Intrinsic Verification - Direct Malware Detection #16
Description
This standalone application is intended to be used in running automated static code scans on each release of wp-plugin and wp-theme packages to assess whether they contain suspected malware. These checks will be based on static code scans rather than runtime evaluation or CVE checks using available APIs. Examples of prior art are shown here along with other resources, but are not intended as an exhaustive or approved list of libraries to be used.
As described in Direct Malware Detection:
- Scan for known exploits
- aboutcode-org/vulnerablecode: free and open vuln db
- Heuristic malware scan
- e.g., DataDog GuardDog CLI tool to Identify malicious PyPI and npm packages (no php); includes GitHub actions
- MISP Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing
- MISP Project · GitHub (Python 3, AGPL)
- MISP Modules Documentation
- MISP Modules for expansion services, enrichment, import and export in MISP and other tools. includes CVE lookups, DNS, domain tools, IPinfo.io RBL lookup, EUPI Phishing Initiative, Google Threat Intelligence and VirusTotal APIs, Have I Been Pwned, IP Intelligence IPQS, Socialscan, etc.
- Append results to fair-forge-meta per spec
Resulting output to STDOUT is fine, can be piped where we need it later. Output format should be along these lines: