Fix oss-detect-backdoor output, add add'l patterns (microsoft#170)

* Fix broken tests, add NPM scoped test.

* Improve output of oss-detect-backdoor.

src/oss-characteristics/CharacteristicTool.cs

@@ -83,8 +83,7 @@ public CharacteristicTool() : base()
                 LogFileLevel = "Off",
                 SourcePath = directory,
                 IgnoreDefaultRules = options.DisableDefaultRules == true,
-                CustomRulesPath = options.CustomRuleDirectory,
-
+                CustomRulesPath = options.CustomRuleDirectory
             };
 
             try
@@ -235,7 +234,7 @@ private void AppendOutput(IOutputBuilder outputBuilder, PackageURL purl, Diction
             }
         }
 
-        private async Task RunAsync(Options options)
+        public async Task RunAsync(Options options)
         {
             // select output destination and format
             SelectOutput(options.OutputFile);

src/oss-detect-backdoor/DetectBackdoorTool.cs

@@ -29,6 +29,14 @@ public static IEnumerable<Example> Examples
                             HelpText = "the directory to download the package to.")]
             public string DownloadDirectory { get; set; } = ".";
 
+            [Option('f', "format", Required = false, Default = "text",
+                HelpText = "selct the output format(text|sarifv1|sarifv2)")]
+            public string Format { get; set; } = "text";
+
+            [Option('o', "output-file", Required = false, Default = "",
+                HelpText = "send the command output to a file instead of stdout")]
+            public string OutputFile { get; set; } = "";
+
             [Value(0, Required = true,
                 HelpText = "PackgeURL(s) specifier to analyze (required, repeats OK)", Hidden = true)] // capture all targets to analyze
             public IEnumerable<string>? Targets { get; set; }
@@ -69,22 +77,10 @@ private async Task RunAsync(Options options)
                 cOptions.CustomRuleDirectory = RULE_DIRECTORY;
                 cOptions.DownloadDirectory = options.DownloadDirectory;
                 cOptions.UseCache = options.UseCache;
+                cOptions.Format = options.Format;
+                cOptions.OutputFile = options.OutputFile;
 
-                foreach (var target in targetList)
-                {
-                    try
-                    {
-                        var purl = new PackageURL(target);
-                        string downloadDirectory = options.DownloadDirectory == "." ? Directory.GetCurrentDirectory() : options.DownloadDirectory;
-                        characteristicTool.AnalyzePackage(cOptions, purl,
-                            downloadDirectory,
-                            options.UseCache == true).Wait();
-                    }
-                    catch (Exception ex)
-                    {
-                        Logger.Warn(ex, "Error processing {0}: {1}", target, ex.Message);
-                    }
-                }
+                characteristicTool.RunAsync(cOptions).Wait();
             }
         }
     }

src/oss-detect-backdoor/Resources/BackdoorRules/obfuscation.json

@@ -15,5 +15,34 @@
         "modifiers": [ "i" ]
       }
     ]
+  },
+  {
+    "name": "Backdoor: Executing Obfuscated Code",
+    "id": "BD000801",
+    "description": "Backdoor: Executing Obfuscated Code",
+    "tags": [
+      "Security.Backdoor.ExecuteObfuscatedCode"
+    ],
+    "severity": "important",
+    "patterns": [
+      {
+        "pattern": "fromhex.+decode",
+        "type": "regex",
+        "scopes": [ "code" ],
+        "modifiers": [ "i" ]
+      },
+      {
+        "pattern": "\\.get\\(.*(fromhex|decode)",
+        "type": "regex",
+        "scopes": [ "code" ],
+        "modifiers": [ "i" ]
+      },
+      {
+        "pattern": "65786563",
+        "type": "string",
+        "scopes": [ "code" ],
+        "modifiers": [ "i" ]
+      }
+    ]
   }
 ]