github.com/google/osv-scalibr@v0.4.1/detector/weakcredentials/winlocal/winlocal_dummy.go (about)

     1  // Copyright 2025 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  //go:build !windows
    16  
    17  // Package winlocal implements a weak passwords detector for local accounts on Windows.
    18  package winlocal
    19  
    20  import (
    21  	"context"
    22  	"errors"
    23  
    24  	"github.com/google/osv-scalibr/detector"
    25  	scalibrfs "github.com/google/osv-scalibr/fs"
    26  	"github.com/google/osv-scalibr/inventory"
    27  	"github.com/google/osv-scalibr/packageindex"
    28  	"github.com/google/osv-scalibr/plugin"
    29  )
    30  
    31  const (
    32  	// Name of the detector.
    33  	Name              = "weakcredentials/winlocal"
    34  	vulnRefLMPassword = "PASSWORD_HASH_LM_FORMAT"
    35  	vulnRefWeakPass   = "WINDOWS_WEAK_PASSWORD"
    36  )
    37  
    38  // Detector is a SCALIBR Detector for weak passwords detector for local accounts on Windows.
    39  type Detector struct{}
    40  
    41  // New returns a detector.
    42  func New() detector.Detector {
    43  	return &Detector{}
    44  }
    45  
    46  // Name of the detector.
    47  func (Detector) Name() string { return Name }
    48  
    49  // Version of the detector.
    50  func (Detector) Version() int { return 0 }
    51  
    52  // Requirements of the detector.
    53  func (Detector) Requirements() *plugin.Capabilities {
    54  	return &plugin.Capabilities{OS: plugin.OSWindows}
    55  }
    56  
    57  // RequiredExtractors returns an empty list as there are no dependencies.
    58  func (Detector) RequiredExtractors() []string { return nil }
    59  
    60  // DetectedFinding returns generic vulnerability information about what is detected.
    61  func (d Detector) DetectedFinding() inventory.Finding {
    62  	return inventory.Finding{
    63  		GenericFindings: []*inventory.GenericFinding{
    64  			&inventory.GenericFinding{
    65  				Adv: &inventory.GenericFindingAdvisory{
    66  					ID: &inventory.AdvisoryID{
    67  						Publisher: "GOOGLE",
    68  						Reference: vulnRefLMPassword,
    69  					},
    70  					Title:          "Password hashes are stored in the LM format",
    71  					Sev:            inventory.SeverityHigh,
    72  					Description:    "Password hashes are stored in the LM format. Please switch local storage to use NT format and regenerate the hashes.",
    73  					Recommendation: "Change the password of the user after changing the storage format.",
    74  				},
    75  			},
    76  			&inventory.GenericFinding{
    77  				Adv: &inventory.GenericFindingAdvisory{
    78  					ID: &inventory.AdvisoryID{
    79  						Publisher: "GOOGLE",
    80  						Reference: vulnRefWeakPass,
    81  					},
    82  					Title:          "Weak passwords on Windows",
    83  					Sev:            inventory.SeverityCritical,
    84  					Description:    "Some passwords were identified as being weak.",
    85  					Recommendation: "Change the password of the user affected users.",
    86  				},
    87  			},
    88  		},
    89  	}
    90  }
    91  
    92  // Scan starts the scan.
    93  func (d Detector) Scan(ctx context.Context, scanRoot *scalibrfs.ScanRoot, px *packageindex.PackageIndex) (inventory.Finding, error) {
    94  	return inventory.Finding{}, errors.New("only supported on Windows")
    95  }