-
Notifications
You must be signed in to change notification settings - Fork 292
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bundle Events #145
Bundle Events #145
Conversation
👏 😃 👏 |
|
||
- (void)postBundleEventsToSyncServer:(NSArray<SNTStoredEvent *> *)events { | ||
SNTCommandSyncState *syncState = [self createSyncState]; | ||
syncState.eventBatchSize = 50; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we use santa_api_event_batch_size sent by Upvote for this? It's sent in preflight though and we don't do a preflight here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed, we should find a way to use the server supplied value. We could just store it in memory in santad if necessary.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will do so in the next pull request. We can hold it in santactl since it runs as a daemon now.
@@ -18,6 +18,7 @@ | |||
/// | |||
/// Keeps track of pending notifications and ensures only one is presented to the user at a time. | |||
/// | |||
@interface SNTNotificationManager : NSObject<SNTMessageWindowControllerDelegate, SNTNotifierXPC> | |||
@interface SNTNotificationManager : | |||
NSObject<SNTMessageWindowControllerDelegate, SNTNotifierXPC, SNTBundleNotifierXPC> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@interface SNTNotificationManager : NSObject<SNTMessageWindowControllerDelegate,
SNTNotifierXPC, SNTBundleNotifierXPC>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
@@ -143,4 +165,74 @@ - (void)postRuleSyncNotificationWithCustomMessage:(NSString *)message { | |||
[[NSUserNotificationCenter defaultUserNotificationCenter] deliverNotification:un]; | |||
} | |||
|
|||
#pragma mark SNTBundleNotifierXPC protocol methods | |||
|
|||
- (void)updateTotalFileCountForEvent:(SNTStoredEvent *)event |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This method reads weirdly because you're mentioning fileCount at the beginning but then not supplying it until the end, so it's sort of repeated. How about updateCountsForEvent:binaryCount:fileCount:
or updateFileCount:binaryCount:forEvent:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updateCountsForEvent:binaryCount:fileCount: makes the most sense to me.
Done.
|
||
- (void)hashBundleBinariesForEvent:(SNTStoredEvent *)event { | ||
// Wait until the bundle service is connected | ||
dispatch_semaphore_wait(self.bundleServiceSema, DISPATCH_TIME_FOREVER); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
forever scares me, is there not a reasonable limit we can set here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, 6 secs to allow the bundle service to reconnect is reasonable. Otherwise abandon bundle hashing and display blockable event.
Done.
|
||
// Send the results to santad. It will decide if they need to be synced. | ||
SNTXPCConnection *daemonConn = [SNTXPCControlInterface configuredConnection]; | ||
[daemonConn resume]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of making a new connection back to santad, can we have AppDelegate hand the connection it has down to notificationmanager?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The connections that AppDelegate local variables so they can be created / released during connection / re-connection attempts. It seems saner to me if we create them as needed. There is a bit more overhead, but seems worth it for cleaner code.
Source/common/SNTFileInfo.m
Outdated
@@ -280,34 +280,29 @@ - (BOOL)isMissingPageZero { | |||
/// | |||
/// Rationale: An NSBundle has a method executablePath for discovering the main binary within a | |||
/// bundle but provides no way to get an NSBundle object when only the executablePath is known. | |||
/// Also a bundle can contain multiple binaries within the MacOS folder and we want any of these | |||
/// Also a bundle can contain multiple binaries within it's subdirectories and we want any of these |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/it's/its
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
@@ -53,7 +53,7 @@ | |||
/// Log upload URL sent from server. If set, LogUpload phase needs to happen. | |||
@property NSURL *uploadLogURL; | |||
|
|||
/// Array of bundle paths to find binaries for. | |||
/// Array of bundle ids to find binaries for. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/ids/IDs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
!event.fileSHA256 || | ||
!event.filePath || | ||
!event.occurrenceDate || | ||
!event.decision) return NO; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you want to fail all of the events if one of them is bad?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nope, this should be continue.
#pragma mark Bundle ops | ||
|
||
/// | ||
/// This method is only used for santactl's bundleinfo command. For blocked executions, Santa GUI |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/Santa GUI/SantaGUI
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
} | ||
|
||
/// | ||
/// Used by Santa GUI sync the offending event and potentially all the related events, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/Santa GUI/SantaGUI
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
/// | ||
- (void)hashBundleBinariesForEvent:(SNTStoredEvent *)event | ||
reply:(SNTBundleHashBlock)reply { | ||
SNTXPCConnection *bs = [[SNTXPCConnection alloc] initClientWithServiceName:@"com.google.santabs"]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Move the service ID to a serviceId class method in SNTXPCBundleServiceInterface, following the example of SNTXPCControlInterface
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
Updates coming to SNTBundleService shortly |
PTAL |
So there's good news and bad news. 👍 The good news is that everyone that needs to sign a CLA (the pull request submitter and all commit authors) have done so. Everything is all good there. 😕 The bad news is that it appears that one or more commits were authored by someone other than the pull request submitter. We need to confirm that they're okay with their commits being contributed to this project. Please have them confirm that here in the pull request. Note to project maintainer: This is a terminal state, meaning the |
CLAs look good, thanks! |
@try { | ||
eventData = [NSKeyedArchiver archivedDataWithRootObject:event]; | ||
} @catch (NSException *exception) { | ||
return NO; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should probably be continue, no?
BOOL *stop) { | ||
success = [db executeUpdate:@"INSERT INTO 'events' (idx, filesha256, eventdata)" | ||
@"VALUES (?, ?, ?)", | ||
event.idx, event.fileSHA256, eventData]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indent both of these lines +4
NSArray<SNTStoredEvent *> *events, | ||
NSNumber *time) { | ||
|
||
printf("hashing time: %llu ms\n", time.unsignedLongLongValue); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/hashing/Hashing
printf("%s\n", error.description.UTF8String); | ||
exit(1); | ||
} else if (!fi.bundle) { | ||
printf("not a bundle\n"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/not/Not
@@ -0,0 +1,79 @@ | |||
/// Copyright 2016 Google Inc. All rights reserved. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
2017
Source/santabs/SNTBundleService.m
Outdated
@"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x" | ||
"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"; | ||
|
||
NSString *sha256 = [[NSString alloc] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[[NSString alloc] initWIthFormat:SHA256FormatString,
digest[0], digest[1], digest[2], digest[3],
etc. etc.
PTAL |
* santabs: Create Santa Bundle Service * common: SNTXPCConnection add initClientWithServiceName: * santad: add logic for blocked bundles * SantaGUI: add ui elements and xpc connections to / from santabs * santactl/sync: add api features for syncing bundle events * santactl/bundleinfo: add bundleinfo command for debug builds * common: prefer bundle hash over file hash for event urls * common: remove syncBackoff property - this is now handled in santactl sync * common: add properties to support the bundle event api * common: find a bundle from a nested binary * review updates * sane bundle hash time outs * post rebase updates * post review updates
Here are the initial commits for: