Gfs/#326 (#330)

* Don't throw from WalkDirectory. * Fix #326. * Fix #328 * Catch InvalidOperationException sometimes thrown by Mono. Fix #328. * Improve telemetry opt-out message. * Fix projects for VS for Mac * Wait less time to flush. * Add a ForceNoAdmin argument Only for Collect command. * Remove unused file. * Remove unneeded tostring conversion. * Fix group capturing on os x.
microsoft · Dec 19, 2019 · 8357625 · 8357625
1 parent d347c03
commit 8357625
Show file tree

Hide file tree

Showing 11 changed files with 45 additions and 36 deletions.
diff --git a/Asa/Asa.csproj b/Asa/Asa.csproj
@@ -5,6 +5,7 @@
     <AspNetCoreHostingModel>InProcess</AspNetCoreHostingModel>
     <OutputType>Exe</OutputType>
     <ReleaseVersion>2.1-alpha</ReleaseVersion>
+    <LangVersion>8.0</LangVersion>
   </PropertyGroup>
 
   <!--<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">

diff --git a/Asa/Program.cs b/Asa/Program.cs
@@ -185,6 +185,9 @@ public class CollectCommandOptions
 
         [Option(HelpText = "Suppress all logging statements below WARN")]
         public bool Quiet { set; get; }
+
+        [Option(HelpText = "Force run without admin/root (collectors may not function).")]
+        public bool ForceNoAdmin { set; get; }
     }
     [Verb("monitor", HelpText = "Continue running and monitor activity")]
     public class MonitorCommandOptions
@@ -676,7 +679,7 @@ private static void CheckFirstRun()
         {
             if (DatabaseManager.FirstRun)
             {
-                string exeStr = $"{System.Reflection.Assembly.GetExecutingAssembly().CodeBase.Split('/').Last()} config --telemetry-opt-out true";
+                string exeStr = $"config --telemetry-opt-out true";
                 Log.Information(Strings.Get("ApplicationHasTelemetry"));
                 Log.Information(Strings.Get("ApplicationHasTelemetry2"), "https://github.com/Microsoft/AttackSurfaceAnalyzer/blob/master/PRIVACY.md");
                 Log.Information(Strings.Get("ApplicationHasTelemetry3"), exeStr);
@@ -1239,7 +1242,10 @@ public static int RunCollectCommand(CollectCommandOptions opts)
             StartEvent.Add("Admin", AsaHelpers.IsAdmin().ToString(CultureInfo.InvariantCulture));
             AsaTelemetry.TrackEvent("Run Command", StartEvent);
 
-            AdminOrQuit();
+            if (!opts.ForceNoAdmin)
+            {
+                AdminOrQuit();
+            }
 
             CheckFirstRun();
             DatabaseManager.VerifySchemaVersion();

diff --git a/Lib/AsaLib.csproj b/Lib/AsaLib.csproj
@@ -8,6 +8,7 @@
     <PackageVersion>2.1-alpha</PackageVersion>
     <Authors>Microsoft Corporation</Authors>
     <Owners>Microsoft Corporation</Owners>
+    <LangVersion>8.0</LangVersion>
     <GeneratePackageOnBuild>true</GeneratePackageOnBuild>
     <Description>Attack Surface Analyzer is a Microsoft-developed open source security tool available at https://github.com/microsoft/AttackSurfaceAnalyzer that analyzes the attack surface of a target system and reports on potential security vulnerabilities introduced by the installation of software or by system misconfiguration.
 
@@ -17,11 +18,6 @@ This NuGet contains the AttackSurfaceAnalyzer Library, which is used by the CLI
     <UpgradeBackupLocation>C:\Users\Gstoc\Documents\GitHub\AttackSurfaceAnalyzer\Backup\Lib\</UpgradeBackupLocation>
     <OldToolsVersion>2.0</OldToolsVersion>
   </PropertyGroup>
-  <ItemGroup>
-    <Compile Remove="Utils\CommandOptions.cs" />
-    <Compile Remove="Collectors\OpenPorts\LinuxOpenPortUtils.cs" />
-    <Compile Remove="Collectors\OpenPorts\WindowsOpenPortUtils.cs" />
-  </ItemGroup>
   <ItemGroup>
     <PackageReference Include="CompareNETObjects" Version="4.64.0" />
     <PackageReference Include="Microsoft.CodeAnalysis.FxCopAnalyzers" Version="2.9.8">
@@ -33,7 +29,7 @@ This NuGet contains the AttackSurfaceAnalyzer Library, which is used by the CLI
     <PackageReference Include="Microsoft.Win32.Registry" Version="4.7.0" />
     <PackageReference Include="Microsoft.Windows.Compatibility" Version="3.1.0" />
     <PackageReference Include="murmurhash" Version="1.0.3" />
-    <PackageReference Include="PeNet" Version="1.2.0" />
+    <PackageReference Include="PeNet" Version="1.3.3" />
     <PackageReference Include="Serilog" Version="2.9.0" />
     <PackageReference Include="Serilog.Sinks.Console" Version="3.1.1" />
     <PackageReference Include="Serilog.Sinks.File" Version="4.1.0" />

diff --git a/Lib/Collectors/FileSystemCollector.cs b/Lib/Collectors/FileSystemCollector.cs
@@ -88,8 +88,7 @@ public override void ExecuteInternal()
 
             foreach (var root in roots)
             {
-                Log.Information("{0} root {1}", Strings.Get("Scanning"), root.ToString(CultureInfo.InvariantCulture));
-                //Ensure the transaction is started to prevent collisions on the multithreaded code ahead
+                Log.Information("{0} root {1}", Strings.Get("Scanning"), root);
                 var fileInfoEnumerable = DirectoryWalker.WalkDirectory(root);
                 Parallel.ForEach(fileInfoEnumerable,
                                 (fileInfo =>
@@ -282,7 +281,8 @@ public static FileSystemObject FileSystemInfoToFileSystemObject(FileSystemInfo f
                 }
                 catch (Exception e) when (
                     e is ArgumentNullException
-                    || e is ArgumentException)
+                    || e is ArgumentException
+                    || e is InvalidOperationException)
                 {
                     Log.Verbose($"Failed to get permissions for {fileInfo.FullName} {e.GetType().ToString()}");
                 }

diff --git a/Lib/Collectors/FileSystemUtils.cs b/Lib/Collectors/FileSystemUtils.cs
@@ -53,9 +53,13 @@ public static string GetFilePermissions(FileSystemInfo fileInfo)
                         {
                             permissions = new UnixFileInfo(filename).FileAccessPermissions;
                         }
-                        catch (IOException ex)
+                        catch (IOException e)
                         {
-                            Log.Debug("Unable to get access control for {0}: {1}", fileInfo.FullName, ex.Message);
+                            Log.Debug("Unable to get access control for {0}: {1}", fileInfo.FullName, e.Message);
+                        }
+                        catch (InvalidOperationException e)
+                        {
+                            Log.Debug("Path probably doesn't exist: {0}", fileInfo.FullName);
                         }
                     }
                     else if (fileInfo is DirectoryInfo)
@@ -64,9 +68,13 @@ public static string GetFilePermissions(FileSystemInfo fileInfo)
                         {
                             permissions = new UnixDirectoryInfo(filename).FileAccessPermissions;
                         }
-                        catch (IOException ex)
+                        catch (IOException e)
+                        {
+                            Log.Debug("Unable to get access control for {0}: {1}", fileInfo.FullName, e.Message);
+                        }
+                        catch (InvalidOperationException e)
                         {
-                            Log.Debug("Unable to get access control for {0}: {1}", fileInfo.FullName, ex.Message);
+                            Log.Debug("Path probably doesn't exist: {0}", fileInfo.FullName);
                         }
                     }
                     else

diff --git a/Lib/Collectors/UserAccountCollector.cs b/Lib/Collectors/UserAccountCollector.cs
@@ -19,9 +19,6 @@ namespace AttackSurfaceAnalyzer.Collectors
     /// </summary>
     public class UserAccountCollector : BaseCollector
     {
-        Dictionary<string, UserAccountObject> users = new Dictionary<string, UserAccountObject>();
-        Dictionary<string, GroupAccountObject> groups = new Dictionary<string, GroupAccountObject>();
-
         public UserAccountCollector(string runId)
         {
             this.RunId = runId;
@@ -53,6 +50,8 @@ public override void ExecuteInternal()
         /// </summary>
         public void ExecuteWindows()
         {
+            Dictionary<string, UserAccountObject> users = new Dictionary<string, UserAccountObject>();
+            Dictionary<string, GroupAccountObject> groups = new Dictionary<string, GroupAccountObject>();
             try
             {
                 List<string> lines = new List<string>(ExternalCommandRunner.RunExternalCommand("net", "localgroup").Split('\n'));
@@ -363,9 +362,18 @@ private void ExecuteOsX()
             foreach (var username in accountDetails.Keys)
             {
                 // Admin user details
-                var groupsRaw = ExternalCommandRunner.RunExternalCommand("groups", "username");
+                string groupsRaw = string.Empty;
 
-                var groups = result.Split(' ');
+                try
+                {
+                    groupsRaw = ExternalCommandRunner.RunExternalCommand("groups", username);
+                }
+                catch (Exception)
+                {
+
+                }
+
+                var groups = groupsRaw.Split(' ');
                 foreach (var group in groups)
                 {
                     accountDetails[username].Groups.Add(group);

diff --git a/Lib/Collectors/WindowsFileSystemUtils.cs b/Lib/Collectors/WindowsFileSystemUtils.cs
@@ -68,7 +68,8 @@ public static List<string> GetDllCharacteristics(string Path)
                     e is IndexOutOfRangeException
                     || e is ArgumentNullException
                     || e is System.IO.IOException
-                    || e is ArgumentException)
+                    || e is ArgumentException
+                    || e is UnauthorizedAccessException)
                 {
                     Log.Verbose($"Failed to get PE Headers for {Path} {e.GetType().ToString()}");
                 }

diff --git a/Lib/Properties/Resources.resx b/Lib/Properties/Resources.resx
@@ -415,7 +415,7 @@
     <value>For our privacy policy visit: {0}.</value>
   </data>
   <data name="ApplicationHasTelemetry3" xml:space="preserve">
-    <value>To disable telemetry run '{0}'.</value>
+    <value>To disable telemetry run Attack Surface Analyzer with these arguments: '{0}'.</value>
   </data>
   <data name="DumpingDataFromDatabase" xml:space="preserve">
     <value>Dumping data from database located at {0}.</value>

diff --git a/Lib/Utils/CommandOptions.cs b/Lib/Utils/CommandOptions.cs
diff --git a/Lib/Utils/DatabaseManager.cs b/Lib/Utils/DatabaseManager.cs
@@ -203,7 +203,7 @@ public static void SleepAndFlushQueue()
             while (!WriteQueue.IsEmpty) { 
                 WriteNext(); 
             }
-            Thread.Sleep(500);
+            Thread.Sleep(100);
         }
 
         public static PLATFORM RunIdToPlatform(string runid)

diff --git a/Lib/Utils/DirectoryWalker.cs b/Lib/Utils/DirectoryWalker.cs
@@ -15,11 +15,10 @@ public static IEnumerable<FileSystemInfo> WalkDirectory(string root)
             // examined for files.
             Stack<string> dirs = new Stack<string>();
 
-            if (!System.IO.Directory.Exists(root))
+            if (System.IO.Directory.Exists(root))
             {
-                throw new ArgumentException("Unable to find [" + root + "]");
+                dirs.Push(root);
             }
-            dirs.Push(root);
 
             while (dirs.Count > 0)
             {