diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f1de0f6..7c95d9d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -4,7 +4,7 @@ on: branches: [ master ] pull_request: schedule: - - cron: '0 0 * * *' + - cron: '0 0 * * 0' jobs: diff --git a/cmd/artifactvalidator/main.go b/cmd/artifactvalidator/main.go index 68a197f..84e95bb 100644 --- a/cmd/artifactvalidator/main.go +++ b/cmd/artifactvalidator/main.go @@ -26,10 +26,12 @@ // that can validate artifact definition files and search for errors, possible // inconsistencies and other flaws. // -// Usage +// # Usage // // To run just provide the location of the forensic artifact definition files: -// artifactvalidator -v -s artifacts/data/*.yaml +// +// artifactvalidator -v -s artifacts/data/*.yaml +// // The output is a list of potential issues in those files. package main diff --git a/cmd/artifactvalidator/validator.go b/cmd/artifactvalidator/validator.go index ccaf8e0..45f053e 100644 --- a/cmd/artifactvalidator/validator.go +++ b/cmd/artifactvalidator/validator.go @@ -316,6 +316,7 @@ func (r *validator) validateParametersProvided(artifactDefinitions []goartifacts "Windows": {}, "Darwin": {}, "Linux": {}, + "ESXi": {}, } var regex = regexp.MustCompile(`%?%(.*?)%?%`) @@ -343,6 +344,7 @@ func (r *validator) validateParametersProvided(artifactDefinitions []goartifacts "Windows": {}, "Darwin": {}, "Linux": {}, + "ESXi": {}, } for _, artifactDefinition := range artifactDefinitions { @@ -494,7 +496,10 @@ func (r *validator) validateOSSpecific(filename string, artifactDefinition goart func (r *validator) validateNameCase(filename string, artifactDefinition goartifacts.ArtifactDefinition) { if len(artifactDefinition.Name) < 2 { //nolint:gomnd - r.addErrorf(filename, artifactDefinition.Name, "Artifact names be longer than 2 characters") + r.addErrorf(filename, artifactDefinition.Name, "Artifact names need be longer than 2 characters") + return + } + if strings.HasPrefix(artifactDefinition.Name, "vSphere") || strings.HasPrefix(artifactDefinition.Name, "vCenter") { return } if strings.ToUpper(artifactDefinition.Name[:1]) != artifactDefinition.Name[:1] { @@ -858,14 +863,16 @@ var supportedOS = struct { Darwin string Linux string Windows string + ESXi string }{ Darwin: "Darwin", Linux: "Linux", Windows: "Windows", + ESXi: "ESXi", } func listOSS() []string { - return []string{supportedOS.Darwin, supportedOS.Linux, supportedOS.Windows} + return []string{supportedOS.Darwin, supportedOS.Linux, supportedOS.Windows, supportedOS.ESXi} } // listTypes returns a list of all artifact definition source types. diff --git a/cmd/artifactvalidator/validator_test.go b/cmd/artifactvalidator/validator_test.go index 88901c1..1bd5319 100644 --- a/cmd/artifactvalidator/validator_test.go +++ b/cmd/artifactvalidator/validator_test.go @@ -314,9 +314,11 @@ func Test_validator_validateParametersProvided(t *testing.T) { {Warning, "Parameter CURRENT_CONTROL_SET is not provided for Windows", "TestProvided", ""}, {Warning, "Parameter CURRENT_CONTROL_SET is not provided for Linux", "TestProvided", ""}, {Warning, "Parameter CURRENT_CONTROL_SET is not provided for Darwin", "TestProvided", ""}, + {Warning, "Parameter CURRENT_CONTROL_SET is not provided for ESXi", "TestProvided", ""}, }}, {"No provides 2", "not_provided_2.yaml", []Flaw{ {Warning, "Parameter CURRENT_CONTROL_SET is not provided for Windows", "TestProvided2", ""}, + {Warning, "Parameter CURRENT_CONTROL_SET is not provided for ESXi", "TestProvided2", ""}, }}, } for _, tt := range tests { diff --git a/go.mod b/go.mod index 15a955e..bfb504a 100644 --- a/go.mod +++ b/go.mod @@ -5,13 +5,21 @@ go 1.19 require ( github.com/forensicanalysis/fsdoublestar v0.1.0 github.com/forensicanalysis/fslib v0.15.1 - github.com/go-stack/stack v1.8.0 // indirect github.com/inconshreveable/log15 v0.0.0-20201112154412-8562bdadbbac github.com/looplab/tarjan v0.1.0 + github.com/olekukonko/tablewriter v0.0.5 + gopkg.in/yaml.v2 v2.4.0 +) + +require ( + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/djherbis/times v1.5.0 // indirect + github.com/go-stack/stack v1.8.0 // indirect + github.com/hashicorp/golang-lru v0.5.4 // indirect github.com/mattn/go-colorable v0.1.8 // indirect + github.com/mattn/go-isatty v0.0.12 // indirect github.com/mattn/go-runewidth v0.0.10 // indirect - github.com/olekukonko/tablewriter v0.0.5 github.com/rivo/uniseg v0.2.0 // indirect golang.org/x/sys v0.0.0-20210218155724-8ebf48af031b // indirect - gopkg.in/yaml.v2 v2.4.0 + www.velocidex.com/golang/go-ntfs v0.1.1 // indirect ) diff --git a/goartifacts/artifactdefinition.go b/goartifacts/artifactdefinition.go index 86ac75e..1ac7213 100644 --- a/goartifacts/artifactdefinition.go +++ b/goartifacts/artifactdefinition.go @@ -54,13 +54,13 @@ type Provide struct { // The Source type objects define the source of the artifact data. Currently // the following source types are defined: // -// * artifact; the source is one or more artifact definitions; -// * file; the source is one or more files; -// * path; the source is one or more paths; -// * directory; the source is one or more directories; -// * Windows Registry key; the source is one or more Windows Registry keys; -// * Windows Registry value; the source is one or more Windows Registry values; -// * WMI query; the source is a Windows Management Instrumentation query. +// - artifact; the source is one or more artifact definitions; +// - file; the source is one or more files; +// - path; the source is one or more paths; +// - directory; the source is one or more directories; +// - Windows Registry key; the source is one or more Windows Registry keys; +// - Windows Registry value; the source is one or more Windows Registry values; +// - WMI query; the source is a Windows Management Instrumentation query. // // The difference between the file and path source types are that file should // be used to define file entries that contain data and path, file entries that diff --git a/goartifacts/expansion_unix_test.go b/goartifacts/expansion_unix_test.go index 7802797..62556d8 100644 --- a/goartifacts/expansion_unix_test.go +++ b/goartifacts/expansion_unix_test.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package goartifacts