{"id":13529918,"url":"https://github.com/cruise-automation/fwanalyzer","last_synced_at":"2025-04-05T17:02:37.829Z","repository":{"id":45778361,"uuid":"198691310","full_name":"cruise-automation/fwanalyzer","owner":"cruise-automation","description":"a tool to analyze filesystem images for security","archived":false,"fork":false,"pushed_at":"2023-10-08T15:26:40.000Z","size":14205,"stargazers_count":499,"open_issues_count":3,"forks_count":74,"subscribers_count":25,"default_branch":"master","last_synced_at":"2025-03-29T16:01:54.723Z","etag":null,"topics":["android","embedded-linux","filesystem","filesystem-images","filesystem-security","firmware-analysis","firmware-tools","liunx","security-audit","security-automation","security-tools"],"latest_commit_sha":null,"homepage":"https://www.fwanalyzer.io","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cruise-automation.png","metadata":{"files":{"readme":"Readme.md","changelog":"Changelog.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2019-07-24T18:41:14.000Z","updated_at":"2025-03-11T10:52:54.000Z","dependencies_parsed_at":"2023-01-21T14:04:08.511Z","dependency_job_id":"b314e49b-66b4-4497-b11a-b616a7107c28","html_url":"https://github.com/cruise-automation/fwanalyzer","commit_stats":null,"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cruise-automation%2Ffwanalyzer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cruise-automation%2Ffwanalyzer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cruise-automation%2Ffwanalyzer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cruise-automation%2Ffwanalyzer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cruise-automation","download_url":"https://codeload.github.com/cruise-automation/fwanalyzer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247369947,"owners_count":20927927,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","embedded-linux","filesystem","filesystem-images","filesystem-security","firmware-analysis","firmware-tools","liunx","security-audit","security-automation","security-tools"],"created_at":"2024-08-01T07:00:40.751Z","updated_at":"2025-04-05T17:02:37.786Z","avatar_url":"https://github.com/cruise-automation.png","language":"Go","funding_links":[],"categories":["\u003ca id=\"9eee96404f868f372a6cbc6769ccb7f8\"\u003e\u003c/a\u003e新添加的","Automated Vulnerability Detection","\u003ca id=\"9eee96404f868f372a6cbc6769ccb7f8\"\u003e\u003c/a\u003e工具","Firmware Security","Software Tools","Go"],"sub_categories":["\u003ca id=\"31185b925d5152c7469b963809ceb22d\"\u003e\u003c/a\u003e新添加的","Static Analysis Tools","Security Auditing Frameworks","Analysis Frameworks"],"readme":"# FwAnalyzer (Firmware Analyzer)\n\n[![CircleCI](https://circleci.com/gh/cruise-automation/fwanalyzer.svg?style=shield)](https://circleci.com/gh/cruise-automation/fwanalyzer)\n\n\nFwAnalyzer is a tool to analyze (ext2/3/4), FAT/VFat, SquashFS, UBIFS filesystem images,\ncpio archives, and directory content using a set of configurable rules.\nFwAnalyzer relies on [e2tools](https://github.com/crmulliner/e2tools/) for ext filesystems,\n[mtools](https://www.gnu.org/software/mtools/) for FAT filesystems,\n[squashfs-tools](https://github.com/plougher/squashfs-tools) for SquashFS filesystems, and\n[ubi_reader](https://github.com/crmulliner/ubi_reader) for UBIFS filesystems.\n[cpio](https://www.gnu.org/software/cpio/) for cpio archives.\nSELinux/Capability support for ext2/3/4 images requires a patched version of [e2tools](https://github.com/crmulliner/e2tools/).\nSELinux/Capability support for SquashFS images requires a patched version of [squashfs-tools](https://github.com/crmulliner/squashfs-tools/).\n\n![fwanalyzer](images/fwanalyzer.png)\n\n## Overview\n\nThe main idea of **FwAnalyzer** is to provide a tool for rapid analysis of\nfilesystem images as part of a firmware security Q\u0026A check suite. FwAnalyzer\ntakes a configuration file that defines various rules for files and directories\nand runs the configured checks against a given filesystem image. The output of\nFwAnalyzer is a report, which contains the list of files that violate any of\nthe rules specified in the configuration. The report further contains meta\ninformation about the filesystem image and, if configured, information\nextracted from files within the analyzed filesystem. The report is formatted\nusing JSON so it can be easily integrated as a step in a larger analysis.\n\nExample report:\n\n```json\n{\n    \"fs_type\": \"extfs\",\n    \"image_digest\": \"9d5fd9acc98421b46976f283175cc438cf549bb0607a1bca6e881d3e7f323794\",\n    \"image_name\": \"test/test.img\",\n    \"current_file_tree_path\": \"test/oldtree.json.new\",\n    \"old_file_tree_path\": \"test/oldtree.json\",\n    \"data\": {\n        \"Version\": \"1.2.3\",\n        \"date1 file\": \"Mon Oct  1 16:13:05 EDT 2018\\n\"\n    },\n    \"informational\": {\n        \"/bin\": [\n                \"CheckFileTree: new file: 40755 1001:1001 1024 0 SeLinux label: -\"\n        ],\n    },\n    \"offenders\": {\n        \"/bin/elf_arm32\": [\n                \"script(check_file_elf_stripped.sh) returned=elf_arm32 is not stripped\"\n        ],\n        \"/file1\": [\n                \"File not allowed\"\n        ],\n        \"/file2\": [\n                \"File is WorldWriteable, not allowed\",\n                \"File Uid not allowed, Uid = 123\"\n        ],\n    }\n}\n```\n\n## Building and Development\n\nFollow the steps described in [Building](Building.md) to install all\nrequirements and build FwAnalyzer.\n\n## Using FwAnalyzer\n\nCommand line options\n- `-cfg`         : string, path to the config file\n- `-cfgpath`     : string, path to config file and included files (can be repeated)\n- `-in`          : string, filesystem image file or path to directory\n- `-out`         : string, output report to file or stdout using '-'\n- `-extra`       : string, overwrite directory to read extra data from (e.g. filetree, filecmp)\n- `-ee`          : exit with error if offenders are present\n- `-invertMatch` : invert regex matches (for testing)\n\nExample:\n```sh\nfwanalyzer -cfg system_fwa.toml -in system.img -out system_check_output.json\n```\n\nExample for using custom scripts stored in the _scripts/_ directory:\n```sh\nPATH=$PATH:./scripts fwanalyzer -cfg system_fwa.toml -in system.img -out system_check_output.json\n```\n\nThe [_devices/_](devices/) folder contains helper scripts for unpacking and\ndealing with specific device types and firmware package formats such as\n[Android](devices/android). It also includes general configuration files that\ncan be included in target specific FwAnalyzer configurations.\n\n_check.py_ in the [_devices/_](devices) folder provides a universal script to\neffectively use FwAnalyzer, see [devices/Readme.md](devices/Readme.md) for\ndetails. This likely is how most people will invoke FwAnalyzer.\n\nThe [_scripts/_](scripts/) folder contains helper scripts that can be called\nfrom FwAnalyzer for file content analysis and data extraction. Most interesting\nshould be our checksec wrapper [_check_sec.sh_](scripts/check_sc.sh), see the\n[Checksec Wrapper Readme](Checksec.md).\n\n## Config Options\n\n### Global Config\n\nThe global config is used to define some general parameters.\n\nThe `FsType` (filesystem type) field selects the backend that is used to access\nthe files in the image. The supported options for FsType are:\n\n- `dirfs`: to read files from a directory on the host running fwanalyzer, supports Capabilities (supported FsTypeOptions are: N/A)\n- `extfs`: to read ext2/3/4 filesystem images (supported FsTypeOptions are: `selinux` and `capabilities`)\n- `squashfs`: to read SquashFS filesystem images (supported FsTypeOptions are: `securityinfo`)\n- `ubifs`: to read UBIFS filesystem images (supported FsTypeOptions are: N/A)\n- `vfatfs`: to read VFat filesystem images (supported FsTypeOptions are: N/A)\n- `cpiofs`: to read cpio archives (supported FsTypeOptions are: `fixdirs`)\n\nThe FsTypeOptions allow tuning of the FsType driver.\n- `securityinfo`: will enable selinux and capability support for SquashFS images\n- `capabilities`: will enable capability support when reading ext filesystem images\n- `selinux`: will enable selinux support when reading ext filesystem images\n- `fixdirs`: will attempt to work around a cpio issue where a file exists in a directory while there is no entry for the directory itself\n\nThe `DigestImage` option will generate a SHA-256 digest of the filesystem image\nthat was analyzed, the digest will be included in the output.\n\nExample:\n```toml\n[GlobalConfig]\nFsType        = \"extfs\"\nFsTypeOptions = \"selinux\"\nDigestImage   = true\n```\n\nExample Output:\n```json\n\"fs_type\": \"extfs\",\n\"image_digest\": \"9d5fd9acc98421b46976f283175cc438cf549bb0607a1bca6e881d3e7f323794\",\n\"image_name\": \"test/test.img\",\n```\n\n### Include\n\nThe `Include` statement is used to include other FwAnalyzer configuration files\ninto the configuration containing the statement. The include statement can\nappear in any part of the configuration.\n\nThe `-cfgpath` parameter sets the search path for include files.\n\nExample:\n```toml\n[Include.\"fw_base.toml\"]\n```\n\n### Global File Checks\n\nThe `GlobalFileChecks` are more general checks that are applied to the entire filesystem.\n- `Suid`: bool, (optional) if enabled the analysis will fail if any file has the sticky bit set (default: false)\n- `SuidAllowedList`: string array, (optional) allows Suid files (by full path) for the Suid check\n- `WorldWrite`: bool, (optional) if enabled the analysis will fail if any file can be written to by any user (default: false)\n- `SELinuxLabel`: string, (optional) if enabled the analysis will fail if a file does NOT have an SeLinux label\n- `Uids`: int array, (optional) specifies every allowed UID in the system, every file needs to be owned by a Uid specified in this list\n- `Gids`: int array, (optional) specifies every allowed GID in the system, every file needs to be owned by a Gid specified in this list\n- `BadFiles`: string array, (optional) specifies a list of unwanted files, allows wildcards such as `?`, `*`, and `**` (no file in this list should exist)\n- `BadFilesInformationalOnly`: bool, (optional) the result of the BadFile check will be Informational only (default: false)\n- `FlagCapabilityInformationalOnly`: bool, (optional) flag files for having a Capability set as Informational (default: false)\n\nExample:\n```toml\n[GlobalFileChecks]\nSuid          = true\nSuidAllowedList = [\"/bin/sudo\"]\nSELinuxLabel  = false\nWorldWrite    = true\nUids          = [0,1001,1002]\nGids          = [0,1001,1002]\nBadFiles      = [\"/file99\", \"/file1\", \"*.h\"]\n```\n\nExample Output:\n```json\n\"offenders\": {\n  \"/bin/su\": [ \"File is SUID, not allowed\" ],\n  \"/file1\":  [ \"File Uid not allowed, Uid = 123\" ],\n  \"/world\":  [ \"File is WorldWriteable, not allowed\" ],\n}\n```\n\n### Link Handling\n\nWith links we refer to soft links. Links can point to files on a different\nfilesystem, therefore, we handle them in a special way. Link handling requires\na patched version of e2tools:\n\n- [e2tools](https://github.com/crmulliner/e2tools/tree/link_support) with link support\n\n`FileStatCheck` will handle links like you would expect it. However if\n`AllowEmpty` is `false` and the file is a link then the check fails.\n\nAll other checks and dataextract will fail if the file is a link. Those checks\nneed to be pointed to the actual file (the file the link points to).\n\n### File Stat Check\n\nThe `FileStatCheck` can be used to model the metadata for a specific file or\ndirectory. Any variation of the configuration will be reported as an offender.