Add helper to make declaring unit tests easier
Add unit_tests test_suite containing all unit tests
Fix reload rule
Update to workspace-relative header locations that were missed before
* Project: Update docs for switch to bazel
I also made it so the santactl compilation won't include debug-only commands in release builds and the release rule will fail on a non-opt build.
Project: Convert to bazel, part 2
The main thing to call out in this PR is that Santa.app is now embedded inside santa-driver.kext along with everything else. The package will handle updating this automatically but it should be called out in release notes to make everyone aware.
* Switch to using macos_kernel_extension and macos_xpc_service, stop using product_type.
* Have Bazel embed all related binaries inside santa-driver.kext, including Santa.app. This simplifies the :release and :reload rules.
* Add commands for unload, load and reload, removing any need to keep the Rakefile around 😃
* Make the :kernel_tests rule a command that replicates what the Rakefile did for this.
* Added a project-wide .bazelrc that always generates dSYMs
Documentation changes to follow, as all the building instructions are now out of date.
This necessitated fixing some warnings, updating the resource
locations inside some tests and updating the Travis config.
I'll send a follow-up PR shortly that adds the fuzzing targets and updates the Rakefile and documentation.
* SantaPrefixTree: Fix a threading bug.
Tests: Add logic tests for SantaPrefixTree.
* clean up
* don't ifdef so much
* more #define less #ifdef
* less lambda more of rah's ideas
* add in-kernel filemod prefix filter
* byte lookup
* added pruning and tests
* clang-format
* add TODO
* don't need seen
* review updates
* reset filter on client connect
* DisconnectClient: reset filter
AddPrefix: when a branch is needed create the whole branch immediately
* don't use strlen in HasPrefix
use strnlen in AddPrefix
up max nodes to 1024
* use new[] and delete[] for the prune "stack"
revert clang-format changes to kernel tests
remove reset node count
* words
* count not size
- SyncBaseURL is not overridable by the server.
- ATS requires a self signed certificate to exist in the system roots. Providing roots enables in the Santa configuration enables pinning.
Closes#309
Add transitive whitelisting.
Binaries may be identified with WHITELIST_COMPILER rules. Any executable they output will then be marked locally with a transitive whitelist rule and allowed to run if the TransitiveWhitelistingEnabled config key is true.
* santa-driver: Fix documentation warnings
* SantaCache: Fix documentation warnings
* santactl: Always make sure that the syncserver JSON is a dictionary
The new CMake project allows the user to select which SDK version
to use. The Xcode path is also configurable to support non-standard
installation paths and/or systems with multiple versions installed.
Code signing can now be configured via command line, using the
CODESIGN_IDENTITY environment variable.
New fuzzing targets (libFuzzer)
- SantaCache
- santactl
- santad
New make targets:
- tests: Runs the tests
- fuzz: Runs the fuzzer
- redist: Regenerates the redistributable folder
- install: Installs Santa
This change does 2 major things:
1) Makes the test runnable from within Xcode, unloading any running
santad and santa-driver, loading the just-built driver from the same folder and
then running each test.
2) Makes each test responsible for declaring what should happen to
incoming requests from the driver, instead of keeping all of that
code near the top of the file. This makes each test much clearer in what
should be happening.
