software, there may be issues! ** The results are as follows: ! [](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yz54cg72j22gm0e0af2.jpg) -You can also use the hexadecimal string feature to find: +You can also use the hexadecimal string feature for searching: ```bash $: / owl hex - path = / Users/ding/Downloads/log4j - 1.2.17. Jar ` ` ` -The program will convert the corresponding file into a hexadecimal string display, as shown below: +The program will convert the corresponding file into a hexadecimal string for display, as shown in the following image: ! [](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yz7v68cbj217g0u0h0x.jpg) @@ -116,8 +115,8 @@ Search for specific dependent files: ! [](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yze6emx3j21yq0dajwn.jpg) -** If there are too many search results, you can save the results through the `--out` parameter to save in a file, the file format is` json `! ** +** If there are too many search results, you can save the results through the `--out` parameter to save in a file, whose format is` json `! ** ### Other -If you have any questions, you can raise `issue` on `TCA`, and if you have questions about this tool, you can add `owl` label on `issue` 🤝. +If you have any questions, you can raise `issue` on `TCA`, and if you have questions about this tool, you can add the `owl` tag on `issue` 🤝. From 372692d18aea2ec308e1b66a2666d8612077e98e Mon Sep 17 00:00:00 2001 From: xiezheng-XD <141627292+xiezheng-XD@users.noreply.github.com> Date: Fri, 25 Aug 2023 21:53:56 +0800 Subject: [PATCH 05/13] Update README_EN.md --- tools/owl/README_EN.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/owl/README_EN.md b/tools/owl/README_EN.md index 697591c77e..a2772a8e73 100644 --- a/tools/owl/README_EN.md +++ b/tools/owl/README_EN.md @@ -16,7 +16,7 @@ A dependency module feature scanning detection tool for static analysis. The current version of the tool has relatively simple functionality, and the working principle is straightforward. The tool scans a specific directory and matches specific files through a built-in feature code algorithm. It then collects the file addresses that match their feature codes and displays them or redirects them to a fixed JSON file for storage. -! [](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yvkgtmbwj20lo0ca0tl.jpg) +![](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yz7v68cbj217g0u0h0x.jpg) `Owl` is similar to antivirus software in that it works on the principle of antivirus software. `Owl` scans the entire project based on the feature codes of the dependency files, similar to the working principle of an antivirus virus library. Of course, if it strictly follows the standards of antivirus software, it may involve some assembly-related components. Currently, the functionality of `owl` is not that complex, but future versions will include the `codeql` code analysis engine to enhance the static analysis functionality using CodeQL's database. From 3743733335536a16d4a475554cecb27d94309312 Mon Sep 17 00:00:00 2001 From: xiezheng-XD <141627292+xiezheng-XD@users.noreply.github.com> Date: Fri, 25 Aug 2023 21:55:53 +0800 Subject: [PATCH 06/13] Update README_EN.md --- tools/owl/README_EN.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tools/owl/README_EN.md b/tools/owl/README_EN.md index a2772a8e73..8fc2cc5f51 100644 --- a/tools/owl/README_EN.md +++ b/tools/owl/README_EN.md @@ -16,7 +16,7 @@ A dependency module feature scanning detection tool for static analysis. The current version of the tool has relatively simple functionality, and the working principle is straightforward. The tool scans a specific directory and matches specific files through a built-in feature code algorithm. It then collects the file addresses that match their feature codes and displays them or redirects them to a fixed JSON file for storage. -![](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yz7v68cbj217g0u0h0x.jpg) +![](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yvkgtmbwj20lo0ca0tl.jpg) `Owl` is similar to antivirus software in that it works on the principle of antivirus software. `Owl` scans the entire project based on the feature codes of the dependency files, similar to the working principle of an antivirus virus library. Of course, if it strictly follows the