Add Language-Specific Command-Line Flag for Go Binary
Arker123 opened this issue · 4 comments
In scenarios where our identifier might produce false positives, we want to further enhance the user experience. To achieve this, we plan to provide users with the flexibility to manually select the appropriate languages for their binaries.
- Implement a new command-line flag, such as --language go, that allows users to specify Go as the language of the binary.
--language [go, rust, dotnet] could make sense, and maybe --language none to skip language identification
alternatives:
--lang--format--extract
I think it should be feasible to signature some common internal routines in each of these languages to suggest/auto apply a flag such as this
Thank you for sharing your thoughts. We actually have a script in place for this here. The current issue was raised to address potential false positives with the identifier, aiming to enhance the user experience. To mitigate this, users have the flexibility to manually select the languages. I will certainly be more cautious when describing the issue in the future.
Thank you for letting me know, I was not aware!
I took a look at the identification used for go just now, it may be nice to extend the Go detections to include binaries with custom magics. This can be the case for garble obfuscated Go binaries. Here https://github.com/mandiant/flare-floss/blob/master/floss/language/identify.py#L85
Using strings from the linked go runtime may be good to signature off of in addition, or perhaps signature scans on runtime code for each arch x version. A strings based approach may be sufficient though.