* Spool writer and santactl command to print proto file
* Make valid JSON for multiple paths. Can now create proto/spool logger. Updated logger tests.
* Make fsspool writer and fsspool log batch writer injectable
* Add spool writer tests
* Updated help text for santactl printlog
* Include file cleanup
* Fix dispatch source destruction
* Change config keys for the new Spool writer
* Spool settings now configurable
* Fix param order
* Remove some test sleeps related to control flow
* Apply clang-format to cc files
* Modify binaryproto namespace
* Add more required includes
* Add proto includes
* Assert message parsing succeeds in test
* Add optional keyword to proto fields to track presence. TESTS BROKEN.
* Update golden test data
* Initial proto serializer with close event
* Define move ctors for enriched types, delete copy ctors
* More event proto serialization. Commonized proto test code.
* Started work serializing exec event. Added serializer utilities.
* More progress serializing exec event
* Add mroe test data. Test restructure to permit fine grained mocking.
* Env/FD ES types now wrapped in EndpointSecurityAPI. Added calls to proto serializer.
* Add fd type names to proto
* Version compat. Script and Working Dir encoding.
* Add process start time
* Serialize Link event
* Add null check, mainly to fix tests
* Handle versioned expectations
* Each test now build msg in callbacks to set better expectations
* Serialize rename event and tests
* Serialize unlink event and tests
* Serialize allowlist and bundle events. Add utilities tests.
* Formatting
* Disk event proto serialization and tests
* Fix test only issues
* Rename santa_new.proto to santa.proto
* Change fd type int and string to an enum
* Proto namespace now versioned
* Added comments to proto schema
* Add proto support to indicate if fd list truncated
* Initial structure for ES wrappers, enriched types, logging
* Basic working ES and logging functionality
* Add in oneTBB and thread-safe-lru deps
* Added a bunch of enriched types
* Auto-mute self when establishing ES client
* Basic auth, tamper client. Syslog of all events. Basic compiler tracking.
* Update copyright header blobs, convert some tabs to spaces
* Auth result cache. Fix getting translocation path.
* Added remaining cache methods
* Add AuthResultCache to Recorder client. Cache now operates on es_file_t.
* Hooked up SNTPrefixTree
* Fix CompilerController for RENAME. Fix AllowList logging missing path.
* Block loading Santa kext
* Added device manager client
* Properly log DiskAppear events
* Fix build to adopt new adhoc build
* Handle clearing cache on UNMOUNT events
* Ignore other ES clients if configured
* Remove SNTAllowlistInfo. Rename AllowList to Allowlist. Minor cleanup.
* Recorder now logs asynchronously. Enricher now returns shared_ptrs.
* Added File writer. Added timestamps to BasicStream serializer.
* Skip calling stat in SNTFileInfo when path given by ES.
* Fix build issue
* Address draft PR feedback
* santactl integrated, XPC works, fix file writer bug
* Integrate syncservice. Start observing some config changes.
* Add metrics service wrapper
* Add metrics config observers and metrics interval reset.
* Start better dependency control. Add Null logger support.
* Added more deps
* Added more deps
* Fix issue where metric service wasn't starting
* Add missing variant include
* Fix missing parent proc name
* Added googletest and new unit test macro
* Started expanding AuthResultCacheTest
* Properly mock EndpointSecurityAPI
* Finished AuthResultCacheTest
* bazelrc now builds all C++ as C++17. Added LoggerTest.
* Add FileTest. Abstract some File constants to Logger.
* Added Empty serializer test
* Started work on BasicStringTest. Fixed some BasicString serialization bugs.
* Added Unlink BasicString serialization test
* Added some more tests. Commonized some test code
* Finished BasicStringTest. Converted to XCTest.
* Standardize esapi variable naming
* Bubble up gTest expect failures to XCTest failures
* AuthResultCacheTest now uses XCTest. Added common TestUtils.h
* EmptyTest now uses XCTest.
* FileTest now uses XCTest
* LoggerTest now uses XCTest. Removed santa_unit_gtest bazel macro.
* Added ClientTest
* Add basic Enricher tests
* Add MessageTest. Make more TestUtils.
* Rename metrics to Metrics
* Add MetricsTest.
* Apply template pattern to Serializer
* Add SNTDecisionCacheTest.
* Add SNTCachedDecisionTest.
* Testing with coveralls debug mode
* Allow manual CI runs
* Remove unused property
* Started work on SNTEndpointSecurityClientTest.
* WIP SNTEndpointSecurityClientTest, fix test run issue
* Added more base ES client tests
* Add more base ES client tests
* Base ES client tests done. Added serializer utils/tests. Expanded basic string tests.
* Add utils test to test suite
* Add copy ctor. Add test output to bazel coverage.
* Single thread bazel coverage
* Updaload coverage file
* Updaload coverage file
* Old gen cov test
* Restructure message handlers to enable better testability
* Added enable tests for all ES clients
* Made a single MockEndpointSecurityAPI class to share everywhere
* Added most of SNTCompilerControllerTest
* Cleanup SNTCompilerControllerTest
* Started expanding Auth client test
* Finished up the Authorizer tests
* Move to using enum class for notify/auth instead of bool
* WIP for tamper resistance test. ASAN issues.
* Add OCMock patch to fix test issue on ARM Macs
* Changed patches directory name to external_patches
* Update WORKSPACE path
* Finished up Tamper Resistance tests
* Finished up Recorder tests.
* Move SNTExecutionControllerTest to ObjC++
* Initial work to port SNTExecutionControllerTest
* Finished porting SNTExecutionControllerTest.
* Added SNTExecutionControllerTest to list of unit tests
* Ported SNTEndpointSecurityDeviceManager.
* Test cleanup, use MockESAPI expectation helpers
* Verify SNTEndpointSecurityDeviceManager expectations differently
* Test cleanup, omit gTest param list where unused
* Log message cleanup
* Rename SNTApplicationTest to santad_test.mm
* Finished porting santad_test, formerly SNTApplicationTest
* Fix SNTEndpointSecurityDeviceManager issues
* Pulled in missed fixes. Updated tests.
* Renamed lowercase filenames to match rest of codebase
* Fix non-static dispatch_once_t, and noisy watching compiler log message
* WIP Started process of removing components no longer used
* WIP Continued process of removing components no longer used
* BUILD file cleanup. Proto warning. Removed unused global
* Rename SNTEventProvider to SNTEndpointSecurityEventHandler
* Rename SNTEndpointSecurityEventHandler protocol
* Remove EnableSysxCache option. Remove --quick flag used during dev.
* Ran testing/fix.sh
* Addmissing param to fix.sh that was omitting .mm files.
* clang-format
* Fix linter: find cmd missing .mm ext, git grep exclude patch files.
* Use MakeESProcess default params in tests
* Move variables to camelCase in objc classes
* More case changes
* Sanitize strings
* Change dispatch queue priorities and standardize daemon queue naming
* Exclude patch files in markdown check
* Ensure string log messages end with newline
* Fix BasicStringTest
* Disable clang-format in code producing different results in local/remote versions
* Moved to using date ranges in copyright notices as per current guidelines
* Update Source/common/SNTConfigurator.h
Suggestion adding whitespace in comment to fix clang-format mangling
Co-authored-by: Russell Hancox <russellhancox@users.noreply.github.com>
* Removed santa_panic macro used in one place
* Updated comment about ES cachability
* Pin oneTBB to specific commit
* Address outstanding WORKSPACE 'canonical reproducible form' messages
* Use string append instead of ostringstream due to benchmark results
* Remove use of freind classes in EnrichedTypes.h
* Added SNTKVOManager, removed observers from SNTConfigurator.
* Fixed SNTEndpointSecurityRecorderTest class name
* Reduce usage of the auto keyword
* Each SNTKVOManager instance now adds its own observer
* Replaced more auto keywords with real types.
* Remove leftover code coverage debugging from ci.yml
* Updated comment
* Memoize SNTFileInfo sha256. Reduce some cache sizes.
* Fix issue checking for translocated paths
* Use more performant NSURL creation method
* Fix lint issue
* Address PR feedback
* Use an array literal for kvo objects
* Fix some clang tidy and import issues
* Replace third party LRU cache with SantaCache for now
* Fix clang tidy issues
* Address PR feedback
* Fix comment typo
Co-authored-by: Pete Markowsky <pmarkowsky@users.noreply.github.com>
* Added todo for when we adopt macOS 13
Co-authored-by: Russell Hancox <russellhancox@users.noreply.github.com>
Co-authored-by: Pete Markowsky <pmarkowsky@users.noreply.github.com>
* Refactor the SNTApplicationTest unit tests to function correctly.
The tests were originally written in a table style and were impacted by the lack of mocking the configurator. This caused issues with static rules to impact the unit tests.
Additionally added improved logging messages for critical binaries and a todo for macOS 13 unit tests.
Added goodbinary and rules.db test files to allstar's ignored paths.
When enabled, this option disables *all* GUI notifications from Santa. This is intended for kiosk-style machines where it is not expected for users to _ever_ execute unknown binaries.
Fixes#862
* santad: Fix re-establishment of syncservice connection
The previous version could lead to santad having lots of threads stuck waiting for connections
In #846 I forgot that is only a count of the entries so if the config changes but the number of rules remains the same we would never update the cache. This PR moves the processing of the raw config into the KVO handler code so it is not at all in the hot-path.