standards of antivirus software, it may involve some assembly-related components. Currently, the functionality of `owl` is not that complex, but future versions will include the `codeql` code analysis engine to enhance the static analysis functionality using CodeQL's database. @@ -80,7 +80,7 @@ Use "owl [command] --help" for more information about a command. If you do not know how to use the subcommand, you can enter the `--help` parameter after the corresponding subcommand to get help information: -! [](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yz0laxdyj22ax0u07bb.jpg) +![](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yz0laxdyj22ax0u07bb.jpg) For example, if you want to search for `log4j`, firstly you need to calculate the feature code of `log4j` using `owl`. The command is as follows: @@ -92,7 +92,7 @@ $:. / owl md5 -- -- path = / Users/ding/Downloads/log4j - 1.2.17. Jar The results are as follows: -! [](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yz54cg72j22gm0e0af2.jpg) +![](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yz54cg72j22gm0e0af2.jpg) You can also use the hexadecimal string feature for searching: @@ -102,7 +102,7 @@ $: / owl hex - path = / Users/ding/Downloads/log4j - 1.2.17. Jar The program will convert the corresponding file into a hexadecimal string for display, as shown in the following image: -! [](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yz7v68cbj217g0u0h0x.jpg) +![](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yz7v68cbj217g0u0h0x.jpg) Now you can use the scanner to scan, the matching mode can be specified as` md5 `or` hex `, more modes may be added in the future, the command is as follows: @@ -112,7 +112,7 @@ $: ./owl run --dir=/Users/ding/Downloads/ --mode=md5 --code=04a41f0a068986f0f734 Search for specific dependent files: -! [](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yze6emx3j21yq0dajwn.jpg) +![](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yze6emx3j21yq0dajwn.jpg) ** If there are too many search results, you can save the results through the `--out` parameter to save in a file, whose format is` json `! ** From 394ac76fae90980cd1b5f80a88e265a17b3bd60f Mon Sep 17 00:00:00 2001 From: xiezheng-XD <141627292+xiezheng-XD@users.noreply.github.com> Date: Fri, 25 Aug 2023 21:58:54 +0800 Subject: [PATCH 07/13] Update README_EN.md --- tools/owl/README_EN.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/tools/owl/README_EN.md b/tools/owl/README_EN.md index 8fc2cc5f51..4c1d051afa 100644 --- a/tools/owl/README_EN.md +++ b/tools/owl/README_EN.md @@ -14,11 +14,11 @@ A dependency module feature scanning detection tool for static analysis. ### Principle -The current version of the tool has relatively simple functionality, and the working principle is straightforward. The tool scans a specific directory and matches specific files through a built-in feature code algorithm. It then collects the file addresses that match their feature codes and displays them or redirects them to a fixed JSON file for storage. +The current version of the tool has relatively simple functionality, and the working principle is straightforward. The tool scans a specific directory and matches specific files through a built-in feature code algorithm. It then collects the file addresses that match their feature codes and displays them or redirects them to a fixed `JSON` file for storage. ![](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yvkgtmbwj20lo0ca0tl.jpg) -`Owl` is similar to antivirus software in that it works on the principle of antivirus software. `Owl` scans the entire project based on the feature codes of the dependency files, similar to the working principle of an antivirus virus library. Of course, if it strictly follows the standards of antivirus software, it may involve some assembly-related components. Currently, the functionality of `owl` is not that complex, but future versions will include the `codeql` code analysis engine to enhance the static analysis functionality using CodeQL's database. +`Owl` is similar to antivirus software in that it works on the principle of antivirus software. `Owl` scans the entire project based on the feature codes of the dependency files, similar to the working principle of an antivirus virus library. Of course, if it strictly