* WIP refactor file access class to setup logging
* Combined GetPathTarget1 and 2, added some tests.
* Change method name to not be abbrv.
* Remove unnecessary includes
* PR feedback: fix missing path sep, add comments
* Fix test issue
* WIP Dynamic watch item config loading. Dynamic event handler protocol.
* Clients can now register with WatchItems to be enabled/disabled
* Handle dynamic fs monitor config add/modify/delete, dynamic enable/disable clients
* Update WatchItemsTest to use new constructor
* Better check handling value changes
* Add missing mock config value to fix integration test
* Add policy version to config. Return policy decision as enum.
* Check EnableBadSignatureProtection config when evaluating instigating procs
* Draft proto update for file access
* Revert "Draft proto update for file access"
This reverts commit 5d7e9a9e03.
* Change return type to work around OCMock partial mocking issues
* lint
* WIP Initial work for new fs watcher client
* WIP basic working mechanics of applying policy to OPEN events
* WIP now support allowing access based on cdhash
* WIP lint fix
* WIP check instigator cdhash and cert hash against policy
* WIP Fix test issue in base ES client class
* WIP Fix test issue in water items test
* Added secondary lookup cache for cert hashes and fallback lookups
* Adopt new SantaVnode name
* Adopt min macOS 11. Adopt new SantaCacheHasher for SantaVnode.
* Rename the es client to FileAccessAuthorizer
* Added some more tests
* Added MockLogger and a lot more tests.
* Removed currently unused subscriptions. Don't enable FS client by default
* lint
* lint after rebase
* Use strtoul for hex string conversion. Update comments.
* PR feedback
* WIP started work on parsing config
* WIP Basics of parsing config and generating new policy
* WIP Reapplying config updates functionally complete. Needs a lot more tests.
* Test cleanup, added using decl for watch items tree type
* More WatchItems tests and test polishing.
* Remove test print function. Formatting.
* Commented use of __BLOCKS__ undef
* Return a shared_ptr from factory
* Change WatchItemsPolicy to store sets instead of vectors
* Remove unnecessary WatchItem, replace with string
* Typo
* Update error messages to not make it sound like parse errors are recoverable
* Move santa_action_t to SNTCommonEnums and rename to SNTAction
* Move likely and unlikely macros to a new BranchPrediction header
* Remove SNTCommon.h. Move SantaVnode to its own header.
* Add SantaVnodeHash
* Fix build deps
* Swtich from task_info to libproc for system resource info
* Fix return value
* Convert nanos to seconds
* Make GetTimebase static. Expose NanosToMachTime.
* Abstract return or GetTaskInfo to new type.
* WIP Rename SNTPrefixTree to PrefixTree
* WIP Implement the new PrefixTree and tests
* Add Unit type. Fix build and tests.
* lint
* Make NodeCount accessor for tests
* Updated comments
* Spool writer and santactl command to print proto file
* Make valid JSON for multiple paths. Can now create proto/spool logger. Updated logger tests.
* Make fsspool writer and fsspool log batch writer injectable
* Add spool writer tests
* Updated help text for santactl printlog
* Include file cleanup
* Fix dispatch source destruction
* Change config keys for the new Spool writer
* Spool settings now configurable
* Fix param order
* Remove some test sleeps related to control flow
* Apply clang-format to cc files
* Modify binaryproto namespace
* Add more required includes
* Add proto includes
* Assert message parsing succeeds in test
* Add optional keyword to proto fields to track presence. TESTS BROKEN.
* Update golden test data
* Initial proto serializer with close event
* Define move ctors for enriched types, delete copy ctors
* More event proto serialization. Commonized proto test code.
* Started work serializing exec event. Added serializer utilities.
* More progress serializing exec event
* Add mroe test data. Test restructure to permit fine grained mocking.
* Env/FD ES types now wrapped in EndpointSecurityAPI. Added calls to proto serializer.
* Add fd type names to proto
* Version compat. Script and Working Dir encoding.
* Add process start time
* Serialize Link event
* Add null check, mainly to fix tests
* Handle versioned expectations
* Each test now build msg in callbacks to set better expectations
* Serialize rename event and tests
* Serialize unlink event and tests
* Serialize allowlist and bundle events. Add utilities tests.
* Formatting
* Disk event proto serialization and tests
* Fix test only issues
* Rename santa_new.proto to santa.proto
* Change fd type int and string to an enum
* Proto namespace now versioned
* Added comments to proto schema
* Add proto support to indicate if fd list truncated