\n\n- `AllowEmpty`: bool, (optional) defines that the file can have zero size will\n  cause error if file is link (default: false)\n- `Uid`: int, (optional) specifies the UID of the file, not specifying a UID or\n  specifying -1 will skip the check\n- `Gid`: int, (optional) specifies the GID of the file, not specifying a GID or\n  specifying -1 will skip the check\n- `Mode`: string, (optional) specifies the UN*X file mode/permissions in octal,\n  not specifying a mode will skip the check\n- `SELinuxLabel`: string, (optional) the SELinux label of the file (will skip\n  the check if not set)\n- `LinkTarget`: string, (optional) the target of a symlink, not specifying a\n  link target will skip the check. This is currently supported for `dirfs`,\n  `squashfs`, `cpiofs`, `ubifs`, and `extfs` filesystems.\n- `Capability`: string array, (optional) list of capabilities (e.g.\n  cap_net_admin+p).\n- `Desc`: string, (optional) is a descriptive string that will be attached to\n  the report if there is a failed check\n- `InformationalOnly`: bool, (optional) the result of the check will be\n  Informational only (default: false)\n\nExample:\n```toml\n[FileStatCheck.\"/etc/passwd\"]\nAllowEmpty = false\nUid        = 0\nGid        = 0\nMode       = \"0644\"\nDesc       = \"this need to be this way\"\n```\n\nExample Output:\n```json\n\"offenders\": {\n  \"/file2\": [ \"File State Check failed: size: 0 AllowEmpyt=false : this needs to be this way\" ],\n}\n```\n\n### File Path Owner Check\n\nThe `FilePathOwner` check can be used to model the file/directory ownership for\na entire tree of the filesystem. The check fails if any file or directory with\nin the given directory is not owned by the specified `Uid` and `Gid`  (type:\nint).\n\nExample:\n```toml\n[FilePathOwner.\"/bin\"]\nUid = 0\nGid = 0\n```\n\nExample Output:\n```json\n\"offenders\": {\n  \"/dir1/file3\": [ \"FilePathOwner Uid not allowed, Uid = 1002 should be = 0\",\n                   \"FilePathOwner Gid not allowed, Gid = 1002 should be = 0\" ],\n}\n```\n\n### File Content Check\n\nThe `FileContent` check allows to inspect the content of files. The content of\na file can be check using four different methods. The file content check can be\nrun in non enforcement mode by setting `InformationalOnly` to true (default is false).\nInformationalOnly checks will produce informational element in place of an\noffender.\n\n#### Example: Regular Expression on entire file body\n\n- `File`: string, the full path of the file\n- `RegEx`: string, posix/golang regular expression\n- `RegExLineByLine`: bool, (optional) apply regex on a line by line basis,\n  matching line will be in result (default: false)\n- `Match`: bool, (optional) indicate if the regular expression should match or\n  not match (default: false)\n- `Desc`: string, (optional) is a descriptive string that will be attached to\n  failed check\n- `InformationalOnly`: bool, (optional) the result of the check will be\n  Informational only (default: false)\n\nExample:\n```toml\n[FileContent.\"RegExTest1\"]\nRegEx = \".*Ver=1337.*\"\nMatch = true\nFile  = \"/etc/version\"\n```\n\n#### Example: SHA-256 digest calculated over the file body\n\n- `File`: string, the full path of the file\n- `Digest`: string, HEX encoded digest\n- `Desc`: string, (optional) is a descriptive string that will be attached to\n  failed check\n- `InformationalOnly`: bool, (optional) the result of the check will be\n  Informational only\n\nExample:\n```toml\n[FileContent.\"DigestTest1\"]\nDigest = \"8b15095ed1af38d5e383af1c4eadc5ae73cab03964142eb54cb0477ccd6a8dd4\"\nFile   = \"/ver\"\n```\n\nExample Output:\n\n```json\n\"offenders\": {\n  \"/ver\": [ \"Digest (sha256) did not match found = 44c77e41961f354f515e4081b12619fdb15829660acaa5d7438c66fc3d326df3 should be = 8b15095ed1af38d5e383af1c4eadc5ae73cab03964142eb54cb0477ccd6a8dd4.