Disable the preserve_proto_field_names option when marshalling JSON requests as this prevents the json_name attribute on fields from working properly. Add that attribute to all fields so that they marshal as expected. Stop setting the always_print_enums_as_ints field as the value we're setting to is the default anyway.
Also add a test that preflight request data looks as expected.
* Improve default value handling for sync proto processing
* Fix capitalization of new enum values in comments
* Fix/add tests, update some docs
* Update more docs
* Lint
* Remove comment. Add LEGACY_NAMES tag for the linter
* Convert santa::santad::logs::endpoint_security::serializers::Utilities
* Convert santa::santad::logs::endpoint_security::writers
* Convert santa::santad::logs::endpoint_security::serializers
* Convert santa::santad::logs::endpoint_security and santatest
* Lint
* Change type alias names to not conflict with sysinfo.h
* WIP Basic new enriched types, hooked up serializers
* WIP Expanded enriched types, finished basic string logging
* WIP Standardize instigator and event user strings.
* WIP Remove sudo event for now. Fix proto types.
* Update proto field names. Fix builds on older SDKs.
* Fix more issues with builds on older SDKs.
* Even more build fixes for older SDKs
* Fix basic string test build on older sdks
* More fixes for older SDKs
* WIP Started on proto encoding and tests
* WIP expanded proto support for new events
* Lint. Fix recorder tests for missing event types
* WIP continued expanding proto support for new events
* WIP finished proto support for all new event types
* WIP Comment all new messages and fields in santa.proto
* WIP Use different impl to set strings to sidestep internal absl issues
* Temporarily removing serializer impls and tests to reduce PR size
* Lint fixes
* PR feedback
* Use new Apple docs link for global proxy settings constants
* Missed a file...
* WIP test workflow change
* WIP Fix link
* Remove trailing whitespace
* Emit a log warning when overrides were applied
* Overrides now disabled in tests unless explicitly enabled
* Remove log message. Check for xctest instead of bazel env vars.
* Typo
* process annotations: thread the tree through santa
* Update enricher to read annotations from the ProcessTree
* rebase changes
* add configuration for annotations, disabling the tree entirely if none are enabled
* lingering build dep
* use tree factory constructor
* fix configurator
* build fixes
* rebase fixes
* fix tests
* review comments
* lint
* english hard
* record metrics even when event only used for process tree
* Responses to events about to exceed deadline should respect FailClosed
* Only respect FailClosed when in Lockdown mode. Update docs.
* FailClosed in Configurator now wraps checking client mode
* PR feedback
* Fix execution controller tests with new FailClosed logic
* WIP Clean syncs now leave non-transitive rules by default
* WIP Get existing tests compiling and passing
* Remove clean all sync server key. Basic tests.
* Add SNTConfiguratorTest, test deprecated key migration
* Revert changes to santactl status output
* Add new preflight response sync type key, lots of tests
* Rework configurator flow a bit so calls cannot be made out of order
* Comment clean sync states. Test all permutations.
* Update docs for new sync keys
* Doc updates as requested in PR
* Add missing config keys
* Use more consistent wording
* More consistent whitespace
* Reorder constants to appropriate section groups
* Update docs/deployment/configuration.md
Co-authored-by: Pete Markowsky <pmarkowsky@users.noreply.github.com>
---------
Co-authored-by: Pete Markowsky <pmarkowsky@users.noreply.github.com>
* WIP add config support to filter logged entitlements
* Add EntitlementInfo proto message to store if entitlements were filtered
* Log cleanup
* Address PR feedback
* Address PR feedback
Add support for logging when codesigning has become invalidated for a process.
This adds support to the Recorder to log when codesigning is invalidated as reported by the Endpoint Security Framework's
ES_EVENT_TYPE_NOTIFY_CS_INVALIDATED event.
* Allow per-policy and per-rule FAA URL and button text
* Add format string support to the custom URL. Added SNTBlockMessageTest.
* Add event URL to TTY message.
* Allow rule specific policy to "clear" global to remove buttons for the rule
* Remove extra beta label for FAA
