From 4390a495b1517c46fdb4d10963d56c472af901cd Mon Sep 17 00:00:00 2001 From: Tom Burgin Date: Mon, 6 May 2024 14:18:03 -0400 Subject: [PATCH 1/3] lint.sh --- MODULE.bazel | 16 ++++----- Source/gui/SNTBinaryMessageWindowController.m | 5 +-- Source/santad/BUILD | 6 ++-- .../EventProviders/DiskArbitrationTestUtil.mm | 4 +-- .../SNTEndpointSecurityDeviceManagerTest.mm | 16 ++++----- Source/santad/ProcessTree/BUILD | 2 +- Source/santad/ProcessTree/annotations/BUILD | 4 +-- .../ProcessTree/annotations/originator.cc | 2 +- .../ProcessTree/annotations/originator.h | 4 +-- Testing/lint.sh | 2 +- WORKSPACE | 1 - non_module_deps.bzl | 36 +++++++++---------- 12 files changed, 47 insertions(+), 51 deletions(-) diff --git a/MODULE.bazel b/MODULE.bazel index 159309500..3e97df559 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -2,47 +2,44 @@ module(name = "santa") bazel_dep(name = "apple_support", version = "1.15.1", repo_name = "build_bazel_apple_support") bazel_dep(name = "abseil-cpp", version = "20230802.1", repo_name = "com_google_absl") - bazel_dep(name = "rules_python", version = "0.31.0") bazel_dep(name = "rules_cc", version = "0.0.9") bazel_dep(name = "rules_apple", version = "3.5.0", repo_name = "build_bazel_rules_apple") bazel_dep(name = "rules_swift", version = "1.18.0", repo_name = "build_bazel_rules_swift") - bazel_dep(name = "protobuf", version = "main", repo_name = "com_google_protobuf") git_override( module_name = "protobuf", - remote = "https://github.com/protocolbuffers/protobuf.git", commit = "21d75f861cdbc03b0a6b235a9ccf3ba0e1f09b32", + remote = "https://github.com/protocolbuffers/protobuf.git", ) bazel_dep(name = "googletest", version = "1.14.0.bcr.1", repo_name = "com_google_googletest") - bazel_dep(name = "molcertificate", version = "2.1", repo_name = "MOLCertificate") git_override( module_name = "molcertificate", - remote = "https://github.com/google/macops-molcertificate.git", commit = "34f0ccf68a34a07cc636ada89057c529f90bec3a", + remote = "https://github.com/google/macops-molcertificate.git", ) bazel_dep(name = "molauthenticatingurlsession", version = "3.0", repo_name = "MOLAuthenticatingURLSession") git_override( module_name = "molauthenticatingurlsession", - remote = "https://github.com/google/macops-molauthenticatingurlsession.git", commit = "0a50a67f29d635a4012981714c1dedef9ac25fe6", + remote = "https://github.com/google/macops-molauthenticatingurlsession.git", ) bazel_dep(name = "molcodesignchecker", version = "3.0", repo_name = "MOLCodesignChecker") git_override( module_name = "molcodesignchecker", - remote = "https://github.com/google/macops-molcodesignchecker.git", commit = "5060bcc8baa90bae3b0ca705d14850328bbbec53", + remote = "https://github.com/google/macops-molcodesignchecker.git", ) bazel_dep(name = "molxpcconnection", version = "2.1", repo_name = "MOLXPCConnection") git_override( module_name = "molxpcconnection", - remote = "https://github.com/russellhancox/macops-molxpcconnection.git", commit = "da816dc49becac96d941ef6a5c4153ed39d1fe7c", + remote = "https://github.com/russellhancox/macops-molxpcconnection.git", ) non_module_deps = use_extension("//:non_module_deps.bzl", "non_module_deps") @@ -52,7 +49,6 @@ use_repo(non_module_deps, "OCMock") bazel_dep(name = "hedron_compile_commands", dev_dependency = True) git_override( module_name = "hedron_compile_commands", - remote = "https://github.com/hedronvision/bazel-compile-commands-extractor.git", commit = "0e990032f3c5a866e72615cf67e5ce22186dcb97", + remote = "https://github.com/hedronvision/bazel-compile-commands-extractor.git", ) - diff --git a/Source/gui/SNTBinaryMessageWindowController.m b/Source/gui/SNTBinaryMessageWindowController.m index 5271e5367..a88b75698 100644 --- a/Source/gui/SNTBinaryMessageWindowController.m +++ b/Source/gui/SNTBinaryMessageWindowController.m @@ -93,8 +93,9 @@ - (void)loadWindow { if (eventDetailText) { [self.openEventButton setTitle:eventDetailText]; // Require the button keyEquivalent set to be CMD + Return - [self.openEventButton setKeyEquivalent:@"\r"]; // Return Key - [self.openEventButton setKeyEquivalentModifierMask:NSEventModifierFlagCommand]; // Command Key + [self.openEventButton setKeyEquivalent:@"\r"]; // Return Key + [self.openEventButton + setKeyEquivalentModifierMask:NSEventModifierFlagCommand]; // Command Key } } diff --git a/Source/santad/BUILD b/Source/santad/BUILD index 7d3f3fe65..db5d6b986 100644 --- a/Source/santad/BUILD +++ b/Source/santad/BUILD @@ -913,9 +913,6 @@ santa_unit_test( santa_unit_test( name = "SantadTest", srcs = ["SantadTest.mm"], - structured_resources = [ - "//Source/santad/testdata:binaryrules_testdata", - ], minimum_os_version = "11.0", sdk_dylibs = [ "bsm", @@ -924,6 +921,9 @@ santa_unit_test( sdk_frameworks = [ "DiskArbitration", ], + structured_resources = [ + "//Source/santad/testdata:binaryrules_testdata", + ], tags = ["exclusive"], deps = [ ":EndpointSecurityMessage", diff --git a/Source/santad/EventProviders/DiskArbitrationTestUtil.mm b/Source/santad/EventProviders/DiskArbitrationTestUtil.mm index 09c651987..e65f6be95 100644 --- a/Source/santad/EventProviders/DiskArbitrationTestUtil.mm +++ b/Source/santad/EventProviders/DiskArbitrationTestUtil.mm @@ -152,13 +152,13 @@ void DARegisterDiskAppearedCallback(DASessionRef session, CFDictionaryRef __null void DARegisterDiskDisappearedCallback(DASessionRef session, CFDictionaryRef __nullable match, DADiskDisappearedCallback callback, - void *__nullable context) {}; + void *__nullable context){}; void DARegisterDiskDescriptionChangedCallback(DASessionRef session, CFDictionaryRef __nullable match, CFArrayRef __nullable watch, DADiskDescriptionChangedCallback callback, - void *__nullable context) {}; + void *__nullable context){}; void DASessionSetDispatchQueue(DASessionRef session, dispatch_queue_t __nullable queue) { MockDiskArbitration *mockDA = [MockDiskArbitration mockDiskArbitration]; diff --git a/Source/santad/EventProviders/SNTEndpointSecurityDeviceManagerTest.mm b/Source/santad/EventProviders/SNTEndpointSecurityDeviceManagerTest.mm index 257cd34b2..483a1e1e0 100644 --- a/Source/santad/EventProviders/SNTEndpointSecurityDeviceManagerTest.mm +++ b/Source/santad/EventProviders/SNTEndpointSecurityDeviceManagerTest.mm @@ -387,16 +387,16 @@ - (void)testPerformStartupTasks { // Create mock disks with desired args MockDADisk * (^CreateMockDisk)(NSString *, NSString *) = ^MockDADisk *(NSString *mountOn, NSString *mountFrom) { - MockDADisk *mockDisk = [[MockDADisk alloc] init]; - mockDisk.diskDescription = @{ - @"DAVolumePath" : mountOn, // f_mntonname, - @"DADevicePath" : mountOn, // f_mntonname, - @"DAMediaBSDName" : mountFrom, // f_mntfromname, - }; - - return mockDisk; + MockDADisk *mockDisk = [[MockDADisk alloc] init]; + mockDisk.diskDescription = @{ + @"DAVolumePath" : mountOn, // f_mntonname, + @"DADevicePath" : mountOn, // f_mntonname, + @"DAMediaBSDName" : mountFrom, // f_mntfromname, }; + return mockDisk; + }; + // Reset the Mock DA property, setup disks and remount args, then trigger the test void (^PerformStartupTest)(NSArray *, NSArray *, SNTDeviceManagerStartupPreferences) = diff --git a/Source/santad/ProcessTree/BUILD b/Source/santad/ProcessTree/BUILD index 3e13917ae..4f3ea3f33 100644 --- a/Source/santad/ProcessTree/BUILD +++ b/Source/santad/ProcessTree/BUILD @@ -71,12 +71,12 @@ objc_library( name = "process_tree_test_helpers", srcs = ["process_tree_test_helpers.mm"], hdrs = ["process_tree_test_helpers.h"], + visibility = ["//Source/santad/ProcessTree:__subpackages__"], deps = [ ":process", ":process_tree", "@com_google_absl//absl/synchronization", ], - visibility = ["//Source/santad/ProcessTree:__subpackages__"], ) santa_unit_test( diff --git a/Source/santad/ProcessTree/annotations/BUILD b/Source/santad/ProcessTree/annotations/BUILD index d992e6c09..a10fd7ac2 100644 --- a/Source/santad/ProcessTree/annotations/BUILD +++ b/Source/santad/ProcessTree/annotations/BUILD @@ -14,8 +14,8 @@ cc_library( cc_library( name = "originator", - hdrs = ["originator.h"], srcs = ["originator.cc"], + hdrs = ["originator.h"], deps = [ ":annotator", "//Source/santad/ProcessTree:process", @@ -31,7 +31,7 @@ santa_unit_test( deps = [ ":originator", "//Source/santad/ProcessTree:process", - "//Source/santad/ProcessTree:process_tree_test_helpers", "//Source/santad/ProcessTree:process_tree_cc_proto", + "//Source/santad/ProcessTree:process_tree_test_helpers", ], ) diff --git a/Source/santad/ProcessTree/annotations/originator.cc b/Source/santad/ProcessTree/annotations/originator.cc index adc7bf5fc..9d9f216ad 100644 --- a/Source/santad/ProcessTree/annotations/originator.cc +++ b/Source/santad/ProcessTree/annotations/originator.cc @@ -18,10 +18,10 @@ #include #include -#include "absl/container/flat_hash_map.h" #include "Source/santad/ProcessTree/process.h" #include "Source/santad/ProcessTree/process_tree.h" #include "Source/santad/ProcessTree/process_tree.pb.h" +#include "absl/container/flat_hash_map.h" namespace ptpb = ::santa::pb::v1::process_tree; diff --git a/Source/santad/ProcessTree/annotations/originator.h b/Source/santad/ProcessTree/annotations/originator.h index edc7c7883..dc2891ffc 100644 --- a/Source/santad/ProcessTree/annotations/originator.h +++ b/Source/santad/ProcessTree/annotations/originator.h @@ -26,10 +26,10 @@ class OriginatorAnnotator : public Annotator { public: OriginatorAnnotator() : originator_(::santa::pb::v1::process_tree::Annotations::Originator:: - Annotations_Originator_UNSPECIFIED) {}; + Annotations_Originator_UNSPECIFIED){}; explicit OriginatorAnnotator( ::santa::pb::v1::process_tree::Annotations::Originator originator) - : originator_(originator) {}; + : originator_(originator){}; void AnnotateFork(ProcessTree &tree, const Process &parent, const Process &child) override; diff --git a/Testing/lint.sh b/Testing/lint.sh index b6aec0e7a..7b67ef28a 100755 --- a/Testing/lint.sh +++ b/Testing/lint.sh @@ -1,5 +1,5 @@ #!/bin/bash -set -xo pipefail +set -xoe pipefail GIT_ROOT=$(git rev-parse --show-toplevel) diff --git a/WORKSPACE b/WORKSPACE index 62795ae8e..b4c4019d8 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -3,7 +3,6 @@ workspace(name = "santa") load( "@bazel_tools//tools/build_defs/repo:git.bzl", "git_repository", - "new_git_repository", ) load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") diff --git a/non_module_deps.bzl b/non_module_deps.bzl index fa157a62b..fa06d4465 100644 --- a/non_module_deps.bzl +++ b/non_module_deps.bzl @@ -1,13 +1,13 @@ load("@bazel_tools//tools/build_defs/repo:git.bzl", "git_repository") def _non_module_deps_impl(ctx): - # FMDB is used to access SQLite from Objective-C(++) code. - git_repository( - name = "FMDB", - remote = "https://github.com/ccgus/fmdb.git", - commit = "61e51fde7f7aab6554f30ab061cc588b28a97d04", - shallow_since = "1589301502 -0700", - build_file_content = """ + # FMDB is used to access SQLite from Objective-C(++) code. + git_repository( + name = "FMDB", + remote = "https://github.com/ccgus/fmdb.git", + commit = "61e51fde7f7aab6554f30ab061cc588b28a97d04", + shallow_since = "1589301502 -0700", + build_file_content = """ objc_library( name = "FMDB", srcs = glob(["src/fmdb/*.m"], exclude=["src/fmdb.m"]), @@ -17,12 +17,12 @@ objc_library( visibility = ["//visibility:public"], ) """, - ) + ) - # OCMock is used in several tests. - git_repository( - name = "OCMock", - build_file_content = """ + # OCMock is used in several tests. + git_repository( + name = "OCMock", + build_file_content = """ objc_library( name = "OCMock", testonly = 1, @@ -39,11 +39,11 @@ objc_library( visibility = ["//visibility:public"], ) """, - commit = "afd2c6924e8a36cb872bc475248b978f743c6050", # tag = v3.9.1 - patch_args = ["-p1"], - patches = ["//external_patches/OCMock:503.patch"], - remote = "https://github.com/erikdoe/ocmock", - shallow_since = "1635703064 +0100", -) + commit = "afd2c6924e8a36cb872bc475248b978f743c6050", # tag = v3.9.1 + patch_args = ["-p1"], + patches = ["//external_patches/OCMock:503.patch"], + remote = "https://github.com/erikdoe/ocmock", + shallow_since = "1635703064 +0100", + ) non_module_deps = module_extension(implementation = _non_module_deps_impl) From f3352da7cfd448457f3cba583f6fe9c350eee89f Mon Sep 17 00:00:00 2001 From: Tom Burgin Date: Mon, 6 May 2024 14:24:41 -0400 Subject: [PATCH 2/3] exo --- Testing/lint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Testing/lint.sh b/Testing/lint.sh index 7b67ef28a..88f1630bf 100755 --- a/Testing/lint.sh +++ b/Testing/lint.sh @@ -1,5 +1,5 @@ #!/bin/bash -set -xoe pipefail +set -exo pipefail GIT_ROOT=$(git rev-parse --show-toplevel) From 93e7037d313992d9e41f2834530a3fba5f50d105 Mon Sep 17 00:00:00 2001 From: Tom Burgin Date: Mon, 6 May 2024 14:31:28 -0400 Subject: [PATCH 3/3] non_module_deps.bzl lint fixes --- non_module_deps.bzl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/non_module_deps.bzl b/non_module_deps.bzl index fa06d4465..87fb9903d 100644 --- a/non_module_deps.bzl +++ b/non_module_deps.bzl @@ -1,6 +1,8 @@ +"""Modules for dependencies not included in the Bazel Central Registry""" + load("@bazel_tools//tools/build_defs/repo:git.bzl", "git_repository") -def _non_module_deps_impl(ctx): +def _non_module_deps_impl(_): # FMDB is used to access SQLite from Objective-C(++) code. git_repository( name = "FMDB",