-
Notifications
You must be signed in to change notification settings - Fork 273
/
main.go
149 lines (130 loc) · 4.29 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
package main
import (
"context"
"fmt"
"os"
"os/exec"
"runtime"
"strings"
"github.com/Masterminds/semver/v3"
"github.com/hashicorp/go-version"
_ "github.com/jackc/pgx/v5/stdlib"
"github.com/turbot/go-kit/helpers"
"github.com/turbot/steampipe/cmd"
"github.com/turbot/steampipe/pkg/constants"
"github.com/turbot/steampipe/pkg/error_helpers"
"github.com/turbot/steampipe/pkg/utils"
)
var exitCode int = constants.ExitCodeSuccessful
func main() {
ctx := context.Background()
utils.LogTime("main start")
defer func() {
if r := recover(); r != nil {
error_helpers.ShowError(ctx, helpers.ToError(r))
if exitCode == 0 {
exitCode = constants.ExitCodeUnknownErrorPanic
}
}
utils.LogTime("main end")
utils.DisplayProfileData()
os.Exit(exitCode)
}()
// ensure steampipe is not being run as root
checkRoot(ctx)
// ensure steampipe is not run on WSL1
checkWsl1(ctx)
// check OSX kernel version
checkOSXVersion(ctx)
cmd.InitCmd()
// execute the command
exitCode = cmd.Execute()
}
// this is to replicate the user security mechanism of out underlying
// postgresql engine.
func checkRoot(ctx context.Context) {
if os.Geteuid() == 0 {
exitCode = constants.ExitCodeInvalidExecutionEnvironment
error_helpers.ShowError(ctx, fmt.Errorf(`Steampipe cannot be run as the "root" user.
To reduce security risk, use an unprivileged user account instead.`))
os.Exit(exitCode)
}
/*
* Also make sure that real and effective uids are the same. Executing as
* a setuid program from a root shell is a security hole, since on many
* platforms a nefarious subroutine could setuid back to root if real uid
* is root. (Since nobody actually uses postgres as a setuid program,
* trying to actively fix this situation seems more trouble than it's
* worth; we'll just expend the effort to check for it.)
*/
if os.Geteuid() != os.Getuid() {
exitCode = constants.ExitCodeInvalidExecutionEnvironment
error_helpers.ShowError(ctx, fmt.Errorf("real and effective user IDs must match."))
os.Exit(exitCode)
}
}
func checkWsl1(ctx context.Context) {
// store the 'uname -r' output
output, err := exec.Command("uname", "-r").Output()
if err != nil {
error_helpers.ShowErrorWithMessage(ctx, err, "failed to check uname")
return
}
// convert the output to a string of lowercase characters for ease of use
op := strings.ToLower(string(output))
// if WSL2, return
if strings.Contains(op, "wsl2") {
return
}
// if output contains 'microsoft' or 'wsl', check the kernel version
if strings.Contains(op, "microsoft") || strings.Contains(op, "wsl") {
// store the system kernel version
sys_kernel, _, _ := strings.Cut(string(output), "-")
sys_kernel_ver, err := version.NewVersion(sys_kernel)
if err != nil {
error_helpers.ShowErrorWithMessage(ctx, err, "failed to check system kernel version")
return
}
// if the kernel version >= 4.19, it's WSL Version 2.
kernel_ver, err := version.NewVersion("4.19")
if err != nil {
error_helpers.ShowErrorWithMessage(ctx, err, "checking system kernel version")
return
}
// if the kernel version >= 4.19, it's WSL version 2, else version 1
if sys_kernel_ver.GreaterThanOrEqual(kernel_ver) {
return
} else {
error_helpers.ShowError(ctx, fmt.Errorf("Steampipe requires WSL2, please upgrade and try again."))
os.Exit(constants.ExitCodeInvalidExecutionEnvironment)
}
}
}
func checkOSXVersion(ctx context.Context) {
// get the OS and return if not darwin
if runtime.GOOS != "darwin" {
return
}
// get kernel version
output, err := exec.Command("uname", "-r").Output()
if err != nil {
error_helpers.ShowErrorWithMessage(ctx, err, "failed to get kernel version")
return
}
// get the semver version from string
version, err := semver.NewVersion(strings.TrimRight(string(output), "\n"))
if err != nil {
error_helpers.ShowErrorWithMessage(ctx, err, "failed to get version")
return
}
catalina, err := semver.NewVersion("19.0.0")
if err != nil {
error_helpers.ShowErrorWithMessage(ctx, err, "failed to get version")
return
}
// check if Darwin version is not less than Catalina(Darwin version 19.0.0)
if version.Compare(catalina) == -1 {
error_helpers.ShowError(ctx, fmt.Errorf("Steampipe requires MacOS 10.15 (Catalina) and above, please upgrade and try again."))
os.Exit(constants.ExitCodeInvalidExecutionEnvironment)
}
}