beats icon indicating copy to clipboard operation
beats copied to clipboard
verified publisher icon elastic

Build 2577 for main with status FAILURE - open ./testdata/garble_macho_executable: Operation did not complete successfully because the file contains a virus or potentially unwanted software.

Open elasticmachine opened this issue 1 year ago • 1 comments

:broken_heart: Build Failed

the below badges are clickable and redirect to their specific view in the CI or DOCS Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2024-04-19T15:02:21.381+0000

  • Duration: 176 min 26 sec

Test stats :test_tube:

Test Results
Failed 0
Passed 55692
Skipped 4988
Total 60680

Steps errors 8

Expand to view the steps failures

auditbeat-windows-11-windows-11 - mage build unitTest
  • Took 4 min 8 sec . View more details here
  • Description: mage build unitTest
x-pack/packetbeat-windows-10-windows-10 - mage build unitTest
  • Took 0 min 14 sec . View more details here
  • Description: mage build unitTest
x-pack/packetbeat-windows-10-windows-10 - mage build unitTest
  • Took 1 min 53 sec . View more details here
  • Description: mage build unitTest
x-pack/packetbeat-windows-10-windows-10 - mage build unitTest
  • Took 0 min 11 sec . View more details here
  • Description: mage build unitTest
x-pack/packetbeat-windows-10-system-windows-10 - mage systemTest
  • Took 0 min 15 sec . View more details here
  • Description: mage systemTest
x-pack/packetbeat-windows-10-system-windows-10 - mage systemTest
  • Took 1 min 58 sec . View more details here
  • Description: mage systemTest
x-pack/packetbeat-windows-10-system-windows-10 - mage systemTest
  • Took 0 min 12 sec . View more details here
  • Description: mage systemTest
Error signal
  • Took 0 min 0 sec . View more details here
  • Description: Error "hudson.AbortException: script returned exit code 1"

elasticmachine avatar Apr 19 '24 17:04 elasticmachine

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

elasticmachine avatar Apr 19 '24 17:04 elasticmachine

When cloning the repo, my local virus scanner is also detecting that the pre-compiled binary garble_macho_executable is matching a known virus.

Offending shasum detected: https://www.virustotal.com/gui/file/776afb2460e1bc4d7caf471b8db038da78cb47d416aa7e45d175c054114b714a

The file hasn't changed since it was introduced in 1fb24844a802941a581cffb68bb82104d5bff42f https://github.com/elastic/beats/pull/28802

The readme for these test binaries suggests they were built using either Go or Garble in-advance. Garble specifically designed to obfuscate code, and likely why it's being flagged.

As a user of this repo, I have to trust these binaries were indeed compiled from the example hello world source. If I compile myself, it's unlikely my output would be exactly the same to prove this.

Perhaps compiling these on-demand, during testing, would increase the trust that they don't include anything malicious. Otherwise it's quite difficult to fully say it's a false-positive.

scottgeary avatar Aug 21 '24 05:08 scottgeary