\" ],\n}\n```\n\n#### Example: Run an external script passing the filename to the script\n\nThe file is extracted into a temp directory with a temp name before the script\nis executed. The check produces an offender if the script produced output on\nstdout or stderr.\n\n- `File`: string, the full path of the file or directory\n- `Script`: string, the full path of the script\n- `ScriptOptions`: string array, (optional) the first element allows to define\n  a pattern containing wildcards like `?`, `*`, and `**` that is applied to\n  filenames if present it will only check files that match the pattern, this is\n  mostly useful when running the script on a directory. Arguments can be passed\n  to the script using the second and following elements.\n- `File`: string, the full path of the file, if the path points to a directory\n  the script is run for every file in the directory and subdirectories\n\n- `Desc`: string, (optional) is a descriptive string that will be attached to\n  failed check\n- `InformationalOnly`: bool, (optional) the result of the check will be\n  Informational only (default: false)\n\nIf the `--` is present it indicates that the next argument is from the\n`ScriptOptions[1..N]`. The script is run with the following arguments:\n\n```\n\u003ctmp filename\u003e \u003coriginal filename (fullpath)\u003e \u003cuid\u003e \u003cgid\u003e \u003cmode in octal\u003e \u003cselinux label or \"-\" for no label\u003e [--] [script argument 1] ... [script argument N]\n```\n\nExample:\n```toml\n[FileContent.\"ScriptTest1\"]\nScript = \"check_file_x8664.sh\"\nFile   = \"/bin\"\n```\n\nExample Output:\n```json\n\"offenders\": {\n  \"/bin/elf_arm32\": [ \"script(check_file_x8664.sh) returned=elf_arm32 not a x86-64 elf file\" ],\n}\n```\n\n#### Json Field Compare\n\n- `File`: string, the full path of the file\n- `Json`: string, the field name using the dot (.) notation to access a field\n  within an object with a colon (:) separating the required value. All types\n  will be converted to string and compared as a string. Json arrays can be\n  index by supplying the index instead of a field name.\n- `Desc`: string, (optional) is a descriptive string that will be attached to\n  failed check\n- `InformationalOnly`: bool, (optional) the result of the check will be\n  Informational only (default: false)\n\nExample:\n```toml\n[FileContent.\"System_Arch\"]\nJson = \"System.Arch:arm64\"\nFile   = \"/system.json\"\nDesc = \"arch test\"\n```\n\nExample Input:\n```json\n{\n  \"System\": {\n    \"Version\": 7,\n    \"Arch\": \"arm32\",\n    \"Info\": \"customized\"\n  }\n}\n```\n\nExample Output:\n```json\n\"offenders\": {\n  \"/system.json\": [ \"Json field System.Arch = arm32 did not match = arm64, System.Arch, arch test\" ],\n}\n```\n\n### File Compare Check\n\nThe `FileCmp` (File Compare) check is a mechanism to compare a file from a\nprevious run with the file from the current run. The main idea behind this\ncheck is to provide more insights into file changes, since it allows comparing\ntwo versions of a file rather than comparing only a digest.\n\nThis works by saving the file as the `OldFilePath` (if it does not exist) and\nskipping the check at the first run. In consecutive runs the current file and\nthe saved old file will be copied to a temp directory. The script will be\nexecuted passing the original filename, the path to the old file and the path\nto the current file as arguments. If the script prints output the check will be\nmarked as failed.\n\n- `File`: string, the full path of the file\n- `Script`: string, path to the script\n- `ScriptOptions`: string array, (optional) arguments passed to the script\n- `OldFilePath`: string, filename (absolute or relative) to use to store old file\n- `InformationalOnly`: bool, (optional) the result of the check will be Informational only (default: false)\n\nScript runs as:\n```sh\nscript.sh \u003cOrigFilename\u003e \u003coldFile\u003e \u003cnewFile\u003e [--] [argument 1] .. [argument N]\n```\n\nExample:\n```toml\n[FileCmp.\"test.txt\"]\nFile = \"/test.txt\"\nScript = \"diff.sh\"\nOldFilePath = \"test.txt\"\nInformationalOnly = true\n```\n\n### File Tree Check\n\nThe `FileTree` check generates a full filesystem tree (a list of every file and directory) and compares it with a previously saved file tree. The check will produce an informational output listing new files, deleted files, and modified files.\n\n`CheckPath` (string array) specifies the paths that should be included in the check. If CheckPath is not set it will behave like it was set to `[\"/\"]` and will include the entire filesystem. If CheckPath was set to `[]` it will generate the file tree but will not check any files.\n\n`OldFileTreePath` specifies the filename to read the old filetree from, if a new filetree is generated (e.g. because the old filetree does not exist yet)\nthe newly generated filetree file is OldFileTreePath with \".new\" appeneded to it.\n\nThe `OldFileTreePath` is relative to the configuration file. This means for '-cfg testdir/test.toml' with OldTreeFilePath = \"test.json\" fwanalyzer will\ntry to read 'testdir/test.json'. The `-extra` command line option can be used to overwrite the path: '-cfg testdir/test.toml -extra test1' will try to\nread 'test1/test.json'. Similar the newly generated filetree file will be stored in the same directory.\n\nFile modification check can be customized with:\n\n- `CheckPermsOwnerChange`: bool, (optional) will tag a file as modified if owner or permission (mode) are changed (default: false)\n- `CheckFileSize`: bool, (optional) will tag a file as modified is the sized changed (default: false)\n- `CheckFileDigest`: bool, (optional) will tag a file as modified if the content changed (comparing it's SHA-256 digest) (default: false)\n- `SkipFileDigest`: bool, (optional) skip calculating the file digest (useful for dealing with very big files, default is: false)\n\nExample:\n```toml\n[FileTreeCheck]\nOldTreeFilePath       = \"testtree.json\"\nCheckPath             = [ \"/etc\", \"/bin\" ]\nCheckPermsOwnerChange = true\nCheckFileSize         = true\nCheckFileDigest       = false\n```\n\nExample Output:\n```json\n\"informational\": {\n    \"/bin/bla\": [ \"CheckFileTree: new file: 40755 1001:1001 1024 0 SeLinux label: -\" ]\n}\n```\n\n### Directory Content Check\n\nThe `DirCheck` (Directory content) check specifies a set of files that are\nallowed to be, or required to be, in a specified directory. Any other file or\ndirectory found in that directory will be reported as an offender. If an\n`Allowed` file isn't found, the check will pass. If a `Required` file is not\nfound, it will be reported as an offender.\n\nThe file entries can contain wildcards like `?`, `*`, and  `**`. The allowed patterns are described in\nthe [golang documentation](https://golang.org/pkg/path/filepath/#Match).\n\nOnly one `DirCheck` entry can exist per directory.\n\nExample:\n```toml\n[DirContent.\"/home\"]\nAllowed = [\"collin\", \"jon\"]\nRequired = [\"chris\"]\n```\n\n### Data Extract\n\nThe `DataExtract` option allows extracting data from a file and including it in\nthe report.  Data can be extracted via regular expression, by running an\nexternal script, or by reading a JSON object. The extracted data can later be\nused by the post processing script.\n\nThe Data Extract functionality adds the data to the report as a map of\nkey:value pairs.  The key is defined as the name of the statement or by the\noptional Name parameter.  The value is the result of the regular expression or\nthe output of the script.\n\n#### Example: Regular expression based data extraction\n\nThe output generated by the regular expression will be stored as the value for\nthe name of this statement, the example below is named \"Version\".\n\n- `File`: string, the full path of the file\n- `RegEx`: string, regular expression with one matching field\n- `Name`: string, (optional) the key name\n- `Desc`: string, (optional) description\n\nExample:\n\nThe key \"Version\" will contain the output of the regular expression.