github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-15 00:03:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
694c3988f19e3d27bd3bfb1a09ca3c67d47c0607
DependencyCheck/general/scan_iso.html
Jeremy Long 694c3988f1 documentation version 1.3.6
2016-04-10 07:17:05 -04:00

323 lines
15 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia Site Renderer 1.7 at 2016-04-09
| Rendered using Apache Maven Fluido Skin 1.5
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20160409" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check &#x2013; How to Mount ISO Files for Scanning</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.5.min.css" />
<link rel="stylesheet" href="../css/site.css" />
<link rel="stylesheet" href="../css/print.css" media="print" />
<script type="text/javascript" src="../js/apache-maven-fluido-1.5.min.js"></script>
<style type="text/css">
#bannerLeft { margin-top:-20px;margin-bottom:5px !important }
</style>
</head>
<body class="topBarDisabled">
<a href="https://github.com/jeremylong/DependencyCheck">
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
alt="Fork me on GitHub">
</a>
<div class="container-fluid">
<div id="banner">
<div class="pull-left">
<div id="bannerLeft">
<img src="../images/dc.svg" alt="OWASP dependency-check"/>
</div>
</div>
<div class="pull-right"> </div>
<div class="clear"><hr/></div>
</div>
<div id="breadcrumbs">
<ul class="breadcrumb">
<li class="">
<a href="../#" title="">
</a>
<span class="divider">/</span>
</li>
<li class="active ">How to Mount ISO Files for Scanning</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2016-04-09</li>
<li id="projectVersion" class="pull-right">
Version: 1.3.6
</li>
</ul>
</div>
<div class="row-fluid">
<div id="leftColumn" class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">OWASP dependency-check</li>
<li>
<a href="../index.html" title="General">
<span class="icon-chevron-down"></span>
General</a>
<ul class="nav nav-list">
<li>
<a href="../general/internals.html" title="How it Works">
<span class="none"></span>
How it Works</a>
</li>
<li>
<a href="../general/thereport.html" title="Reading the Report">
<span class="none"></span>
Reading the Report</a>
</li>
<li>
<a href="../general/suppression.html" title="False Positives">
<span class="none"></span>
False Positives</a>
</li>
<li>
<a href="../data/index.html" title="Internet Access Required">
<span class="icon-chevron-right"></span>
Internet Access Required</a>
</li>
<li>
<a href="../related.html" title="Related Work">
<span class="none"></span>
Related Work</a>
</li>
<li>
<a href="../general/dependency-check.pptx" title="Project Presentation (pptx)">
<span class="none"></span>
Project Presentation (pptx)</a>
</li>
<li>
<a href="../general/dependency-check.pdf" title="Project Presentation (pdf)">
<span class="none"></span>
Project Presentation (pdf)</a>
</li>
<li>
<a href="../general/SampleReport.html" title="Sample Report">
<span class="none"></span>
Sample Report</a>
</li>
<li class="active">
<a href="#"><span class="none"></span>How to Scan an ISO Image</a>
</li>
</ul>
</li>
<li>
<a href="../analyzers/index.html" title="File Type Analyzers">
<span class="icon-chevron-right"></span>
File Type Analyzers</a>
</li>
<li>
<a href="../modules.html" title="Modules">
<span class="icon-chevron-right"></span>
Modules</a>
</li>
<li class="nav-header">Project Documentation</li>
<li>
<a href="../project-info.html" title="Project Information">
<span class="icon-chevron-right"></span>
Project Information</a>
</li>
<li>
<a href="../project-reports.html" title="Project Reports">
<span class="icon-chevron-right"></span>
Project Reports</a>
</li>
</ul>
<hr />
<div id="poweredBy">
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