follows the standards of antivirus software, it may involve some assembly-related components. Currently, the functionality of `owl` is not that complex, but future versions will include the `codeql` code analysis engine to enhance the static analysis functionality using `CodeQL`'s database. ### Quick Start @@ -26,13 +26,13 @@ How to use `owl`? You can clone the repository and then use the following comman ```bash git clone github.com:Tencent/CodeAnalysis.git -` ` ` +``` Then navigate to the `tools\owl` directory, like this: ```bash cd CodeAnalysis/tools/owl -` ` ` +``` Inside the repository, there is a `Makefile` that can help you quickly build the binary file for the corresponding platform, for example: @@ -42,7 +42,7 @@ make darwin | Compile executable binary for MacOS platform make linux | Compile executable binary for Linux platform make windows | Compile executable binary for Windows platform make clean | Clean up executable binary -` ` ` +``` ** Note 📢 : ** If you do not have the `Go` environment configured on the machine, please configure the `Go` development environment before executing the compilation. To compile into a local binary file, you need to have the knowledge of `Go` cross-compilation. If there are problems welcome to `issues`. @@ -76,7 +76,7 @@ Flags: -h, --help help for owl Use "owl [command] --help" for more information about a command. -` ` ` +``` If you do not know how to use the subcommand, you can enter the `--help` parameter after the corresponding subcommand to get help information: @@ -86,7 +86,7 @@ For example, if you want to search for `log4j`, firstly you need to calculate th ```bash $:. / owl md5 -- -- path = / Users/ding/Downloads/log4j - 1.2.17. Jar -` ` ` +``` ** Note that the feature code calculation here must use the algorithm provided by the `owl` program. The algorithm in `owl` is designed for handling large files using a data block-based approach to improve program execution speed. So if you use algorithms from other software, there may be issues! ** @@ -98,7 +98,7 @@ You can also use the hexadecimal string feature for searching: ```bash $: / owl hex - path = / Users/ding/Downloads/log4j - 1.2.17. Jar -` ` ` +``` The program will convert the corresponding file into a hexadecimal string for display, as shown in the following image: @@ -108,7 +108,7 @@ Now you can use the scanner to scan, the matching mode can be specified as` md5 ```bash $: ./owl run --dir=/Users/ding/Downloads/ --mode=md5 --code=04a41f0a068986f0f73485cf507c0f40 -` ` ` +``` Search for specific dependent files: From 17941d0bffef0fc2bbd2bb8c88067b2eb5dd3b75 Mon Sep 17 00:00:00 2001 From: xiezheng-XD <141627292+xiezheng-XD@users.noreply.github.com> Date: Fri, 25 Aug 2023 22:05:09 +0800 Subject: [PATCH 08/13] Update README_EN.md --- tools/owl/README_EN.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tools/owl/README_EN.md b/tools/owl/README_EN.md index 4c1d051afa..c003447cf5 100644 --- a/tools/owl/README_EN.md +++ b/tools/owl/README_EN.md @@ -44,7 +44,7 @@ make windows | Compile executable binary for Windows platform make clean | Clean up executable binary ``` -** Note 📢 : ** If you do not have the `Go` environment configured on the machine, please configure the `Go` development environment before executing the compilation. To compile into a local binary file, you need to have the knowledge of `Go` cross-compilation. If there are problems welcome to `issues`. +**Note 📢:** If you do not have the `Go` environment configured on the machine, please configure the `Go` development environment before executing the compilation. To compile into a local binary file, you need to have the knowledge of `Go` cross-compilation. If there are problems welcome to `issues`. ### How to use @@ -85,10 +85,10 @@ If you do not know how to use the subcommand, you can enter the `--help` paramet For example, if you want to search for `log4j`, firstly you need to calculate the feature code of `log4j` using `owl`. The command is as follows: ```bash -$:. / owl md5 -- -- path = / Users/ding/Downloads/log4j - 1.2.17. Jar +$: ./owl md5 --path=/Users/ding/Downloads/log4j-1.2.17.jar ``` -** Note that the feature code calculation here must use the algorithm provided by the `owl` program. The algorithm in `owl` is designed for handling large files using a data block-based approach to improve program execution speed. So if you use algorithms from other software, there may be issues! ** +**Note that the feature code calculation here must use the algorithm provided by the `owl` program. The algorithm in `owl` is designed for handling large files using a data block-based approach to improve program execution speed. So if you use algorithms from other software, there may be issues!** The results are as follows: @@ -97,7 +97,7 @@ The results are as follows: You can also use the hexadecimal string feature for searching: ```bash -$: / owl hex - path = / Users/ding/Downloads/log4j - 1.2.17. Jar +$: ./owl hex --path=/Users/ding/Downloads/log4j-1.2.17.jar ``` The program will convert the corresponding file into a hexadecimal string for display, as shown in the following image: @@ -115,8 +115,8 @@ Search for specific dependent files: ![](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yze6emx3j21yq0dajwn.jpg) -** If there are too many search results, you can save the results through the `--out` parameter to save in a file, whose format is` json `! ** +**If there are too many search results, you can save the results through the `--out` parameter to save in a file, whose format is` json `!** -### Other +### Others -If you have any questions, you can raise `issue` on `TCA`, and if you have questions about this tool, you can add the `owl` tag on `issue` 🤝. +If you have any questions, you can raise `issue` on `TCA`, and if you have questions about this tool, you can add `owl` tag on the `issue` 🤝. From a24a79e6d7a55b1f1e82badd5f604e96eabef6bd Mon Sep 17 00:00:00 2001 From: xiezheng-XD <141627292+xiezheng-XD@users.noreply.github.com> Date: Fri, 25 Aug 2023 22:07:19 +0800 Subject: [PATCH 09/13] Update README_EN.md --- tools/owl/README_EN.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/owl/README_EN.md b/tools/owl/README_EN.md index c003447cf5..b74af2aaac 100644 --- a/tools/owl/README_EN.md +++ b/tools/owl/README_EN.md @@ -18,7 +18,7 @@ The current version of the tool has relatively simple functionality, and the wor ![](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yvkgtmbwj20lo0ca0tl.jpg) -`Owl` is similar to antivirus software in that it works on the principle of antivirus software. `Owl` scans the entire project based on the feature codes of the dependency files, similar to the working principle of an antivirus virus library. Of course, if it strictly follows the standards of antivirus software, it may involve some assembly-related components. Currently, the functionality of `owl` is not that complex, but future versions will include the `codeql` code analysis engine to enhance the static analysis functionality using `CodeQL`'s database. +`Owl` is similar to a antivirus software, it works on the principle of antivirus software. `Owl` scans the entire project based on the feature codes of the dependency files, similar to the working principle of an antivirus virus library. Of course, if it strictly follows the standards of antivirus software, it may involve some assembly-related components. Currently, the functionality of `owl` is not that complex, but future versions will include the `codeql` code analysis engine to enhance the static analysis functionality using `CodeQL`'s database. ### Quick Start From 3d84f74dee9c3fce9b485f287c44145d6a837070 Mon Sep 17 00:00:00 2001 From: xiezheng-XD <141627292+xiezheng-XD@users.noreply.github.com> Date: Fri, 25 Aug 2023 22:07:53 +0800 Subject: [PATCH 10/13] Update README_EN.md --- tools/owl/README_EN.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/owl/README_EN.md b/tools/owl/README_EN.md index b74af2aaac..5809eacdd6 100644 --- a/tools/owl/README_EN.md +++ b/tools/owl/README_EN.md @@ -18,7 +18,7 @@ The current version of the tool has relatively simple functionality, and the wor ![](https://tva1.sinaimg.cn/large/e6c9d24egy1h2yvkgtmbwj20lo0ca0tl.jpg) -`Owl` is similar to a antivirus software, it works on the principle of antivirus software. `Owl` scans the entire project based on the feature codes of the dependency files, similar to the working principle of an antivirus virus library. Of course, if it strictly follows the standards of antivirus software, it may involve some assembly-related components. Currently, the functionality of `owl` is not that complex, but