\n```toml\n[DataExtract.\"Version\"]\nFile   = \"/etv/versions\"\nRegEx  = \".*Ver=(.+)\\n\"\nDesc   = \"Ver 1337 test\"\n```\n\nExample Output:\n```json\n\"data\": {\n  \"Version\": \"1.2.3\",\n}\n```\n\n#### Example: Script-based data extraction\n\nThe output generated by the script will be stored as the value for the name of\nthis statement, the example below is named LastLine.\n\n- `File`: string, the full path of the file\n- `Script`:string, the full path of the script\n- `ScriptOptions`: string array (optionl), arguments to pass to the script\n- `Name`: string, (optional) the key name\n- `Desc`: string, (optional) description\n\nThe script is run with the following arguments:\n\n```\n\u003ctmp filename\u003e \u003coriginal filename (fullpath)\u003e \u003cuid\u003e \u003cgid\u003e \u003cmode in octal\u003e \u003cselinux label or \"-\" for no label\u003e [--] [script argument 1] ... [script argument N]\n```\n\nExample:\n\nThe key \"script_test\" will contain the output of the script. The name of this\nstatement is \"scripttest\"\n\n```toml\n[DataExtract.scripttest]\nFile   = \"/etc/somefile\"\nScript = \"extractscripttest.sh\"\nName   = \"script_test\"\n```\n\nExample Output:\n\n```json\n\"data\": {\n  \"script_test\": \"some data\",\n}\n```\n\n#### Example: JSON data extraction\n\nThe output generated by the script will be stored as the value for\nthe name of this statement, the example below is named LastLine.\n\n- `File`: string, the full path of the file\n- `Json`: string, the field name using the dot (.) notation to access a field\n  within an object\n- `Name`: string, (optional) the key name\n- `Desc`: string, (optional) description\n\nExample:\n\nThe key \"OS_Info\" will containt the content of the Info field from the System\nobject from _/etc/os_version.json_ below.\n\n```json\n{\n  \"System\": {\n    \"Version\": 7,\n    \"Arch\": \"arm32\",\n    \"Info\": \"customized\"\n  }\n}\n```\n\n```toml\n[DataExtract.OS_Info]\nFile   = \"/etc/os_version.json\"\nJson   = \"System.Info\"\nName   = \"OSinfo\"\n```\n\nExample Output:\n```json\n\"data\": {\n  \"OSinfo\": \"customized\",\n}\n```\n\nJson arrays can be indexed by supplying the index instead of a field name.\n\n#### Example: Advanced usage\n\nThe `DataExtract` statement allows multiple entries with the same Name (the\nsame key).  This can be useful for configuring multiple ways to extract the\nsame information.  The first data extract statement that produces valid output\nwill set the value for the given key.  This is supported for both regular\nexpressions and scripts and a mixture of both.\n\nThe example below shows two statements that will both create the key value pair\nfor the key \"Version\".  If \"1\" does not produce valid output the next one is\ntried, in this case \"2\".\n\nExample:\n\n```toml\n[DataExtract.\"1\"]\nFile  = \"/etc/versions\"\nRegEx = \".*Ver=(.+)\\n\"\nName  = \"Version\"\n\n[DataExtract.\"2\"]\nFile  = \"/etc/OSVersion\"\nRegEx = \".*OS Version: (.+)\\n\"\nName  = \"Version\"\n```\n\n# License\n\nCopyright 2019-present, Cruise LLC\n\nLicensed under the [Apache License Version 2.0](LICENSE) (the \"License\");\nyou may not use this project except in compliance with the License.\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n\n# Contributions\n\nContributions are welcome! Please see the agreement for contributions in\n[CONTRIBUTING.md](CONTRIBUTING.md).\n\nCommits must be made with a Sign-off (`git commit -s`) certifying that you\nagree to the provisions in [CONTRIBUTING.md](CONTRIBUTING.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcruise-automation%2Ffwanalyzer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcruise-automation%2Ffwanalyzer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcruise-automation%2Ffwanalyzer/lists"}