<div class="g-plusone" data-href="https://github.com/jeremylong/DependencyCheck.git" data-size="tall" ></div>
<div class="clear"></div>
<div class="clear"></div>
<div id="twitter">
<a href="https://twitter.com/ctxt" class="twitter-follow-button" data-show-count="true" data-align="left" data-size="medium" data-show-screen-name="true" data-lang="en">Follow ctxt</a>
<script type="text/javascript">!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
</div>
<div class="clear"></div>
<div class="clear"></div>
<a href="http://maven.apache.org/" title="Maven" class="builtBy">
<img class="builtBy" alt="built with maven" src="http://jeremylong.github.io/DependencyCheck/images/logos/maven-feather.png" />
</a>
<a href="http://www.jetbrains.com/idea/" title="IntelliJ" class="builtBy">
<img class="builtBy" alt="developed using" src="http://jeremylong.github.io/DependencyCheck/images/logos/logo_intellij_idea.png" width="170px" />
</a>
<a href="http://www.cloudbees.com/" title="Cloudbees" class="builtBy">
<img class="builtBy" alt="built on cloudbees" src="http://jeremylong.github.io/DependencyCheck/images/logos/Button-Built-on-CB-1.png" />
</a>
</div>
</div>
</div>
<div id="bodyColumn" class="span10" >
<h1>How to Mount ISO Files for Scanning</h1>
<p>Dependency-Check can be used as one of your tools for vetting software distributed via an <a class="externalLink" href="https://en.wikipedia.org/wiki/ISO_image">ISO image</a>. (See <a href="../analyzers/">File Type Analyzers</a> for a list of what types of artifacts Dependency-Check is capable of scanning.) These disk image files are not a standard archive format, however. Tools must be used that can interpret the contained file system. As will be shown below, Linux, Mac OS X, and recent versions of Windows can be used to mount the image&#x2019;s file system, which can then be scanned by Dependency-Check.</p>
<p>ISO images are named for the fact that they nearly always contain one of a pair of international file system standards published by <a class="externalLink" href="http://www.iso.org/">ISO</a>: <a class="externalLink" href="https://en.wikipedia.org/wiki/ISO_9660">ISO 9660</a> and ISO/IEC 13346, a.k.a. <a class="externalLink" href="https://en.wikipedia.org/wiki/Universal_Disk_Format">UDF</a>. Other types of disk images (e.g., <a class="externalLink" href="https://en.wikipedia.org/wiki/VHD_%28file_format%29">VHD</a>) are outside the scope of this article, though the ideas presented here may likely be succesfully applied.</p>
<div class="section">
<h2><a name="Linux"></a>Linux</h2>
<p>Assume you&#x2019;ve downloaded an ISO image called <tt>foo.iso</tt>, and you want to mount it at /mnt/foo. (Why /mnt? See the <a class="externalLink" href="http://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch03s12.html">Filesystem Hierarchy Standard</a>.) First make sure that the mount point exists using <tt>mkdir /mnt/foo</tt>. Then, the <a class="externalLink" href="http://linux.die.net/man/8/mount">mount</a> command <i>must be run with root privileges</i>. On Debian and Ubuntu Linux, this is accomplished by prefacing the command with <tt>sudo</tt>.</p>
<div class="source">
<div class="source"><pre class="prettyprint linenums">$ sudo mount -o loop foo.iso /mnt/foo
</pre></div></div>
<p>Next, you can use Dependency-Check&#x2019;s <a href="dependency-check-cli/">command line tool</a> to scan the mount point. When you are finished, run the <a class="externalLink" href="http://linux.die.net/man/8/umount">umount</a> command with root privileges:</p>
<div class="source">
<div class="source"><pre class="prettyprint linenums">$ sudo umount -d /mnt/foo
</pre></div></div>
<p>This will unmount the file system, and detach the loop device.</p></div>
