From 7311f088845e161468cf250cc3fe2781c5e14a06 Mon Sep 17 00:00:00 2001 From: Oleksandr Bezdieniezhnykh Date: Wed, 24 Sep 2025 14:08:36 +0300 Subject: [PATCH] address false positive vulnerability detection #1 --- .gitignore | 1 - Azaion.Loader/azaion-loader-safe.spec | 69 +++++++++++++++++++++++++++ Azaion.Loader/build_loader.cmd | 39 +++++---------- Azaion.Loader/build_loader_old.cmd | 59 +++++++++++++++++++++++ 4 files changed, 140 insertions(+), 28 deletions(-) create mode 100644 Azaion.Loader/azaion-loader-safe.spec create mode 100644 Azaion.Loader/build_loader_old.cmd diff --git a/.gitignore b/.gitignore index fe8a470..1201e55 100644 --- a/.gitignore +++ b/.gitignore @@ -21,6 +21,5 @@ Azaion*.bin azaion\.*\.big _internal -*.spec dist *.jpg diff --git a/Azaion.Loader/azaion-loader-safe.spec b/Azaion.Loader/azaion-loader-safe.spec new file mode 100644 index 0000000..01d8210 --- /dev/null +++ b/Azaion.Loader/azaion-loader-safe.spec @@ -0,0 +1,69 @@ +# -*- mode: python ; coding: utf-8 -*- +# Optimized PyInstaller spec file to reduce false positives + +from PyInstaller.utils.hooks import collect_all + +# Collect dependencies +datas = [] +binaries = [] +hiddenimports = ['constants', 'file_data', 'remote_command', 'remote_command_handler', 'user', 'security', 'cdn_manager', 'credentials', 'api_client', 'hardware_service'] + +# Collect required packages +for package in ['requests', 'boto3', 'msgpack', 'zmq', 'jwt', 'cryptography', 'yaml', 'loguru']: + tmp_ret = collect_all(package) + datas += tmp_ret[0] + binaries += tmp_ret[1] + hiddenimports += tmp_ret[2] + +a = Analysis( + ['start.py'], + pathex=[], + binaries=binaries, + datas=datas, + hiddenimports=hiddenimports, + hookspath=[], + hooksconfig={}, + runtime_hooks=[], + excludes=[ + # Exclude unnecessary modules to reduce size and false positives + 'tkinter', 'matplotlib', 'PIL', 'numpy.testing', 'scipy.testing', + 'pandas.tests', 'test', 'tests', 'testing', + # Additional exclusions to reduce behavioral triggers + 'distutils', 'email', 'html', 'http.server', 'xmlrpc', + 'multiprocessing.spawn', 'concurrent.futures', 'asyncio.windows_events' + ], + noarchive=False, + optimize=2, # Enable bytecode optimization +) + +pyz = PYZ(a.pure) + +exe = EXE( + pyz, + a.scripts, + [], + exclude_binaries=True, + name='azaion-loader', + debug=False, + bootloader_ignore_signals=False, + strip=False, + upx=False, # DISABLED: UPX compression triggers false positives + console=True, + disable_windowed_traceback=False, + argv_emulation=False, + target_arch=None, + codesign_identity=None, # Set this to your code signing certificate + entitlements_file=None, + # version='version_info.txt', # Temporarily disabled - file doesn't exist + icon=None, # Add icon if available +) + +coll = COLLECT( + exe, + a.binaries, + a.datas, + strip=False, + upx=False, # DISABLED: UPX compression triggers false positives + upx_exclude=[], + name='azaion-loader', +) diff --git a/Azaion.Loader/build_loader.cmd b/Azaion.Loader/build_loader.cmd index ab73d0d..e2e863c 100644 --- a/Azaion.Loader/build_loader.cmd +++ b/Azaion.Loader/build_loader.cmd @@ -1,9 +1,9 @@ -echo Build Cython app +@echo off set CURRENT_DIR=%cd% - -REM Change to the parent directory of the current location cd /d %~dp0 +echo Build Azaion Loader + echo remove dist folder: if exist dist rmdir dist /s /q if exist build rmdir build /s /q @@ -18,36 +18,21 @@ venv\Scripts\python -m pip install --upgrade pip venv\Scripts\pip install -r requirements.txt venv\Scripts\pip install --upgrade pyinstaller pyinstaller-hooks-contrib +echo Building Cython extensions... venv\Scripts\python setup.py build_ext --inplace if %errorlevel% neq 0 ( - echo "Error building cython extension" + echo "Error building Cython