future versions will include the `codeql` code analysis engine to enhance the static analysis functionality using `CodeQL`'s database. +`Owl` is similar to a antivirus software, it works on the principle of a antivirus software. `Owl` scans the entire project based on the feature codes of the dependency files, similar to the working principle of an antivirus virus library. Of course, if it strictly follows the standards of antivirus software, it may involve some assembly-related components. Currently, the functionality of `owl` is not that complex, but future versions will include the `codeql` code analysis engine to enhance the static analysis functionality using `CodeQL`'s database. ### Quick Start From d804fa061e8e0db9bbe617f2160ad4d7cb4118b5 Mon Sep 17 00:00:00 2001 From: xiezheng-XD <141627292+xiezheng-XD@users.noreply.github.com> Date: Fri, 25 Aug 2023 22:08:38 +0800 Subject: [PATCH 11/13] Update README_EN.md --- tools/owl/README_EN.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/owl/README_EN.md b/tools/owl/README_EN.md index 5809eacdd6..883d369360 100644 --- a/tools/owl/README_EN.md +++ b/tools/owl/README_EN.md @@ -44,7 +44,7 @@ make windows | Compile executable binary for Windows platform make clean | Clean up executable binary ``` -**Note 📢:** If you do not have the `Go` environment configured on the machine, please configure the `Go` development environment before executing the compilation. To compile into a local binary file, you need to have the knowledge of `Go` cross-compilation. If there are problems welcome to `issues`. +**Note 📢:** If you do not have the `Go` environment configured on the machine, please configure the `Go` development environment before executing the compilation. To compile into a local binary file, you need to have the knowledge of `Go` cross-compilation. If there are problems welcome to `issues`. ### How to use From 98099f084d11f70dbf6855145b7022f14f2ffc0f Mon Sep 17 00:00:00 2001 From: xiezheng-XD <141627292+xiezheng-XD@users.noreply.github.com> Date: Fri, 25 Aug 2023 22:09:53 +0800 Subject: [PATCH 12/13] Update README_EN.md --- tools/owl/README_EN.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/tools/owl/README_EN.md b/tools/owl/README_EN.md index 883d369360..e76baac806 100644 --- a/tools/owl/README_EN.md +++ b/tools/owl/README_EN.md @@ -53,27 +53,27 @@ After building the program, you will get a binary file named ` owl `. The follow ```bash $: ./owl -_____ _ _ __ -(_)(\/\/)() -)(_)()()(__ -(_____)(__/\__)(____) 🦉 v0.1.3 + _____ _ _ __ + ( _ )( \/\/ )( ) + )(_)( ) ( )(__ + (_____)(__/\__)(____) 🦉 v0.1.3 -A dependency module feature scanning detection tool for static analysis. + A dependency module feature scanning detection tool for static analysis. Usage: -owl [command] + owl [command] Available Commands: -completion Generate the autocompletion script for the specified shell -help Help about any command -hex File hex encoding -md5 Collection file md5 -run Execute the scanner -version Version information + completion Generate the autocompletion script for the specified shell + help Help about any command + hex File hex encoding + md5 Collection file md5 + run Execute the scanner + version Version information Flags: --h, --help help for owl + -h, --help help for owl Use "owl [command] --help" for more information about a command. ``` From e58153642a62f9d9e13d0bd4d8485a629de5cca3 Mon Sep 17 00:00:00 2001 From: xiezheng-XD <141627292+xiezheng-XD@users.noreply.github.com> Date: Fri, 25 Aug 2023 22:11:23 +0800 Subject: [PATCH 13/13] Update README.md --- tools/owl/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/owl/README.md b/tools/owl/README.md index 20add306e5..8bee3a2358 100644 --- a/tools/owl/README.md +++ b/tools/owl/README.md @@ -44,7 +44,7 @@ make windows | Compile executable binary for Windows platform make clean | Clean up executable binary ``` -**注意📢:** 如果你机器上没有配置`Go`语言环境,请下配置`Go`开发环境然后才能正常执行编译,编译成本地二进制你需要具备`Go`交叉编译知识,如果有问题欢迎提`issued`。 +**注意📢:** 如果你机器上没有配置`Go`语言环境,请下配置`Go`开发环境然后才能正常执行编译,编译成本地二进制你需要具备`Go`交叉编译知识,如果有问题欢迎提`issues`。 ### 如何使用 @@ -120,4 +120,4 @@ $: ./owl run --dir=/Users/ding/Downloads/ --mode=md5 --code=04a41f0a068986f0f734 ### 其他 -有任何问题可以在`TCA`上提`issue`,关于本工具问题可以在`issue`上添加`owl`标签🤝。 \ No newline at end of file +有任何问题可以在`TCA`上提`issue`,关于本工具问题可以在`issue`上添加`owl`标签🤝。