Gfs/#579 (#583)

* Update README.md (#580) * Update README.md * Some cleanup * Update OpenPortCollector.cs * Update CommandOptions.cs * Fix Getting Process Names * Update EventLogCollector.cs * Update FileSystemMonitor.cs * Update CollectorTests.cs * Update CollectorTests.cs * Update CollectorTests.cs * Update CollectorTests.cs * Update version.json * Update version.json * Update version.json
microsoft · May 26, 2021 · 91b01c4 · 91b01c4
1 parent 54af868
commit 91b01c4
Show file tree

Hide file tree

Showing 10 changed files with 31 additions and 29 deletions.
diff --git a/Cli/Components/CollectorOptions/FileCollectorOptions.razor b/Cli/Components/CollectorOptions/FileCollectorOptions.razor
@@ -24,9 +24,9 @@
         <div class="form-row">
             <div class="col-9 mb-1">
                 <select class="form-control @directorySelectElementGlowClass.ClassName" id="selectedDirectoriesList" @bind="SelectedDirectoryTop">
-                    @for (var i = 0; i < appData.CollectOptions.SelectedDirectories.Count; i++)
+                    @for (var i = 0; i < appData.CollectOptions.SelectedDirectories.Count(); i++)
                     {
-                        <option value="@i">@appData.CollectOptions.SelectedDirectories[i]</option>
+                        <option value="@i">@appData.CollectOptions.SelectedDirectories.ToList()[i]</option>
                     }
                 </select>
             </div>
@@ -71,17 +71,17 @@
 
     void RemoveInputFromList()
     {
-        if (appData.CollectOptions.SelectedDirectories.Count > SelectedDirectoryTop)
+        if (appData.CollectOptions.SelectedDirectories.Count() > SelectedDirectoryTop)
         {
-            appData.CollectOptions.SelectedDirectories.RemoveAt(SelectedDirectoryTop);
+            appData.CollectOptions.SelectedDirectories = appData.CollectOptions.SelectedDirectories.Except(appData.CollectOptions.SelectedDirectories.Skip(SelectedDirectoryTop-1).Take(1));
             Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, false);
         }
     }
 
     void PushInputToList()
     {
-        appData.CollectOptions.SelectedDirectories.Add(SelectedDirectoryInput);
-        SelectedDirectoryTop = appData.CollectOptions.SelectedDirectories.Count - 1;
+        appData.CollectOptions.SelectedDirectories = appData.CollectOptions.SelectedDirectories.Union(new string[] { SelectedDirectoryInput });
+        SelectedDirectoryTop = appData.CollectOptions.SelectedDirectories.Count() - 1;
         Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, true);
         SelectedDirectoryInput = string.Empty;
     }

diff --git a/Cli/Components/CollectorOptions/RegistryCollectorOptions.razor b/Cli/Components/CollectorOptions/RegistryCollectorOptions.razor
@@ -23,9 +23,9 @@
         <div class="form-row">
             <div class="col-9 mb-1">
                 <select class="form-control @directorySelectElementGlowClass.ClassName" id="selectedPathsList" @bind="SelectedHiveTop">
-                    @for (var i = 0; i < appData.CollectOptions.SelectedHives.Count; i++)
+                    @for (var i = 0; i < appData.CollectOptions.SelectedHives.Count(); i++)
                     {
-                        <option value="@i">@appData.CollectOptions.SelectedHives[i]</option>
+                        <option value="@i">@appData.CollectOptions.SelectedHives.ToList()[i]</option>
                     }
                 </select>
             </div>
@@ -44,14 +44,14 @@
 
     void RemoveInputFromList()
     {
-        appData.CollectOptions.SelectedHives.RemoveAt(SelectedHiveTop);
+        appData.CollectOptions.SelectedHives = appData.CollectOptions.SelectedDirectories.Except(appData.CollectOptions.SelectedDirectories.Skip(SelectedHiveTop-1).Take(1));
         Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, false);
     }
 
     void PushInputToList()
     {
-        appData.CollectOptions.SelectedHives.Add(SelectedHiveInput);
-        SelectedHiveTop = appData.CollectOptions.SelectedHives.Count - 1;
+        appData.CollectOptions.SelectedHives = appData.CollectOptions.SelectedHives.Union(new string[] { SelectedHiveInput });
+        SelectedHiveTop = appData.CollectOptions.SelectedHives.Count() - 1;
         Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, true);
         SelectedHiveInput = string.Empty;
     }

diff --git a/Cli/Components/MonitorOptions/FileMonitorOptions.razor b/Cli/Components/MonitorOptions/FileMonitorOptions.razor
@@ -30,9 +30,9 @@
         <div class="form-row">
             <div class="col-9 mb-1">
                 <select class="form-control @directorySelectElementGlowClass.ClassName" id="selectedDirectoriesList" @bind="SelectedDirectoryTop">
-                    @for (var i = 0; i < appData.MonitorOptions.MonitoredDirectories.Count; i++)
+                    @for (var i = 0; i < appData.MonitorOptions.MonitoredDirectories.Count(); i++)
                     {
-                        <option value="@i">@appData.MonitorOptions.MonitoredDirectories[i]</option>
+                        <option value="@i">@appData.MonitorOptions.MonitoredDirectories.ToList()[i]</option>
                     }
                 </select>
             </div>
@@ -51,14 +51,14 @@
 
     void RemoveInputFromList()
     {
-        appData.MonitorOptions.MonitoredDirectories.RemoveAt(SelectedDirectoryTop);
+        appData.MonitorOptions.MonitoredDirectories = appData.MonitorOptions.MonitoredDirectories.Except(appData.MonitorOptions.MonitoredDirectories.Skip(SelectedDirectoryTop-1).Take(1));
         Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, false);
     }
 
     void PushInputToList()
     {
-        appData.MonitorOptions.MonitoredDirectories.Add(SelectedDirectoryInput);
-        SelectedDirectoryTop = appData.MonitorOptions.MonitoredDirectories.Count - 1;
+        appData.MonitorOptions.MonitoredDirectories = appData.MonitorOptions.MonitoredDirectories.Union(new string[] { SelectedDirectoryInput });
+        SelectedDirectoryTop = appData.MonitorOptions.MonitoredDirectories.Count() - 1;
         Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, true);
         SelectedDirectoryInput = string.Empty;
     }

diff --git a/Lib/Collectors/EventLogCollector.cs b/Lib/Collectors/EventLogCollector.cs
@@ -189,6 +189,10 @@ public void ExecuteMacOs(CancellationToken cancellationToken)
         [System.Diagnostics.CodeAnalysis.SuppressMessage("Design", "CA1031:Do not catch general exception types", Justification = "Official documentation for this functionality does not specify what exceptions it throws. https://docs.microsoft.com/en-us/dotnet/api/system.diagnostics.eventlogentrycollection?view=netcore-3.0")]
         public void ExecuteWindows(CancellationToken cancellationToken)
         {
+            if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                return;
+            }
             void ParseWindowsLog(EventLogEntry entry)
             {
                 if (opts.GatherVerboseLogs || entry.EntryType.ToString() == "Warning" || entry.EntryType.ToString() == "Error")

diff --git a/Lib/Collectors/FileSystemMonitor.cs b/Lib/Collectors/FileSystemMonitor.cs
@@ -83,7 +83,7 @@ public FileSystemMonitor(MonitorCommandOptions opts, Action<FileMonitorObject> c
                 GatherHashes = options.GatherHashes,
             });
 
-            foreach (var dir in options.MonitoredDirectories.Count > 0 ? options.MonitoredDirectories : fsc.Roots.ToList())
+            foreach (var dir in (options?.MonitoredDirectories.Any() is true) ? options.MonitoredDirectories : fsc.Roots.ToList())
             {
                 foreach (var filter in defaultFiltersList)
                 {

diff --git a/Lib/Collectors/OpenPortCollector.cs b/Lib/Collectors/OpenPortCollector.cs
@@ -191,10 +191,8 @@ internal void ExecuteWindows(CancellationToken cancellationToken)
                 {
                     Address = endpoint.Address.ToString(),
                 };
-                foreach (ProcessPort p in Win32ProcessPorts.ProcessPortMap.FindAll(x => x.PortNumber == endpoint.Port))
-                {
-                    obj.ProcessName = p.ProcessName;
-                }
+
+                obj.ProcessName = Win32ProcessPorts.ProcessPortMap.Find(x => x.PortNumber == endpoint.Port)?.ProcessName;
 
                 HandleChange(obj);
             }

diff --git a/Lib/Objects/CommandOptions.cs b/Lib/Objects/CommandOptions.cs
@@ -119,13 +119,13 @@ public class CollectorOptions : CommandOptions
         public string? RunId { get; set; }
 
         [Option("directories", Required = false, HelpText = "comma separated list of paths to scan with FileSystemCollector", Separator = ',')]
-        public List<string> SelectedDirectories { get; set; } = new List<string>();
+        public IEnumerable<string> SelectedDirectories { get; set; } = new List<string>();
 
         [Option("skip-directories", Required = false, HelpText = "comma separated list of paths to skip with FileSystemCollector", Separator = ',')]
-        public List<string> SkipDirectories { get; set; } = new List<string>();
+        public IEnumerable<string> SkipDirectories { get; set; } = new List<string>();
 
         [Option("hives", Required = false, HelpText = "comma separated list of hives and subkeys to search.", Separator = ',')]
-        public List<string> SelectedHives { get; set; } = new List<string>();
+        public IEnumerable<string> SelectedHives { get; set; } = new List<string>();
 
         [Option(HelpText = "Force singlethreaded collectors.")]
         public bool SingleThread { get; set; }
@@ -276,7 +276,7 @@ public class GuidedModeCommandOptions : CollectorOptions
         public bool FileNamesOnly { get; set; }
 
         [Option(HelpText = "Comma-separated list of directories to monitor.", Separator = ',')]
-        public List<string> MonitoredDirectories { get; set; } = new List<string>();
+        public IEnumerable<string> MonitoredDirectories { get; set; } = new List<string>();
 
         [Option(HelpText = "Directory to output to.")]
         public string? OutputPath { get; set; }
@@ -304,7 +304,7 @@ public class MonitorCommandOptions : CommandOptions
         public bool GatherHashes { get; set; }
 
         [Option('d', "directories", Required = false, HelpText = "Comma-separated list of directories to monitor.", Separator = ',')]
-        public List<string> MonitoredDirectories { get; set; } = new List<string>();
+        public IEnumerable<string> MonitoredDirectories { get; set; } = new List<string>();
 
         //[Option('r', "registry", Required = false, HelpText = "Monitor the registry for changes. (Windows Only)")]
         //public bool EnableRegistryMonitor { get; set; }

diff --git a/Lib/Utils/Win32OpenPortListenerHelper.cs b/Lib/Utils/Win32OpenPortListenerHelper.cs
@@ -29,7 +29,7 @@ public static List<ProcessPort> ProcessPortMap
             }
         }
 
-        private static List<ProcessPort> CachedProcessPortMap = new List<ProcessPort>();
+        private static List<ProcessPort>? CachedProcessPortMap = null;
 
         /// <summary>
         ///     This method distills the output from netstat -a -n -o into a list of ProcessPorts that provide

diff --git a/Tests/CollectorTests.cs b/Tests/CollectorTests.cs
@@ -507,7 +507,7 @@ public void TestUserCollectorWindows()
             {
                 Assert.IsTrue(AsaHelpers.IsAdmin());
                 var user = System.Guid.NewGuid().ToString().Substring(0, 10);
-                var password = "$" + CryptoHelpers.GetRandomString(13);
+                var password = $"$A4%b^6a_";
 
                 var cmd = string.Format("user /add {0} {1}", user, password);
                 ExternalCommandRunner.RunExternalCommand("net", cmd);

diff --git a/version.json b/version.json
@@ -16,4 +16,4 @@
   "release": {
     "branchName": "release/v{version}"
   }
-}
+}