►
A
Hello
all
right,
the
screen
is
flipped,
fantastic,
okay
tricks
with
obs,
I'm
assuming
you
all
can
hear
me
so
we're
we're
here.
We
go
it's
it's
ju!
You
know
in
in
hindsight.
I
don't
know
what
I
was
thinking
trying
to
get
two
months.
Work
of
work
done
in
one
month
that
didn't
make
any
sense
makes
perfect
sense.
Now
I
feel
a
lot
better,
actually
starting
this
video
and
realizing
we
are
on
track.
So
this
is,
we
were
gonna.
We
should
just
call
this
june
tutorials.
A
I
don't
know
why
that
we're
gonna
do
planning
and
execution
in
the
same
month.
That
doesn't
make
any
sense
so
anyways
so
on
to
volume
one
chapter,
one
down
the
dependency
rabbit
hole
again
all
right.
So
what
are
we
gonna
do
here?
Well,
we're
gonna,
build
some
threat
models
and
we're
gonna
do
some
basic
threat
models
to
start
yeah?
Basically,
let's
see
does
this
link
give
us
anything
that
will
be
nice
for
the
video?
A
No
okay?
Well,
that's!
Okay!
So
we'll
we'll
see
some
we'll
we'll
see
some
results
by
this
weekend
so
effectively
the
the
what
we're
gonna
do
is
we're
going
to
take
cbe
bentool,
which
has
great
facilities
for
scanning
a
great
plug-in
system,
great
great,
very,
very,
very
mature,
we're
going
to
introduce
some
of
the
stuff
from.
Should
I
eventually
down
the
way
to
we're
basically
going
to
take
cv
bentool
make
it
multi
multi,
you
know
more
than
just
binaries,
and
how
we're
going
to
do
that.
A
Well,
we're
going
to
leverage
the
df
model
orchestration,
so
we're
going
to
write
a
new,
a
new
scanner.
That's
going
to
be
a
multi-language
scanner
effectively
and
we're
going
to
then
you
know
you
use
it
so
so
the
first
thing
we
need
to
do
is
go.
Take
cv,
bend,
tool,
where's
it
at
here.
It
is
so.
A
So
we're
gonna
take
cv,
bento
we're
going
to
add
an
alternate
scanner
to
it,
using
dffml
we're
going
to
make
sure
that
scanner
has
a
pair
has
parity
with
the
old
scanner
right
and
then
we're
going
to
extend
the
scanner
to
new
languages
by
effectively
doing
a
overlay
of
the
should
I
flows
right
and
so
then
we
should
have
wait.
Basically,
we
should
have
ended
up
extending
cv,
bend
tool
in
the
process.
A
What
we're
going
to
do
is
we're
going
to
add
a
new
output
format
and
that
output
format
is
going
to
be
threat
model.
Okay,
let's
get
at
it
all
right.
So,
let's
jump
into
the
scanner
code,
so
cv
bend
tool
is
structured.
Basically,
there
is
the
the
main
scanner
and
then
there
is
well
it's
been
a
while,
since
I've
been
in
here
so
yeah,
so
the
version
scanner-
and
we
had
some
great
great
work
that
was
done
in
here,
where
everything
got
made
async.
So
that's
going
to
be
fun,
so
we
love
that.
A
Obviously,
okay,
so
here
we
go
and
let
me
just
make
sure
I'm
pulling
the
latest
version
of
this,
because
I
know
this
code
base
is
influx.
There's
a
lot
of
great
work
that
happens
here.
A
Okay,
so
where
are
we-
and
I
should
probably
check
with
terry
too,
make
sure
nobody
else
is
doing
this.
A
Oh,
I
was
scanning
log
for
oh
that's
right.
Last
time
I
was
in
here
I
was
back
in
december.
We
were
scanning,
so
there's
some
examples
that
we
have
on
scanning
for
log4j
using
data
flows,
and
so
I
was
going
to
do
this
support.
Then.
Obviously,
it's
six
months
later
so
well
here
we
are
we'll.
Do
it
now?
Okay,.
A
A
No,
okay,
so
it
looks
like
we're
just
based
off
the
3.0
branch.
So,
let's
check
out
main,
let's
pull
and
we'll
see
we'll
see
what's
up,
so
that
was
our
our
current
version
of
scanner
and
now,
let's
check
out
where
we
at
okay
so
april
14th.
Let's
just
do
a
quick
search
through
the.
A
A
A
Okay,
let's
say
we're
looking
at
doing
this
with
alice
for
this
so
and
we
can
link
to
this
video
and
we
can
link
to
this
log
entry
here.
Let's
make
a
log
entry
right,
so
plan.
Okay,
you
know
this
is
this
thread
has
gotten
out
of
hand.
So,
let's
just
say
we
are
planning
to
implement
multi
language.
A
Okay,
or
should
I,
and
we
should
also
link
to
the
other,
should
I
tutorial
so
that
we
can?
We
can
make
sure
that
people
understand
right.
We
gotta
assume
nobody
knows
anything
coming
in
here
like
about
what
we're
doing
you
know,
they
know
everything
about
what
they're
doing,
but
they
know
nothing
about
what
we're
doing
right
and
they
shouldn't
have
to.
We
should
tell
them
it's
not
not
their
job
to
know
everything
that
that
we're
doing
so,
okay,
so
we're
planning
to
implement
multi-language,
support
and
cv
event
tool.
A
The
introduction
of
data
flows
to
anal
similar
to
handle
scanning
will.
A
Will
then
extend
via
overlays?
A
Similarly,
to
should
I
we
plan
to
contribute
these
changes
back
upstream,
okay,
so
we
will,
and
since
this
has
a
link,
remember
we're
putting
the
links
in
the
recordings
and
let's
go
and
edit
that
comment.
References.
A
A
A
A
Okay,
data
flow
scanner.
A
A
A
A
A
It's
just
in
case
somebody
finds
this
file
and
doesn't
know
what
the
hell
this
is
or
where
it's
coming
from
right.
So
important
and
important
all
right.
So
third
party
input,
so
dfml
is
now
a
third
party
import
right
because
we're
within
cv
eventual,
and
so
if
we're
following
our
you
know,
reverse
christmas
tree
dependency
includes
where
we
basically
stack.
A
We
basically
stack
at
least
character
count
dependencies
at
the
top
in
the
first
party
library,
in
the
standard
library
to
third-party
libraries
and
then
to
you,
know
second
party,
something
that's
plugins
or
something,
and
then
you
know
first
party
being
whatever
package
you're
in
so
here
now
we're
in
tv
ben
tool
right,
and
so
let's
see
scanner
data
flow
okay.
So
what
should
we
do?
What
should
we
do?
Why
don't
we
do
python?
Then
we
have
cv
bin
tool
right
here:
okay,
so
path,
dot.
Okay,
so
we'll
say.
A
Tv
bin
tool,
we'll
just
down
we'll
just
do
the
git
clone.
A
Okay,
where
are
we
at
time
check?
Okay,
we
got
10
more
minutes
here.
So
what
should
we
do?
What
should
we
do
all
right?
Let's
see,
let's,
okay,
so
let's
take.
A
A
Okay,
so
there
should,
I
install
that's
gonna,
be
relevant
for
python
packages.
Should
I
use
it's
gonna
be
relevant
for
multiple
things
and
then
should
I
contribute.
That's
really
focused
on
get
repo
right,
so,
okay,
so
s
bomb
and
we'll
replace
spawn
with
the
cv
bin
tool
stuff.
A
Okay,
so
I
think
what
we'll
do
first
is
we're
going
to
integrate
within
the
cv
event
tool
code
base
and
then
once
we
have
a
clean
integration
within
the
cve
band
tool
code
base,
then
we'll
explore
okay,
let's
pull
it
back
to
alice's
level
and
see
how
does
alice
interact
with
cbe
been
tool
now
that
we
know
that
cv
event
tool
has
been
flushed
out
to
a
you
know,
a
multi-language
support
because
really
doesn't
make
sense
to
maintain.
Should
I
shoulda
is
really
just
a
very
specific.
A
You
know
it's
kind
of
see:
we've
been
to
one,
should
I
or
too
similar,
let's
throw
it
on
cv,
bend
tool
and
let's
see
how
it
goes
right,
it's
a
great
place
for
it.
Okay.
So
what
should
we
do
here?
What
should
we
do
here?
We
should
pull
in
the
inner
source.
A
A
All
right
so
we're
going
to
create
a
main
function,
we're
going
to
run
it
with
async
io
right.
I
think
we
can
safely
remove
this
talky
stuff
for
now,
not
not
not
an
issue
for
us.
I
don't
think
we
care
about
counting
lines
of
code
at
the
moment
check.
Okay,.
A
A
A
Let's
do
from
where
are
we
we're
in
data
flow
yeah?
So
let's
just
do.
Let's
just
do
this:
let's
just
put
the
operations
within
this
file
right
and
then
that
way,
yeah
it'll
be
it'll,
be
within
the
same
file.
So,
okay.
A
A
A
A
A
Okay,
great
so,
let's
go
and
remember:
okay,
so
let's
reference
our
modification
of
the
git
repo
here
right,
so
we
want
to
do.
This
is
an
example
of
an
overlay
happening
where
we
basically
take
this
gear
repository
checked
out
and
we
run
the
lines
of
code
per
language,
but
now
we're
going
to
do
the
reverse
right.
So
we
want
to
download.
A
A
We
download
it
and
then
we
scan
it
to
see
if
there's
any
binaries
in
it
right
and
so
then
we'll
just
go
ahead
and
put
a
binary
in
a
repo
and
call
it
a
day
and
then
we'll
have
implemented
data
flow
scanning
sort
of
okay.
A
A
A
Okay,
this
is
get
repository.
A
Okay,
let's
forget
quarters,
we
don't
care
about
quarters
right
now
we
don't
care
about
new
branch
given
right
now,
so
we
have
our
collector
data
flow
grabs,
any
operations
in
here.
Okay,
so
this
should.
If
we
write
this,
we
don't
even
need
to
do
this.
So
if
we
just
say.
A
This
thing,
whatever
it
is,
I
have
to
go
all
right.
I
have
to
go
all
right.
We're
just
gonna
make
an
operation.