extensions" exit /b %errorlevel% ) -echo install azaion-loader -venv\Scripts\pyinstaller --name=azaion-loader ^ ---collect-all requests ^ ---collect-all boto3 ^ ---collect-all msgpack ^ ---collect-all zmq ^ ---collect-all jwt ^ ---collect-all boto3 ^ ---collect-all cryptography ^ ---collect-all yaml ^ ---collect-all loguru ^ ---hidden-import constants ^ ---hidden-import file_data ^ ---hidden-import remote_command ^ ---hidden-import remote_command_handler ^ ---hidden-import user ^ ---hidden-import security ^ ---hidden-import cdn_manager ^ ---hidden-import credentials ^ ---hidden-import api_client ^ ---hidden-import hardware_service ^ -start.py +venv\Scripts\pyinstaller azaion-loader-safe.spec +if %errorlevel% neq 0 ( + echo "Error building executable" + exit /b %errorlevel% +) +echo Copying files to distribution directories... robocopy "dist\azaion-loader\_internal" "..\dist-azaion\_internal" "security.cp312-win_amd64.pyd" "cdn_manager.cp312-win_amd64.pyd" robocopy "dist\azaion-loader\_internal" "..\dist-azaion\_internal" "constants.cp312-win_amd64.pyd" "credentials.cp312-win_amd64.pyd" "api_client.cp312-win_amd64.pyd" robocopy "dist\azaion-loader\_internal" "..\dist-azaion\_internal" "hardware_service.cp312-win_amd64.pyd" "user.cp312-win_amd64.pyd" @@ -56,4 +41,4 @@ robocopy "dist\azaion-loader\_internal" "..\dist-azaion\_internal" "main_loader. robocopy "dist\azaion-loader\_internal" "..\dist-dlls\_internal" /E robocopy "dist\azaion-loader" "..\dist-azaion" "azaion-loader.exe" -cd /d %CURRENT_DIR% \ No newline at end of file +cd /d %CURRENT_DIR% diff --git a/Azaion.Loader/build_loader_old.cmd b/Azaion.Loader/build_loader_old.cmd new file mode 100644 index 0000000..ab73d0d --- /dev/null +++ b/Azaion.Loader/build_loader_old.cmd @@ -0,0 +1,59 @@ +echo Build Cython app +set CURRENT_DIR=%cd% + +REM Change to the parent directory of the current location +cd /d %~dp0 + +echo remove dist folder: +if exist dist rmdir dist /s /q +if exist build rmdir build /s /q + + +echo install python and dependencies +if not exist venv ( + python -m venv venv +) + +venv\Scripts\python -m pip install --upgrade pip +venv\Scripts\pip install -r requirements.txt +venv\Scripts\pip install --upgrade pyinstaller pyinstaller-hooks-contrib + +venv\Scripts\python setup.py build_ext --inplace +if %errorlevel% neq 0 ( + echo "Error building cython extension" + exit /b %errorlevel% +) + +echo install azaion-loader +venv\Scripts\pyinstaller --name=azaion-loader ^ +--collect-all requests ^ +--collect-all boto3 ^ +--collect-all msgpack ^ +--collect-all zmq ^ +--collect-all jwt ^ +--collect-all boto3 ^ +--collect-all cryptography ^ +--collect-all yaml ^ +--collect-all loguru ^ +--hidden-import constants ^ +--hidden-import file_data ^ +--hidden-import remote_command ^ +--hidden-import remote_command_handler ^ +--hidden-import user ^ +--hidden-import security ^ +--hidden-import cdn_manager ^ +--hidden-import credentials ^ +--hidden-import api_client ^ +--hidden-import hardware_service ^ +start.py + + +robocopy "dist\azaion-loader\_internal" "..\dist-azaion\_internal" "security.cp312-win_amd64.pyd" "cdn_manager.cp312-win_amd64.pyd" +robocopy "dist\azaion-loader\_internal" "..\dist-azaion\_internal" "constants.cp312-win_amd64.pyd" "credentials.cp312-win_amd64.pyd" "api_client.cp312-win_amd64.pyd" +robocopy "dist\azaion-loader\_internal" "..\dist-azaion\_internal" "hardware_service.cp312-win_amd64.pyd" "user.cp312-win_amd64.pyd" +robocopy "dist\azaion-loader\_internal" "..\dist-azaion\_internal" "main_loader.cp312-win_amd64.pyd" + +robocopy "dist\azaion-loader\_internal" "..\dist-dlls\_internal" /E +robocopy "dist\azaion-loader" "..\dist-azaion" "azaion-loader.exe" + +cd /d %CURRENT_DIR% \ No newline at end of file