<div class="section">
<h2><a name="Mac_OS_X"></a>Mac OS X</h2>
<div class="section">
<h3><a name="Using_the_GUI"></a>Using the GUI</h3>
<p>Simply double-click on the image file in Mac OS X Finder.</p></div>
<div class="section">
<h3><a name="Using_a_Terminal_Window"></a>Using a Terminal Window</h3>
<p>Use the <a class="externalLink" href="https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/hdiutil.1.html">hdiutil</a> command.</p>
<div class="source">
<div class="source"><pre class="prettyprint linenums">$ hdiutil attach foo.iso
</pre></div></div>
<p>The output will show the <tt>/dev</tt> entry assigned as well as the mount point, which is where you may now read the files in the image&#x2019;s file system.</p>
<p>To detach:</p>
<div class="source">
<div class="source"><pre class="prettyprint linenums">$ hdiutil detach foo.iso
</pre></div></div></div></div>
<div class="section">
<h2><a name="Windows"></a>Windows</h2>
<p>Windows 8 and later versions support mounting ISO images as a virtual drive.</p>
<div class="section">
<h3><a name="Using_the_GUI"></a>Using the GUI</h3>
<ol style="list-style-type: decimal">
<li>In <i>File Explorer</i>, right-click on &#x201c;foo.iso&#x201d;.</li>
<li>Select &#x201c;Mount&#x201d;</li>
</ol>
<p>File Explorer then redirects to showing the files on your virtual drive. You can then use the <a href="dependency-check-cli/">command line tool</a> to scan the virtual drive. When finished, &#x201c;Windows-E&#x201d; will open File Explorer showing the various drives on your computer. To eject the virtual drive:</p>
<ol style="list-style-type: decimal">
<li>Right-click on the virtual drive.</li>
<li>Select &#x201c;Eject&#x201d;</li>
</ol></div>
<div class="section">
<h3><a name="Using_PowerShell"></a>Using PowerShell</h3>
<p>To mount, use the <a class="externalLink" href="https://technet.microsoft.com/en-us/%5Clibrary/Hh848706%28v=WPS.630%29.aspx">Mount-DiskImage</a> cmdlet:</p>
<div class="source">
<div class="source"><pre class="prettyprint linenums">$ Mount-DiskImage -ImagePath C:\Full\Path\to\foo.iso
</pre></div></div>
<p>To view all drives (and find your virtual drive), use the <a class="externalLink" href="https://technet.microsoft.com/en-us/library/Hh849796.aspx">Get-PSDrive</a> cmdlet:</p>
<div class="source">
<div class="source"><pre class="prettyprint linenums">$ Get-PSDrive -PSProvider 'FileSystem'
</pre></div></div>
<p>To dismount, use the <a class="externalLink" href="https://technet.microsoft.com/en-us/library/hh848693%28v=wps.630%29.aspx">Dismount-DiskImage</a> cmdlet:</p>
<div class="source">
<div class="source"><pre class="prettyprint linenums">$ Dismount-DiskImage -ImagePath C:\Full\Path\to\file.iso
</pre></div></div></div>
<div class="section">
<h3><a name="Windows_7"></a>Windows 7</h3>
<p>Third-party tools exist that can be used to mount ISO images. Without such tools, it is still possible to burn the ISO image to physical media, and scan the media:</p>
<ol style="list-style-type: decimal">
<li>Right-click on &#x201c;foo.iso&#x201d;</li>
<li>Select &#x201c;Windows Disc Image Burner&#x201d;</li>
<li>Follow the instructions to burn the image.</li>
</ol></div>
<div class="section">
<h3><a name="Windows_Vista"></a>Windows Vista</h3>
<p>Just as with Windows 7, you will need a third-party tool to mount an ISO image. You will also need a third-party tool to burn the image to media. Many machines are shipped with such a tool included.</p></div></div>
</div>
</div>
</div>
<hr/>
<footer>
<div class="container-fluid">
<div class="row-fluid">
<p >Copyright &copy; 2012&#x2013;2016
<a href="http://www.owasp.org">OWASP</a>.
All rights reserved.
</p>
</div>
</div>
</footer>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink