Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Potential false positives #19

Open
mira-miracoli opened this issue Nov 27, 2024 · 0 comments
Open

Potential false positives #19

mira-miracoli opened this issue Nov 27, 2024 · 0 comments

Comments

@mira-miracoli
Copy link
Contributor

Bug description:
walle ran with the following args on cron:

BASH_ENV=/opt/galaxy/.bashrc bash -c "  source /opt/galaxy/venv/bin/activate; /opt/galaxy/venv/bin/python  /usr/local/sbin/walle.py  --tool interactive    --max-size 10   --since 24     --delete-user HIGH

to test it, I created an account, started a jupyter notebook and downloaded xmrig linux stable which has a signature in intergalactic-most-wanted-list.
Instead of just deleting this test account, it also deleted another account, one of a user who's account is >2 years old and frequently used. I checked the logs and from what I saw it was impossible that this user (or someone who hacked their account) downloaded malware in the interactive tool they were running. Because the IT was not even accessed after it started.

My suspicion is that, despite all manual testing, the hashing function is faulty.

@mira-miracoli mira-miracoli changed the title Potentially has false positives Potential false positives Nov 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant