Bundle Events #145
Bundle Events #145
Conversation
|
👏 😃 👏 |
|
|
||
| - (void)postBundleEventsToSyncServer:(NSArray<SNTStoredEvent *> *)events { | ||
| SNTCommandSyncState *syncState = [self createSyncState]; | ||
| syncState.eventBatchSize = 50; |
There was a problem hiding this comment.
Should we use santa_api_event_batch_size sent by Upvote for this? It's sent in preflight though and we don't do a preflight here.
There was a problem hiding this comment.
Agreed, we should find a way to use the server supplied value. We could just store it in memory in santad if necessary.
There was a problem hiding this comment.
Will do so in the next pull request. We can hold it in santactl since it runs as a daemon now.
| @@ -18,6 +18,7 @@ | |||
| /// | |||
| /// Keeps track of pending notifications and ensures only one is presented to the user at a time. | |||
| /// | |||
| @interface SNTNotificationManager : NSObject<SNTMessageWindowControllerDelegate, SNTNotifierXPC> | |||
| @interface SNTNotificationManager : | |||
| NSObject<SNTMessageWindowControllerDelegate, SNTNotifierXPC, SNTBundleNotifierXPC> | |||
There was a problem hiding this comment.
@interface SNTNotificationManager : NSObject<SNTMessageWindowControllerDelegate,
SNTNotifierXPC, SNTBundleNotifierXPC>| @@ -143,4 +165,74 @@ - (void)postRuleSyncNotificationWithCustomMessage:(NSString *)message { | |||
| [[NSUserNotificationCenter defaultUserNotificationCenter] deliverNotification:un]; | |||
| } | |||
|
|
|||
| #pragma mark SNTBundleNotifierXPC protocol methods | |||
|
|
|||
| - (void)updateTotalFileCountForEvent:(SNTStoredEvent *)event | |||
There was a problem hiding this comment.
This method reads weirdly because you're mentioning fileCount at the beginning but then not supplying it until the end, so it's sort of repeated. How about updateCountsForEvent:binaryCount:fileCount: or updateFileCount:binaryCount:forEvent:
There was a problem hiding this comment.
updateCountsForEvent:binaryCount:fileCount: makes the most sense to me.
Done.
|
|
||
| - (void)hashBundleBinariesForEvent:(SNTStoredEvent *)event { | ||
| // Wait until the bundle service is connected | ||
| dispatch_semaphore_wait(self.bundleServiceSema, DISPATCH_TIME_FOREVER); |
There was a problem hiding this comment.
forever scares me, is there not a reasonable limit we can set here?
There was a problem hiding this comment.
Yeah, 6 secs to allow the bundle service to reconnect is reasonable. Otherwise abandon bundle hashing and display blockable event.
Done.
|
|
||
| // Send the results to santad. It will decide if they need to be synced. | ||
| SNTXPCConnection *daemonConn = [SNTXPCControlInterface configuredConnection]; | ||
| [daemonConn resume]; |
There was a problem hiding this comment.
Instead of making a new connection back to santad, can we have AppDelegate hand the connection it has down to notificationmanager?
There was a problem hiding this comment.
The connections that AppDelegate local variables so they can be created / released during connection / re-connection attempts. It seems saner to me if we create them as needed. There is a bit more overhead, but seems worth it for cleaner code.
Source/common/SNTFileInfo.m
Outdated
| @@ -280,34 +280,29 @@ - (BOOL)isMissingPageZero { | |||
| /// | |||
| /// Rationale: An NSBundle has a method executablePath for discovering the main binary within a | |||
| /// bundle but provides no way to get an NSBundle object when only the executablePath is known. | |||
| /// Also a bundle can contain multiple binaries within the MacOS folder and we want any of these | |||
| /// Also a bundle can contain multiple binaries within it's subdirectories and we want any of these | |||
| @@ -53,7 +53,7 @@ | |||
| /// Log upload URL sent from server. If set, LogUpload phase needs to happen. | |||
| @property NSURL *uploadLogURL; | |||
|
|
|||
| /// Array of bundle paths to find binaries for. | |||
| /// Array of bundle ids to find binaries for. | |||
| !event.fileSHA256 || | ||
| !event.filePath || | ||
| !event.occurrenceDate || | ||
| !event.decision) return NO; |
There was a problem hiding this comment.
Do you want to fail all of the events if one of them is bad?
There was a problem hiding this comment.
Nope, this should be continue.
| #pragma mark Bundle ops | ||
|
|
||
| /// | ||
| /// This method is only used for santactl's bundleinfo command. For blocked executions, Santa GUI |
There was a problem hiding this comment.
s/Santa GUI/SantaGUI
| } | ||
|
|
||
| /// | ||
| /// Used by Santa GUI sync the offending event and potentially all the related events, |
There was a problem hiding this comment.
s/Santa GUI/SantaGUI
| /// | ||
| - (void)hashBundleBinariesForEvent:(SNTStoredEvent *)event | ||
| reply:(SNTBundleHashBlock)reply { | ||
| SNTXPCConnection *bs = [[SNTXPCConnection alloc] initClientWithServiceName:@"com.google.santabs"]; |
There was a problem hiding this comment.
Move the service ID to a serviceId class method in SNTXPCBundleServiceInterface, following the example of SNTXPCControlInterface
|
Updates coming to SNTBundleService shortly |
|
PTAL |
|
So there's good news and bad news. 👍 The good news is that everyone that needs to sign a CLA (the pull request submitter and all commit authors) have done so. Everything is all good there. 😕 The bad news is that it appears that one or more commits were authored by someone other than the pull request submitter. We need to confirm that they're okay with their commits being contributed to this project. Please have them confirm that here in the pull request. Note to project maintainer: This is a terminal state, meaning the |
|
CLAs look good, thanks! |
| @try { | ||
| eventData = [NSKeyedArchiver archivedDataWithRootObject:event]; | ||
| } @catch (NSException *exception) { | ||
| return NO; |
There was a problem hiding this comment.
This should probably be continue, no?
| BOOL *stop) { | ||
| success = [db executeUpdate:@"INSERT INTO 'events' (idx, filesha256, eventdata)" | ||
| @"VALUES (?, ?, ?)", | ||
| event.idx, event.fileSHA256, eventData]; |
There was a problem hiding this comment.
Indent both of these lines +4
| NSArray<SNTStoredEvent *> *events, | ||
| NSNumber *time) { | ||
|
|
||
| printf("hashing time: %llu ms\n", time.unsignedLongLongValue); |
| printf("%s\n", error.description.UTF8String); | ||
| exit(1); | ||
| } else if (!fi.bundle) { | ||
| printf("not a bundle\n"); |
| @@ -0,0 +1,79 @@ | |||
| /// Copyright 2016 Google Inc. All rights reserved. | |||
Source/santabs/SNTBundleService.m
Outdated
| @"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x" | ||
| "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"; | ||
|
|
||
| NSString *sha256 = [[NSString alloc] |
There was a problem hiding this comment.
[[NSString alloc] initWIthFormat:SHA256FormatString,
digest[0], digest[1], digest[2], digest[3],
etc. etc.
|
PTAL |
* santabs: Create Santa Bundle Service * common: SNTXPCConnection add initClientWithServiceName: * santad: add logic for blocked bundles * SantaGUI: add ui elements and xpc connections to / from santabs * santactl/sync: add api features for syncing bundle events * santactl/bundleinfo: add bundleinfo command for debug builds * common: prefer bundle hash over file hash for event urls * common: remove syncBackoff property - this is now handled in santactl sync * common: add properties to support the bundle event api * common: find a bundle from a nested binary * review updates * sane bundle hash time outs * post rebase updates * post review updates
Here are the initial commits for: