DiscouragedFunctionUnitTest.inc Security Flag

Question

DiscouragedFunctionUnitTest.inc Security Flag

Opened this issue 2 years ago · 5 comments

I've noticed recently that the file DiscouragedFunctionUnitTest.inc file is being flagged by Maldetect scan on Linux.

malware hit {CAV}Php.Backdoor.Generic-10006641-0 found for /vendor/magento/magento-coding-standard/Magento2/Tests/Functions/DiscouragedFunctionUnitTest.inc

maldet(7084): {hit} malware hit {CAV}Php.Backdoor.Generic-10006641-0 found for /.cache/composer/files/magento/magento-coding-standard/5cf0da126fda162c53eba8037babc7efd1dae3a9.zip

My file matches the original file here in code and size. I reinstalled the entire vendor folder and rescanned and it still flags in Maldetect. Looks like a false positive to me?

Answer 1 · 2023-08-01T14:17:40.000Z

Hi @drinkingsouls. Thank you for your report.
To speed up processing of this issue, make sure that you provided sufficient information.
Add a comment to assign the issue: @magento I am working on this

Join Magento Community Engineering Slack and ask your questions in #github channel.

Answer 2 · 2023-08-01T14:36:20.000Z

Yes, that's a false positive alert. I've opened #461 to avoid this going forward.

Answer 3 · 2023-08-01T16:32:14.000Z

@fredden thanks for confirming 👍
Odd one to diagnose from my end. My live site flags this file via Maldetect but my clone does not. Different Ubuntu versions but otherwise the same code. Also, the file was not previously flagged but has started to as of the past couple days.
Any thoughts on this?
Thank you.

Answer 4 · 2023-08-01T16:33:46.000Z

@drinkingsouls that sounds like a question for the provider of that scanning tool.

Answer 5 · 2023-08-01T16:37:19.000Z

@fredden good idea, I'll have a dig with Maldetect and see if they can pinpoint. Viewing the file, I can definitely see why it would flag base64 decode etc. As long as we're sure it's a false flag!