- Remove POST /diff/files endpoint that allowed arbitrary host file reads
(CWE-22); clients must now read files locally and POST content to
/diff/blobs instead
- Add validatePublicURL() to /info remote endpoints, rejecting URLs that
resolve to loopback, private, link-local, or multicast addresses to
prevent SSRF; also remove attacker-controlled proxy/insecure params
- Add SanitizeArchivePath() helper that verifies extracted archive entry
paths stay within the destination directory (zip-slip / tar-slip,
CWE-22); replace bare filepath.Join(dest, filepath.Clean(name)) calls
in SearchZip, OTA parser, AA payload extractor, and ota_extract
- Fix server listen address to use net.JoinHostPort to respect Host config
Add API endpoints and CLI support for discovering C++ classes and symbolication of kernelcaches, refactor Mach-O handling, and improve symbol collection.
- API: add /kernel/cpp and /kernel/symbolicate routes, request param structs, response types, and openKernel helper. Use cpp scanner and signature parsing to return classes and symbol maps.
- CLI: wire scanner LogStats flag, refactor kernel symbolicate command (schema writer helper, improved signature parsing, and symbol matching logic). Add tests for symbolicator schema and kernel symbol matching.
- Signature pkg: add kernel C++ symbol extraction (pkg/signature/kernel_cpp.go) and SymbolicateMachO to symbolicate already-open Mach-Os; integrate C++ symbols into symbol map and update signature matching/logging behavior.
- Internal: refactor in-memory DB lookups (findMachOByUUID, findSymbolByAddr) to reduce duplication. Improve symbols collection for kernel Mach-Os (collectKernelMachoSymbols, extra kernel symbols from signature/C++), add helpers to append symbols.
- Kernelcache CPP: add LogStats option and conditional logging of scan stats.
- Crashlog/ips: update wording to reflect kernel symbols are from kernel analysis and store KernelSymbols earlier in processing; parse signatures only when configured.
Also add unit tests for new symbolication helpers and kernel C++ signature handling. Overall this consolidates kernel symbol discovery, improves reuse, and surfaces C++-derived symbols in symbol maps.
blacktop
ThePraeceps
Sam Collinson