e-m-b-a · m-1-k-3 · Jan 29, 2025 · Jan 29, 2025 · Feb 2, 2025
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,9 +1,9 @@
 services:
   # nosemgrep
   emba:
-    image: embeddedanalyzer/emba:1.5.1b
+    image: embeddedanalyzer/emba:1.5.1d
     container_name: emba
-    read_only: true
+    read_only: false
     # all pre-checker mount modules need privileged mode
     # nosemgrep
     privileged: true
@@ -51,7 +51,7 @@ services:
         soft: 0
 
   emba_quest:
-    image: embeddedanalyzer/emba:1.5.1b
+    image: embeddedanalyzer/emba:1.5.1d
     container_name: emba_quest
     read_only: true
     tmpfs:

diff --git a/helpers/helpers_emba_print.sh b/helpers/helpers_emba_print.sh
@@ -983,7 +983,7 @@ secure_sleep() {
     sleep 10
     lCUR_SLEEP_TIME=$((lCUR_SLEEP_TIME + 10))
     if check_emba_ended; then
-      return
+      exit
     fi
   done
 }

diff --git a/installer.sh b/installer.sh
@@ -396,6 +396,8 @@ if [[ "${CVE_SEARCH}" -ne 1 ]] || [[ "${DOCKER_SETUP}" -ne 1 ]] || [[ "${IN_DOCK
 
   IL15_emulated_checks_init
 
+  IF17_cve_bin_tool
+
   IF50_aggregator_common
 fi
 

diff --git a/installer/IF17_cve_bin_tool.sh b/installer/IF17_cve_bin_tool.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+
+# EMBA - EMBEDDED LINUX ANALYZER
+#
+# Copyright 2020-2025 Siemens Energy AG
+#
+# EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+# EMBA is licensed under GPLv3
+#
+# Author(s): Michael Messner
+
+# Description:  Installs cve-bin-tool including database for offline work
+
+IF17_cve_bin_tool() {
+  module_title "${FUNCNAME[0]}"
+
+  if [[ "${LIST_DEP}" -eq 1 ]] || [[ "${IN_DOCKER}" -eq 1 ]] || [[ "${DOCKER_SETUP}" -eq 0 ]] || [[ "${FULL}" -eq 1 ]]; then
+
+    INSTALL_APP_LIST=()
+
+    if [[ "${LIST_DEP}" -eq 1 ]] || [[ "${IN_DOCKER}" -eq 1 ]] || [[ "${DOCKER_SETUP}" -eq 0 ]] ; then
+      print_tool_info "gsutil"
+      # print_pip_info "cve_bin_tool"
+      print_git_info "cve-bin-tool" "https://github.com/EMBA-support-repos/cve-bin-tool.git" "cve-bin-tool"
+    fi
+
+    if [[ "${LIST_DEP}" -eq 1 ]] || [[ "${DOCKER_SETUP}" -eq 1 ]] ; then
+      ANSWER=("n")
+    else
+      echo -e "\\n""${MAGENTA}""${BOLD}""${BINUTIL_VERSION_NAME}"" will be downloaded (if not already on the system) and objdump compiled!""${NC}"
+    fi
+
+    case ${ANSWER:0:1} in
+      y|Y )
+        apt-get install "${INSTALL_APP_LIST[@]}" -y --no-install-recommends
+
+        # radare2
+        echo -e "${ORANGE}""${BOLD}""Install cve-bin-tool""${NC}"
+        git clone https://github.com/EMBA-support-repos/cve-bin-tool.git external/cve-bin-tool
+        cd external/cve-bin-tool || ( echo "Could not install EMBA component cve-bin-tool" && exit 1 )
+        pip install -U -r requirements.txt
+        python3 -m pip install -e .
+        cd "${HOME_PATH}" || ( echo "Could not install EMBA component cve-bin-tool" && exit 1 )
+        python3 external/cve-bin-tool/cve_bin_tool/cli.py --update now || true
+        cp -pr "${HOME}"/.cache/cve-bin-tool ./external/cve-bin-tool/cache_cve-bin-tool
+      ;;
+    esac
+  fi
+}
diff --git a/modules/L10_system_emulation.sh b/modules/L10_system_emulation.sh
@@ -365,7 +365,7 @@ create_emulation_filesystem() {
 
     print_output "[*] fixImage.sh (chroot)"
     cp "${MODULE_SUB_PATH}/fixImage.sh" "${MNT_POINT}" || true
-    EMBA_BOOT=${EMBA_BOOT} EMBA_ETC=${EMBA_ETC} timeout --preserve-status --signal SIGINT 120 chroot "${MNT_POINT}" /busybox ash /fixImage.sh | tee -a "${LOG_FILE}"
+    EMBA_BOOT=${EMBA_BOOT} EMBA_ETC=${EMBA_ETC} timeout --preserve-status --signal SIGINT 120 chroot "${MNT_POINT}" /busybox ash /fixImage.sh || true | tee -a "${LOG_FILE}"
 
     # ensure that the needed permissions for exec files are set correctly
     # This is needed at some firmwares have corrupted permissions on ELF or sh files

diff --git a/modules/S08_main_package_sbom_modules/S08_submodule_java_archives_parser.sh b/modules/S08_main_package_sbom_modules/S08_submodule_java_archives_parser.sh
@@ -109,6 +109,20 @@ S08_submodule_java_archives_parser() {
       lPURL_IDENTIFIER=$(build_purl_identifier "${lOS_IDENTIFIED:-NA}" "java" "${lAPP_NAME:-NA}" "${lAPP_VERS:-NA}" "${lAPP_ARCH:-NA}")
       local lSTRIPPED_VERSION="::${lAPP_NAME}:${lAPP_VERS:-NA}"
 
+      # for the dependencies we can check for pom.xml
+      local lPOM_XML=""
+      lPOM_XML=$(unzip -l "${lJAVA_ARCHIVE}" | awk '{print $4}' | grep pom.xml || true)
+      if [[ -n "${lPOM_XML}" ]]; then
+        write_log "[*] Found pom.xml metadata in ${lJAVA_ARCHIVE}. Analysis is currently not supported" "${LOG_PATH_MODULE}/${lPACKAGING_SYSTEM}.txt"
+        unzip -p "${lJAVA_ARCHIVE}" "${lPOM_XML}" | tee -a "${LOG_PATH_MODULE}/${lPACKAGING_SYSTEM}.txt"
+        write_log "[*] Please open an issue at https://github.com/e-m-b-a/emba/issues and provide the Java package" "${LOG_PATH_MODULE}/${lPACKAGING_SYSTEM}.txt"
+        # We could do something like the following
+          # unzip -p "${lJAVA_ARCHIVE}" "${lPOM_XML}" | xpath -e project/dependencies
+          # unzip -p "${lJAVA_ARCHIVE}" "${lPOM_XML}" | xpath -e project/dependencies/dependency
+          # unzip -p "${lJAVA_ARCHIVE}" "${lPOM_XML}" | xpath -e project/dependencies/dependency[1]/version
+        # With a usefull java package we are going to implement this mechanism
+      fi
+
       # add the python requirement path information to our properties array:
       # Todo: in the future we should check for the package, package hashes and which files
       # are in the package
-Original file line number
+Diff line change
@@ Expand Up / @@ -983,7 +983,7 @@ secure_sleep() { @@
         sleep 10
         lCUR_SLEEP_TIME=$((lCUR_SLEEP_TIME + 10))
         if check_emba_ended; then
-          return
+          exit
         fi
       done
     }
@@ Expand Down @@