From 292d99bb13550c191157aa3bcf01d596d28ec93a Mon Sep 17 00:00:00 2001 From: Russell Hancox Date: Tue, 3 May 2022 12:57:56 -0400 Subject: [PATCH 1/4] GUI: Add %bundle_or_file_sha% translation key This mimics the current behavior that %file_sha% previously had and moves %file_sha% to the expected behavior or just showing the file's SHA. Related to #795 --- Source/common/SNTBlockMessage.m | 5 +++++ docs/deployment/configuration.md | 19 ++++++++++--------- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/Source/common/SNTBlockMessage.m b/Source/common/SNTBlockMessage.m index c4aa257f1..c46b5189b 100644 --- a/Source/common/SNTBlockMessage.m +++ b/Source/common/SNTBlockMessage.m @@ -123,6 +123,11 @@ + (NSURL *)eventDetailURLForEvent:(SNTStoredEvent *)event { [formatStr stringByReplacingOccurrencesOfString:@"%file_sha%" withString:event.fileBundleHash ?: event.fileSHA256]; } + if (event.fileSHA256) { + formatStr = + [formatStr stringByReplacingOccurrencesOfString:@"%bundle_or_file_sha%" + withString:event.fileBundleHash ?: event.fileSHA256]; + } if (event.executingUser) { formatStr = [formatStr stringByReplacingOccurrencesOfString:@"%username%" withString:event.executingUser]; diff --git a/docs/deployment/configuration.md b/docs/deployment/configuration.md index 015f33152..6a8601250 100644 --- a/docs/deployment/configuration.md +++ b/docs/deployment/configuration.md @@ -65,7 +65,7 @@ also known as mobileconfig files, which are in an Apple-specific XML format. | MetricExtraLabels | Dictionary | A map of key value pairs to add to all metric root labels. (e.g. a=b,c=d) defaults to @{}). If a previously set key (e.g. host_name is set to "" then the key is remove from the metric root labels. Alternatively if a value is set for an existing key then the new value will override the old. | -*overridable by the sync server: run `santactl status` to check the current +\*overridable by the sync server: run `santactl status` to check the current running config ##### EventDetailURL @@ -76,14 +76,15 @@ take them to a web page with more information about that event. This property contains a kind of format string to be turned into the URL to send them to. The following sequences will be replaced in the final URL: -| Key | Description | -| ------------ | ---------------------------------------- | -| %file_sha% | SHA-256 of the file that was blocked | -| %machine_id% | ID of the machine | -| %username% | The executing user | -| %serial% | System's serial number | -| %uuid% | System's UUID | -| %hostname% | System's full hostname | +| Key | Description | +| ----------------------- | ------------------------------------------------------------------------------ | +| %file_sha% | SHA-256 of the file that was blocked | +| %bundle\_or\_file\_sha% | SHA-256 of the file that was blocked or the bundle containing it, if available | +| %machine\_id% | ID of the machine | +| %username% | The executing user | +| %serial% | System's serial number | +| %uuid% | System's UUID | +| %hostname% | System's full hostname | For example: `https://sync-server-hostname/%machine_id%/%file_sha%` From fe2023484a314eec6a6bf51ae428290f8267739c Mon Sep 17 00:00:00 2001 From: Russell Hancox Date: Tue, 3 May 2022 14:07:04 -0400 Subject: [PATCH 2/4] Make file_sha only show the file's sha Co-authored-by: Matt W <436037+mlw@users.noreply.github.com> --- Source/common/SNTBlockMessage.m | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Source/common/SNTBlockMessage.m b/Source/common/SNTBlockMessage.m index c46b5189b..c910366d6 100644 --- a/Source/common/SNTBlockMessage.m +++ b/Source/common/SNTBlockMessage.m @@ -121,7 +121,7 @@ + (NSURL *)eventDetailURLForEvent:(SNTStoredEvent *)event { if (event.fileSHA256) { formatStr = [formatStr stringByReplacingOccurrencesOfString:@"%file_sha%" - withString:event.fileBundleHash ?: event.fileSHA256]; + withString:event.fileSHA256]; } if (event.fileSHA256) { formatStr = From fa4ed9bbe4e8368a4b8742ffb898e3f8d5c4ecbb Mon Sep 17 00:00:00 2001 From: Russell Hancox Date: Tue, 3 May 2022 14:19:46 -0400 Subject: [PATCH 3/4] run clang format --- Source/common/SNTBlockMessage.m | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Source/common/SNTBlockMessage.m b/Source/common/SNTBlockMessage.m index c910366d6..8ce784d49 100644 --- a/Source/common/SNTBlockMessage.m +++ b/Source/common/SNTBlockMessage.m @@ -119,9 +119,8 @@ + (NSURL *)eventDetailURLForEvent:(SNTStoredEvent *)event { if (!formatStr.length) return nil; if (event.fileSHA256) { - formatStr = - [formatStr stringByReplacingOccurrencesOfString:@"%file_sha%" - withString:event.fileSHA256]; + formatStr = [formatStr stringByReplacingOccurrencesOfString:@"%file_sha%" + withString:event.fileSHA256]; } if (event.fileSHA256) { formatStr = From ee6ca9fed128e18701ce0808d72f0f71bb0071e0 Mon Sep 17 00:00:00 2001 From: Russell Hancox Date: Tue, 3 May 2022 14:24:26 -0400 Subject: [PATCH 4/4] d'oh, duplicate condition --- Source/common/SNTBlockMessage.m | 2 -- 1 file changed, 2 deletions(-) diff --git a/Source/common/SNTBlockMessage.m b/Source/common/SNTBlockMessage.m index 8ce784d49..dddaec474 100644 --- a/Source/common/SNTBlockMessage.m +++ b/Source/common/SNTBlockMessage.m @@ -121,8 +121,6 @@ + (NSURL *)eventDetailURLForEvent:(SNTStoredEvent *)event { if (event.fileSHA256) { formatStr = [formatStr stringByReplacingOccurrencesOfString:@"%file_sha%" withString:event.fileSHA256]; - } - if (event.fileSHA256) { formatStr = [formatStr stringByReplacingOccurrencesOfString:@"%bundle_or_file_sha%" withString:event.fileBundleHash ?: event.fileSHA256];